With high profile security breaches such as the iCloud1 and Sony hacks2 hitting the headlines last year, the concern for the security of our own personal information and sensitive data continues to mount as we await the next high profile attack.
The expectations levied on corporate IT security as a result of these breaches are burgeoning, along with the diversification of employee devices, and the increase in remote and flexible working. Employees are routinely bringing their own phones and tablets to work, or accessing servers remotely on their personal computers and laptops, at home, or on the move. While this may be convenient, and improve employee productivity, this practice puts corporate intellectual property at risk of a breach. Ensuring the security of information is paramount, and data should be encrypted wherever it resides.
Encryption is Key
Data encryption is no new phenomenon and is considered one of the most effective means of ensuring data security. Access to encrypted files requires a key or password that enables you to decrypt it by restoring it to its original form. Whilst most data transmitted over a network is sent in clear text, by incorporating encryption algorithms, users can protect data and make sure that only the intended recipient can decode and read the information.
Although there are many variants of encryption formats and techniques, they all serve the same purpose: to keep our data protected and secure. Storing any sensitive information is inherently risky, but in order to do this effectively, action must be taken to reduce the risks of inappropriate disclosure.
While most corporate networks have extensive data controls in place, these controls don’t necessarily extend across mobile devices which are often lost or stolen. In fact, shortly after the data breach on the iCloud Apple increased security levels with the introduction of default encryption on the latest version of Apple’s operating system, demonstrating the importance of encryption as a safeguard to protect data.3
Given that a large amount of data can be stored on USB’s, smartphones and tablets, there is a real danger that personal information could be compromised should such a device end up in the wrong hands.
Security not Optional
The problem is that users want devices that are easy to manage, hassle-free and allow them to go about their lives securely. Measures such as optional encryption do not fit into this lifestyle. Users will not hunt down new security features, either because they don’t know they need them, or perhaps think they already have them.
Mobile devices must give users the facility to secure personal and business data. Manufacturers and employers need to provide encrypted tools for protecting a user’s intellectual property. Being able to manage and track this encrypted data, knowing who’s accessed it, from which location, and on what devices the information resides is also essential, as is the ability to remotely lock-down or wipe the device if data security is compromised.
Whether your data is in transit, or at rest, encryption is absolutely key to safeguarding confidential company information. Whether you use strong authentication or hardware encryption will very much depend on your organisation. You need to be able to manage encrypted devices in order to ensure that if there any concerns that data integrity has been compromised it is possible to remotely wipe the device. Built-in encryption, such as an encrypted, IT-managed USB drive, offers one way to solve security of data on the move.
Encryption is a valuable and essential tool for securing your data, users should not be given the opportunity to be unprotected; security needs to be a default – not an option.
About the Author:
Written by Sven Radavics, General Manager – Asia Pacific, Imation Mobile Security