The consumerization of IT in the corporate world has created a new playing field for enterprise security teams. The sheer diversity of devices, compounded by closed and hosted operating systems, has resulted in some new and unique challenges specific to corporate mobile environments.
- Mobile devices are more likely to be lost or stolen, which can leave personal and corporate data exposed.
- Mobile users require new workflows that then need to be secured. For example, uploading data to the cloud through services like Box.com.
- In addition to traditional threats, there are multiple attack channels unique to mobile devices, such as SMS and Bluetooth.
- The upgrade process for mobile operating systems often involves the original manufacturer and/or a third party vendor.
- Mobile applications can have explicit or implicit permissions, which many users do not carefully review before downloading.
So, the question remains: Is there a single mobile DLP implementation that can address all of these issues? Of course, in the security industry, the answer is never clear-cut. The truth is that there must be a combination of best practices and process controls from the network all the way down to the application level.
Here are a few recommendations from the McAfee team:
- Network-based controls via VPN: Force everything through a controlled network web proxy. Some security vendors have this today, but compliance via VPN alone is not enough.
- Deploy DLP controls via OS-based and application-based containers.
- Deploy deep technology at the firmware level; tag and taint based on data source.
- Encrypt local storage.
To learn more about McAfee’s mobile DLP solutions, stop by and collaborate with our team at McAfee FOCUS 12 in Las Vegas on October 23rd. During our mobile DLP session, we’ll address the data loss challenges of BYOD, managed and unmanaged devices, cloud applications and more.