As the workforce becomes more mobile, enterprises wishing to facilitate a productive mobile workforce need to ensure that their workers have access to information. This means that mobile users must download and share information that could be detrimental to the organization if it is acquired by an outside agent. Yet, almost weekly we hear of another major breach of an organization’s central security perimeter. If the central data vault can be compromised, it raises the question: how safe is your data on mobile devices?
Mobile devices share information over public networks and they make it easy for users to share information with public cloud storage services. Worse still, they are easily lost or stolen. It makes a lot of sense, then, to leverage a tool like Microsoft Rights Management Services (RMS) to encrypt your most sensitive data—especially when it is shared with mobile users.
However, mobile access to RMS protected data can be a real challenge if your workers don’t use a Windows phone. Somehow administrators must find a way to enable the consumption of RMS protected email and documents for iOS and Android users.
The first—and seemingly the best option—would be to turn to the creators of RMS and download the latest release of the Microsoft RMS Sharing App. This app will allow you to apply RMS protection to files before you share them and consume RMS protected files right on the device. Perfect!
Well, almost. The Microsoft RMS Sharing App has limitations. The first is that it can only access text, PDF and image files, as well as files that have been generically protected in the .pfile format. As a consequence, RMS Sharing App users will not be able to view protected email or Microsoft Office documents. In addition, the app is only able to protect photos and other image files from the device. Clearly, the Microsoft Sharing App does not provide enough flexibility for a productive iOS or Android mobile worker.
Another solution is to use the ActiveSync protocol to allow your mobile workers access to RMS protected information. This is a server-side solution where RMS protected messages are identified and decrypted before they are sent to the mobile device. This solution will only keep data secure, however, if three conditions are met: 1) the connection to the device is secured via SSL, 2) that the app receiving the message encrypts all locally stored data, and 3) that the app enforces the policies inherent in the RMS template.
From a user’s perspective, this is a great solution as the authentication and decryption is invisible. Yet there are substantial weaknesses. The first, and most obvious, is that data shared in this manner is no longer persistently protected by RMS. It has to rely on the encryption used by the app and trust that the app can enforce the associated protection policies, such as preventing forwarding or printing. The second problem with using the ActiveSync protocol is that it can only decrypt the email itself. Attachments – if they were encrypted before they were attached – will not be decrypted and will therefore remain inaccessible to the mobile user. Finally, the ActiveSync option does not allow for cross-domain sharing of RMS protected files.
It’s time to stop fussing with half solutions. Data that is important enough to protect with an RMS template should not be exposed before it is sent to a mobile device and then made to rely on third party encryption and rights enforcement. Your iOS and Android users need productivity apps that provide desktop-like RMS support for email and documents directly on the mobile device.
TITUS Classification for Mobile brings the true RMS experience to iOS and Android devices. TITUS Classification for Mobile users can consume RMS protected email and any RMS protected attachments within the TITUS apps, just as they would on the desktop. Moreover, TITUS users can also protect any file type before they share it via email or Cloud storage services such as Dropbox. Because TITUS employs the RMS 4.1 SDK it is also possible to share information across domains. For instance, an Android Phone user could protect and send an email using his Azure RMS credentials to a partner at another company who could then use her AD RMS credentials to access the email from her iPad.
In addition to RMS support, the TITUS apps also employ file classification to enable the enforcement of fine-grained security policies, such as preventing mobile access to the most sensitive information, restricting document sharing via private email accounts, and stopping sensitive email from being sent to unauthorized recipients.
TITUS Classification for Mobile is the only choice for organizations that are serious about mobile data protection. So why wait?