SlideShare a Scribd company logo

ILTA Mobile Security Gap

Ges Ray
Ges Ray

The document discusses the security risks posed by using mobile devices to access and share documents. While email sent from mobile devices is routed through a firm's email server, documents accessed and edited on mobile devices can expose metadata when shared externally. The document recommends automated metadata removal applications that support multiple device types and formats, integrate easily, and operate transparently on a firm's network to mitigate mobile security risks.

1 of 2
Download to read offline
Peer to Peer Wireless Devices mar jun sep 09 dec Peer to Peer December 2009 The Often Overlooked Mobile Security Gap Cathy Brode 3BView W hile the risks of inadvertent metadata well understood by the legal industry, there is a security gap disclosure are well understood within emerging via mobile devices that cannot be ignored. Although the legal industry, there is a security all business e-mail messages sent via a mobile device are routed gap emerging via smartphones. through the firm’s e-mail server and are covered by e-mail Despite the significant benefits of security functions at the gateway, it will bypass any desktop- mobility, mobile devices introduce new security risks, based tools. especially if a firm’s metadata removal application is Users are now able to not only review documents via limited to a desktop application. The mobile attorney mobile devices, but they are also able to make minor edits to using the Web or a mobile device does not have access documents with more ease. But, as attorneys review and edit to these tools and is at risk. documents on their mobile devices and forward them to external recipients, the metadata in the document is fully retained and Mobile Devices are MainstreaM sent outside the firm. Even just forwarding an e-mail message The latest smartphone models are revolutionizing the way with a document attachment from a mobile device bypasses any attorneys are working when away from the office. Every desktop metadata removal tool that is in place in the office. month, there are several business applications launched for smartphones specifically targeted at the legal sector. Consider the following different scenarios: In addition to these, firms are increasingly developing their own mobile-enabled applications that hook into their • Forward an e-mail message enterprise applications such as practice management. An assistant has just sent a document to an attorney who is Although applications on mobile devices are highly about to board a plane. If the attorney has the capability, he unlikely to be exact replicas of those available on a might review it on a mobile device prior to forwarding it, and get desktop or laptop, they must still be included in risk the document on its way just before that plane door closes. Any assessments and your firm’s security policy. document metadata resident within the originating document Security for such mobile devices needs to extend would then be exposed to the recipient. beyond just the physical security considerations, such as what happens if the device is stolen, encryption of • Review, edit and forward communications and other standard security features like With the availability of each new model of a smartphone, the virus checking. power and screen size continue to increase. This leads to the greater ease by which documents might be reviewed on these the Mobile security gap models and, along with additional features, the greater the While the risks of inadvertent metadata disclosure are likelihood that attorneys will make minor edits to the documents This article was first published in ILTA’s December 2009 issue of Peer to Peer titled “Wireless Devices” and is reprinted here with permission. For more information about ILTA, visit their website at www.iltanet.org.
prior to forwarding them, either reattached to the original reduces the risks of inadvertent data leakage e-mail message or via a new e-mail message. Taking that document sent to the attorney just before • Application resides on network: the automated system he boards the plane — he might decide to spend the provides a service that is transparent to the user and works flight reviewing the document and making any necessary reliably, out of sight, on the company network. Removing amendments. After landing, he can hit the “send” button metadata from documents is a processor intensive application and off goes the document, metadata and all. for desktop or laptop computers, which can cause problems and severely degrade employee productivity. Transferring • Attach a document to an e-mail message this processing to the network or via software as a service Mobile access to documents contained within a firm’s (SaaS) is especially important for organizations that send large enterprise application such as a content management quantities of documents via e-mail; system (CMS) can allow an attorney to review or send a document via a mobile device. Such access might be • Ease of integration: well documented application either via a proprietary or in-house developed interface, programming interfaces (API) enable ease of integration into and such systems typically come with access control DMS and CMS. mechanisms, but these might not provide metadata removal protection for mobile devices. As with forwarding documents that have been received think beyonD the office via e-mail, attaching a document to an e-mail message and So, not only do law firms need to have security policies in place sending it externally increases the risk of inadvertent leakage for metadata scrubbing or removal from documents being of information through the document metadata. forwarded by desktops within the office, but they also now need As the storage capacity of smartphones increases, so to look at how to protect themselves by scrubbing metadata does the likelihood that documents will be downloaded from documents being forwarded outside the firm through a and stored on these devices. At the very least, a policy mobile device. should be in place to cover which business documents When looking at a solution, like one that scrubs document can be stored on a mobile device. metadata as the document is sent via e-mail, ensure that it will Metadata in the document will be retained in full for cover not just desktops and laptops, but also any mobile device documents that are attached by the attorney to an e-mail or mobile access method. message and sent externally. This applies both to documents In addition, if your firm currently has a policy for use of just a that are stored on the smartphone and those that are single device, it is important, as with other applications, to bear stored within a central business system, such as a document in mind that this is likely to change. You should consider support management system (DMS) that is mobile enabled. for multiple types of mobile devices when evaluating solutions. It is clear that smartphones and other mobile devices enable There are different metadata removal applications on attorneys to conduct business efficiently. Ensuring that this is the market today. Here is a list of features that should be done securely does not mean limiting their capabilities to access, considered when investing in this technology: review, edit and send of documents. With the right security technology, features and considerations, your firm’s data can be • Wide service spectrum: supports any e-mail client and secure whether on a desktop, laptop or mobile device. ilta e-mail server (BlackBerry, iPhone, PDA, netbooks and Webmail) • Multiple format support: MS Office, PDF or Cathy Brode is Founder and Vice President of Product OpenDocument Format Marketing for 3BView (www.3bview.com). She has more than 20 years’ experience in the IT and life sciences industry. Prior to 3BView, Cathy was a founding member • Automated system with low operational costs: of CDC Solutions, a provider of software and services for metadata is removed automatically according to the life sciences industry, which was acquired by Liquent centrally set rules. No user training or ongoing technical in 2003. She was previously employed as a consultant support is required, which substantially reduces the at Kinesis Systems (now part of IBM) and, earlier in her career, managed a major European research project on application lifecycle costs advanced network management for Plessey Research. Cathy holds a degree in Computer Systems from • Reduced risk of leakage: no user intervention is University College Cardiff. She can be reached at cathy. required, which ensures a consistent service level and brode@3bview.com. This article was first published in ILTA’s December 2009 issue of Peer to Peer titled “Wireless Devices” and is reprinted here with permission. For more information about ILTA, visit their website at www.iltanet.org.

