News

Industries

Companies

Jobs

Events

People

Video

Audio

Galleries

My Biz

Submit content

My Account

Advertise with us

POPI Act should prompt mobile security rethink for SA companies

Over the past three decades legislatures across the world have been trying to update their legal systems to address growing concerns around how our private information is being used once handed over to companies in both the public and private sectors.
Nader Henein
Nader Henein

Looking back, this first began with an article published in the Harvard Law Review by two men who later became pillars of the US legal system: Warren and Brandeis. They wrote The Right to Privacy in December of 1890 protesting what was then "New Technology"; the printing press had birthed its first tabloid magazine and with it the lives and photographs of private citizens were laid bare for all to see.

Fast-forward a century or so and the introduction of the Protection of Personal Information Act (POPI) is driven by the same motivation: the protection of personal customer information held by organisations.

Naturally, this is prompting South African businesses to re-evaluate how they store and process customer information and mobile data is by no means exempt. Today, smartphones and tablets allow us to retrieve, store and process custodial information in our day-to-day jobs to be able to serve our customers better, compete and generate revenue better and, with that, comes the onus the treat this information responsibly and protect it from loss or theft. In the same way that a bank is held accountable to its customers for the money it stores, POPI aims to hold organisations accountable for the mismanagement of custodial information.

One of the weakest potential points

Because we tend to overlook mobility in enterprise as a company peripheral it has grown to represent one of the weakest potential points in many large organisations' information security infrastructures. Enterprises need to strengthen their mobile security posture if they are to align themselves with POPI's requirements. This means they need to put strong processes in place to prevent accidental or deliberate data leakages as well as to prevent malware infections.

Mobile devices are, today, central to business processes. Most large organisations have sales and service staff as well as executives in the field carrying a wealth of personally identifiable information about customers on their devices. These mobile devices can also often be used to access a range of customer data stored on company servers. Yet this area has not received enough attention from CIOs and IT managers as they rush to meet POPI's demands.

In practice, this means organisations should make sure they have security frameworks and solutions that allow for end-to-end control over how data on mobile devices is managed at rest and in transit. These security procedures ideally need to be auditable so that the organisation can demonstrate compliance while critically not affecting the advantages that mobility brings. So, in short, security and compliance should not come at the expense of the bottom line or the user experience for that matter.

Properly encrypted across all managed devices

The BlackBerry Enterprise Service 10 (BES10), an Enterprise Mobility Management (EMM) solution, ensures that data in transit and data at rest are both properly encrypted across all managed devices. Local encryption of all customer data (messages, address book entries, calendar entries, memos and tasks) is enforced via IT policy. Additionally, system administrators can create and send wireless commands to delete information from lost or stolen devices remotely.

For BlackBerry 10 devices, the integrated BlackBerry Balance technology keeps personal and work apps and information separate from work apps and content. The user can switch from his personal space to work space with a simple gesture. The work space is fully encrypted, managed and secured, so enterprises can protect critical content and applications, while allowing users to get the most out of their smartphone for their personal use through apps like Facebook and Twitter without ever impacting on their regulatory compliance posture.

Mobile security that complies with POPI is going to be especially challenging for organisations that have embraced the Bring Your Own Device (BYOD) philosophy. The mix of devices in use in their workforces - many of them consumer smartphones and tablets not designed to enterprise security standards - makes such organisations vulnerable to loss or theft of customer data. With this in mind, companies with BYOD policies need to start looking to implement multiplatform MDM as a matter of urgency.

BES10 allows IT administrators to manage Android, iOS and BlackBerry devices through a single end-to-end platform and management console. And with BES12 coming at the end of the year, it will also manage Windows Phone making BlackBerry the only company that can provide customers the flexibility to choose between any of the popular policy models such as BYOD or Corporate Owned Personally Enabled (COPE).

For iOS and Android devices, Secure Work Space is a containerisation, application-wrapping and secure connectivity option that delivers a higher level of control and security, all managed through the single BES10 administration console. Work applications are secured and separated from personal apps and data, providing integrated email, calendar and contacts; an enterprise-level secure browser; plus secure attachment viewing and editing with Documents To Go.

Take time to develop and implement a formal EMM strategy for your organisation, POPI has sharp teeth for enforcement - companies that do not meet its requirements face stiff penalties including large fines and reputational damage. At a more fundamental level we all have an almost integral responsibility to protect individual privacy and for many we do not need laws to point out what the Universal Declaration on Human Rights considers one of its pillars next to freedom and equality.

About Nader Henein

Nader Henein is regional director of BlackBerry Product Security
Let's do Biz