Mobile Security: How to Protect Information Shared On-the-go    

Regardless if you support BYOD or company-issued devices, there are mobile security steps you can follow to better protect your mobile enterprise today.

29 December 2014


The way we share information is constantly evolving. Our work patterns have seen a significant shift over the years — from working in the office on a computer, to collaborating remotely on our mobile devices.

Increased mobility (and likewise productivity) has helped connect organizations with their colleagues, partners, and customers around the globe. But this improved capability that allows employees to share information freely may also expose organizations’ to significant risks of data loss.

Organizations Less Likely to Control Mobile Devices

In our research completed with the Ponemon Institute, we found that companies are less likely to control mobile devices and laptops. Only 27 percent of information technology and security practitioners surveyed use mobile device management (MDM) to lock down mobile devices or laptops and remotely erase them.

Today, many organizations have embraced the bring your own device (BYOD) approach. Although BYOD is a common policy for many organizations, it is not always a preferred practice, says the Ponemon study. This applies if mobile devices are being used to share business document. Why? Because it’s difficult to effectively manage security at the device level. Fifty-nine percent of respondents prefer devices provided by the organization, as the chart below shows.

Ponemon Institute: Breaking Bad: The Risk of Unsecure File Sharing, Figure 15, Intralinks

Security controls must be as close to the data assets as possible. Company-issued devices may allow for more control over information. But, IT managers should foresee that some of their employees may at some point use a personal device for work purposes.

Manage Mobile Information Sharing

Regardless if you support BYOD or company-issued devices, there are steps you can follow to better secure your mobile enterprise today. As a first step, you can deploy virtual private networks (VPNs), and ask employees to use multi-factor authentication.

Then, for storing and sharing business data, implement a multi-level centralized mobile security application to protect information. Make sure that when information is downloaded on a mobile device, it can be stored in an encrypted location. This will ensure you can prevent unauthorized access to your data. Here are just some of the capabilities your enterprise mobile application should include:

  • Ability to view and control document permissions on your mobile device so you can manage document access rights
  • Capability to prevent saving, copying, or printing of shared documents
  • Device-level PIN codes and the ability to clear corporate data when time-outs are exceeded
  • Application-level encryption through an advanced AES-256 algorithm and multi-layer key management
  • A distinctive 256-bit-length encryption key, with data keys protected by the master key
  • Administrative controls that prohibit access to both the database and the application server — thus blocking access to the master key
  • A proprietary mechanism that prevents making encryption copies, protecting the content on the device
  • Full document tracking and audit compliance
  • A standards-based, single-secret key exchange

If you want to learn more about our solution, and how to secure your data, you can review  our Intralinks Secure Mobile. Besides the capabilities above, organizations should also reevaluate their existing basic security processes. Some steps to take:

  • Create a risk management plan and security policy if you don’t already have one
  • Assess all of your existing applications and protocols so you can prepare to protect them
  • Always remember that access control and monitoring capabilities must be just as strong on your mobile network as it is within your enterprise

Security is a choice.

Meagan Parrish

Meagan Parrish

Meagan Parrish is the Senior Manager of Social Media at Intralinks. She is responsible for social media strategy development and the communications for Intralinks' online communities. Meagan has been creating social media strategies for a variety of companies across verticals for the past several years. She holds Bachelor degrees in Marketing and Finance, with a minor in English Literature.