More and more employees are accessing their corporate email and documents from mobile devices – with or without corporate approval. In some cases these devices are company owned, while in other cases the devices might belong to the employee (BYOD). This puts sensitive corporate information increasingly at risk. If an employee loses their phone, or the phone is stolen, there is a high likelihood that some sensitive information may be exposed.
The recent study by Symantec called the Smartphone Honey Stick Project showed that, on average, eight out of 10 finders of lost mobile phones tried to access corporate information, including files clearly marked as “HR Salaries,” “HR Cases”, and other types of corporate information.
Now what happens if one of your employees travels to another part of the world and loses their smartphone? Should you be more or less concerned than if the employee lost the phone in your home country? That might depend on what type of information is on the phone. If you are a government employee (Department of State, for example), you may have information on the phone you wouldn’t want people in other countries to read. If you’re an employee of an aerospace company visiting China and you lose your device, would you have greater concerns about losing valuable intellectual property? Probably.
MDM solutions do a good job of protecting the phone, but are not as good as securing certain data in apps. The number one source of sensitive information on mobile devices is email. With the combination of messages and attachments that are received via email, that is where much of the risk resides.
Today most iOS or Android smartphones are equipped with location-based services. Via cell towers or built in GPS, the phone can provide services such as maps, focused social media, restaurant recommendations and much more. This location service can also enable geo-fencing. What is geofencing? According to Wikipedia…
A geo-fence could be dynamically generated—as in a radius around a store or point location. Or a geo-fence can be a predefined set of boundaries, like school attendance zones or neighborhood boundaries. When the location-aware device of a location-based service (LBS) user enters or exits a geo-fence, the device receives a generated notification. This notification might contain information about the location of the device. The geo-fence notice might be sent to a mobile telephone or an email account. Geo-fencing, for example used with child location services, can notify parents if a child leaves a designated area.
Geo-fencing has interesting security applications. Organizations can use geo-fences to define safe or unsafe areas for mobile communication. If the geo-fence defines an unsafe area, communication inside these areas may be limited or completely prevented for security reasons.
TITUS has applied geo-fencing to mobile email. Because email contains the most sensitive data, it makes sense for security or compliance reasons to limit what users can do with mobile email when they are within a potentially unsafe geo-fence. TITUS Mail implements geo-fencing policies. The administrator can define areas where mobile email use is not considered safe. In these unsafe areas, TITUS Mail automatically deletes any email stored on the mobile device, and will also limit the use of email. So if the device is lost within that area, no sensitive email will be found on the phone. When the user leaves the unsafe area, their email is again available for use.
Military or government employees travelling to foreign countries; aerospace companies that must comply with ITAR regulations; or companies that have valuable intellectual property that could be lost when they are travelling to other parts of the world (such as China) would all find this capability incredibly valuable.
Are there other scenarios for email geo-fencing? Or other requirements you want to communicate to TITUS? We’d love to hear from you.