Loading...


by Tim Upton

The ramifications and awareness of corporations getting access to and using personal data came to the forefront recently with the news that personal data of 50 million Facebook users was used to influence various political processes in the UK and US.

No doubt the leaders at Facebook wish they took a different approach to protecting data. At the same time, users likely wish they took more caution and control with the information they shared.

The reality is most regulations come about as a result of some unanticipated consequence. We have tools that allow us to easily collect, distill, and use data to inform our business practices. But awareness of these tactics has built up among consumers and they’re understandably concerned about how their personal information and data about their habits and activities are being used.

According to PwC’s 2017 Consumer Intelligence Series report, 25% of consumers believe most companies handle their sensitive personal data responsibly. What’s worse is that only 10% of consumers feel like they have complete control over their personal information. This awareness and concern have only grown as the size and frequency of data breaches increase.

So, how do you protect data?

Organizations are accustomed to using data without prescriptive rules, but new regulations are forcing them to make changes. While it’s not the first compliance regulation out there, the EU’s General Data Protection Regulation (GDPR) is the one that’s forcing organizations to wake up to how they’re handling data. After all, with potential fines of the larger amount – €20 million, or up to 4% of the previous fiscal year’s worldwide turnover – there’s a lot at stake for businesses.

Some organizations are looking at GDPR as a checkbox exercise, making sure they meet the requirements and then going back to regularly scheduled activities. It’s good to know you’ve done what’s required to be compliant, but what if there was a better way?

Treat GDPR as an opportunity to differentiate your business

We all know GDPR isn’t the last word on data compliance. It’s only a matter of time before a new compliance regulation comes along in a new country with even more restrictive rules. Can any organization really afford to stay in a position of constantly catching up?

Instead, why not build a security mindset in your organization by educating employees, helping them stay vigilant about the data around them, and the need to protect it? Doing this distributes the responsibility and accountability for keeping data secure across your entire organization, making it easier to be successful. It makes the security of all types of data – physical and digital – part of everyday work.

After all, if business leaders can get ahead of compliance regulations, it’s an opportunity to build lasting trust with customers by targeting a higher standard for data protection.

Data protection: People and tools are the drivers

Establishing a culture of security empowers individuals at all levels. When they understand the kinds of data being used throughout the organization and the expectations of how each type of data should be handled, they can help make proper data identification.

Data classification tools make identifying data easier by applying markings and triggering policies for how data can be accessed by internal and external users.

The best part of these tools? They make it easier to know what data you have. Because you can’t adequately protect data if you don’t know you have it.

Don’t just check the boxes on GDPR compliance

Technological advancements have accelerated our ability to generate, collect and use large amounts of data. And lawmakers are taking action in response to the demands of consumers. Regulations like GDPR make protecting it essential, just like you lock up the office at the end of the day to secure equipment and other physical assets. Data is a significant asset for organizations. It’s time to start acting like it because there’s a lot more than fines at stake.

Tim Upton is the CEO and one of the founders of TITUS. Tim has an extensive background as a technology consultant in the security and large infrastructure spaces that helps inform company direction.

The post GDPR isn’t a checkbox exercise, it’s an opportunity to differentiate appeared first on Talking Data Security and Compliance.

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

by Farhan Ahmed

Ever since I can remember, I’ve been curious about the impact technology has on people. And I’ve always wondered, “What’s next?” This curiosity and interest inspired me to pursue a degree in computer engineering at Western University. I realized something else during the course of my studies: I want to help others see what’s possible with technology. For example, I developed a computer science curriculum for kids aged 9-15. I taught HTML, Scratch, Python and we worked with Lego MINDSTORM Robots.

Learning at the drop of a hack

I’ve also been encouraged to step outside my comfort zone to push the boundaries of my own learning. So, I started attending hackathons. And let me tell you, I’ve gained so much experience from these events that have helped my studies and my time as a co-op student at TITUS. I was asked to share my experience with hackathons here on the TITUS blog, so I want to take this opportunity to pass along some key lessons I’ve learned.