Recommended

Good Security Whitepaper
Good Security WhitepaperGood Security Whitepaper
Good Security Whitepaper
genasun
 
Securing mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environmentSecuring mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environmentK Singh
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Security
arms8586
 
Mis3rd
Mis3rdMis3rd
Mis3rd
gopalnb
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud Data
EMC
 
Essential email security …business requirements and competitive landscape
Essential email security …business requirements and competitive landscapeEssential email security …business requirements and competitive landscape
Essential email security …business requirements and competitive landscape
Unified Communications Online
 
Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore! Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore!
EMC
 
Patch management
Patch managementPatch management
Patch management
GFI Software
 

Recommended

Good Security Whitepaper
Good Security WhitepaperGood Security Whitepaper
Good Security Whitepaper
genasun
 
Securing mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environmentSecuring mobile devices_in_the_business_environment
Securing mobile devices_in_the_business_environmentK Singh
 
IDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based SecurityIDC: Top Five Considerations for Cloud-Based Security
IDC: Top Five Considerations for Cloud-Based Security
arms8586
 
Mis3rd
Mis3rdMis3rd
Mis3rd
gopalnb
 
New Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud DataNew Approaches to Security and Availability for Cloud Data
New Approaches to Security and Availability for Cloud Data
EMC
 
Essential email security …business requirements and competitive landscape
Essential email security …business requirements and competitive landscapeEssential email security …business requirements and competitive landscape
Essential email security …business requirements and competitive landscape
Unified Communications Online
 
Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore! Your Data Center Boundaries Don’t Exist Anymore!
Your Data Center Boundaries Don’t Exist Anymore!
EMC
 
Patch management
Patch managementPatch management
Patch management
GFI Software
 
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Arrow ECS UK
 
VIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareVIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of Bloatware
GFI Software
 
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldHirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Identive
 
Network Environments
Network EnvironmentsNetwork Environments
Network Environments
GFI Software
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
GFI Software
 
The Economic Impact of File Virtualization
The Economic Impact of File VirtualizationThe Economic Impact of File Virtualization
The Economic Impact of File Virtualization
FindWhitePapers
 
Enterprise it consumerization survey
Enterprise it consumerization surveyEnterprise it consumerization survey
Enterprise it consumerization surveyAndrew Wong
 
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats
Lumension
 
ZS Infotech v1.0
ZS Infotech v1.0ZS Infotech v1.0
ZS Infotech v1.0Muhammad Zubair
 
Trust in the mobile internet of things
Trust in the mobile internet of thingsTrust in the mobile internet of things
Trust in the mobile internet of things
Antonio Gonzalo
 
Seven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloudSeven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloud
cloudresearcher
 
White Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceWhite Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic Workforce
Courtland Smith
 
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Karim Vaes
 
Wireless information management, a review
Wireless information management, a reviewWireless information management, a review
Wireless information management, a reviewAndrew Olsen
 
Taking Account of Privacy When Designing Cloud Computing Services
Taking Account of Privacy When Designing Cloud Computing ServicesTaking Account of Privacy When Designing Cloud Computing Services
Taking Account of Privacy When Designing Cloud Computing Serviceswhite paper
 
Soonr IT Buyer's Guide
Soonr IT Buyer's GuideSoonr IT Buyer's Guide
Soonr IT Buyer's GuideReece Gaumont
 
Mobile Computing: Microsoft Mobile Solutions for Online Learning
Mobile Computing: Microsoft Mobile Solutions for Online LearningMobile Computing: Microsoft Mobile Solutions for Online Learning
Mobile Computing: Microsoft Mobile Solutions for Online Learning
Tmobile Girl
 
Cloud Computing for SMBs
Cloud Computing for SMBsCloud Computing for SMBs
Cloud Computing for SMBswhite paper
 
The infrastructure and the Security Essentials of Information Technology in a...
The infrastructure and the Security Essentials of Information Technology in a...The infrastructure and the Security Essentials of Information Technology in a...
The infrastructure and the Security Essentials of Information Technology in a...adeel hamid
 
Chain Reactions - June 2012 - IFPSM Article
Chain Reactions - June 2012 - IFPSM ArticleChain Reactions - June 2012 - IFPSM Article
Chain Reactions - June 2012 - IFPSM Article
UK
 
Stockbox 11 11-25
Stockbox 11 11-25Stockbox 11 11-25
Stockbox 11 11-25
hungertaskforce
 
Fsm EPA Resolution_ 2011
Fsm EPA Resolution_ 2011Fsm EPA Resolution_ 2011
Fsm EPA Resolution_ 2011FSM Department of Resources & Development
 

More Related Content

What's hot

Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Arrow ECS UK
 
VIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareVIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of Bloatware
GFI Software
 
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldHirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Identive
 
Network Environments
Network EnvironmentsNetwork Environments
Network Environments
GFI Software
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
GFI Software
 
The Economic Impact of File Virtualization
The Economic Impact of File VirtualizationThe Economic Impact of File Virtualization
The Economic Impact of File Virtualization
FindWhitePapers
 
Enterprise it consumerization survey
Enterprise it consumerization surveyEnterprise it consumerization survey
Enterprise it consumerization surveyAndrew Wong
 
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats
Lumension
 
Trust in the mobile internet of things
Trust in the mobile internet of thingsTrust in the mobile internet of things
Trust in the mobile internet of things
Antonio Gonzalo
 
