Regulators Are Rushing to Catch Up to Mobile Device Risk

By: Arieanna Schweber | 8/2/2016

The average employee in the US uses at least 3 devices per day for work activities. Not surprisingly, organizations today struggle to manage such a vast number and variety of devices, many of which are employee-owned and used for work purposes, whether sanctioned or not. This proliferation of devices has led to a dramatic rise in Shadow IT. Employees are using personal devices, unsanctioned apps, or accessing corporate data without the knowledge of IT. A report earlier this year indicated that as much as 45% of data is held on the endpoint, often unprotected by even the most basic security policies. With the growing threat that the endpoint presents—and one of the top data security risks of today—organizations need to focus on bolstering their endpoint security.

Why the Mobile Security Market is Growing

Endpoint security incidents have been increasing in severity over the past 12 months, as indicated by a recent survey by Ponemon. Larry Ponemon, President of Ponemon Institute, noted that the key to minimizing the risk of data breaches was to “be vigilant in educating employees, enforcing security policies and securing all endpoints.” The mobile security market is growing as companies come to recognize the threat posed by endpoint devices and the actions of employees on those devices. Corporate data is at serious risk.

"The explosion and continuing expansion of mobile devices being used to conduct commerce has put the volume of at-risk data far beyond what anyone could have imagined just a few years ago. And we’re not even discussing yet how many times more that will expand once the Internet of Things becomes more of an everyday reality of the common person," says Stephen Treglia, Legal Counsel at Absolute, in an interview with Software Magazine.

As highlighted in Software Magazine’s article, Mobile Compliance Concerns, endpoint security solutions come with a variety of functions: encryption, device management, remote data wipe, blacklisting apps, data policy enforcement and much more. Treglia spoke with Software Magazine about the impact that State laws and regulation frameworks such as HIPAA and PCI have on choosing a mobile security solution.

“Regulators legitimately fret that this will get the security of personal data hopelessly out of hand and are trying to craft the rules and person power to stem the overwhelming tide, but continue to fall further behind. One must also wonder if there is a less noble purpose behind the rush to greater regulatory involvement, such as the ability to impose substantial monetary penalties.”

Regulators Are Catching Up

Just as organizations were slow to protect the endpoint, regulators were equally slow to spell out their requirements for data protections on the endpoint. Now, all of that is changing. Regulators are zeroing in on the need for proactive endpoint security. Organizations that fail to extend data protections to the endpoint, or that fail to update policies and training to include endpoint security risks, are going to be hit hard with compliance fines.

As noted in the article, Absolute is in a unique position when it comes to ensuring compliance on the endpoint. Persistence is the only technology that includes a permanent connection to the device.

"Absolute has partnered with the world’s leading OEMs to embed Absolute technology in the firmware of over one billion devices globally. This means Absolute technology is on the device at the time of purchase and can be activated at any time. It also means that if your business runs a multi-system mobile operation, Absolute will maintain a persistent connection to all of your devices.

Typically when someone gains access to a mobile device with the intent to use it for an unauthorized purpose, one of the things they do is attempt to disable tracking software installed by the rightful owner of the device. Persistence technology allows our software to survive such attempts. Replace the hard drive, wipe the hard drive clean of all data, re-install the operating system, flash the BIOS, do a number of methods to remove surveillance software, and Absolute’s technology will still be there and can be reactivated."

Ensure Compliance with Absolute

Using our technology, you can secure your devices and monitor for suspicious device activity. If a security incident occurs, you can remotely lock a device or wipe the data. We provide detailed reporting that you can use to prove that security technologies were in place at the time of the incident. Absolute DDS also comes with the backing of our worldwide investigative staff. This expert team helps recover stolen devices, which not only reduces technology spending, but helps curb the theft of devices in the first place.

Want to put your security readiness to the test? Audit your security posture with the free Absolute DDS Status Report. Then come on back to set up your automated alerts. Extend your endpoint security to include the protection of Persistence and the backing of our investigations team.

Financial Services