Get a view of the big picture

When you’re working on an idea during a hackathon, you get a glimpse of the full product cycle. You pitch the idea knowing the importance and value it adds to solving a problem and how it’s going to be used. As developers, we need to see things through the eyes of actual users because that perspective helps us understand how our solutions work.

I honestly can’t describe the feeling of pride and the sense of accomplishment when you get to see the final product of your hack. You get to reflect on what you’re capable of learning and the boundaries you’ve surpassed.

Approach problems from new angles and learn new skills

I recently attended a hackathon in London, Ontario, which was hosted by Major League Hacking. The challenge my team wanted to solve was to provide better photodynamic light therapy for skin cancer patients. Currently, photodynamic light therapy uses one standardized wavelength. Our approach was to feed the machine learning algorithm information about each individual’s physiology so the wavelength delivered would be more effective for the treatment. I was initially worried about my lack of experience with databases. But I was quickly able to overcome that fear by collaborating with my team members.

That’s what it’s about – people working together on a solution that will help others.

The hackathon mindset at work

I joined TITUS in September 2017. Since then, I’ve been working with the machine learning team to help our customers combine user-driven and automatic classification of their data. Machine learning is a hot topic in information security these days, so you can imagine my surprise when I learned about our own internal hackathon at TITUS. The goal of my first hackathon at TITUS was to come up with new ways to visualize the results that come from our policy engine. It was a lot of fun being an entrepreneur and seeing real business implications from the solutions you work on.

Hackathons are an important part of the high-performance culture we embrace at TITUS. With new technology comes innovation and new possibilities. Seeing how hackathon ideas are integrated into our products allows us to understand the end-user experience and truly appreciate the value of our efforts.

Get out of your comfort zone

By definition, lifelong learning is, “the ongoing, voluntary, and self-motivated pursuit of knowledge.” Growing as a person involves learning and stepping outside your comfort zone. A hackathon is designed to promote this kind of learning. We’re challenged to learn and implement skills within a short period of time. I strongly encourage everyone to attend a hackathon and stretch your boundaries to learn!

Farhan Ahmed is a co-op student at TITUS, specializing in machine learning. He’s responsible for delighting customers by making it easier to classify data.

The post You Had Me at Hackathon: How one TITUS employee builds his skills appeared first on Talking Data Security and Compliance.

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

By Corey Markell

The amount of information created these days is staggering. We’re doubling the volume of data every two years. That’s a lot for organizations to filter through to protect sensitive data. Not only is the amount of data increasing, but the way people work and share information is changing, too.

Companies aren’t confined to strict physical locations anymore. And collaboration with remote full-time employees, contractors, and contingent workers is the new normal. But that means the traditional corporate network perimeter is gone.

Build data protection into the workflow – everywhere

We can’t roll back the clock to a carefully contained data container in organizations. Besides, we all know employees will scale those walls or punch a hole right through them to get their work done. Since productivity is the main driver behind the use of shadow IT, organizations need to address the needs of workers so they can continue to get their work done as easily as possible. That’s where cloud sharing and storage apps come into play.

They’re essential to business operations, but they’re changing the urgency and need for tools that protect sensitive data beyond the traditional firewall because of the amount of data that now moves in and out of the cloud. Not to mention the pressure that’s coming from compliance regulations, such as GDPR.

Reduce the risks of data loss, breaches or leaks with controlled cloud usage

The biggest challenge with cloud apps is the ease with which large amounts of data can be shared – even from mobile devices. IT departments and CISOs have limited visibility into what information is being uploaded, downloaded and shared. This makes it easy for users to inadvertently share sensitive data or use unsanctioned applications. Establishing sanctioned apps with Netskope and ongoing coaching on appropriate use is a critical step in protecting data in the cloud.

Establish shared responsibility and accountability for data security

Take the time to create an awareness and education program that covers the basics so you can protect sensitive data at all levels of your organization. When people know how to handle data and the implications of a data breach, they’ll be the best first defense for securing information. After all, it’s in the best interests of the entire organization to keep data secure.

