The state of mobile device data protection

As workers increasingly work from home and remote locations -- and rely on mobile devices -- IT administrators must protect mobile device data.

With the rise of bring your own device (BYOD) environments in organizations -- whether IT supports BYOD or not -- corporate data is being stored and used on mobile devices. And, as workers increasingly work from home and remote locations and rely on smartphones and other mobile devices, IT administrators are pressed to protect mobile device data.

How many mobile devices are out there?

In an April 2012 Enterprise Strategy Group (ESG) study commissioned by Druva, about 55% of the study's 221 respondents said they were experiencing a "significant growth" in employees' use of alternative endpoint computing devices. Another 29% said they saw "moderate growth" in that area.

And the number of mobile devices workers use to do their jobs means that organizations need to get a handle on protecting data stored on those devices.

"The criticality of the data being created and stored across all of these devices has not changed. Though there is more of it, this is the same information that has traditionally sat on file servers, within content management systems, or inside an email application -- all of which are usually behind firewalls and backed up regularly. Now, this data has to be secured and protected differently, and IT cannot rely on employees to do it because doing so would create substantial risk to the business in the event that individuals 'forget' or do not make it a priority," according to the ESG report.

The costs of a lost device -- and a data breach

Using mobile devices to handle and store corporate data poses risks if an organization cannot control access to data on a device that is lost or stolen. According to a November 2012 study by Ponemon (also commissioned by Druva), the research firm estimated the cost of a lost laptop computer was $49,250, including the value of intellectual property saved on the device. Ponemon also estimated the total value of lost devices over the preceding year was more than $2.2 million.

"In essence, we maintain that an integrated data loss prevention tool would negate this cost with an ability to turn off or kill the device before it [became] a danger or threat to the organization," according to the Ponemon report.

But organizations seem to be getting the message. In a March 2012 report commissioned by Symantec, Ponemon reported the average total cost of data breaches in 2011 was about $5.5 million, down from $7.24 million in the previous year.

"This decline suggests that organizations represented in this study have improved their performance in both preparing for and responding to a data breach. As the findings reveal, more organizations are using data loss prevention technologies, fewer records are being lost in these breaches and there is less customer churn," according to the report, which was based on information 49 U.S. companies in 14 different industries provided. About 39% of surveyed organizations had a data breach as a result of a lost or stolen mobile device that contained sensitive information.

The firm said the costs of data breaches rose from $4.54 million in 2005 to a high of $7.24 million in 2010. Included in their calculation were the costs of in-house investigations and estimated loss of customers as well as the expense of outsourced hotline support and free credit monitoring for affected customers.

What product should you use?

Howard Marks, chief scientist at Networks Are Our Lives, said during a Storage Decisions presentation that he recommended protecting the data on laptops and other mobile devices. He noted that some vendors have made greater strides in this specific area than others.

"Well, the first place you're going to go is to whoever you bought your typical application from. They're going deliver to you what they could do to backup desktops and laptops within the architecture of their overriding enterprise backup application [which is] not really optimized for doing desktops and laptops, especially not laptops," said Marks. "The only exception to that are the applications that do source deduplication that came out of the remote office/branch office market, and that's specifically EMC's Avamar and Symantec's PureDisk, although [with] PureDisk, the agent is too big to run in a laptop, so it really just means Avamar."

Marks recommended Code 42's CrashPlan, Druva's inSync and Asigra's backup service as options for mobile backups.

CrashPlan said its PROe software works on your existing hardware, including servers, laptops and mobile devices. The PROe server software offers a real-time dashboard of the entire backup environment, plus allows an environment's servers and storage volumes to be organized into automatically managed destinations for data. It also allows IT to send automatic reports and alerts to users. The company also offers client-side software for laptops that allows users to manage backups and restores without the need to involve IT, and includes data encryption and dedupe. An app for mobile devices is also available to access files.

"PROe is the software, which they'll sell you so you can build your own infrastructure," Marks said. "If you're in health care, and you don't want to deal with getting partner agreements, or if you're in securities, or in any other highly regulated industry, where control of your data is important, or frankly, if you're like most very small businesses and your owners are just paranoid that somebody at Dropbox really wants to see your customer list, then you can buy the software and implement it yourself, and they won't see your customer list."

According to Druva, the company's inSync product uses deduplication to speed up backups by 10 times and results in a 90% savings in available bandwidth, and WAN optimization to optimize latency and packet size over available WAN networks. Druva also said its product supports remote encryption and deactivation, along with device tracking so administrators can locate a lost or stolen device, and scales to more than 10,000 users.

"Druva's InSync is probably the most sophisticated solution on the market," Marks said. "They have a very nice backup application bundled with encryption, down to including 'E.T. phone home' and remote shred and all of those features that you would look for. They have agents for Windows, Mac and Linux. You can run 2,000 users on a server. It costs $40 per user to buy the software, and it does a basic full-text index of the data for e-discovery purposes."

Asigra's DS-Mobile Client is designed to be operated by mobile device users to back up and restore their data. The company said its product is completely automated and includes data reduction technologies like block-level deduplication and compression to save bandwidth. The company also said the product comes with a simple GUI for novice users.

"Asigra is a very interesting company … they have been doing online backup for 25 years. It's been doing cloud backup before anyone even invented the term 'cloud,' and they used to call it 'televaulting.' It's good for remote offices. It's good for laptops. They have as good an application as you can build for iOS and Android," Marks said. "It's the engine behind many of the online backup services you'll see on the Internet. Something like 60% of the hundred-some-odd thousand devices that they manage are managed by services where somebody bought their software and runs a service to do backup with. Some say 'Powered by Asigra' on them, some of them don't. They do what they call 'global data progression,' where if you have the inside-the-data-center version, they'll backup data and store it on a standard disk device, and as it ages, spool it off to tape. It's sort of HSM [hierarchical storage management] for backup data."

Dig Deeper on Backup and recovery software

Start the conversation

Send me notifications when other members comment.

Please create a username to comment.