October 04, 2011 — CIO — It's a late night, and you've fired up Facebook on your ACME.com company-owned iPad to post some bad news. "A reduction in workforce is going to happen this week," you type into your update status field and tap the post button.
Instead of this status post, though, another post appears in plain view for all recipients to see:
"The web post you were intended to receive contained content that violated ACME.com confidential data security policy. The content has been removed to protect against data loss. If you have any questions, please contact the person intending to send you this information. Thanks."
Today, Symantec unveiled a data loss prevention solution on the iPad that will do exactly this. Called DLP for Tablets, the system forcibly routs all 3G and Wi-Fi outbound Web and email traffic on the iPad through a virtual private network and detection server. The traffic is monitored and inspected using keywords and other detection technologies.
If a user violates a data-handling policy, the DLP system will trigger an action depending on a company's configuration: block the email or Web post from going out, record the data breach, or notify the user and/or recipients. "People don't know what's confidential data," says Robert Hamilton, senior product marketing manager at Symantec. "If you have a system in place that can remind them... then they're going to start changing their behavior."
DLP for Tablets is the latest entry into Symantec's mobile security suite. This summer, Symantec announced its PGP Viewer for iOS that lets an iPad user receive and view encrypted email over the native Mail app and a sandbox viewer app. DLP for Tablets will be available on the iPad in the first half of next year; support for Android is slated for later in 2012.
But is DLP for Tablets too much of a strong-arm tactic? Symantec claims it is warranted. In its recent State of Security survey of 3,300 global organizations, nearly half of respondents said mobile computing is driving security challenges.
As Apple iOS market share rises, the iOS platform's allure as a target grows, says Jeff Schmidt, CEO of JAS Global Advisors LLC. "Apple's time is coming," Schmidt says, adding that managing human behavior for security reasons is a monumental challenge.
Pity the CIO who stands at the crossroads of corporate data security and employee freedoms. Given the iPad's emergence as a personal and business device, the iPad is a culture shock for IT, says Aaron Freimark, IT director at Apple services firm Tekserve, which helps Fortune 1000 companies adopt the iPad.
ESSENTIAL READING
In-depth information on securing mobile devices and wireless networks. Smartphones, tablets, BYOD - policies, technologies and strategies for protecting corporate data and intellectual property.
What's the most secure smartphone? | BlackBerry vs iOS vs Android
5 policy questions for mobile device security
Bad policy = bad security
5 questions on tablet security
What are the risks, the support requirements, the best security technologies?
Mobile security threats are heating up
Slow firmware updates, poorly vetted apps, and mobile-specific malware mean trouble
How to secure iPads for corporate use
Encrypted email, signed config files, and other techniques
Wireless security basics
Wireless intrusion detection systems
- Five Tips to Consider in a Data Security Strategy for Smartphones and Tablets
- The CISO's Survival Guide to Securing Data
- Data Privacy and Protection in Production Environments: New Research from Ponemon Institute
- FireEye Advanced Threat Protection KnowledgeVault
- Moving Your Email to the Trusted Cloud
- New PCI Tokenization Guidelines with QSA Expert
- #FFSec: Security pros to follow on Twitter, May 25
Follow these names on Twitter. Together, they make cyberspace a more secure place. (copy and paste) - Step right up and listen to the security barker
- Is the title 'security evangelist' really that bad?
More Salted Hash with Bill Brenner