Use the right tools to protect sensitive data – everywhere

Data classification is the foundation of data security – within the corporate firewall and in the cloud. Because you can’t protect data you don’t know you have. TITUS Classification provides automated, system-suggested, and user-driven classification to clearly identify to people and technology how information should be secured. And Netskope cloud enablement solutions enables enterprises to embrace the cloud while ensuring sensitive information is not at risk.

By clearly identifying data, TITUS Classification empowers Netskope to make dynamic, fine-grained policy decisions before information is uploaded to the cloud. Together, TITUS and Netskope provide organizations with the confidence to embrace the cloud.

Want to learn more about how TITUS and Netskope work together to keep your data secure in the cloud? Check out our Netskope technology partner page.

Corey Markell is the Strategic Partner Manger for TITUS. He’s responsible for creating and maintaining meaningful technology partnerships that create new opportunities and value for TITUS customers.

The post Protect sensitive data in the cloud with Netskope and TITUS appeared first on Talking Data Security and Compliance.

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

With the GDPR compliance deadline right around the corner, many organizations are working through various stages of preparation. According to Forrester Research’s report, The State of GDPR Readiness, about 30% of companies globally are fully GDPR compliant.

However, the report also notes that only a fraction of these organizations include data classification and data discovery as part of their preparation for GDPR. Instead, many have focused their efforts on IT to meet compliance requirements.

But is this the right move?

GDPR compliance is everyone’s responsibility

We partnered with SC Magazine to host a webcast on March 20th at 2:00 p.m. ET with our VP of Customer Success, Doug Snow, and featured guest Enza Iannopollo, a research analyst with Forrester. Doug and Enza will discuss why collaboration across the organization is important to achieve GDPR compliance.

We sat down with Doug to get some insight on what GDPR compliance means for organizations today and to learn what role employees must play.

It seems like GDPR is putting a microscope on the way personal information from customers and employees is treated. What’s your take on that?

Doug: GDPR outlines some important information about security process and data protection by design and by default. The last two words really stand out to me – by design and by default.

Organizations don’t always know what data they have and where it came from, but with GDPR they will have to take a close look at all the ways they gather, classify, protect, and share information across the business.

What do you think will change the most when it comes to data protection “by design and by default”?

Doug: I think we’ll see security and risk professionals familiarize themselves with the design processes and systems in marketing, finance, legal, consulting services, HR, and any other group that handles personal information.

The first step is for people to come together and provide insight into the type of information they deal with on a regular basis. Transparency helps people adopt a culture of security that values collaboration across the business to properly protect information.

You mentioned the potential need for security and risk professionals to get involved in process design from the beginning. What else is their to-do list for GDPR at this point?

Doug: I’ve spoken with quite a few S&R pros lately and they’ve all mentioned a few things. First, they’ve been working with people from across the organization to understand what kind of data they have and where it is.

Second, they’re working through a risk assessment that specifically talks about information ownership. I think educating employees about information security and data protection is very much part of the prep work for GDPR because the way we create and share information is constantly changing. It’s good for employees to stop, think, and consider the business value of the information they are creating and handling.

Finally, they’re making sure reporting capabilities are in top shape because data breaches must be reported to the proper supervisory authorities within 72 hours.

What do you think GDPR means moving forward?

Doug: GDPR is a great opportunity for organizations to demonstrate the thoroughness and care they take in handling personal data. It’s about being a responsible organization, through and through.

Because, at the end of the day, we’re all responsible for information security. So, I look at it as an opportunity for people within an organization to mature their secure information handling practices – all to earn new business, improve customer retention, and boost employee engagement around information security.

GDPR compliance takes a village

Want to know how a culture of security can help you meet GDPR compliance? Join us on March 20th for our webcast with SC Magazine and Forrester Research, “GDPR Takes A Village: Practical Advice to Help You Achieve Compliance.” Click here to register!

The post Want to boost your GDPR compliance effort? Get your people involved. appeared first on Talking Data Security and Compliance.

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 


by Doug Snow

The compliance regulation du jour is the EU’s General Data Protection Regulation (GDPR). But many companies aren’t ready for the May 25th deadline and many don’t even know they need to pay attention. Of course, knowing whether your organization is subject to GDPR is only the beginning. You have to take steps to ensure you comply.

