Businesses around the world want to leverage mobility to drive digital transformation. However, before businesses start rolling out new mobile apps to their employees, they must consider security and compliance risks. It is much easier to enforce data loss prevention (DLP) policies on corporate-owned laptops than it is on employee-owned mobile devices.
Why? Because many traditional DLP products are not designed for mobile devices. The few products that do support mobile devices require mobile apps to be routed through a VPN connection.
Often times, users can find ways to bypass these VPN connections. And even with VPN, organizations may not gain full visibility into encrypted traffic, depending on the mobile app. This provides a gap in defenses that users can exploit. It may also expose organizations to compliance violations or regulatory fines if they are not using sufficient controls to monitor and protect business data.
Mobile access is within scope of most compliance mandates if mobile users can view or modify regulated data, such as Personally Identifiable Information (PII), financial data, or healthcare records. For example:
- PCI DSS: Merchants and payment processors must protect cardholder data. If users can access user records and cardholder data from mobile apps, then they could theoretically take screenshots and share cardholder data.
- HIPAA: Organizations can be fined up to $50,000 per violation for the disclosure individual health information. If healthcare workers can access patient records from their phone, they could take and distribute a screenshot from their phone.
- ISO/IEC 27002: To address International Organization of Standardization (ISO) rules, organizations must track privileged user accounts and prevent unauthorized changes to software or logs. If mobile access to sensitive systems is supported, then organizations must prevent privileged users from downloading and sharing confidential data from their phones.
With virtual mobile infrastructure (VMI), organizations can regain control over mobile data by logging all activity and preventing users from storing data on their devices. VMI is like virtual desktop infrastructure for mobile apps, allowing users to securely access Android apps from iOS, Android, Windows, or Mac devices.
However, stopping users from downloading, copying or printing content does not completely prevent data loss. Users can still take screenshots of sensitive data from their mobile device. So, the SierraVMI client can optionally block users from taking screen captures of the VMI app.
Even with anti-screen capture technology, users could take a photograph of sensitive information with a separate camera. To deter would-be photographers, SierraVMI also offers watermarking. When watermarking is enabled, the VMI client’s username is displayed diagonally across the mobile device. screen. Because users would know that they would be identified if they distributed the image, they would be less likely to photograph sensitive data.
Plus, watermarking acts as a subtle reminder to users that they are accessing protected information. That knowledge can be enough to reduce the risk of unwanted activity.