The mobile enemy
Today’s business world is fast-paced, ultra-mobile and highly productive. Data is carried to and from devices that keep shrinking in size while expanding in storage capacity, and we have got to the point where we can put everything that’s private, confidential and has immense value to our company on one portable gadget which fits in our pocket or even our wallet.
But with coolness, ease of use and high speeds comes a horde of risks that can turn into severe losses in terms of money, customer loyalty and trust. Small, easy to handle and offering increasingly large storage capacities, USB flash drives and portable external hard drives with USB or firewire interfaces come in standard capacities reaching 500GB – enough to carry all the innovative, proprietary and sensitive files of a company.
However, they can be accidentally lost or intentionally stolen at any time, causing great damage to organisations and their customers. The ensuing credit monitoring, expensive consultants and lawyers, damage to the customer base or need to rebuild the trust of those who do stay on board, all cost money. The current security challenge is to keep using all the technology breakthroughs that give a profitable competitive edge, while securing data and keeping malicious competitors, disgruntled former employees, accident-prone staff and hackers at bay.
To meet this challenge, companies of all sizes need to implement an efficient and innovative data-loss prevention and device-control solution. Effective endpoint data-loss prevention solutions are designed to minimise internal threats, reduce data-leakage risks and control devices connected at endpoints. But controlling devices doesn’t have to mean blocking or disabling, which is the first thought that enters peoples’ minds when the topic is brought to the table. The simple process of auditing what is being connected, and making what is being connected visible and how it’s being used, can pay dividends.
You may find you have no problem at all, or find that, although your security policy states users are not to use non-authorised removable storage devices, everyone has connected their smartphone to charge it, and copied the latest customer price list to it. Whilst the said price list will always be conveniently on hand, it will also be completely unsecured if they lose their phone at the gym.
Advanced endpoint data-loss solutions offer granular control of portable devices, from iPods, cameras and USB sticks to ExpressCard SDD and printers, that also integrate with Active Directory synchronisation. This will enable policies that can for example, tie a specific user to an authorised USB storage device, and by using ‘trusted devices technology’ you ensure protection for data in motion by enforcing encryption for the devices connected at endpoints.
Not forgetting a large number of highly mobile users, the solution will need to offer road warriors a way to stay active and productive when they lack a permanent internet connection, while keeping the corporate data they carry safe from common portable storage device usage threats that can lead to severe security breaches. When travelling for business, employees might be unable to connect to the internet and still need to authorise a new portable device – a printer to print out a contract, or a memory stick to save a presentation for an event on it.
To help them save time and complete their tasks, a temporary offline password could be provided to them by phone, allowing them to authorise devices for a period ranging from 30 minutes to one week. The offline security options enable employees to do their work on time, preventing unnecessary delays. Additionally, even when the company’s laptops or netbooks are being used offline, you want a solution that will enable you to do file tracing and file auditing so employees’ activity is monitored and logged in detail. Endpoint data-loss solutions don’t have to be restrictive and disruptive for employees.
They can be an enabler for the business to understand its risk profile, and make more effective and relevant end-user acceptable use policies.