Consumerization of Corporate IT and Data Loss

Mobile computing devices like smartphones, tablets, netbooks and laptops have more diversified threat profiles due to several factors. As mobile devices are as a rule used outside of protected office networks, conventional perimeter-based security elements cannot be used to monitor and control their communications. As well, by virtue of their physical mobility, smartphones, PDAs and laptops can be lost or stolen more easily. As a result, the data stored on lost or stolen mobile devices can be right away accessible to whoever finds the device.

For mobile devices that run mobile operating systems like Google's Android or Apple's iOS, there are some other issues that broaden their threat profile. First, average users of Android and iOS-based mobile devices tend to install more third-party applications than those of Windows-based computers. The more third-party apps used on a mobile device, the more chances that one of them is malicious or has security vulnerabilities due to its poor design, which can result in easy hacking and data loss.

In addition, data leaks can be initiated by users with malicious intent who copy sensitive information from their PCs to flash memory, cameras, and all other types of portable storage. To successfully withstand and fight these new threats, organizations should purposely redesign their IT security solutions after a fashion to cover use scenarios and threat vectors inherent to the BYOD computing and communications context. During these threats can elude conventional network security solutions and native Windows controls, a complimentary endpoint data leak protection research can help enforce data protection policies.

DLP starts with contextual control to block or allow data flows by recognizing the user, the data types, the interface, the device or network protocol, the flow direction, the state of encryption, the date and time, etc. Some scenarios call for a deeper level of awareness than context alone can provide; for instance, when the data being handled contains personally identifiable information, when the input/output channel is conventionally open and uncontrolled, and when the users involved have situations or backgrounds considered high risk.

Aside from removable media, data leaks can as well occur from user emails, instant messaging, web forms, cloud-based storage, Wi-Fi, Bluetooth or VoIP (Voice over Internet Protocol) sessions. With DLP controls, security administrators can gain greater peace of mind by passing data flows that fall into any of these categories through an additional content analysis and filtering step previously allowing the data transfer to complete.

As DLP innovation continues to advance, organizations are able to better understand the effectiveness of content-aware DLP elements as so then as the context DLP controls across all of the layers and channels of the computer. When considering the deployment of endpoint DLP solutions, organizations should make certain that the controls of the solutions they're evaluating cover all possible data leak scenarios presented by this new BYOD threat profile.

Vincent M. Schiavo joined DeviceLock as Chief Executive Officer in September 2011. A veteran of the computer industry for more than 30 years, most recently Mr. Schiavo served as the Executive Vice President of Worldwide Sales for LogLogic, a San Jose based security information and event management provider. Prior to LogLogic, he was the Senior Vice President of Worldwide Sales and Marketing for Secure Computing, a San Jose based web information security company which was acquired by McAfee in 2008.