Though it hasn’t quite broken the traditional security paradigm, mobility’s done a decent enough job warping it out of shape. Today’s security teams have to defend against far more than the odd intrusion attack or malicious app. Security perimeters have dissolved, and threat surfaces have broadened significantly.
This means that in today’s landscape, there are multiple levels at which your organization can be compromised – you need to layer defense at each one.
Written by Dan Auker, Director of Product Management, Enterprise Software, BlackBerry
1) Network Level – Borders have their Limitations
Network-level security comprises mostly everything on the ‘traditional’ security front – firewalls, authentication, and network encryption, to name a few. These tools are still essential to securing your enterprise; new threats such as spearphishing attacks and unsecure file sharing don’t negate old-fashioned ones like traffic flooding or buffer overflows.
At the same time, network controls on their own aren’t sufficient. A firewall may keep an attacker out, but it can’t protect files outside its perimeter. Encryption may protect network communications from intrusion, but it doesn’t stop a careless employee from forwarding an email to someone who shouldn’t be reading it.
2) Device Level – Attackable and Hackable
In addition to network-level security, device-level security is one layer that most security teams already cover. Passwords, full-drive encryption, and device containers are all incorporated into most user devices to one degree or another. Microsoft’s BitLocker, for example, allows the user to harden an entire drive against intrusion, while Samsung KNOX allows the creation of a separate work and personal profile, walling corporate data off from private.
As with network-level controls, device security is necessary, but it also shouldn’t be your only line of defense. Hard disk encryption can be broken, passwords and PINs can be cracked. And device-level controls aren’t always reliable, either – they vary by device and manufacturer.
3) Application Level – Containers Are Important
Malware aside, unsecure applications represent a significant risk for businesses, particularly those with burgeoning mobile initiatives. Data leakage remains a consistent threat, with 46.2% of apps on iOS and 86.7% of apps on Android exhibiting privacy-invasive behaviors, and user privacy is an ever-growing concern.
By locking down your business-critical apps with a device-independent containerization tool like that used in the Good Secure EMM Suites, you can keep your organization’s data safe from bad apps and physical theft.
4) File Level – Your Last Line of Defense
Finally, we’ve got security controls at the file-level – and here’s where WatchDox comes in. Even if an attacker somehow manages to crack a device or make it into your network; even if a negligent employee shares documents with someone they shouldn’t, file security represents a second layer of defense. It ensures that even if your critical files leave the firewall and wind up in the hands of a third party, you never lose control of them.
It achieves this in several key ways:
- Files are protected by end-to-end encryption at-rest, in-transit, on-server, or on-device.
- Through WatchDox’s digital rights management, administrators have control over whether a user can access, view, edit, copy, print, download, or forward a sensitive file. Permissions can be changed at any time.
- With Email Protector, email attachments sent through your server can automatically be wrapped in WatchDox’s DRM, protecting against both accidental and malicious sharing via email.
- Customized watermarks, timed expiration, and file tracking deter bad actors within your organization.
- A spotlight viewer which blurs the screen everywhere but the mouse pointer protects against theft via screen capturing.
- WatchDox’s Content Connectors integrate with the majority of leading file repositories, allowing you to extend its protections to existing infrastructure without significant cost.
Encryption can be broken – and if encryption’s all you rely on, if you’ve no secondary protections, that means your data is at risk. With a multi-tiered approach to security, you can protect yourself at every layer. You can encrypt the hard drive and network communications, place apps within the secure Good container, and place files within WatchDox.
Attention Salesforce users: secure document collaboration has arrived with the new WatchDox app. Get it here. Or want to learn more about what WatchDox can do for you? Check out our webinar, WatchDox by BlackBerry: Industry Use Cases for EFSS or download the Forrester Wave report naming us a Leader in EFSS. You can also visit the official WatchDox page or view our WatchDox product demo for further information.