Apple iPad modification signals change in balancing data accessibility and governance, Varonis comments
Varonis Systems commented on reports that a US Federal Government contractor has modified the hardware of thousands of Apple iPads to allow government officials to `securely’ use their tablet computers, saying it illustrates the need to be able to work, access data and collaborate from anywhere on any device, as well as the need to protect information, and that it can be challenging to satisfy both.
David Gibson, Vice President of Strategy with data governance specialist Varonis, commented that the model of working in a 9-5 routine at a workstation in the office just isn’t the norm any more. Due to the consumerisation of IT people now use the device that they feel most appropriate to their work and lifestyle. These devices by themselves bring a lot of new freedom and capability, and with them concerns about security and management. It’s frightening to think how easily you could walk into work, take a picture of a sensitive memo, patient record, etc. and then forward it on undetected via a cellular network. Organizations now need to make sure that information stays where it is supposed to be, and at the same time provide a modern work and collaboration experience.
“While we don’t know the exact details of the alteration or the specific risks CACI is mitigating, the first thing that comes to mind is restricting the ability to disseminate sensitive information via cellular networks through forwarding or saving to a cloud service—this would hold true for digital content on or accessible by the device as well as anything the device could take a picture of—a prototype, rooms inside a building, blueprints or other documents. If the camera is eliminated, then the only way to get data onto the device is via the network or by manual entry. If the network is restricted to WiFi, then network access can be more easily controlled by the organization,” he said.
“In our major BYOD report of last summer we found that two-thirds of senior managers either do not know where all their company data resides – or are not sure. My view is that, as the IT hardware landscape shifts to mobile devices connected to fast mobile networks – as has happened here – that percentage could easily rise without implementing additional controls to make sure that data is always stored where the organization can properly manage and protect it,” he added.