The Mobile Data Security vs. GDPR
On November 16, 2017 in Warsaw, the ThinkMobile 2017 conference took place at Samsung’s headquarters – an event dedicated to mobile security. Since GPDR is hot topic lately, it was also all over the conference. Storware was a partner of this very interesting industry event.
During his session, Paweł Mączka, CTO at Storware, explained what kind of challenges, in the context of GDPR, we will have to deal with, and how we can prepare for them.
To fully understand what threats for the security bring mobile devices, you need to be aware of how much have changed since they appeared. In the past, workstations were appropriate secured by alarms, access cards, and immobile desktop computer. When mobile devices appeared on market, we have forgot, that they are full-fledged workstation, and all the security aspects, that used to be obvious. Mobility has caused giant gap in security, because when employees reach for business data, it can entail data leakage by lost, theft or inappropriate device security.
As you can see the problem is much broader than GDPR. To ensure full data protection for your business, especially on mobile devices, you need to choose the right set of tools. Due to date of entry into force of regulation, on the market appear more and more this sort of solutions. Therefore, choose wisely – the basis is, that implemented system should comply with 3 pillars of functionality:
Security
In case of loss or failure of the device, we have the opportunity to recover all data – email, notes in calendar, photos, and files. An employee doesn’t have to worry about losing or destroying, for example; phone because he will easily recover it’s content, while the IT department is aware that in case of an incident, he will recover company resources in small amount of time. For the organization, both the data security and reducing recovery process are important aspects. Thanks to this, the availability gap is minimized. It is especially important in case of replacing tablet or phone fleet. Migrating data from old to new mobile devices usually takes from several minutes to few days, creating a huge downtime for the company. Recovering data from KODO, for many devices, will take no more than several hours.
Control
Employees who don’t have an access to a private cloud, are looking by themselves for solutions, that allow them to exchange files among themselves. They use public cloud services such as Google Drive, Dropbox and One Drive. This is the exchange of business information with external entities. There is a giant risk, not only lack of control over data migration, but also the consequences of potential leakage. It may get to the absurd situation, when company finds out, about such an incident, from external media, which will result in not only penalties, but also loss of prestige. With private cloud provided by KODO solution, we can be sure, that our employees exchange data with each other in a secure ecosystem, that is fully managed by our application. This gives us full audit and transparency in case of any incidents.
Integration
There is no one solution complies with GDPR requirements. That’s why we integrate with Samsung Knox and FancyFon Famoc. Our goal, as producers and technology partners, is full spectrum of protection for mobile employees. In case of integration with Knox, we offer a backup feature, and encryption of the container with business data. Using the KODO and Famoc platform provides fully integrated solution, that secures both the device and the files on every level, while simultaneously containerization and separation of business and private resources. The selection of our business partners wasn’t accidental – we chose Samsung and FancyFon because they have well-established market position, and are complementary to our company vision. Thanks to integration we get common set of services, that is unique. In addition, the open API allows for quick plug in and integration with existing customer’s infrastructure systems.
In fact, the GDPR is nothing revolutionary. It only requires from the company increasing the security of personal data, that is processed in all institutions. For each of us, this regulation is positive because it will protect our privacy, and for our businesses it is an opportunity to improve data protection systems, sealing infrastructure, enhancing operations, and avoiding financial penalties. The only problem is the selection of appropriate tools, but we are at your service.