Seven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloudSeven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloud
cloudresearcher
 
White Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceWhite Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic Workforce
Courtland Smith
 
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Karim Vaes
 
Wireless information management, a review
Wireless information management, a reviewWireless information management, a review
Wireless information management, a reviewAndrew Olsen
 
Taking Account of Privacy When Designing Cloud Computing Services
Taking Account of Privacy When Designing Cloud Computing ServicesTaking Account of Privacy When Designing Cloud Computing Services
Taking Account of Privacy When Designing Cloud Computing Serviceswhite paper
 
Soonr IT Buyer's Guide
Soonr IT Buyer's GuideSoonr IT Buyer's Guide
Soonr IT Buyer's GuideReece Gaumont
 
Mobile Computing: Microsoft Mobile Solutions for Online Learning
Mobile Computing: Microsoft Mobile Solutions for Online LearningMobile Computing: Microsoft Mobile Solutions for Online Learning
Mobile Computing: Microsoft Mobile Solutions for Online Learning
Tmobile Girl
 
Cloud Computing for SMBs
Cloud Computing for SMBsCloud Computing for SMBs
Cloud Computing for SMBswhite paper
 
The infrastructure and the Security Essentials of Information Technology in a...
The infrastructure and the Security Essentials of Information Technology in a...The infrastructure and the Security Essentials of Information Technology in a...
The infrastructure and the Security Essentials of Information Technology in a...adeel hamid
 

What's hot (19)

Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
Seeing Through the Clouds – the Vision of the CTO Office, Joe Baguley - Chief...
 
VIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of BloatwareVIPRE Business Takes a Bite out of Bloatware
VIPRE Business Takes a Bite out of Bloatware
 
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked WorldHirsch Identive | White Paper | Securing the Enterprise in a Networked World
Hirsch Identive | White Paper | Securing the Enterprise in a Networked World
 
Network Environments
Network EnvironmentsNetwork Environments
Network Environments
 
Security Threats for SMBs
Security Threats for SMBsSecurity Threats for SMBs
Security Threats for SMBs
 
The Economic Impact of File Virtualization
The Economic Impact of File VirtualizationThe Economic Impact of File Virtualization
The Economic Impact of File Virtualization
 
Enterprise it consumerization survey
Enterprise it consumerization surveyEnterprise it consumerization survey
Enterprise it consumerization survey
 
2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats2009 Security Mega Trends & Emerging Threats
2009 Security Mega Trends & Emerging Threats
 
ZS Infotech v1.0
ZS Infotech v1.0ZS Infotech v1.0
ZS Infotech v1.0
 
Trust in the mobile internet of things
Trust in the mobile internet of thingsTrust in the mobile internet of things
Trust in the mobile internet of things
 
Seven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloudSeven deadly threats and vulnerabilities in cloud
Seven deadly threats and vulnerabilities in cloud
 
White Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic WorkforceWhite Paper: Securing Nomadic Workforce
White Paper: Securing Nomadic Workforce
 
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
Xylos Clients Day - Public cloud and security go hand in hand, if you approac...
 
Wireless information management, a review
Wireless information management, a reviewWireless information management, a review
Wireless information management, a review
 
Taking Account of Privacy When Designing Cloud Computing Services
Taking Account of Privacy When Designing Cloud Computing ServicesTaking Account of Privacy When Designing Cloud Computing Services
Taking Account of Privacy When Designing Cloud Computing Services
 
Soonr IT Buyer's Guide
Soonr IT Buyer's GuideSoonr IT Buyer's Guide
Soonr IT Buyer's Guide
 
Mobile Computing: Microsoft Mobile Solutions for Online Learning
Mobile Computing: Microsoft Mobile Solutions for Online LearningMobile Computing: Microsoft Mobile Solutions for Online Learning
Mobile Computing: Microsoft Mobile Solutions for Online Learning
 
Cloud Computing for SMBs
Cloud Computing for SMBsCloud Computing for SMBs
Cloud Computing for SMBs
 
The infrastructure and the Security Essentials of Information Technology in a...
The infrastructure and the Security Essentials of Information Technology in a...The infrastructure and the Security Essentials of Information Technology in a...
The infrastructure and the Security Essentials of Information Technology in a...
 