As more and more compliance regulations come into effect, it’s creating a lot of work for businesses as they shift, evolve or completely overhaul business processes and deploy tools to meet the requirements. The effort is worth it, though: This is an opportunity to show your customers how committed you are to building a solid relationship of trust – starting with protecting their data. And you can avoid massive fines at the same time.

Of course, no tool or process will ever be effective if people aren’t on board. A security education program can help you build that solid foundation with people to encourage shared ownership of data security across your organization. That classic annual security training video everyone watches for half an hour (to pass a quiz that proves they recalled the information for five minutes) is no longer enough.

Every employee in the world signs an employment agreement that obligates them to follow corporate information handling policies. Even an accidental leak/disclosure can result in termination of employment but what tools do we give them to be compliant?

Today, the consequences are far-reaching, and people have long memories (and search engines). The fines levied and goodwill lost can lead to the failure of the business and countless lost jobs. That’s why it’s imperative to help employees be part of the solution.

So, how do you get people to use effective, secure data handling practices? Here are three ways you can focus your efforts to build a program that will win them over.

1) Build awareness of the data and data protection policies of the organization

This doesn’t mean you need to give everyone an in-depth overview of GDPR or any other compliance legislation. Instead, they need to know the kinds of data that need to be protected across the organization – even when it’s not part of their job.

As they learn about the types of data, they need to know what level of sensitivity should be applied and why. When people understand the policies and reasoning, it’s easier to make decisions about what to do with the data their handling.

The education shouldn’t end as people leave the training, though. You’ll want to keep promoting awareness in various ways:

  • Posters with reminders throughout your facilities
  • Ongoing training sessions to keep people sharp
  • Sharing stories about how people are mindful of security

Without a foundation of awareness, people won’t be able to take the next step of being mindful of information sensitivity as they go about their day-to-day work.

2) Encourage mindfulness about data security

When awareness resonates in a lasting way, it can lead to a more intentional focus on protecting the data they’re handling. With GDPR looming, that’s an important goal! Your organization will benefit from people who go through their workday mindful of data that’s being passed around. They become your first line of defense against data breaches.

Your awareness efforts can help bolster mindfulness by providing reminders to consider the sensitivity of data.

Having mindful people makes the use of technology for data protection more effective. Introducing tools that apply markings and trigger data protection policies can serve as one more way to build mindfulness right into the workflow. When every document has the sensitivity level clearly marked, it’s easier for employees to see at a glance how the material should be handled.

The technology takes this a step further by preventing inadvertent data breaches, disclosures or losses by blocking the most sensitive documents from being sent to unauthorized recipients.

How many times have you been rushing to the next meeting or trying to leave at the end of the day? You fire off an email and realize it went to the wrong person or group right after you hit send. There’s no calling it back, so having a tool that prevents those errors is invaluable.

3) Empower people to take appropriate action and be accountable

Knowledge is power. Putting knowledge into action reinforces what they’ve learned. When there’s only a handful of people in your entire organization who have the responsibility to train, monitor, audit, and maintain all data security efforts, they’ll be more successful if they can build an army of champions for good data security practices.

When awareness and mindfulness lead to reputation-saving preventative action, reward those instances and share the stories to continue the cycle.

Education is key to building a culture of security

The result of all this work is a culture of security where security mindfulness is the status quo of your organization. And when you have the whole company working together to protect sensitive data across your organization, it doesn’t matter what the next data protection regulation is – your entire organization will be ready, willing and able to meet it head on together.

Doug Snow is vice president, Customer Success at TITUS, where his 30 years of IT industry experience and project management expertise make him ideal to lead the team that ensures our customers’ needs are taken care of every step of the way.

The post GDPR makes employee data security education essential appeared first on Talking Data Security and Compliance.

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

By Steph Charbonneau

This Sunday, January 28th is Data Privacy Day. The recognition of this day by governments and other organizations has been a reason for people and businesses to talk about data privacy and security. But first, we have to talk about what those words mean.

What is data privacy?

Countries around the world have passed legislation acknowledging that individuals have a right to privacy, meaning we should have the ability to control when and to whom access is given to our personal information. This type of legislation is more important than ever as technological advances have increased the amount of data we share.

