VoicePlus Blog

Mobile Endpoint Protection Options

Written by Michael Giffney | 20/06/2019 5:39:45 AM

As the mass of information that is transferred and stored online grows every day, so does the desire of undesirables to access it - resulting in the number of data breaches involving endpoints growing at an alarming rate. So although you may believe your business to be protected, it may be time to look again at the security options available to you.

Information-centric security products focus encryption and authentication of content, as users can be careless and mistakenly sharing data is easily done, especially with BYOD. And while there is not a single method to address all aspects of protection, there is a single problem and a single desired outcome - prevention of data loss.

Where do I start?

When looking to develop a security portfolio, you must understand the different methods of protection and the potential gaps each could leave once implemented. It’s also essential to select products that blend multiple protections to form a multi-layered defence. And lastly, you want a vendor that offers high standards in functionality and performance across these various methods, as well as security orchestration and automation.

All vendors aim to fill as many gaps in the system by adopting as many of the eight protection methods as possible, but which methods does your business need?

The Pros and Cons of protection methods.

Pre-boot OS-level encryption of the physical or virtual device

Pros: Suitable for single user workstations, this method encrypts and protects the system disk and requires a successful login to access the OS.

Cons: Once unlocked, it is vulnerable to typical attack methods.

Postboot OS file system encryption

Pros:Suitable for shared workstations, the OS can be accessed, but specific files are unreadable without login.Makes it easy to update the OS and perform disk maintenance.

Cons:Once unlocked, it is vulnerable to typical attack methods.Selective access restraints can impact usability.

Container

Pros:Suitable for shared systems with multiple users.Files are unreadable without successful login to a protected virtual file system.Protection is independent of the OS and disk and is highly portable.May include DLP features.

Cons:Container apps need to be configured to work in quarantined field spaces.Usability complaints can lead to relaxed policies.

Removable Media Encryption

Pros:Suitable for shared and removable media.Files are encrypted by the OS as copied to external devices.Creates a log of files moved to flash drives.Protection is independent of the OS and disk and is highly portable.DLP-style policies can be added.

Cons:The process is imperfect.Once unlocked filed can’t be tracked.Flash drives are difficult to track.

Data Loss Prevention Controls (DLP)

Pros:Suitable for content-dependant protection.File transfers can be blocked or encrypted based on keywords, user, project or other contexts.Transfer events can be identified and evaluated.

Cons:The process is imperfect and complicated.Usability complaints can lead to relaxed policies.

Content Collaboration Platforms (CCP)

Pros:Suitable for cloud storage services.Files transfers are processed with encryption.May use DLP or DRM - limiting readability to user groups, IDs, and so on.Key control is with the company rather than the vendor.

Cons:The process is imperfect due to variations of cloud services.Key management can be complicated.Usability complaints can lead to relaxed policies.

Source PIM

Pros:Suitable for mobile devices and email and calendars in particular.Uses an API to change encryption, forwarding rights and other aspects of email apps.

Cons:Unpopular with users.Usability complaints can lead to relaxed policies.

Enterprise Digital Rights Management (EDRM)

Pros:Suited for platform-independent, context-dependent protection.Files are given protection policies when created, read and edited.Policies can specify access by company, project etc.Can specify limitations such as blocking ‘save as’, clipboard copying, printing and so on.Creates the tightest possible access control between files and apps.

Cons:It is challenging to scale and apply horizontally.Lack of standards creates operation problems.Can be tricked with backdated system calendars.

©VoicePlus 2019. All rights reserved.