Mobile Data Security - 7 Top Tips

Enterprises have a vested interest and in some instances a legal obligation to effectively protect their data, yet data security today is a moving target. Data has become highly mobile - it`s stored on a multitude of devices and is used in myriad ways. Seven Days Technologies (7DaysTech), a mobile application and data security solution provider, has seven top tips for organisations that are presently navigating their way through the creation of a reliable security policy for mobile data.

Says Sean Glansbeek, MD of 7DaysTech: "Data security is not a static problem. As technology advances, lifestyles - which include the way we work - are changing. Data is today stored and transferred from and to the corporate network, desktop PCs, laptops, notebooks, smartphones, PDAs, USB drives and CDs, and even iPods, MP3 players and digital cameras. Keeping this data secure means organisations must fully understand the data security lifecycle - and steer clear of complacency."

A recent release from Credent, a market leader in mobile data protection solutions whose solutions are represented in Africa and Middle East by 7DaysTech, offers some insight into typical mobile data security pitfalls. "These are challenges that South African organisations would do well to take note of," says Glansbeek.

He notes that the first step is to recognise the four fundamentals of the data security lifecycle. "Organisations need to know where all their company data resides, enforce encryption, stringently manage data security processes and policies so they can prove compliance with legal and governance requirements, and provide security support. The challenging part is, however, to apply the security policy effectively. Credant offers some healthy advice."

Don`t fall into the trap of focusing on one device or what appears to be the most obvious target - eg your laptop population. You need to encrypt the data, not just the device. The device is cheap to replace; brand loyalty and customer confidence are much, much harder to restore.

Today, everyone hooks their own personal devices up to the soft underbelly of the corporate network - often for legitimate reasons. A data protection solution that recognises and accommodates encryption of different types of files - eg iPod, mobile phone - has become essential.

If you don`t know its there, you can`t protect it. Organisations must be able to detect devices trying to connect to the enterprise and sync up with corporate data. Once identified, these devices can either be blocked or protected.

Don`t create security backdoors. It`s important to examine any solution`s impact on existing operations. Patch management, for instance, is often done when the user is not present at the machine, which means the technician may use a security override - leaving data vulnerable. A data security solution that includes the ability to uniquely protect individual users` data and separate the role of system administration and security administration is thus essential.

The underlying theme of data security regulation is that it must be "reasonable and appropriate". You thus can`t leave it up to end-users to make data secure - they don`t have the time or the knowledge. Data security needs to be controlled and managed centrally by qualified IT security staff.

It is not good enough to say you`re protected; corporate governance requires you to prove it. By using a solution that includes a central management console, every machine that is protected reports back to say that it has received the latest instruction and confirms that it has been carried out, keeping all the proof centrally.

A solution which protects all devices and can be rolled out and maintained centrally without bringing in and locking down all devices for a period of time, will dramatically reduce total cost of ownership.