MobileIron is introducing a new Content Security Service (CSS) today that provides IT with a cloud security umbrella to set document protections across a variety of services, even when employees save documents to a personal account.
In today’s BYOD (bring-your-own-device) world, IT knows all too well that people save company content to personal cloud storage accounts, even if there are rules prohibiting it. Depending on the service, the company could lose control of the content when it leaves their sphere of influence.
Some cloud storage services such as Syncplicity and Box provide document-level protection that lets you expire documents or decide who can edit, copy or share. MobileIron VP of Strategy Ojas Rege says, while these services work fine, and both companies are actually partners, these controls only work within their given services.
What MobileIron brings is a level of control at the document level where IT administrators can set whatever document security they wish, regardless of the service, thereby separating security controls from the storage service.
IT sets security levels in a control panel and decides which services to include. Out of the box (so to speak), it will support Dropbox and Box.
The security works on a number of levels. First of all, it offers encryption and key management. Next, it provides basic data loss prevention (DLP) with remote wiping, document expiration, controls for saving and sharing and so forth. It also offers an audit trail for compliance purposes. Finally, it lets you share encrypted files in-house with teams and other employees.
Rege says customers will be able to share MobileIron encrypted files outside the company in a future update.
For today’s release, Rege explained the mobile front end for these tools is MobileIron’s own Docs at Work mobile app, but over the coming months they plan to offer support for a number of options.
While it doesn’t offer everything today, Rege explained the company always planned a phased approach. In the first phase, they developed Docs at Work. In this phase, they introduce the content security and in the last phase coming at a later date, they will provide access to a broader set of tools through an application programming interface (API).
He says the idea is not to restrict end users, but to give them as many options as possible. In the next release, IT should be able to link to any services that have an API and provide that encryption and security across services, even ones that aren’t necessarily officially sanctioned in-house.
The content security product also links with MobileIron device security solutions which offer services like remote wipe if a device is lost or stolen. The company sees the document security as logical extension of the device security
Overall, this product is meant to provide some level of confidence for customers that as they move deeper into a BYOD world where employees are using their own mobile devices, and transferring content to their own services outside of IT’s purview, IT can still maintain control of company content.
Given that the device doubles as a personal and work tool, it makes sense to try to protect the documents. While MobileIron would surely argue you should be protecting the device too, protecting the content is what truly matters here, and if you can expire documents on the fly or provide meaningful encryption, that’s a big step.
For now, with this phase’s constraints, it’s not a security panacea by any means, but at least it’s a start for organizations looking for some semblance of control over content without having to restrict the services their employees are using.