The well-publicized cases of information leakage in recent news articles have brought to light the risks of the borderless enterprise.
Increasing concerns about the threat that remote workers can pose to network security has prompted many organizations to lock down their systems and enforce strict compliance with remote access security policies.
However, traditional remote access security features only safeguard data in transit but fail to address how the data is used once it safely arrives on a machine. For example, sensitive data that is displayed on a remote machine can still be exploited if the copy-and-paste and print-screen functions are enabled.
Recent headlines about thefts of company laptops from UC Berkeley and the San Jose Medical Group underscore the need for organizations to be more diligent in setting and enforcing security policies that protect sensitive information on mobile devices. The problem becomes even more acute as enterprises enable access to corporate applications and data from unmanaged devices – those devices used by business partners, suppliers, or by employees accessing the network from home PCs.
Analysts estimate that unmanaged devices now represent nearly 50 percent of all devices with access to corporate applications. With 70 percent of data theft being physical theft – from laptops to hard drives and mobile storage devices, saving sensitive information to a mobile device becomes a threat itself. Companies must set policies to define who can access what corporate information from which device and what the user is allowed to do with that data once it arrives at the endpoint.
A combination of policy, technology enforcement and continuing education make up a solid program for securing remote access. This article will discuss best practices and outline the steps to safeguarding corporate data accessed by business partners, customers and mobile workers.
* Set strict policies - Identify data assets, labeling data access or information nugget, put on scale of 1-10 in terms of sensitivity, determine who has access, and where they are able to have access from what devices.
* Employ session-based access –provide "zero touch" connectivity to applications so no trace of information is left behind on a machine once a session has ended.
* Control use of data – Establish control over what a user can/can't do with data (block file save, clipboard, cut-and-paste, and print operations)
* Implement unified management framework – Avoid the complexities and inherent security risks involved with ad hoc device management
* Audit – Keep a trail of sensitive information. Who has printed, mailed outside the company. Classify each piece. Assess damages. Keep track of who has looked at these pages. Assess risk.
The author is VP of Product Management at Permeo Technologies