Why should businesses care about data privacy?

Because it’s good for business. After all, we need consumers to trust us. Today’s businesses and many other organizations rely on data assets to support, sustain and fuel operations. When you look at the large-scale data breaches that have made the news, it’s clear that organizations have to step it up when it comes to protecting the data that keeps them going.

It’s easy and even instinctual to try to fix breaches by building a technological fortress, but that’s not a true long-term solution. Technology is only a strong as the weakest user password or passcode on a lost device. And let’s not forget the surge of shadow IT that circumvents the fortress. The connected nature of our world combined with the human nature of people means technology is an incomplete solution.

Organizations need to build a culture of security

When you actively seek to make security a part of the culture in your organization, you make education, awareness, and accountability an integral part of day-to-day work. It becomes habitual to look for and notify management about vulnerabilities.

  • The door that doesn’t quite close all the way
  • Visitors being admitted without signing in
  • Confidential information left in public areas
  • Badges branded with the company logo
  • Laptops not secured to desks

These examples don’t necessarily relate to technology but ensuring the protection of data means addressing every access point – both physical and virtual.

How do you build a culture of security?

The responsibility for security can’t be shouldered by one person or even one department. And changing culture and behaviors isn’t easy, but the investment will pay off in protecting your business and the data you collect and generate. Here are some steps you can take to get started.

1) Educate employees about data

The security policy new hires sign during orientation isn’t enough. Make ongoing education about data and data handling a priority. People need to understand what data is sensitive so they know to take appropriate steps to protect it. But you can’t guarantee that people will just know your policies and practices. Only when people know how to identify and handle data appropriately can they be accountable for doing so.

2) Promote ongoing awareness

Establishing a shared responsibility for security only works when people are aware. Make awareness an ongoing effort. Hang posters that grab attention and share tips. Send emails with stories and examples of people raising concerns. Make it a community effort and encourage peer recognition. Get help from security advocates or champions who speak up and help the cause.

3) Use technology to enhance and enable security

A tight culture of security is the first and best line of defense against data breaches. But mistakes happen and vulnerabilities get exposed. Providing tools that help users identify the type of data they’re using so they use, share, store, and dispose of it appropriately makes it easier to prevent and/or contain breaches. These tools are like a seatbelt for your data: Once you’re in the habit of using them, you don’t feel as safe handling data without them.

Data privacy is an ongoing concern

The conversations about data that start around Data Privacy Day each year are important to have, but just like the ongoing effort of building a culture of security, we have to keep the conversation going throughout the year.

Steph Charbonneau is one of the founders and chief technology officer for TITUS. His background as an IT security architect helps bridge the gap between customer requirements and TITUS products.
Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Microsoft RMS support, also know as Information Rights Management (IRM), has been supported in SharePoint since the SharePoint V3 release. This functionality allows you to limit the actions that users can take on documents or files that have been downloaded from SharePoint lists or libraries. RMS encrypts the downloaded files and limits the set of users that are allowed to decrypt these files. RMS can also limit the rights of the users who are allowed to read files so that they cannot do additional things such as print copies of the files or copy text from them. When people download files in an IRM-enabled list or library, the files are encrypted so that only authorized people can view them. This functionality works great if you are opening a SharePoint file on your desktop, but what happens if you want to access these SharePoint files on your mobile device? TITUS has introduced an iOS app that allow you to extend SharePoint IRM to iPhone and iPad devices.

A growing number of Mobile Device Management (MDM) vendors now offer secure document containers and direct access to SharePoint to allow users to view SharePoint documents on mobile devices. MobileIron offers their Docs@Work app and AirWatch has their Secure Content Locker. The problem with these apps, as well as the iOS and Android operating systems, is that they are not RMS aware. When you try to open an RMS file in iOS (using the Quick Viewer) you will get this type of result:

The viewer does not recognize an RMS protected document so nothing gets displayed. What you need is a mobile app that is RMS aware and can recognize RMS protected documents regardless if they are in their native Office file format (doc, docx, xls, xlsx, etc), or in the new Microsoft RMS pfile format. TITUS Docs is such an app. TITUS Docs allows users to access, store, and view RMS protected documents sent as attachments in email or accessed from repositories such as SharePoint. The solution provides a secure container for corporate information, keeping it secure with FIPS-140 compliant AES 256-bit encryption.

