Welcome to Brown’s Bytes! Your weekly insight from Mobliciti’s CTO Andy Brown. Follow #brownsbytes
1st June 2018
As the world gets to grip with the new GDPR world I thought I would look at something that often surprises me in the world of security and compliance for mobile users.
Since the dawn of the internet the enterprise has looked to control the access to it. For almost as long as there has been an internet connection, there has also been a Proxy Server – this was put in for two very important reasons:
- To control of what users on the internet could access
- To keep a log of activity for investigation later
Most companies have something deployed to do this for a very long time now… probably decades. The controls were accepted as necessary, have worked well and continue to be a part of the overall IT security controls in an Enterprise.
Fast forward to the world of mobile. I keep banging on about how these devices do not live on the corporate network and that they are designed to live on the Internet by default (note – a carrier network is effectively the Internet).
So, companies have now deployed a suite of smartphones and tablets (be that corporately owned or BYOD) that sit alongside the traditional IT world that has been there for decades. It’s no longer a handful of devices, it’s usually a very large percentage of the user base that have access to corporate data on these devices.
So, let’s look at this from a risk perspective:
- Highly sensitive data is shared on mobiles/tablets (email alone ensures this).
- There are lots of them
- They have an unmonitored connection to the internet (i.e. Carrier networks and Wi-Fi).
Multiply that together and you have a HIGH RISK of sensitive data being lost and worse you wouldn’t even know…This is something that perplexes me… Companies see the risk and have put controls in place for the desktop, but they ignore the exact same issue that is faced by mobile users!
This isn’t new, but GDPR is and I really do think that this anomaly between desktop and mobile will not be defendable in the event of a breach.
The good news is we have a range of solutions that can sort this out. Effective security & compliance on ALL endpoints.
Unless you’ve already deployed it, you really do need to get in touch! Don’t say I didn’t warn you!!