Mobile Encryption: driving productivity, enforcing security
Andres Kohn, vice president of technology at Proofpoint
If smartphones are to be as powerful as PCs, shouldn't they be as secure? Andres Kohn, vice president of technology at Proofpoint, looks at the growth of devices and how mobile encryption could be one solution.
While remote working was fairly uncommon a few years ago and was thought by some to be inefficient, it is fast becoming the norm.
The adoption of mobile working shows no sign of slowing down, with 60 per cent of global workers believing that being in the office is no longer synonymous with being productive. It is predicted that the number of mobile workers in Western Europe will top 129.5 million by 2013, which is approximately 50.3 per cent of the total workforce.
Remote workers are increasingly accessing data from a number of mobile devices, whether it is tablets, smartphones or PCs and laptops, and CIOs are now tasked with enabling employees with the tools required to be productive, while still keeping company data secure.
The traditional ‘lock-down' approach is no longer viable, as highlighted by IDC's Nicholas McQuire: “The more the CIO says no to mobility, the less secure the organisation becomes.”
As more devices are introduced, some of which are not company issued and supported, the potential for data leakage is greater than ever before. However, mobile encryption enables companies to offer employees flexibility and choice while still maintaining stringent levels of security.
By 2014, 70 per cent of the workforce will connect to the enterprise with mobile devices and this highlights the need for enterprises to deploy mobile encryption solutions. Without it, they could suffer significantly as a result of the penalties imposed on them, both financially and in terms of reputation.
Two options are available to CIOs when choosing encryption options: in flight and at rest encryption. In flight encryption means that data is encrypted while it travels and is decrypted when it arrives at its final destination, while at rest encryption means that data is physically stored in encrypted form so keys are always necessary to decrypt this data.
When sensitive data is detected, it is blocked or encrypted. Blocking data is ineffective as it delays or prevents users from accessing it and this will often result in users choosing not to encrypt sensitive data in the interests of time.
Also, encrypting all sensitive data can be expensive, inefficient and in many cases unnecessary. It consumes resources, slows network performance and makes data harder to find. Solutions offering automatic policy detection and encryption are ideal, as in that case only sensitive data is encrypted and worker productivity is not impeded.
Non-private data remains readily accessible to users and the end result is better security, optimal network performance, minimal impact on the daily work of employees and lower costs.
The number of mobile workers will top one billion by the end of 2011, and by 2013 smartphones will overtake PCs as the most common web access device globally. With this shift in focus from computers to smartphones, the importance of mobile encryption becomes increasingly important.
If workers are regularly accessing sensitive data on smartphones then they simply cannot afford to run the risk of leaving the data unencrypted in case the phone gets into the wrong hands.