Though it hasn’t quite broken the traditional security paradigm, mobility’s done a decent enough job warping it out of shape. Today’s security teams have to defend against far more than the odd intrusion attack or malicious app. Security perimeters have dissolved, and threat surfaces have broadened significantly.
This means that in today’s landscape, there are multiple levels at which your organization can be compromised – you need to layer defense at each one.
1) Network Level – Borders have their Limitations
Network-level security comprises mostly everything on the ‘traditional’ security front – firewalls, authentication, and network encryption, to name a few. These tools are still essential to securing your enterprise; new threats such as spearphishing attacks and unsecure file sharing don’t negate old-fashioned ones like traffic flooding or buffer overflows.
At the same time, network controls on their own aren’t sufficient. A firewall may keep an attacker out, but it can’t protect files outside its perimeter. Encryption may protect network communications from intrusion, but it doesn’t stop a careless employee from forwarding an email to someone who shouldn’t be reading it.
2) Device Level – Attackable and Hackable
In addition to network-level security, device-level security is one layer that most security teams already cover. Passwords, full-drive encryption, and device containers are all incorporated into most user devices to one degree or another. Microsoft’s BitLocker, for example, allows the user to harden an entire drive against intrusion, while Samsung KNOX allows the creation of a separate work and personal profile, walling corporate data off from private.
As with network-level controls, device security is necessary, but it also shouldn’t be your only line of defense. Hard disk encryption can be broken, passwords and PINs can be cracked. And device-level controls aren’t always reliable, either – they vary by device and manufacturer.
Finally, we’ve got security controls at the file-level – and here’s where BlackBerry Workspaces, formerly known as WatchDox, comes in. Even if an attacker somehow manages to crack a device or make it into your network; even if a negligent employee shares documents with someone they shouldn’t, file security represents a second layer of defense. It ensures that even if your critical files leave the firewall and wind up in the hands of a third party, you never lose control of them.
It achieves this in several key ways:
Files are protected by end-to-end encryption at-rest, in-transit, on-server, or on-device.
Through BlackBerry Workspaces’ digital rights management, administrators have control over whether a user can access, view, edit, copy, print, download, or forward a sensitive file. Permissions can be changed at any time.
With Email Protector, email attachments sent through your server can automatically be wrapped in BlackBerry Workspaces’ DRM, protecting against both accidental and malicious sharing via email.
Customized watermarks, timed expiration, and file tracking deter bad actors within your organization.
A spotlight viewer which blurs the screen everywhere but the mouse pointer protects against theft via screen capturing.
Encryption can be broken – and if encryption’s all you rely on, if you’ve no secondary protections, that means your data is at risk. With a multi-tiered approach to security, you can protect yourself at every layer. You can encrypt the hard drive and network communications, place apps within the secure Good container, and place files within BlackBerry Workspaces.