Five methods to prevent data loss in mobile environments

Best practices and technologies involved in data loss Protection (DLP) on mobile devices are designed to protect data that leaves the corporate security barrier. Data may be damaged or leaked in various ways: the device is stolen, the authorized user has no intention to share the data, or the direct infection through malware.

As more and more employees carry their devices to the workplace-whether or not they get IT permits, problems related to mobile data loss become more serious. In the case of BYOD [note], users own devices rather than enterprises, making IT more difficult to establish and maintain security.

At least, all mobile devices accessing or storing business information should be configured with user identification and powerful authentication to run the latest anti-malware, and virtual private network (VPN) must be used) to access the enterprise network.

In addition, the IT department should deploy the following measures to protect enterprise information in the mobile environment:

• 1. Regular data backup and recovery testing should also be conducted

• 2. Conduct DLP training for users

• 3. Deployment data classification standards

• 4. Implement information security protection policies

• 5. Use mobile DLP Software

We will discuss the above strategies in detail.

1. Data Backup

For data backup, we do not need to go into details too deeply. Simply put, data backup is necessary. Enterprises must regularly perform data backup, and the generated backup files must be tested to ensure that they are restored when necessary.

2. Educational level: the more they know, the more secure your data.

For most enterprises, it is a useful and valuable process to let users realize the danger of data leakage. Whether it's through annual security training, lunch seminars, or monthly newsletters, you should keep your company informed of security issues. Tell them what is important and show them the information.

Most employees will help protect the company's assets after learning what is "confidential" information. They must be aware of the consequences of such information leaks: reputational damage, corporate espionage, loss of income, regulatory fines and penalties, and even the personal safety of some employees. In addition, enterprises can also let employees know the actual examples of data leakage.

3. Data Classification

The increasing number of mobile devices increases the importance of data classification. Most mobile DLP technologies rely on some form of data classification to prevent data leakage. Your enterprise must create a data classification standard and then implement it as soon as possible.

The US military classification standards include three classification levels: top secret, secret, and secret. Enterprise or educational classification can use highly sensitive, sensitive, internal and public categories. If your enterprise must comply with specific laws and regulations that govern certain types of data, you should add legal requirements and standards to your classification standards.

Because information involves many different forms (text processing documents, workbooks, and emails, as well as marketing, general business operations, customer service emails, etc.), some information may be difficult to classify. In addition, how do you deal with files that have been converted to other purposes? For example, are some documents marked as highly sensitive used elsewhere? Should this part of the document be considered highly sensitive, or should it be reexamined and recategorized?

Note that marking data and classifying data are two different things. A tag identifies the level of protection required, usually a tag or comment placed in the document itself or metadata. For example, you can insert "confidential" in the header or footer of a document, or add it to an Attribute Table of a file. On the other hand, when you classify files, you may or may not use tags.

4. Policy: protect all forms of data

Your data classification standards must be added to the overall security policy of the enterprise. For data usage and processing, the policy must be clear and the method you choose will promote the cost of data processing.

Security policies, standards, and procedures have different requirements on data and information, depending on the data lifecycle status (creation, access, use, transmission, storage, or destruction ). The purpose here is to protect all forms of data on all types of media in different processing environments (including systems, networks, and applications.

Make sure that your policy is clear and information users must comply with all policies, standards and procedures; otherwise, they will be held accountable.

5. Mobile DLP software: monitor mobile users

Many mobile DLP products provide monitoring functions, allowing It to view data accessed by mobile users and/or downloaded from enterprise servers. Mobile monitoring provides a warning sign that enables IT to take action against potential data leaks or policy violations. However, it takes some time to identify general activities and real security threats, so it is usually used to track actions. The challenge for enterprises is to prevent sensitive information from being transmitted or stored on mobile devices.

The latest products from well-known DLP applications and equipment vendors (such as Symantec, McAfee, and Websense) provide the data classification feature to mark information and documents (metadata tags ), it also provides analysis content and filtering functions-when mobile devices interact with enterprise servers.

Content awareness is short for content sensing. These technologies are very useful for devices held by enterprises and employees. They prevent email, calendar events, and tasks from syncing with smartphones or tablets, for example, based on mobile DLP policies. This technology allows administrators to separate personal and enterprise emails and prevent enterprise information from being stored on mobile devices.

Some products can prevent sensitive information from being transmitted to devices according to the user or user group, rather than the device ID. In addition, administrators can set mobile policies for sales and marketing departments. You can also find a solution that supports role-based message sending to meet military requirements.

Content awareness DLP is compatible with mobile device management (MDM) solutions. The mobile device does not need to install anything. The DLP software can use the MDM configuration to force the device to establish a VPN connection with the enterprise network. There, DLP technology scans and analyzes the content and then executes the policy.

The virtual environment can also be protected. For example, Devicelock provides data leakage protection, known as Virtual DLP, which protects local Virtual machines based on sessions and streaming desktops and applications. Virtual DLP supports Citrix XenApp, Citrix XenDesktop, Microsoft RDS, and VMware View.