Protecting Sensitive Comms on BYOD Devices without resorting to MDM

Protecting Sensitive Comms on BYOD Devices without resorting to MDM

Managing corporate data on Bring Your Own Devices (BYOD) has been a thorny issue for years. Businesses and employees alike appreciate the convenience of people using their own devices, and in fact, the organisation probably doesn’t have much choice in the matter without taking draconian measures. However, protecting sensitive information that finds its way onto unmanaged devices can open organisations up to risk of industrial espionage and even threaten national security, quite apart from more mundane, but nevertheless serious data protection regulatory issues (GDPR being the most obvious).

 

Athletes advised to use burner phones for security reasons

To add to those threats, if people travel abroad they may find their devices compromised by lapses in local security. A recent case in point was athletes and teams taking part in the Winter Olympics in China. Many governments advised people to take burner phones and hire laptops once there, rather than risk their own devices becoming compromised. Full story here: https://www.bbc.co.uk/news/world-asia-china-60034013

Burner phones create additional security issues

This raises an important point, that of the additional complexity posed by the use of burner phones.  Typically they are bought in country, used and disposed of prior to return. These phones, usually Android, for cost reasons, should be considered unsafe because their provenance cannot be certain. Using apps on such phones can create undue risk and uncertainty as they may have been ‘jailbroken’ (modified to remove restrictions imposed by the manufacturer, to allow the installation of unauthorised software) or contain potentially malicious apps from local carriers or distributors.

 

Managing BYOD without MDM

True BYOD devices that are owned by the employee create a different challenge. Employees do not like the fact that their employer might wish to take control of their personal device with a Mobile Device Management (MDM) solution, and so have the ability to restrict the use of the capability of the device e.g. disable the camera. However, the concerns around corporate data being held on a device that is not owned or controlled by the business must still be addressed – something that Armour can do without the need for a full MDM solution.

 

How Armour helps

Armour Mobile and SigNet by Armour provide a mobile comms solution that completely isolates the communications and any associated data, metadata or files (attachments such as documents, images, video clips). All data is encrypted and secured within the app protecting contacts, messages and attachments from malware on the device or if the device is lost or stolen. The ultimate goal is to minimise the organisation’s risk by reducing the residual data held on the device. Armour’s products are Secure By Design, for example technology in the app requires sole use of the microphone ensuring rogue apps are not ‘listening’ in to voice or video calls.

In addition, before the app can be used, the Armour software checks to see if the device has been jailbroken, if so, the user will not be able to use the Armour app.

Armour provides its own viewers for certain types of attachments, so as not to share information with the operating system or third-party viewers, and preventing the user from sharing the attachment (and its sensitive information) outside of the Armour app, thus avoiding the potential for data leakage.

To avoid the use of the public internet and untrusted, insecure networks, the Armour apps can be installed in a variety of ways. Depending on the specific use case requirements this can include via SD card or via a completely closed VPN network (using additional technology from Armour technology partners).

Armour Mobile and SigNet also include many security features within the app to protect against data leakage.  This includes the Message Burn and Disappearing Messages features, where the sender of a message can set it to automatically delete at a set time, either after it has been read, or after it has been sent.  This feature can be deployed as a standard setting across chat groups or communities of users.

In the coming months we will deliver the capability to remote wipe any data held within the Armour app on devices that have been lost, stolen or otherwise compromised and in addition will have the ability to centrally control the length of time messages are available to be accessed on phones.

For more information about how Armour can help you to ensure secure communications even when using BYOD devices, contact us today: sales@armourcomms.com

  • Protecting Sensitive Comms on BYOD Devices without resorting to MDM
  • Protecting Sensitive Comms on BYOD Devices without resorting to MDM
  • Protecting Sensitive Comms on BYOD Devices without resorting to MDM
  • Protecting Sensitive Comms on BYOD Devices without resorting to MDM
  • Protecting Sensitive Comms on BYOD Devices without resorting to MDM
  • Protecting Sensitive Comms on BYOD Devices without resorting to MDM
  • Protecting Sensitive Comms on BYOD Devices without resorting to MDM
  • Protecting Sensitive Comms on BYOD Devices without resorting to MDM