TITUS Docs can provide direct access to SharePoint libraries from your iOS device:

Once SharePoint access is configured you can browse your SharePoint site and libraries:

Once your mobile device has access to a SharePoint library through TITUS Docs you can open RMS protected documents (if you have the appropriate permissions) and you can view the permissions on the document:

View RMS protected documents

As a bonus, TITUS Docs can also allow you to open RMS protected emails and documents received in Apple iOS Mail. The TITUS Docs app is supported on both iPhones and iPads, and works with both ADRMS and the new AzureRMS (cloud based).

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Today we are pleased to announce the latest release of TITUS Classification Suite, which includes:

  • TITUS Message Classification for Microsoft Outlook
  • TITUS Message Classification for Microsoft Outlook Web App
  • TITUS Classification for Microsoft Office
  • TITUS Classification for Desktop

This complete suite of classification software helps users easily and intuitively identify, protect, and confidently share information – from email in both Exchange and Outlook Web App (OWA), to Microsoft Office documents, to media files, PDFs, zip files, and more.

As a leader in the information classification market worldwide, we work closely with customers in over 60 countries, across a wide variety of industries. This broad perspective helps us to develop innovative and powerful solutions that enable organizations to achieve their desired business outcomes.

Our latest release is a reflection of this focus on solving customer challenges, and includes:

  • Improved email security to help prevent inadvertent disclosure of intellectual property, personally identifiable information, and other sensitive information
  • Enhanced DLP interoperability to help optimize data management policies and usability for DLP solutions like McAfee DLP Endpoint
  • Broader classification support to enable a consistent user experience across Outlook, OWA, Office, and the Windows Desktop
  • Deployment enhancements to make it easier for organizations to support a wide variety of user environments, including tailored configurations for different users and groups

For close to a decade, TITUS has been developing enterprise data classification solutions for commercial, military and government customers. We are proud to work with large organizations like Dell, Nokia, and Dow Corning, who have shown by example how data classification is critical not just to government and military organizations. And for our government and military customers, TITUS Classification Suite continues to be an essential part of their information governance and data protection strategy.

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Its great having access to corporate email while my mobile device is offline.  If I’m on a plane, or if network access  doesn’t work in a particular area, I can still read and reply to my email. But offline access, which is provided via a local database of downloaded email on my phone, can have its risks.  If my phone is lost or stolen, all of my email history (whatever period downloaded , Apple Mail defaults to one month) is exposed via this local email.

To reduce this risk, many MDMs offer the ability to wipe lost or stolen mobile phones.  But if the phone becomes disconnected from the Internet there is no way to wipe the phone.  In addition, due to slow reporting, the phone may not be wiped for 24-48 hours after the phone is lost.  This is the risky period during which the thief can scan the phone for sensitive information.

Symantec’s HoneyStick project simulated people losing their phones to see what people would do when they found a phone.  The research found that there was an average time of only 10.2 hours after the phone was “lost” before an access attempt was made.  This means that lost phones have to be reported and wiped very quickly to avoid potential data exposure.  Because many people don’t actually realize that they have lost their phone for 12 to 24 hours (they continue looking thinking that it must be at work or at home) this makes it very difficult to wipe the phone before exposure.

Another finding of the research was that attempts to access a corporate email client occurred on 45 percent of the devices. This re-confirms that email is one of the highest risk areas.

