Mobile Tricks: a Few Ways to Cheat DLP Systems and to Prevent It

When DLP systems first appeared in Russia, they were designed only for workstation protection. However, due to the recent technological developments, adoption of the BYOD concept by businesses, wide use of smartphones and tablets, frequent business trips, and an increasing number of home-office workers, the corporate cybersecurity perimeter is becoming blurred. Due to employee mobility, they read, approve, and download even very important data and documents are from the corporate network using mobile devices.

Threat scenario: Data leak via the OWA (Outlook Web Access) client

Case description. Despite the availability of Microsoft Outlook email clients for almost all modern platforms, users often prefer to exchange email via OWA. Access to email from a browser often becomes a weak spot for DLP systems. The situation is the following: an employee creates a message draft on a corporate workstation, attaches a confidential document to it, saves a draft in the email, comes home, connects via OWA, and downloads a confidential document to his/her PC, laptop, or mobile device. The security service will not prevent the leakage because the PC is a device used for personal purposes, and it does not have a DLP agent installed.

SOLUTION: MDM + DLP + VPN (optional)

This problem is solved by applying MDM solutions that close the OWA leak channel. The MDM solution is deployed within the corporate perimeter. All employees work with corporate data—email, corporate network, calendar, documents, etc.—through the MDM interface. This closes the potential OWA leak channel. It is important to understand that MDM acts as a kind of sandbox that divides the personal and corporate environment. Only the corporate environment is controlled.

Case description. Sometimes an intruder may get access to the victim’s calendar. Employees often attach confidential documents to a meeting on the calendar. Intruders can access these calendars and documents attached to them.

SOLUTION: MDM + DLP

If an intruder downloads an attachment, the DLP system notifies the security service. Integration of MDM and DLP enables controlling not only email and downloaded documents but also calendar attachments. If an intruder downloads an attachment from the calendar, the DLP system must prevent this. An employee that works with MDM remotely can connect to the corporate environment and download any confidential documents. The files downloaded to the local disk of their device must also be controlled, and the integration of these solutions enables this.

Case description. Data can leak when information from corporate resources is downloaded to a mobile device. Employees are often given access to corporate resources—email, portal, etc.—from mobile devices. As a result, they can download a document from a file server or SharePoint to a mobile device, and then use it for their own purposes.

SOLUTION: MDM + DLP + VPN

A shadow copy of the downloaded document is sent to the DLP system, which checks its content for the presence of confidential information. It is extremely important to control the files downloaded by the employee. Of course, you can configure access to folders and files, but sometimes these security controls are ineffective.

Leaks are visualized in the DLP administration console. It is possible to analyze the leak channel—MDM, contacts, leak object, etc.—so investigations can be performed not only from workstations. It is also possible to set the monitoring rules depending on time (for example, monitoring can be enabled during working hours—from 9:00 to 18:00).

VPN solutions are often used to transfer shadow copies from mobile devices to DLP servers if it is required to encrypt the open communication channels. It is possible to encrypt the channels in accordance with GOST standards.

Subscribe to news

A confirmation email has been sent to the indicated address.
Boris Mikulin
Head of DLP Systems, Information Security Department

Material rating

5.0

Share