The General Data Protection Regulation (GDPR) is a new European law that will be enforced in May 2018. GDPR applies to any company, regardless of their physical location, that collects, manipulates and/or stores European residents’ personal data—information belonging to end users, employees, partners and prospects on computers, mobile devices, servers, emails, logs history, tracking, etc.
As digital data are omnipresent in our ultra-connected world, all organizations are affected.
[This an excerpt from the whitepaper, “The Path Towards a GDPR-Compliant Mobile Framework,” by mobile security leader Pradeo.]
Mobility Endangers GDPR Compliance
The digital transformation has created a cloud-first and mobile-first world, greatly increasing the amount of mobile data transiting between mobile devices, computers, servers, etc. As a result of companies digitalizing their frameworks and services, corporate and personal data are now extensively accessed by mobile devices. This evolution is exposing them to a whole new range of risks: Malware, data leakage, vulnerabilities, network exploits, etc.
According to a Gartner survey and to Mikako Kitagawa, principal research analyst at Gartner, nearly 80% of employees say they haven’t received employer-issued smartphones, and more than 50% of employees exclusively use their personal mobile device in the workplace. More than just a fad, the bring-your-own-device (BYOD) phenomenon is here to stay.
Organizations are more and more flexible regarding their employees’ ways of working and the locations they work from. This means they access corporate data and apps from home, coffee shops or airports using their personal and enterprise smartphones or tablets, by connecting to any network.
Standard security solutions historically used by companies (like antivirus) don’t cover the perimeter of corporate- and employee-owned mobile devices nor apps. These new behaviors are creating a need of security solutions to protect the enterprise mobile framework.
Before the GDPR is enforced, organizations need to evaluate how their corporate and employees’ data are handled and how much their apps and devices are protected from attacks and leakage.
Ensure the Security of Data Accessed by a Mobile Fleet
As mobile devices contribute to increased productivity and collaboration, organizations have quickly equipped themselves or have set BYOD policies in the last few years. Hospitals, banks, governments—all industries’ members are now benefiting from great agility by consulting emails, files, calendars, etc. through tablets, smartphones and apps. But as a consequence, it has become very difficult for IT teams to monitor mobile security and data privacy.
An enterprise mobility management (EMM) solution such as VMware AirWatch offers a platform to manage mobile devices, apps and data.
From a security point of view, EMM allows organizations to:
- Enforce data encryption on the device.
- Activate mobile threat defense (MTD) capacities to fully protect the managed fleet against all mobile threats.
MTD technology smoothly integrates with management tools by adding the security capacities they lack. It uses an on-device agent to secure the operating system level (detection on jailbreak, root, debug mode, vulnerable operating system), the network level (ban of risky hotspot connections) and the application level (enrichment of app blacklists).
The MTD technology allows for identifying and blocking threats in real time on users’ devices and automatically synchronizing lists of uncompliant devices and applications on the EMM platform. It protects personal and corporate data from attacks and leakage.
“Mobile Threat Defense tools use a mix of vulnerability management, anomaly detection, behavioral profiling, code emulation, intrusion prevention, host firewalling and transport security technologies to defend mobile devices and applications from advanced threats.”
—Gartner Market Guide for Mobile Threat Defense
AirWatch + PRADEO SECURITY
AirWatch integration with PRADEO SECURITY 360° Mobile Threat Defense allows IT to manage and secure mobile applications, content and devices, helping build a mobile framework that supports GDPR compliance. Find more details about the integration here.