IT managers need to expand their security profile and think beyond software, taking security right down to the last endpoint – the data.
Elizabeth Parsons, Imation ANZ business development manager at Imation Mobile Security, says many companies across the region are still not taking security to the data level, instead securing their networks but allowing staff to remove data from the office via USBs, laptops and so forth.
She says at a time when ever-larger data breaches are generating headlines, along with lost revenue, fines and other costs for the companies involved, locking down the sensitive information mobile workers carry with them is no longer just an IT concern.
It is, she notes, a business imperative.
The challenge, especially for highly regulated industries such as healthcare, is how to keep data safe when, according to research, the majority of data breaches result from physical loss or theft of devices.
“We need to take security right down to the last end-point – being the data,” Parsons says.
“What are the implications if an employee loses their USB or other device?”
She notes that many users won’t even recall exactly what sensitive data was on a USB or laptop, further complicating the situation for IT managers.
“It’s often not a case of someone being malicious. It’s just staff wanting to be productive. So they email data to Dropbox so they can work on it at home, or they take it home on their laptop or USB.
“It’s done with good intentions,” Parsons says.
“What we’re seeing is that companies aren’t taking that last little step [of securing the endpoint data] until something happens.”
Then, she says, the knee-jerk reaction is often to lock down on staff removing any data from a company – something she says can prevent staff from being truly productive.
Parsons says while cloud can provide an ideal solution for many companies, enabling remote access for workers, it’s reliant on online access.
“We have people in fairly remote areas, where access is an exciting concept to say the least.”
Imation offers a range of secure USB offerings, both managed and unmanaged, through its Ironkey brand. The company acquired Ironkey – a company originally set up with a grant from the United States’ Homeland Security – several years ago.
“We created secure USBs,” says Parsons.
The managed offerings enable companies to lock down highly sensitive data more securely, monitor where a device is and remotely wipe if needed.
Parsons says many companies will have a mix of unmanaged and managed offerings, depending on the staff using the USB, and the information they have access to.
Last month Imation launched its secure data management architecture, to give companies a holistic approach to managing high-value data files and protecting them from tampering, destruction, loss or leakage, through the entire life cycle.