Serg Nvns - Fotolia

The lowdown on improving mobile data security

Mobile devices are rife with security holes. The right knowledge and tools, including encryption and containerization, can help organizations fill in those holes and protect mobile data.

If users are going to work on a variety of endpoints, IT departments better know how to ensure mobile data security.

Mobile data can be compromised in a variety of ways: something as simple as a lost or stolen device without a passcode or as complicated as a malicious app that enters an organization's network through a user's smartphone. No matter where the threats come from, there are ways to at least minimize the risks.

The mobile data security battle is fought on two fronts: on devices themselves and when data is in transit between devices and apps. Take some time to learn how to strengthen the defenses against mobile security breaches with hardware and software encryption, containerization and more.

How does hardware encryption work?

Encrypting mobile hardware is the first line of defense against lost or stolen devices. Encryption completely scrambles any data on a device and the only way to unscramble it is with a pass key.

No matter where the threats come from there are ways to at least minimize the risks.

Every operating system is a little different with encryption. Apple's iOS features a file system with the OS information and user data written to flash memory. It also uses a factory-assigned device ID and group ID with the device user's passcode so only that passcode can unencrypt data on the phone or tablet.

Even though Android allows for encryption, not every device manufacturer creates hardware that supports it. Users can turn encryption off accidentally or deliberately with a factory reset on Android devices.

What does software encryption add to mobile data security?

If hardware encryption is making sure to lock the front door, then software encryption is taking any valuables in the house and locking them away in a safe. Even if hackers get through the device passcode they need a second passcode to access certain data or apps.

Software encryption can be much more specific than hardware encryption, allowing IT admins to pick and choose the specific information they want to protect. It requires OS-supplied interfaces or third-party functions to encrypt individual programs such as an email client or Web browser on a device.

What are some common mobile application vulnerabilities?

Mobile applications are a hive of potential security problems. Bad data storage practices, which are common with inexperienced developers who use clear text or XML to code apps, are just one example. When a developer uses these languages, hackers can uncover everything stored in an app by simply extracting a file attached to the app and searching for whatever they want to know. To make matters worse, if the app is connected to a company's back-end systems the hacker has an easy pathway into the rest of the network.

Malware is another common problem with mobile applications, especially on Android devices. Users can sideload apps with Android so IT has no control over what users put on their phones. Malicious app developers are crafty enough to trick many users into downloading dangerous apps with shady tactics such as disguising their apps with popular names. As a result, IT should always require antimalware on Android devices.

What do users need to know about mobile security?

Just like users know not to open emails they don't trust, it is important they know what to look for in untrustworthy apps. To prevent unauthorized device access, IT must educate users about permissions. If an app is asking to access information that doesn't seem necessary to the app's function, a red flag should go up. IT must also instruct users to have multiple passwords. That way if a device is stolen, hackers only gain access to one app or profile, not everything on the device.

How can containerization help?

A key cog in the mobile application management machine, containers separate enterprise apps from the rest of a user's device. If a user downloads a malicious app, the containerized enterprise apps are protected from any nefarious actions the malicious app takes. Admins can prevent certain functions, such as copy and paste, within a containerized app to keep users from moving sensitive data into an unprotected app. They can also wipe the data within application containers without worrying about deleting anything else on a user's device.

Containers are not perfect, though. They often require mobile device management tools to be in place and can block certain app functions so an app cannot connect to a user's contact list.

Next Steps

How to strike a balance with mobile data security

Mobile security threats to keep an eye on

Show off your mobile data security knowledge

Dig Deeper on Enterprise mobile security