This article can also be found in the Premium Editorial Download "Computer Weekly: Software testing and code quality."
Download it now to read this article plus other related content.
Professional IT prefers disciplined approaches that back up, or copy, all enterprise data to ensure it does not go missing. There are good reasons for this – especially with core data (from transaction applications) when you bear business continuity and regulatory requirements in mind.
When, however, you consider mobile devices (specifically mobile phones, tablets and even many laptops), the data loss prevention implications are not necessarily so clear or so obvious. Data loss prevention may already have been done for you, whether you are an IT Pro or an end user.
First, consider risk. A recent Freeform Dynamics Research report, titled “End User Security Jigsaw”, shows user ignorance or lack of awareness, followed by mishaps and thoughtlessness, are what matter most. This seems to argue that IT should take responsibility for backing up and copying data on mobile devices to prevent data loss.
What data is on mobile devices?
But think of what is on each typical smartphone and tablet, and even some laptops (especially executive ones), and consider how these devices are used. Look at your own devices and think (just as Dale Vile, Freeform Dynamics’ CEO, asked me shortly after joining his firm).
Most mobile devices have an OS (whether iOS or Android or Windows or some other). They have apps or applications, most downloaded from the iTunes Store or Google Play etc, though some may come from internal enterprise app stores. There may be music, videos, books or magazines, social networking information, contact lists, sports data (such as that from the gym or running outside), notes and more.
Now let us work through all of these and consider the implications in the context of data loss prevention.
Whichever OS you have on a device, there will almost always be a copy available on the Internet or from your vendor. This applies to iOS, Android and Windows. Yes, settings may be lost but, on most mobile devices, these are readily recreated if there is no copy in iCloud or in Google Mail, etc.
The Freeform Dynamics Research report shows that user ignorance is considered a big risk
Similarly with apps and applications. If these are free, then they can be downloaded again from the original source at no cost. If they were bought, then the iTunes Store or Google Play, when you sign in again, will permit you to download these again. There is little risk of loss here.
For purchased books and videos and music, for example from Amazon or Barnes & Noble or Waterstones, the same is also true. You have reset your device accidentally but your data is recoverable from these existing stores.
For other music and videos, the likelihood is that you will have used iTunes or Samsung’s Kies or simply a USB connection to transfer that data to your mobile device. This means you almost certainly have an alternative copy on a different machine (most probably a PC of some form). Or you might also choose to save this content in iCloud, Dropbox or SkyDrive.
Download resources on storage and backup
Social networking is usually undertaken on Facebook, Twitter or LinkedIn. In effect these are like browser sessions, where the data is not on the mobile device but in a remote server. Most ‘sport apps’ want you to interact, which means that you are uploading your (say) gym session data to a remote site. Ergo, there can only be minimal data loss here, because your app uploads for you.
Data in the cloud
Indeed, most enterprise apps will be similar, because most enterprises do not want their data stored on mobile devices: they design their apps to ensure most data is kept on their servers or is only accessible by authenticated browser sessions to enterprise hosted servers.
Photos, however, may represent a special form of data, because they are often (though not necessarily) created on the mobile device. This is content originated on the device, just like a note to yourself or a document against which you have made comments.
The answer here is simple. You might manually save all newly originated content into an area that automatically syncs to a remote site (with a Dropbox or SkyDrive) or you can use tools such as Evernote, which will automate the saving of the original data off of the mobile device.
More on data security
That leaves contacts, probably the most valuable and personal of all data on a smart device. Apple and Google and Microsoft all help here, as do the contact-copying services provided by various mobile telcos.
There is, nevertheless, one major exception, which predominately applies to mobile laptops (rather than smartphones or tablets). This is where a device is significantly used to originate content (of any form – writings, presentations, voice, videos, diagrams, music or whatever). Where this occurs IT may have to step in to prevent enterprise data loss, if the user will not take responsibility.
From the above it should be evident that almost all data on most mobile devices has a copy existing already. If not, users can simply ensure that data copies exist. Therefore, for data loss prevention the risks are small, and IT need not worry about data loss prevention (other, perhaps, than to alert employees what is available and how to exploit capabilities they already possess).
This is not, however, the same as mobile device security-enabling or usage policy settings or ensuring that any data created or stored on a mobile device cannot be read if (say) the device is stolen.
Charles Brett, is principal analyst at Freeform Dynamics.
This was first published in November 2013