1. /
  2. Confident Insights Newsletter/
  3. Are You Protecting the Confidential Data on Your Organization’s iPads?

Are You Protecting the Confidential Data on Your Organization’s iPads?

January 19, 2012

Summary

iPad users with access to sensitive information don’t have to represent a security vulnerability. Here’s what you need to do.
If you’ve ever wondered what’s fueling all the talk about the “consumerization of IT,” look no further than the Apple iPad.
Initially thought of as a purely personal device, Apple’s tablet computer in no time was being deployed by organizations for business purposes. According to a report by Datamation, the iPad managed to penetrate 50% of Fortune 100 companies within just 90 days of its April 2010 debut.¹
What started out as the latest executive device fad soon morphed into a mighty wave of new applications and use cases. Health care professionals tapped the iPad for emergency services. Financial services firms began issuing tablet applications for account management and customer services. Retailers rolled out iPads for point-of-sale promotions and rapid check-out.
Despite the overwhelming popularity and demonstrable value of the iPad, CISOs continue to view this device with some skepticism. That’s hardly surprising. As security expert Jon Oltsik has observed:
"Tablets and mobile devices are hyper-connected devices able to receive and send information with a finger swipe. Users can send and receive email from corporate and personal accounts, upload information to cloud services, and send files to social networking sites. When the device is populated with sensitive corporate data, it only takes one careless action to leak valuable information via any of these channels."²
Continue reading to learn how iPad users with access to sensitive information don’t have to represent a security vulnerability for your organization.

The drivers of security are changing

As the market continues to be saturated with tablets and other mobile devices, it’s to be expected that concerns over corporate cybersecurity are increasing. According to the latest Symantec State of Security Survey, IT executives say security is the leading business risk they face today, ahead of traditional crime, natural disasters, and terrorism. What are the top challenges to providing cybersecurity? The executives ranked them as follows: mobile computing, social media, and the consumerization of IT.
In fact, of those surveyed, nearly half (47%) said mobile computing was making it more difficult to provide online security.
In this new and rapidly evolving environment, IT administrators need to protect their infrastructure by securing all of their endpoints—including the growing number of mobile devices—along with messaging and Web environments. Symantec believes that a Data Loss Prevention (DLP) solution best protects an organization against inadvertent or malicious loss of data by monitoring outbound email and Web communications.
Such a content-aware solution needs to give users access to their applications and data from their tablets without restricting their productivity or putting sensitive data at risk. In addition, such a solution needs to:
  • Enforce acceptable use policies
  • Protect across common data breach channels
  • Leverage network DLP deployments
  • Offer security and business flexibility

A DLP solution designed specifically for the iPad

Symantec, which provides what Gartner has called "the highest-rated enterprise DLP solution in terms of vision and execution,"³ recently extended its DLP footprint with Data Loss Prevention for Tablets.
Based on the same technologies used by the Symantec Data Loss Prevention Suite, Data Loss Prevention for Tablets monitors outbound email and Web postings made by iPad users to ensure that confidential data doesn’t leave the iPad. If an incident is detected, automated responses include blocking the communication completely, selectively removing the sensitive information, and notifying the user about what was done wrong. In addition to educating employees about the importance of handling confidential information, these automated, real-time notifications can reduce the workload of the incident response team.
Specifically, Data Loss Prevention for Tablets:
  • Monitors messages and attachments sent over Microsoft Exchange ActiveSync
  • Monitors messages and attachments sent from Web mail such as Gmail, Yahoo! Mail, and others
  • Monitors Web uploads and postings to sites such as Dropbox, Twitter, and Facebook
  • Strips sensitive data from Web posts
The solution works by routing iPad network communications through a VPN to the Data Loss Prevention for Tablets server for analysis. Outbound iPad email and Web postings are analyzed against policies that are managed by the Symantec Data Loss Prevention Enforce Platform, the Web-based console included with Data Loss Prevention for Tablets and used across the Data Loss Prevention Suite.
Data Loss Prevention for Tablets is the latest addition to Symantec’s portfolio of DLP, Mobile Management, and encryption solutions. Symantec Mobile Management provides agent-less application deployment and updates, monitors mobile device health, and manages and secures mobile devices throughout their lifecycle (including remote wipe). The recently announced Symantec PGP Viewer for iOS enables employees of organizations with Symantec PGP Universal Server in place to read encrypted messages on their Apple iOS devices, including the iPad, the iPhone, and the iTouch. PGP Viewer for iOS is an Apple iOS application that will be available for download from the Apple App Store.

Conclusion

While CISOs and security professionals want to be seen as business enablers who embrace the newest productivity devices, they must first ensure that the confidential data on these devices is protected. The extension of DLP capabilities to the latest corporate endpoint, the iPad, can help them satisfy both sides of the equation.
  • ¹ "How the iPad Conquered the Enterprise," Datamation, July 29, 2011
  • ² "DLP for Tablets: An Intelligent Security Decision," Jon Oltsik, Enterprise Strategy Group, November 2011
  • ³ "Magic Quadrant for Content-Aware Data Loss Prevention," Gartner Inc., August 2011

Back to Newsletter