If the information on the phone is very sensitive, such as government, military, health information, or financial information, then you may want to wipe the local database of email on the phone as soon as the app becomes inactive for a short period of time.  You may want to assume that if the user has not used the email app in the last 30 minutes, or if the phone has entered a sleep mode, that the user has finished using email.  In this case you would want to delete local email automatically.  This would reduce risks dramatically because if the phone is lost or stolen no email would be present on the phone.
TITUS Mail, a mobile email app for iPhone and Android,  has a policy which allows administrators to set a policy which will delete local email after a given amount of time.   The wipe is done at the app itself, and does not depend on MDM functionality.  The policy works like this:

a. Administrator sets the maximum amount of time the email app can be inactive before the local email database will be wiped
b. The TITUS mail app on the phone is constantly watching for inactivity
c.  After the set time period TITUS Mail will automatically delete the local database
d.  When the user comes back online the email database will be re-synched.  During re-sync, TITUS Mail will provide the 15 most recent emails first as the user normally wants to see his most recent mail.

TITUS Mail has a number of policies which can be used to secure corporate email. Among the many policies provided by TITUS Mail, the geofencing policy was highlighted in a previous blog.

Have other ideas on how to make mobile email safer? We’d love to hear from you.

Read Full Article
Visit website
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

More and more employees are accessing their corporate email and documents from mobile devices – with or without corporate approval.  In some cases these devices are company owned, while in other cases the devices might belong to the employee (BYOD).  This puts sensitive corporate information increasingly at risk.  If an employee loses their phone, or the phone is stolen, there is a high likelihood that some sensitive information may be exposed.

The recent study by Symantec called the Smartphone Honey Stick Project showed that, on average, eight out of 10 finders of lost mobile phones tried to access corporate information, including files clearly marked as “HR Salaries,” “HR Cases”, and other types of corporate information.

Now what happens if one of your employees travels to another part of the world and loses their smartphone?  Should you be more or less concerned than if the employee lost the phone in your home country?  That might depend on what type of information is on the  phone.  If you are a government employee (Department of State, for example), you may have information on the phone you wouldn’t want people in other countries to read.  If you’re an employee of an aerospace company visiting China and you lose your device, would you have greater concerns about losing valuable intellectual property?  Probably.

MDM solutions do a good job of protecting the phone, but are not as good as securing certain data in apps. The number one source of sensitive information on mobile devices is email.  With the combination of messages and attachments that are received via email, that is where much of the risk resides.

Today most iOS or Android smartphones are equipped with location-based services.  Via cell towers or built in GPS, the phone can provide services such as maps, focused social media, restaurant recommendations and much more.  This location service can also enable geo-fencing. What is geofencing?  According to Wikipedia…

A geo-fence could be dynamically generated—as in a radius around a store or point location. Or a geo-fence can be a predefined set of boundaries, like school attendance zones or neighborhood boundaries. When the location-aware device of a location-based service (LBS) user enters or exits a geo-fence, the device receives a generated notification. This notification might contain information about the location of the device. The geo-fence notice might be sent to a mobile telephone or an email account. Geo-fencing, for example used with child location services, can notify parents if a child leaves a designated area.

Geo-fencing has interesting security applications.  Organizations can use geo-fences to define safe or unsafe areas for mobile communication.   If the geo-fence defines an unsafe area, communication inside these areas may be limited or completely prevented for security reasons.

TITUS has applied geo-fencing to mobile email.  Because email contains the most sensitive data, it makes sense for security or compliance reasons to limit what users can do with mobile email when they are within a potentially unsafe geo-fence. TITUS Mail implements geo-fencing policies.  The administrator can define areas where mobile email use is not considered safe.   In these unsafe areas, TITUS Mail automatically deletes any email stored on the mobile device, and will also limit the use of email.  So if the device is lost within that area, no sensitive email will be found on the phone.  When the user leaves the unsafe area, their email is again available for use.

Military or government employees travelling to foreign countries; aerospace companies that must comply with ITAR regulations; or companies that have valuable intellectual property that could be lost when they are travelling to other parts of the world (such as China) would all find this capability incredibly valuable.

Are there other scenarios for email geo-fencing?   Or other requirements you want to communicate to TITUS?  We’d love to hear from you.

Read Full Article
Visit website

Read for later

Articles marked as Favorite are saved for later viewing.
close
  • Show original
  • .
  • Share
  • .
  • Favorite
  • .
  • Email
  • .
  • Add Tags 

Separate tags by commas
To access this feature, please upgrade your account.
Start your free month
Free Preview