The personal cloud is the most persistent data loss threat to the enterprise today because employees often use their own cloud services to store work documents. CSS is the first solution to address this prevalent example of "Shadow IT" by providing both the document-level security and the tight integration into an EMM platform necessary to protect enterprise content across popular personal cloud services.

"Employees often bypass restrictive IT policies to use their preferred consumer apps for work, unintentionally putting corporate data at risk," said Chris Hazelton, Research Director for Enterprise Mobility at 451 Research. "It's about familiarity, access, and awareness. 39% of U.S. workers use consumer apps for business because they use them in their personal life. IT needs to secure data regardless of where it is stored and used. Moving security from the device to the document level allows IT to reduce the risk of data loss even in the personal cloud."

 

"Corporate document security, by effective use of encryption and DLP policies, are high value governors for creating and maintaining content security. It makes for good corporate sense, in more ways than one, to protect data against infiltration and unwanted exposure," said R. Keeton, Messaging, Mobility & Collaboration, Thompson & Knight LLP. "Flexibility is key to creating a pliable content security infrastructure that is capable of adapting to the rapidly changing needs of the organization."

"Mobile First CIOs realize that many employees store work documents in the personal cloud and that saying 'no' doesn't change their behavior," said Ojas Rege, VP Strategy MobileIron. "Our mission at MobileIron has always been to allow employee choice without compromising enterprise security. The MobileIron Content Security Service transforms the personal cloud from an IT nightmare to a powerful tool for employee productivity."

MobileIron First to Separate Security from Storage
The challenge with traditional content security solutions is that they functionally link security and storage. This requires the migration of work documents to a new content storage repository in order to enforce security policies, which increases complexity by creating more repositories for the enterprise to manage.

The MobileIron Content Security Service is the first solution to separate security controls from data storage methods and allow security to be managed at the document-level across multiple content repositories. It allows employees to securely use their own cloud services without locking employees or IT into specific content repositories. Documents do not have to be migrated to a new repository and are secure even when stored in a personal cloud service. "Bring-your-own-storage" now joins bring-your-own-device (BYOD) as a powerful way for enterprises to leverage the ongoing consumerization of IT for the benefit of their employees.

This ability to separate the security/control plane from the data plane is described in US Patents 8,863,297, 8,863,298, and 8,863,299 for "Secure Virtual File Management System" which were granted to MobileIron in 2014.

CSS Secures the Personal Cloud
Phase One of MobileIron's personal cloud security initiative was launched in October 2014 to provide native access to cloud-based content repositories through the MobileIron Docs@Work mobile application.

Phase Two, the new CSS, protects the documents stored in those repositories with five core capabilities:                                                                            

  • Encryption and key management: CSS enables the encryption of work documents when they are stored in the personal cloud, allowing the enterprise to set policies that prevent unauthorized use.
  • Data loss prevention (DLP) controls: CSS allows the enterprise to set document expiration policies and selectively wipe specific documents on a device. CSS also allows control of the uploading, downloading, editing, and sharing of those documents. For example, if a pricelist must be updated every 30 days, CSS is designed to ensure that the expired document is automatically wiped from the device, which is then updated with the new one.
  • Secure sharing: Employees can use the native sharing features of their personal cloud apps to share the documents secured by CSS with other authorized employees. These documents are encrypted even when shared so that only an authorized user on an authorized device will be able to decrypt them.
  • Activity trail: CSS is designed to provide visibility into which work documents have been accessed, when they were accessed, who accessed them, and using what device. CSS also tracks policy enforcement actions. This activity reporting supports the compliance strategy of the organization.
  • EMM integration: CSS integrates with the MobileIron EMM platform to maintain a consistent view of users, groups, and devices across the organization. CSS also integrates with the MobileIron Docs@Work app on iOS and Android to enforce content security policies on the device.