Over the last few years work environments have been changing from an office-centric model to an increasingly mobile model in which employees access enterprise data remotely through various channels from a wide range of devices. In addition to access from laptops that are connected to the enterprise network through encrypted channels such as virtual private networks (VPNs), employees increasingly use other mobile devices like smartphones or tablet computers. All mobile devices create a significant risk of data loss as the device is prone to accidental loss and theft, but especially mobile phones are at risk since employees typically carry them along during most of the day to be reachable, even in situations where other mobile devices like laptops are not typically carried.
These security concerns are particularly severe in environments where users want to use their personal mobile devices for business purposes. Under these circumstances, there is no guarantee that corporate safeguards and security practices are enforced.
Current solutions for dealing with the increased data loss risk on hand-held mobile devices include blocking of synchronization of certain files wherein the synchronization of certain files is blocked based on criteria like document format. See, for example, U.S. Pat. No. 6,438,585 issued to Mousseau et al., entitled “System and Method for Redirecting Message Attachments Between a Host System and a Mobile Data Communication Device” and U.S. Patent Application Publication No. 2010/0242086 filed by Adams et al., entitled “System and Method for Handling Data Transfers.” This could prevent certain files from being exposed in case the device is lost, but this technique creates a conflict between the usability of the device (i.e., having all relevant documents accessible) and the minimization of loss risk (i.e., keeping sensitive documents off of the device). There usually is no solution that satisfies both interests.
Current solutions for dealing with the increased data loss risk on hand-held mobile devices also include encryption of the data stored on the device wherein devices encrypt the stored information, thus preventing access to sensitive information in case the device is lost. This technology has several drawbacks. Namely, the encryption key itself has to be stored on the device, usually protected by a PIN code or password that has to be entered to use the mobile device. For usability reasons this code is often limited in complexity since it has to be frequently entered, and it will typically only be required after a certain timeout period. If the device is stolen after the PIN code or password was entered by a legitimate user but before the timeout occurs the perpetrator can access all data on the device, and often even prevent the PIN code or password timeout by simply using the device continuously since the timeout is typically linked to the device being inactive. Existing platforms may also allow circumvention of the encryption based on errors in the encryption implementation or based on hardware attacks against the platform. This was demonstrated in the past for multiple mobile phone platforms.
Current solutions for dealing with the increased data loss risk on hand-held mobile devices also include remote wipes in case of loss. This technology allows remote wipes (and in addition also often remote locking) of the device. In case the device is stolen this function can prevent data from unauthorized access by deleting all data from the device and securely erasing the storage. The major drawback of this method is that it only helps if three conditions are all met: the owner has to realize the device is missing, the owner has to be able to report the loss (i.e., he cannot use the lost device to report the loss) and the device has to be connected to a wireless network to receive the remote wipe command and be able to execute it. Some platforms also allow a timed remote wipe if the device is off of the network for a pre-defined amount of time, but if the defined interval is long enough to not interfere with occasional network outages the time until the wipe occurs may still be long enough to steal all data on the device.
None of the existing technologies offers a satisfying way to manage the risk connected to the data on the mobile device based on the drawbacks listed for the main protection technologies. Thus, improved techniques for minimizing the risk of loss of sensitive data from mobile devices would be desirable