Review: Mobile Data Loss
Employees increasingly use mobile devices for work and to access their company’s resources. That should be, by now, an accepted reality for all those who work in the IT (security) department of an enterprise, whether big or small.
Unfortunately, this use opens the companies to data loss, a situation both employees and employers are eager to avoid. This book will explain how to minimize the possibility of that happening.
About the author
Michael Raggo has over 20 years of security research experience. His current focus is threats and countermeasures for the mobile enterprise. A former security trainer, he has briefed international defense agencies, and is a participating member of the PCI Mobile Task Force. He’s currently the Director of Security Research at MobileIron.
Inside Mobile Data Loss
The book has five chapters. The first one explains how mobile devices differ from PCs from a security standpoint, and the second one goes through the various mobile threat vectors and how they are exploited by attackers.
Both chapters can be easily read and understood by less tech savvy employees (should they wish to), as the author has a knack for explaining things in a simple way. I would, in fact, recommend it, as they are often unaware of all the ways they are inadvertently opening themselves, their devices, and their company to data loss.
After all, data that used to be in several places in the enterprise, usually within the security perimeter, and now can be and is found everywhere: on the device, in the app, in the cloud, and so on.
Chapter three details the various countermeasures and security solutions IT security folks can implement to mitigate each of the threat vectors: lockdowns and restrictions, access control, live monitoring, log auditing, encryption, PINs and passcodes, and more. It will take most of these to weave a layered, protective web around the data and the users.
The author makes sure to repeat often that the threats keep evolving and that the protections offered need to follow that evolution closely.
As mobile devices are used by employees across various industries, those in charge of IT security should make sure that compliance to various mandated requirements (PDCI, HIPAA, etc.) is ensured. Instructions on how to do it are in Chapter 4.
The book ends with great advice for security engineers on how to develop a good mobile device security strategy, with both proactive and reactive security measures, and how to keep on top of threats that loom in the future (IoT especially).
The number of pages will tell you immediately that the subject matter won’t be addressed in depth – and it isn’t.
Instead, this book is a helpful and concise overview of the dangers companies face by allowing their employees to use mobile devices to connect to their networks and resources (apps, databases, etc.), and the measures they can put in place to sidestep these dangers. If that’s what you’re looking for, this book will be perfect for you.
The one small negative thing I can note about this edition is that there are occasional grammar/style mistakes and “slips of the pen” (keyboard, more likely), but they don’t diminish its worth or enjoyability.