Sencha Inc. | HTML5 Apps

Blog

Addressing Mobile Data Security (Part 2)

February 27, 2014 | Nick Harlow

In Part 1 of this series, we explored how the increasing cost of data breaches coupled with the risk of increased mobility poses formidable challenges for IT-based organizations. The post discussed how MDM/MAM solutions can help to provide a basic level of protection, but fall short in certain key areas. In particular, MDM and MAM solutions do a poor job of providing application-level security unless organizations choose to rebuild or recode their applications. Organizations should complement their MDM/MAM deployments with solutions that use strong encryption and digital signatures to protect their sensitive data.

Using strong encryption and digital signatures can add another layer of protection if a mobile device containing sensitive data is lost or stolen. MDM/MAM solutions typically provide remote wipe of the device in the event of loss or theft. However, because this feature works at the device level, it erases all data on the device, including the end user’s personal data. This lack of granularity in MDM solutions is often cited as a barrier to end user adoption of corporate BYOD programs.

An ideal solution instead would be to manage cryptographic data security, maintain separation between personal and professional data, and constrain the scope of the remote wipe capability to the organization’s proprietary data, leaving the end user’s personal data untouched.”

An ideal solution instead would be to manage cryptographic data security, maintain separation between personal and professional data, and constrain the scope of the remote wipe capability to the organization’s proprietary data, leaving the end user’s personal data untouched. In addition, this approach would potentially address the privacy concerns many users have about turning their personal devices over to the control of their employer’s IT department.

Another growing threat to mobile data security is the explosion in mobile malware and network-borne threats. These are additional threats, under which MDM solutions fall short. Because an MDM solution works at the device level, if mobile malware manages to get on the device, it can access and exfiltrate proprietary data on the device. If the device is connected via a device-wide IPSec VPN to data center assets, the malware could potentially spread or gain access to data center resources as well. If the data were secured using fine-grained encryption (i.e. each data chunk encrypted with its own unique, long encryption key) then a malware data thief would have a very difficult time recovering anything useful in a timely manner.

Similarly, if a user connects to the internet via an insecure WiFi hotspot, all proprietary data should be encrypted on the wire or face the risk of a man-in-the-middle attacker gaining unauthorized access to sensitive data. An application level VPN can help to protect data-in-motion from this sort of threat. Unlike the device-wide VPN policy, an MDM solution can manage the application-level VPN and prevent other applications on the device from accessing intranet resources.

Managing devices can provide a minimum baseline for security compliance. However, organizations should focus instead on deep security of their applications and data itself, regardless of whether it resides on IT-issued or user-owned devices. This data-centric approach is especially important in scenarios where non-employee collaborators such as partners, contractors, and consultants require access to sensitive data.

In these scenarios, MDM/MAM solutions are particularly ineffective because IT cannot realistically mandate these external entities to subscribe to their particular MDM/MAM policies and applications. By combining encrypted storage with encrypted transmission at the application layer, an organization can help to ensure that their data is managed and as safe as possible from potential security threats. The solution should provide these benefits even when authorized business collaborators, such as partners and contractors, who are not subject to corporate IT policies access the data.

To learn more about how Sencha solutions can help to address mobile data security challenges, please click here.

There are 2 responses. Add yours.

Tom

7 months ago

Hi, the Japanese translation of this blog is here: http://www.xenophy.com/sencha-blog/10706

Link to the Japan Sencha User Group: http://www.meetup.com/Japan-Sencha-User-Group/

Managed Services

6 months ago

Hi the information on this blog is just amazing it keeps me coming back time and time again ,personally i met my wife using this site so i couldnt like it any more i have done my best to promote this blog as i know that others need to read this thing ,Thanks for all your effort spent in making this fabulous resource ! ok,nice one

Comments are Gravatar enabled. Your email address will not be shown.

Commenting is not available in this channel entry.