Use of mobile devices, such as smart phones, is being widely adopted across the business community. With this greater adoption, the users of mobile devices expect to use these devices to facilitate modern business processes. For example, smart phones are now used to access corporate email systems and other critical business systems that contain potentially vast amounts of sensitive information. This sensitive information may include, for example, health information (PHI), personally identifiable information (PII), financial information and confidential intellectual property. The existence of this sensitive information on mobile devices makes the information susceptible to data losses, for example, in cases in which the device is lost or stolen.
Apart from the damage to business secrecy and reputation, regulation within the United States and abroad poses substantial legal liabilities if information is lost due to its dissemination to a mobile device. Regulations such as the Health Insurance Portability and Accountability Act (HIPA), the Gramm-Leach-Bliley act (GLBA) and the privacy-protecting laws of various states and nations may require that the information assets within organizations should be monitored and subjected to an information protection policy in order to protect the privacy of customers and employees and to mitigate the risks of potential misuse and fraud.
Data Loss Protection (DLP) systems may provide a method of ensuring an organization's conformance with an established information protection policy. These systems may monitor information provided to mobile devices to ensure their conformance with the established policies. Mobile devices are provided by a variety of manufacturers and run a variety of operating system environments. For example, in 2012, operating systems such as Research in Motion®'s Blackberry® OS 7, Apple's® IOS®, Google's® Android®, and Microsoft® Windows Mobile® are popular. Developing client side applications for each of these operating environments can be time consuming and expensive. Because of the variety of mobile device configurations, employing DLP software for each mobile device presents challenges in terms of complexity and cost. Additionally, while digital rights standards provide one method for protecting digital data, use of DRM can become cumbersome when dealing with the diversity of data typically present in a corporate environment. Thus, there is a recognized need for a method and system that can manage the transfer of sensitive data to a mobile device that does not rely on specific mobile device client implementations.