Subscribe
About

Mobile Data Security - 7 Top Tips

Seven Days Technologies offers best practice advice for creating mobile data security policies

By Sean Glansbeek
Johannesburg, 20 Nov 2008

Enterprises have a vested interest and in some instances a legal obligation to effectively protect their data, yet data security today is a moving target. Data has become highly mobile - it`s stored on a multitude of devices and is used in myriad ways. Seven Days Technologies (7DaysTech), a mobile application and data security solution provider, has seven top tips for organisations that are presently navigating their way through the creation of a reliable security policy for mobile data.

Says Sean Glansbeek, MD of 7DaysTech: "Data security is not a static problem. As technology advances, lifestyles - which include the way we work - are changing. Data is today stored and transferred from and to the corporate network, desktop PCs, laptops, notebooks, smartphones, PDAs, USB drives and CDs, and even iPods, MP3 players and digital cameras. Keeping this data secure means organisations must fully understand the data security lifecycle - and steer clear of complacency."

A recent release from Credent, a market leader in mobile data protection solutions whose solutions are represented in Africa and Middle East by 7DaysTech, offers some insight into typical mobile data security pitfalls. "These are challenges that South African organisations would do well to take note of," says Glansbeek.

He notes that the first step is to recognise the four fundamentals of the data security lifecycle. "Organisations need to know where all their company data resides, enforce encryption, stringently manage data security processes and policies so they can prove compliance with legal and governance requirements, and provide security support. The challenging part is, however, to apply the security policy effectively. Credant offers some healthy advice."

Tip One: It`s end-to-end

Don`t fall into the trap of focusing on one device or what appears to be the most obvious target - eg your laptop population. You need to encrypt the data, not just the device. The device is cheap to replace; brand loyalty and customer confidence are much, much harder to restore.

Tip Two: `It`s not my device` is no defence

Today, everyone hooks their own personal devices up to the soft underbelly of the corporate network - often for legitimate reasons. A data protection solution that recognises and accommodates encryption of different types of files - eg iPod, mobile phone - has become essential.

Tip Three: What`s out there?

If you don`t know its there, you can`t protect it. Organisations must be able to detect devices trying to connect to the enterprise and sync up with corporate data. Once identified, these devices can either be blocked or protected.

Tip Four: It has to fit in

Don`t create security backdoors. It`s important to examine any solution`s impact on existing operations. Patch management, for instance, is often done when the user is not present at the machine, which means the technician may use a security override - leaving data vulnerable. A data security solution that includes the ability to uniquely protect individual users` data and separate the role of system administration and security administration is thus essential.

Tip Five: It`s not an option

The underlying theme of data security regulation is that it must be "reasonable and appropriate". You thus can`t leave it up to end-users to make data secure - they don`t have the time or the knowledge. Data security needs to be controlled and managed centrally by qualified IT security staff.

Tip Six: Prove it

It is not good enough to say you`re protected; corporate governance requires you to prove it. By using a solution that includes a central management console, every machine that is protected reports back to say that it has received the latest instruction and confirms that it has been carried out, keeping all the proof centrally.

Tip Seven: At what cost

A solution which protects all devices and can be rolled out and maintained centrally without bringing in and locking down all devices for a period of time, will dramatically reduce total cost of ownership.

Share

Seven Days Technologies

Seven Days Technologies (7DaysTech) is a mobile application and security provider. It custom develops mobile solutions for the enterprise, creates innovative solutions for the broader business market which it delivers through local and international channels, and leverages best of breed technology to support its clients. Its solutions include data security (data encryption and data leakage prevention), mobile middleware software, mobile business applications and professional services. 7DaysTech is the South African distributor of Credant, Dexterra and Vontu solutions. For more information, visit http://www.7daystech.co.za

Editorial contacts

Sean Glansbeek
7 Days Technologies
(+27) 11 807 2480
seang@7daysetch.com