There is a popular misconception that corporate data can’t be adequately protected when employees use mobile devices to access it. If that’s true, why did the US HHS Director responsible for the highly restrictive HIPAA regulatory act insist that doctors must be mobile-enabled?
At a 2013 Mobile Device Roundtable, Dr. Farzad Mostashari, then the U.S. Department of Health and Human Services National Coordinator for Health Information Technology said “it’s consumer technology coming into institutional technology, medicine, one of the most conservative bastions for adoption of technology with good reason in many cases, because the stakes are literally life and death.”
It’s all about protecting the Data – Mobile IT Security Awareness
Recently many analysts have been discussing exactly which issues are at the center of the challenge of migrating to an environment in which users can bring any device they choose to connect to the corporate network. Some have suggested that the popular acronym “MDM” which stands for Mobile Device Management should really stand for Mobile DATA Management, because the data is the most important element in the equation.
Left unchecked, mobile users can easily obtain corporate data from the network, bring it onto their mobile device, and then share it publicly in unauthorized ways using their own private communications software, including email, text and others. This may violate not only corporate data security, but also federal and state regulatory compliance!
Whether deploying a mobile workforce, commencing a “Bring Your Own Device” (BYOD) initiative, or simply enabling mobile workers in the field, every device that connects to your network and accesses your customer’s data is a potential open window that can overcome all the security measures your customer has put in place.
Effective Mobile Data Protection
Every company that deploys mobile devices, or for that matter a network of any kind, must have strong information governance that begins with the development of a comprehensive information use policy. Within the sanctity of your own four walls it is very possible to enforce most policies electronically, thereby assuring compliance and resulting effectiveness of security.
There are also ways to protect data accessed by mobile devices, but significant platform decisions must be made in advance, as each strategy requires a pervasive platform deployment from end-to-end.
Containerization
The most obvious approach is to carefully segment personal data stored on a user’s device and corporate data that is accessed and stored on that device. The objective is to keep personal applications from using or transmitting the corporate data in any way. The most popular strategy is called “containerization” and it involves, as the name suggests, creating a separate corporate data “container” and a separate personal data “container” that each exist on the device, but cannot connect to each other in any way. Personal applications on the device can only access the personal data, and corporate apps can only access corporate data.
This approach also facilitates exit strategies as only the corporate data may be removed from a user’s device without harming the personal data. While this is preferable, containerization is a difficult science with many opportunities for sophisticated user’s to achieve breaches.
VDI
Another strategy has been used with great success because it completely avoids transferring any data from the corporate network to the user’s device. This also means that a wider variety of devices may be acceptable for use in a BYOD environment. That strategy is virtual device infrastructure (VDI.).
Virtual Device Interface is a technology that has been serving corporations and their users for over two decades. In this strategy, the actual compute session is taking place on a server in the data center and using all data locally. Only the screen appearance, keystrokes, and “mouse” movements are transmitted between the data center and the user’s mobile device.
This is a very efficient way to achieve high-powered compute on small devices. The device itself runs a very small app so that it can view the actual application in action. In the earliest days, a VDI approach on any small device was clumsy as the large screen appearance could not all be viewed at one time, forcing the user to pan and tilt around the screen to see various elements. More recently many applications feature a “mobile version” or “native app” that can be run on the mobile device across the virtualized connection.
The most important superiority of the mobile VDI approach is that no data ever actually reaches the mobile device. Data is processed on the server in the data center and only results are displayed on the device. The actual data remains in the data center. Even the screen appearances are not stored on the mobile device.
Talk to Synoptek about Mobile Data Security
Both of these strategies protect your high-value corporate data from being accessed by outsiders. Which one is best for you depends upon many factors. Talk to Synoptek today about helping you answer that question and mobilizing your people with confidence.