Plugging the leak: Data loss and smartphones
Smartphones are becoming more powerful every day, and tablets have evolved to the point where people are using them as their on-the-go computing device, allowing them to leave the laptop at home. But while smartphones and tablets are sharing the spotlight with laptops for many business users, their underlying design makes them very different from a traditional PC. That difference could be putting your organization at risk. Luckily, there’s a way to get a handle on it.
The risk that I’m speaking of is data leakage. The very things that make smartphones easy to use (social sharing, constant connectivity, location services, etc.) are also putting your company’s data at risk. In fact, Forrester Research estimates that between $90 and $305 dollars can be lost per customer record. With devices carrying thousands, if not millions, of records, the total cost of a compromised device is high.
Smartphones have been designed and built from the beginning to be easy to use. That’s because apps on mobile devices share information behind the scenes. For instance, you take a photo with the camera app and the mail app puts the photo in an email. Then it links with your Gmail account, and translates the name Ben Jones to an email address pulled from your address book, and away it goes.
By comparison, it’s never that easy on a computer. You have to use a camera or a webcam to take the photo, load it onto your PC, save the file as a JPEG, open your web browser, log into Gmail, find the photo on your hard disk, attach it, and away it goes. Is it any wonder why no one uses PCs to share photos anymore?
On the smartphone, the more complex details happen behind the scenes. This is great for a person like my mom, who doesn’t know the difference between the Internet and Internet Explorer, but can take photos of sales items and send them to my brother and me.
However, it’s exactly that ease of use that makes smartphones so dangerous in the enterprise. All this behind-the-scenes data sharing means that information can be accidentally sent to the wrong place or uploaded to a cloud provider. It might be a simple user error, or it could be a rogue app that’s pretending to be a game or social media app but is actually stealing information. All this efficiency is a huge problem for companies because it opens the floodgates for data leakage.
So how do you plug the dike? The good news is that the industry has created robust platforms for enterprises that allow end users the freedom and productivity they’re used to with mobile. But it also lets IT managers sleep at night knowing the vast majority of data leakage problems can be easily monitored and controlled.
Mobile Device Management (MDM) is software that is installed onto a mobile device that talks to the network and allows for accountability and auditing. MDM is also able to push corporate-approved apps to a mobile device and provide updates. It might also create a secure and encrypted folder on the smartphone that is not available to the other apps on the phone, where sensitive corporate data can placed.
There are a lot of companies providing MDM solutions and in SHI’s experience, not all solutions are created equal. Our work on the SHI mobility team has shown that some MDM solutions provide high security for regulated industries like medical, finance, and the military. Others have a strong presence in retail operations (think Apple stores with handheld iPod Touches as the credit card machines), while others on the market are designed to interface with existing security products sold by McAfee and Symantec.
One thing is clear: Organizations need to be thinking seriously about smartphones and the risk they pose to corporate data. Even if you officially don’t allow your people to access corporate information using a smartphone, chances are that people are finding ways to do it anyway.
Mobility is as grass-roots as it gets, because people are bringing in their own personal devices, and IT departments don’t want to be caught unawares. They know they need to figure out how smartphones fit into their corporate IT strategy and, more importantly, how they can use MDM software to lock down these devices and make sure that they’re not being used for anything unsavory.