How secure is company data on mobile devices?

blue-zone AG Sicherheitsmaßnahmen Mobilgeräte
source: Pixabay

A general observation of user behaviour with mobile devices shows that private and business use are increasingly merging. Almost none employee want to use two mobile devices in order to fundamentally separate business and private use.

Tablets first conquered the private market about 10 years ago, before their advantages also became established in the business world. More and more business solutions are also offered as apps. Especially if they are digital tools developed for field teams.

What happens to the business – and also private – data if the tablet or smartphone is lost? Is the data still safe?

The everyday life of sales staff or service technicians is characterised by their daily changing work location. Home office, on-site customer support or maintenance orders usually take place at the customer’s premises. One little carelessness and the tablet is – in best case – left behind after the appointment. In the worst case, it is unclear where the tablet went missing. From this point on, the concern is not only the loss of the device alone, but also foreign access to the data.

The company data is safe on your mobile devices because it is protected from unauthorised access with the following mechanisms.

  1. For the polumana® app, Microsoft controls the authentication process
  2. 2-factor authentication has already been established by many manufacturers.
  3. Touch ID and face ID are recognised secure methods
  4. Single sign-on authentication plays a central role for user management in companies
  5. Encrypted, secure communication (VPN, HTTPS)
  6. Hard disk encryption

Microsoft authentication process for polumana® app

The polumana® apps use the Microsoft Identity Platform as central identity provider. This authenticates users and provides a security token in accordance with the OAuth 2.0 standard. Only with a valid security token is a client application able to access protected resources. This security token has a short lifespan and is continuously checked and updated in the background. Every communication between the client application and the Microsoft Azure Cloud is verified via this security token.

2-factor authentication

2-factor authentication is a secure form of user identity verification. Here, the login process is secured via a second factor. In addition to a usual login with password, a second factor such as biometric characteristics (e.g. fingerprint, facial recognition) or possession (e.g. phone) is required for authentication. 

Touch ID and Face ID (under iOS)

According to Apple, unlocking the device via Face ID is just as secure as with the already familiar Touch ID. The probability of unlocking a foreign device via Face ID is 1:1 million. In addition, the authentication process allows a maximum of 5 failed attempts before the device is completely locked.

You can find out more about security at Apple here: https://support.apple.com/en-us/HT208108

Single sign-on authentication

Single sign-on (SSO) authentication plays a central role in user administration at companies. This simplifies the user’s daily work routine, as access to various data is enabled with a single user authentication. This means that each user logs in to different services with only one login. This remains valid until he actively logs out.

Encrypted, secure communication

VPN

A VPN (Virtual Private Network) enables a network connection in which data transfer can be made via an authenticated and encrypted channel between mobile clients and internal network. This enables mobile systems to access internal data without being tapped on the transmission route.

The polumana® Sales and Service App supports secure data communication via VPN network connection.

HTTPS

HTTPS (Hypertext Transfer Protocol Secure) communication protocol enables secure data transmission and communication. For this purpose, the identity of the connection partner is authenticated and the data is encrypted to ensure the confidentiality and integrity of data communication. Communication within the polumana® app takes place exclusively via a secure HTTPS connection.

Hard disk encryption

Hard disk encryption is a very important element in data security. In case of losing the mobile device, the field worker can rely on the fact that his or her data is permanently encrypted on hard disk. This encryption is only decrypted by unlocking the screen (unauthorised unlocking extremely unlikely – see section “Touch ID and Face ID”) and only for the time the application is active.

iOS/macOS:

Apple devices (iOS, macOS) have additional encryption features that ensure the protection of user data. In iOS, data is encrypted in AES (Advanced Encryption Standard, 256-bit).

Additional information on hard disk encryption on iOS operating systems can be found here: https://support.apple.com/de-de/guide/security/sec35dd877d0/1/web/1

Windows:

Microsoft-Windows Pro has Bitlocker drive encryption built into the operating system. A Trusted Platform Module (TPM) is used to check the system integrity (hardware unchanged and trustworthy). Furthermore, the entry of a PIN can be forced.

In Windows, data is encrypted with AES (Advanced Encryption Standard, 126- or 256-bit).

These security functions help to ensure that personal and company data are protected in the polumana® sales and service solution, even if, for example, a mobile device is lost.

Additional information on hard disk encryption on Windows operating systems can be found here: https://docs.microsoft.com/de-de/windows/security/information-protection/bitlocker/bitlocker-overview

Would you like to learn more about the security of our polumana® app solutions for sales or technical service? Follow our social media channels and don’t miss any more news. You can also contact us directly for an individual consultation. We look forward to hearing from you.