Viewers also liked

Chain Reactions - June 2012 - IFPSM Article
Chain Reactions - June 2012 - IFPSM ArticleChain Reactions - June 2012 - IFPSM Article
Chain Reactions - June 2012 - IFPSM Article
UK
 
Stockbox 11 11-25
Stockbox 11 11-25Stockbox 11 11-25
Stockbox 11 11-25
hungertaskforce
 
First financial 1st qtr 2011 final
First financial 1st qtr 2011 finalFirst financial 1st qtr 2011 final
First financial 1st qtr 2011 final
First Financial Bankshares, Inc.
 
United Health Group [PDF Document] Notes to the Consolidated Financial Statem...
United Health Group [PDF Document] Notes to the Consolidated Financial Statem...United Health Group [PDF Document] Notes to the Consolidated Financial Statem...
United Health Group [PDF Document] Notes to the Consolidated Financial Statem...finance3
 
CSR by Comapanies
CSR by ComapaniesCSR by Comapanies
CSR by Comapanies
Rupal Lala
 

Viewers also liked (8)

Chain Reactions - June 2012 - IFPSM Article
Chain Reactions - June 2012 - IFPSM ArticleChain Reactions - June 2012 - IFPSM Article
Chain Reactions - June 2012 - IFPSM Article
 
Stockbox 11 11-25
Stockbox 11 11-25Stockbox 11 11-25
Stockbox 11 11-25
 
Fsm EPA Resolution_ 2011
Fsm EPA Resolution_ 2011Fsm EPA Resolution_ 2011
Fsm EPA Resolution_ 2011
 
First financial 1st qtr 2011 final
First financial 1st qtr 2011 finalFirst financial 1st qtr 2011 final
First financial 1st qtr 2011 final
 
United Health Group [PDF Document] Notes to the Consolidated Financial Statem...
United Health Group [PDF Document] Notes to the Consolidated Financial Statem...United Health Group [PDF Document] Notes to the Consolidated Financial Statem...
United Health Group [PDF Document] Notes to the Consolidated Financial Statem...
 
CSR by Comapanies
CSR by ComapaniesCSR by Comapanies
CSR by Comapanies
 
DREA 2nd Quarter News
DREA 2nd Quarter NewsDREA 2nd Quarter News
DREA 2nd Quarter News
 
Serehd Quarterly Newsletter
Serehd Quarterly NewsletterSerehd Quarterly Newsletter
Serehd Quarterly Newsletter
 

Similar to ILTA Mobile Security Gap

I Brought My Own Device. Now What?
I Brought My Own Device. Now What?I Brought My Own Device. Now What?
I Brought My Own Device. Now What?
Array Networks
 
Enabling Mobile Workstyles Whitepaper with Citrix XenMobile
Enabling Mobile Workstyles Whitepaper with Citrix XenMobileEnabling Mobile Workstyles Whitepaper with Citrix XenMobile
Enabling Mobile Workstyles Whitepaper with Citrix XenMobile
Nuno Alves
 
10 Reasons to Strengthen Security with App & Desktop Virtualization
10 Reasons to Strengthen Security with App & Desktop Virtualization10 Reasons to Strengthen Security with App & Desktop Virtualization
10 Reasons to Strengthen Security with App & Desktop Virtualization
Citrix
 
PingPal infodeck: How to survive BYOD and mobile networks
PingPal infodeck: How to survive BYOD and mobile networksPingPal infodeck: How to survive BYOD and mobile networks
PingPal infodeck: How to survive BYOD and mobile networks
Hyker Security
 
Securing mobile devices 1
Securing mobile devices 1Securing mobile devices 1
Securing mobile devices 1
Kamaljeet Singh Matharu (Kam)
 
