With so many mobile devices to keep track of in the workplace, IT Managers need to implement tighter security controls, especially if PCI or HIPAA regulatory requirements apply to their organization.
Several approaches are available to help prevent sensitive data from being distributed to unauthorized parties, either inadvertently or maliciously…
Sandboxing – This approach relies on having a completely isolated area where proprietary activities occur and where the movement of data is tightly contained between authorized users. In this model, a ‘sandbox-only’ email client cannot be used for external communications. Instead, email, calendar and contacts are provided by the tools inside the sandbox space. While the use of separate email clients may be inconvenient for some – one for internal use and one for external use – the user base must be made to appreciate the importance of this approach for meeting the organization’s stringent data security goals.
Stripping – With this approach, the email stream is intercepted for the purpose of getting rid of sensitive content, including text and attachments. The removed content is stored on the server that performed the “stripping” and can only be viewed and manipulated using an application residing in the controlled environment.
Virtualization – Implementing a separate “virtual machine” on the mobile device puts the secure area under the purview of the enterprise so that the movement of data between the virtual and physical device can be tightly controlled.
If your organization operates in the healthcare or financial sector, where PCI or HIPAA regulatory requirements apply, the extra effort and cost to protect sensitive data might be the best investment you ever made.
DataLink can assist with security risk assessment and PCI / HIPAA compliance to safeguard your organization’s sensitive data. Contact us today at 410.729.0440 or sales@DataLinkTech.com.