With more workforce going mobile and enterprises embracing Bring-Your-Own-Device (BYOD), pure mobile device management (MDM) is becoming a challenge. MDM takes control of the entire device whereby it can monitor and control the apps that are running on the devices of end users. Typically with BYOD, employees don’t like to surrender complete control of their mobile devices. Add to it the fragmentation of Android platform and implementing a MDM solution becomes an even harder task. The more natural alternative is to secure the data itself - by using data containerization, which means securing the application sandbox and the data inside it.
Vaultize’s Mobile Data Containerization (for BYOD) and Mobile Content Management (MCM) is based on this very premise and blends well within the larger Enterprise Mobility Management (EMM) ecosystem (including other MDM solutions). While data containerization is built right into the Vaultize mobile apps, MCM is offered as a licensed feature. IT can manage the policies for a particular group, user and/or device from the Mobility policies page of Vaultize admin console:
Data Containerization (for BYOD):
Securing the container: Vaultize mobile apps secure the app container by encrypting all the data inside it with military grade AES-256 encryption. Additionally, each file has its own, distinct encryption logic so as to be a deterrent to pattern detection. The files are decrypted on-demand when previewing or editing and are cleaned off immediately once done. This makes sure that no files are lying around in decrypted form.
Controlling the flow of data: Vaultize containerization policies allow administrators to control the flow of data in and out of user’s corporate data container, by restricting/permitting the interaction with third party applications as well as uploading of content from device camera. A future release of Vaultize mobile apps also plans to support the white/black listing of third party apps to provide finer control.
Here's how the Vaultize app looks like when opening of files in third party apps is allowed:
And here's how the user can add media from system gallery/camera or create a new document using the built-in editor:
When the Vaultize app blocks an upload from a third party app:
Mobile Content Management (MCM):
While data containerization deals with the flow of data in and out of Vaultize mobile apps, MCM defines how end-users can use the content within their container. MCM also enables secure and unified access to corporate data coming from a variety of data sources like file servers, SharePoint, desktops, laptops and mobile devices.
Built-in document editor: Vaultize mobile apps include a feature rich document editor that is capable of opening and editing Office files as well as annotating PDFs. With its ability to edit and sync back the documents to the Vaultize cloud/server and then to the document's source (encrypted not only at rest but also in motion on top of SSL), end-users can work on their their data without leaving the secure container, thereby preventing data leakage. With MCM, IT administrators get more fine-grained controls as to how end user can use the data:
- Allow to copy/paste content in the files
- Allow to print the files
- Allow emailing of the files
- Allow to take screenshots of the files from editor (Android-only)
This is how the built-in document editor looks like with all usage rights enabled:
And this is how the mobile editor looks like with, for example, the copy-paste permission disabled:
The built-in document editor also comes with PDF annotation support:
Screenshots can also be blocked inside the mobile document editor:
Secure Wiping (Automatic and Remote):
Apart from managing the data flow and content rights, MCM lets the administrator define policies to securely wipe the end-user’s container and/or block his device remotely. The wiping can be triggered manually from the admin console or automatically based on:
- The geo-locations (countries) where the mobile app is being used.
- The IP range(s) from which the mobile apps are being used.
- Inactivity period of the user - this becomes useful when the device hasn’t accessed server for significant amount of time and has gone out of monitoring range. This prevents the data loss in case device was lost or stolen.
Inactivity based automatic blocking and/or wiping:
Vaultize mobile apps honor the licensing, policies and permission related configurations by implementing the policy engine. The changes in policies are reflected in real-time, and are enforced immediately.
PIN based access:
Apart from the fine-grained management of the container and contents within, Vaultize mobile apps safeguard the access to its container by enforcing a PIN (Personal Identification Number). Even in case the device is lost or stolen, PIN based access protects the container and securely wipes it out after 10 unsuccessful PIN attempts.
The PIN screen looks like this:
And after 10 unsuccessful PIN attempts:
Vaultize takes a holistic approach at securing the corporate contents on mobile devices by employing the combination of mobile data containerization, mobile content management, secure wiping and PIN based access while encrypting the data at rest and in transit.
Want to achieve total freedom for end users and absolute control over enterprise files access rights? Contact Vaultize for a free trial of our EFSS system.