By Tyler Keenan
typographyimages / Pixabay
There’s a persistent belief that only large and prominent organizations are targets for hackers, but unfortunately that’s not the case. In fact, hackers often target small- and medium-sized businesses precisely because they generally have weaker security practices and often have relationships with larger enterprises. The 2013 data breach that exposed the credit card data of more than 40 million Target accounts began when hackers infiltrated the systems of a contractor Target used to monitor its HVAC systems.
While many smaller organizations are finally beginning to take IT security seriously, there’s still one area where they often lag behind: mobile security. Besides common steps like enabling two-factor authentication, ensuring that their mobile data is properly encrypted is one of the best steps organizations of any size can take to protect themselves from hackers.
Why Mobile Encryption Matters
Mobile encryption is about more than individual privacy. It’s also been at the center of some major legal disputes around digital privacy and security. Specifically, the FBI has taken Apple to court in at least eleven times to compel it to extract user data (as in photos, texts, emails, and contacts) from locked iPhones. In the most famous instance, the FBI sued Apple in 2016 to develop software that could unlock the work phone of one of the San Bernardino attackers. Apple’s objection had less to do with the particulars of this case than with its strong reluctance to develop a digital backdoor that would make it easier for law enforcement to access locked phones and encrypted data.
The problem, according to security experts, is that backdoors make it easier for anyone, including malicious actors, to access that same data. These disputes are about more than the specifics of one high-profile criminal investigation–they reveal exactly how vulnerable sensitive data remains even on encrypted mobile devices.
As mobile devices become more and more central to the way people work, organizations need to develop or in some cases adapt their IT security policies. In this article, we’ll take a brief overview of mobile encryption, compare hardware- and software-based encryption techniques, and consider the additional challenges of mobile encryption and the cloud.
The Basics of Mobile Encryption
There are lots of different ways to encrypt a mobile device, but they all fall under two broad categories of approaches: hardware-based and software-based. Software encryption uses special software installed on the host system to produce and verify the keys to encrypt data, while hardware encryption uses a dedicated piece of hardware called an encryption engine to perform those same calculations.
Note: It just so happens that Apple and Google have taken broadly different approaches to mobile encryption, with Apple choosing a hardware-based approach for iOS while Google opts for software-based encryption for Android, so we’ll refer to each while discussing their respective approaches. Just note that these approaches aren’t exclusive to either OS: Some Android devices use hardware encryption and iOS also uses software encryption for some features.
The Software Approach: Go to the full article.
Source:: Business 2 Community