Christmas festivities are almost upon us. With mulled wine ready to be consumed by the gallon across the UK and staff busy thinking about secret Santa and office parties, it’s a time for slowing down and celebrating another year that's passed. But as the workforce relaxes a little, what does that mean for information security? What happens if staff devices are left in a taxi or bus, or taken from someone’s bag? It’s a time for goodwill, but also a time for vulnerability when it comes to corporate data.
You need to know where your data is at all times, and in the event of a mishap, how quickly can you act? It’s crucial that companies are able to delete their corporate data or at the very least, feel rest assured that the data on their devices are encrypted and all controls are in place even when you are not expecting your employee to be connected (aka 24/7).
Say for example, you have two staff members at your Christmas party. One has a secure device that is protected and managed by a unified endpoint management solution. It has a passcode enforced, as a result of which, all the data on the device is encrypted. Going home that night, this user leaves their device in a taxi. IT still has some control over it, and has the ability to remotely wipe the device, and wipe the corporate data and applications.
But say the same thing happens to another staff member with an unsecured device, IT have absolutely no visibility or or any control over the data that's there. The data is likely unencrypted and now out of compliance regulations. This is now a company-wide headache.
So how do you prevent that unsecured device from ever connecting to your enterprise cloud services and accessing company data? And how do you prevent unmanaged devices, unsecured applications, or unsanctioned services from connecting to your enterprise environment?
At Bridgeway we would recommend a unified endpoint management (UEM) solution such as MobileIron which brings everything together into a single console. With MobileIron you can implement a secure container on a device which manages the business data and maintains user privacy at the same time. This is really important - your staff will be browsing for Christmas gifts or engaging on social media on their devices, but at the same time you as a business need them to have secure email and/or business apps in the event of a loss.
Now if you’ve got both corporate apps that connect to the host infrastructure of the traditional four walls, and cloud based apps, you don’t want multiple log-ins throughout the course of your day that will interfere with productivity. MobileIron gives you multi-factor single sign-on capability to all of your applications whether the data resides behind your four walls or in the cloud. If your data goes into the cloud, MobileIron Access moves through the identity provider, confirms the identity of the user and then provides additional security by confirming the device is under management and the application is now managed and trusted. This is fundamental; you have to know what application is requesting access to the data. If the data comes down from the cloud to a device, sits on an app, and you know it’s there, you can manage it. But if that app is not under management, it will receive that same data but the user will have no idea it’s sitting there, so if they lose the device that data is gone forever. It also means the company could well be in breach of GDPR and with that could come hefty fines.
With MobileIron Access, customers get a single point of view into what types of devices are on the network, what the different locations from where users are accessing corporate information, and so on. The ability to get and correlate that information across all your cloud services, is really powerful. MobileIron also has built in mobile threat defence, where it can detect a threat on the device, in the app, offline or online, without having to go out to an internet service to confirm what the threat might be, get a definition and a command back telling you to delete it. If you have to use a cloud service and the actual threat or vulnerability is in the network, you’re screwed.
Get ahead of the game and be in control of your data, before it’s too late. If you’d like to talk more about how we can help secure your mobile device estate over the Christmas period and beyond, we are happy to help!