Tablet Access to Business Applications
Tablet Access to Business ApplicationsTablet Access to Business Applications
Tablet Access to Business Applications
Array Networks
 
how_to_balance_security_and_productivity_with_famoc_and_samsung_knox
how_to_balance_security_and_productivity_with_famoc_and_samsung_knoxhow_to_balance_security_and_productivity_with_famoc_and_samsung_knox
how_to_balance_security_and_productivity_with_famoc_and_samsung_knoxMarta Kusinska
 
Securing mobile devices in the business environment
Securing mobile devices in the business environmentSecuring mobile devices in the business environment
Securing mobile devices in the business environmentIBM Software India
 
Integrating Enterprise Mobility - an Assessment WHITE PAPER
Integrating Enterprise Mobility - an Assessment WHITE PAPERIntegrating Enterprise Mobility - an Assessment WHITE PAPER
Integrating Enterprise Mobility - an Assessment WHITE PAPER
Mobiloitte
 
Tablet Access to Business Applications
Tablet Access to Business ApplicationsTablet Access to Business Applications
Tablet Access to Business Applications
Array Networks
 
Websense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile securityWebsense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile security
arms8586
 
Enterprise Edge Security with Cisco ISE
Enterprise Edge Security with Cisco ISEEnterprise Edge Security with Cisco ISE
Enterprise Edge Security with Cisco ISE
Fast Lane Consulting and Education, Inc.
 
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
Entrust Datacard
 
State ofmobilesecurity
State ofmobilesecurityState ofmobilesecurity
State ofmobilesecurity
Gary Sandoval
 
Mobile device management-Desktop Central
Mobile device management-Desktop CentralMobile device management-Desktop Central
Mobile device management-Desktop Central
ManageEngine
 
Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptxChapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx
1SI19IS064TEJASS
 
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdfCASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
kostikjaylonshaewe47
 
SecurityWhitepaper 7-1-2015
SecurityWhitepaper 7-1-2015SecurityWhitepaper 7-1-2015
SecurityWhitepaper 7-1-2015Francisco Anes
 
Cloud backup-for-endpoint-devices
Cloud backup-for-endpoint-devicesCloud backup-for-endpoint-devices
Cloud backup-for-endpoint-devices
Icomm Technologies
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Control
jwpiccininni
 

Similar to ILTA Mobile Security Gap (20)

I Brought My Own Device. Now What?
I Brought My Own Device. Now What?I Brought My Own Device. Now What?
I Brought My Own Device. Now What?
 
Enabling Mobile Workstyles Whitepaper with Citrix XenMobile
Enabling Mobile Workstyles Whitepaper with Citrix XenMobileEnabling Mobile Workstyles Whitepaper with Citrix XenMobile
Enabling Mobile Workstyles Whitepaper with Citrix XenMobile
 
10 Reasons to Strengthen Security with App & Desktop Virtualization
10 Reasons to Strengthen Security with App & Desktop Virtualization10 Reasons to Strengthen Security with App & Desktop Virtualization
10 Reasons to Strengthen Security with App & Desktop Virtualization
 
PingPal infodeck: How to survive BYOD and mobile networks
PingPal infodeck: How to survive BYOD and mobile networksPingPal infodeck: How to survive BYOD and mobile networks
PingPal infodeck: How to survive BYOD and mobile networks
 
Securing mobile devices 1
Securing mobile devices 1Securing mobile devices 1
Securing mobile devices 1
 
Tablet Access to Business Applications
Tablet Access to Business ApplicationsTablet Access to Business Applications
Tablet Access to Business Applications
 
how_to_balance_security_and_productivity_with_famoc_and_samsung_knox
how_to_balance_security_and_productivity_with_famoc_and_samsung_knoxhow_to_balance_security_and_productivity_with_famoc_and_samsung_knox
how_to_balance_security_and_productivity_with_famoc_and_samsung_knox
 
Securing mobile devices in the business environment
Securing mobile devices in the business environmentSecuring mobile devices in the business environment
Securing mobile devices in the business environment
 
