April 21st, 2014
Its great having access to corporate email while my mobile device is offline. If I’m on a plane, or if network access doesn’t work in a particular area, I can still read and reply to my email. But offline access, which is provided via a local database of downloaded email on my phone, can have its risks. If my phone is lost or stolen, all of my email history (whatever period downloaded , Apple Mail defaults to one month) is exposed via this local email.
To reduce this risk, many MDMs offer the ability to wipe lost or stolen mobile phones. But due to slow reporting, the phone may not be wiped for 24-48 hours after the phone is lost. This is the risky period during which the thief can scan the phone for sensitive information. Read the rest of this entry »
April 15th, 2014
ActiveSync is a mobile data synchronization app developed by Microsoft, originally released in 1996. It synchronizes data with handheld devices and desktop computers. Some customers I’ve talked to are not comfortable giving their employees access to corporate resources via ActiveSync, but they do it because they have little or no choice. In fact, some customers have told me that their organization hasn’t yet approved ActiveSync. Mail is the #1 most requested mobile app, and most native iOS mail apps meant for corporate environments connect to Microsoft Exchange using ActiveSync. So some organizations are in a bind. They want to provide their mobile users with access to mail, but they are hesitant to use ActiveSync.
An emerging protocol used to connect to Microsoft Exchange is Exchange Web Services (EWS). Exchange Web Services provides the functionality to enable client applications to communicate with the Exchange server. Read the rest of this entry »
April 14th, 2014
More and more employees are accessing their corporate email and documents from mobile devices – with or without corporate approval. In some cases these devices are company owned, while in other cases the devices might belong to the employee (BYOD). This puts sensitive corporate information increasingly at risk. If an employee loses their phone, or the phone is stolen, there is a high likelihood that some sensitive information may be exposed.
The recent study by Symantec called the Smartphone Honey Stick Project showed that, on average, eight out of 10 finders of lost mobile phones tried to access corporate information, including files clearly marked as “HR Salaries,” “HR Cases”, and other types of corporate information.
Now what happens if one of your employees travels to another part of the world and loses their smartphone? Read the rest of this entry »
April 9th, 2014
In a recent article on DARKReading, John Sawyer looks at how organizations can make classification work. One of the key points he makes is that organizations that involve their employees from the beginning and who focus on user training and awareness are the ones that are most successful in implementing a classification program: Read the rest of this entry »
April 3rd, 2014
Effective April 2, 2014, the new UK Government Security Classifications (GSC) policy replaces the previous Government Protective Marking Scheme (GPMS). The new policy requires the classification of Her Majesty’s Government (HMG) information assets into one of three types: OFFICIAL, SECRET, and TOP SECRET. This classification scheme, simplified from the previous GPMS seven-level classification scheme, will help ensure that government staff, contractors, and service providers can more easily safeguard information.
Read the rest of this entry »
March 25th, 2014
When we’re at various trade shows and events, IT Managers, CIOs and CISOs will often come to us with a similar concern. They can see how involving end users in protecting sensitive information may be a great idea, but they don’t know how they can get several hundred or several thousand employees on board with the idea of classifying information at the desktop. Can it be done? Read the rest of this entry »
March 20th, 2014
Over the next couple of weeks, TITUS is teaming up with analysts from 451 Research to present two webinars aimed at organizations looking for more effective ways to better protect unstructured information such as emails and documents. Read the rest of this entry »
February 14th, 2014
In just over a week, the TITUS team will make the trek from snow-covered Ottawa (yay!!) to the (hopefully) warmer and (fingers-crossed) sunnier San Francisco Bay area for our fourth showing at RSA. We’re pumped, primed, and ready to go! Read the rest of this entry »
January 3rd, 2014
Happy New Year! After a few days of food, fun and festivities, we’re now looking ahead to 2014 and what this year will bring. What better way to kick off the New Year than with a look back at some of the highlights of 2013, and a look forward into the data security trends and predictions for the coming year. Read the rest of this entry »
November 21st, 2013
I’ve noticed a distinct theme throughout a number of different analyst report I’ve recently read - that the protection of information and data assets is a business task which needs guidance from the business unit leaders. Take as an example…
As executives see more and more media coverage of data breaches and security incidents, the inevitable question is: “What are we doing to make sure that doesn’t happen to us?”
Contrary to 2012 when privacy responsibility was shifting to an organization-wide accountability, in 2013 it’s falling more onto the security group within enterprises. [It’s] a matter of concern if more and more enterprises deem the security group fully responsible for privacy and regulations. Ensuring privacy requires a union of technology, policy, and culture, and a harmony between many business units from security to legal to HR to employees.
- Understand the State of Data Security and Privacy: 2013 to 2014 (Forrester)
Read the rest of this entry »