Integrating Enterprise Mobility - an Assessment WHITE PAPER
Integrating Enterprise Mobility - an Assessment WHITE PAPERIntegrating Enterprise Mobility - an Assessment WHITE PAPER
Integrating Enterprise Mobility - an Assessment WHITE PAPER
 
Tablet Access to Business Applications
Tablet Access to Business ApplicationsTablet Access to Business Applications
Tablet Access to Business Applications
 
Websense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile securityWebsense: A 3-step plan for mobile security
Websense: A 3-step plan for mobile security
 
Enterprise Edge Security with Cisco ISE
Enterprise Edge Security with Cisco ISEEnterprise Edge Security with Cisco ISE
Enterprise Edge Security with Cisco ISE
 
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
IDENTITY PLATFORMS: How central, flexible, deployment of multiple authenticat...
 
State ofmobilesecurity
State ofmobilesecurityState ofmobilesecurity
State ofmobilesecurity
 
Mobile device management-Desktop Central
Mobile device management-Desktop CentralMobile device management-Desktop Central
Mobile device management-Desktop Central
 
Chapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptxChapter 3_Cyber Security-ccdf.pptx
Chapter 3_Cyber Security-ccdf.pptx
 
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdfCASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
CASE STUDY There is a new phenomenon in the cybersecurity domain ca.pdf
 
SecurityWhitepaper 7-1-2015
SecurityWhitepaper 7-1-2015SecurityWhitepaper 7-1-2015
SecurityWhitepaper 7-1-2015
 
Cloud backup-for-endpoint-devices
Cloud backup-for-endpoint-devicesCloud backup-for-endpoint-devices
Cloud backup-for-endpoint-devices
 
Physical/Network Access Control
Physical/Network Access ControlPhysical/Network Access Control
Physical/Network Access Control
 

ILTA Mobile Security Gap

  • 1. Peer to Peer Wireless Devices mar jun sep 09 dec Peer to Peer December 2009 The Often Overlooked Mobile Security Gap Cathy Brode 3BView W hile the risks of inadvertent metadata well understood by the legal industry, there is a security gap disclosure are well understood within emerging via mobile devices that cannot be ignored. Although the legal industry, there is a security all business e-mail messages sent via a mobile device are routed gap emerging via smartphones. through the firm’s e-mail server and are covered by e-mail Despite the significant benefits of security functions at the gateway, it will bypass any desktop- mobility, mobile devices introduce new security risks, based tools. especially if a firm’s metadata removal application is Users are now able to not only review documents via limited to a desktop application. The mobile attorney mobile devices, but they are also able to make minor edits to using the Web or a mobile device does not have access documents with more ease. But, as attorneys review and edit to these tools and is at risk. documents on their mobile devices and forward them to external recipients, the metadata in the document is fully retained and Mobile Devices are MainstreaM sent outside the firm. Even just forwarding an e-mail message The latest smartphone models are revolutionizing the way with a document attachment from a mobile device bypasses any attorneys are working when away from the office. Every desktop metadata removal tool that is in place in the office. month, there are several business applications launched for smartphones specifically targeted at the legal sector. Consider the following different scenarios: In addition to these, firms are increasingly developing their own mobile-enabled applications that hook into their • Forward an e-mail message enterprise applications such as practice management. An assistant has just sent a document to an attorney who is Although applications on mobile devices are highly about to board a plane. If the attorney has the capability, he unlikely to be exact replicas of those available on a might review it on a mobile device prior to forwarding it, and get desktop or laptop, they must still be included in risk the document on its way just before that plane door closes. Any assessments and your firm’s security policy. document metadata resident within the originating document Security for such mobile devices needs to extend would then be exposed to the recipient. beyond just the physical security considerations, such as what happens if the device is stolen, encryption of • Review, edit and forward communications and other standard security features like With the availability of each new model of a smartphone, the virus checking. power and screen size continue to increase. This leads to the greater ease by which documents might be reviewed on these the Mobile security gap models and, along with additional features, the greater the While the risks of inadvertent metadata disclosure are likelihood that attorneys will make minor edits to the documents This article was first published in ILTA’s December 2009 issue of Peer to Peer titled “Wireless Devices” and is reprinted here with permission. For more information about ILTA, visit their website at www.iltanet.org.
  • 2. prior to forwarding them, either reattached to the original reduces the risks of inadvertent data leakage e-mail message or via a new e-mail message. Taking that document sent to the attorney just before • Application resides on network: the automated system he boards the plane — he might decide to spend the provides a service that is transparent to the user and works flight reviewing the document and making any necessary reliably, out of sight, on the company network. Removing amendments. After landing, he can hit the “send” button metadata from documents is a processor intensive application and off goes the document, metadata and all. for desktop or laptop computers, which can cause problems and severely degrade employee productivity. Transferring • Attach a document to an e-mail message this processing to the network or via software as a service Mobile access to documents contained within a firm’s (SaaS) is especially important for organizations that send large enterprise application such as a content management quantities of documents via e-mail; system (CMS) can allow an attorney to review or send a document via a mobile device. Such access might be • Ease of integration: well documented application either via a proprietary or in-house developed interface, programming interfaces (API) enable ease of integration into and such systems typically come with access control DMS and CMS. mechanisms, but these might not provide metadata removal protection for mobile devices. As with forwarding documents that have been received think beyonD the office via e-mail, attaching a document to an e-mail message and So, not only do law firms need to have security policies in place sending it externally increases the risk of inadvertent leakage for metadata scrubbing or removal from documents being of information through the document metadata. forwarded by desktops within the office, but they also now need As the storage capacity of smartphones increases, so to look at how to protect themselves by scrubbing metadata does the likelihood that documents will be downloaded from documents being forwarded outside the firm through a and stored on these devices. At the very least, a policy mobile device. should be in place to cover which business documents When looking at a solution, like one that scrubs document can be stored on a mobile device. metadata as the document is sent via e-mail, ensure that it will Metadata in the document will be retained in full for cover not just desktops and laptops, but also any mobile device documents that are attached by the attorney to an e-mail or mobile access method. message and sent externally. This applies both to documents In addition, if your firm currently has a policy for use of just a that are stored on the smartphone and those that are single device, it is important, as with other applications, to bear stored within a central business system, such as a document in mind that this is likely to change. You should consider support management system (DMS) that is mobile enabled. for multiple types of mobile devices when evaluating solutions. It is clear that smartphones and other mobile devices enable There are different metadata removal applications on attorneys to conduct business efficiently. Ensuring that this is the market today. Here is a list of features that should be done securely does not mean limiting their capabilities to access, considered when investing in this technology: review, edit and send of documents. With the right security technology, features and considerations, your firm’s data can be • Wide service spectrum: supports any e-mail client and secure whether on a desktop, laptop or mobile device. ilta e-mail server (BlackBerry, iPhone, PDA, netbooks and Webmail) • Multiple format support: MS Office, PDF or Cathy Brode is Founder and Vice President of Product OpenDocument Format Marketing for 3BView (www.3bview.com). She has more than 20 years’ experience in the IT and life sciences industry. Prior to 3BView, Cathy was a founding member • Automated system with low operational costs: of CDC Solutions, a provider of software and services for metadata is removed automatically according to the life sciences industry, which was acquired by Liquent centrally set rules. No user training or ongoing technical in 2003. She was previously employed as a consultant support is required, which substantially reduces the at Kinesis Systems (now part of IBM) and, earlier in her career, managed a major European research project on application lifecycle costs advanced network management for Plessey Research. Cathy holds a degree in Computer Systems from • Reduced risk of leakage: no user intervention is University College Cardiff. She can be reached at cathy. required, which ensures a consistent service level and brode@3bview.com. This article was first published in ILTA’s December 2009 issue of Peer to Peer titled “Wireless Devices” and is reprinted here with permission. For more information about ILTA, visit their website at www.iltanet.org.