A company is facing a problem of data roaming. The securisation of data roaming requires the implementation of a system combining easy access and broad protection.

The problem consists in protecting both the internal network and the roaming data contained in the mobile devices. This company wishes to commission a survey of its economical risk, but also of the cost for a securisation.

Context

It is not easy to grasp how much of the information loss is actually noticed in the companies. They do not communicate on this kind of problem and sometimes they are not even aware of the real loss inside their organisation. Furthermore, this kind of accident is more and more common and very often the origin lies with an internal collaborator (84 %). This person disseminates information voluntarily or not.

Ponemon Institute en

 

In the current context, mobility implies meeting new challenges:

  • The opening of the company to the internet for the nomads as well as for the partners considerably increases the risk exposure.
  • Data roaming implies a balanced usage of cryptography to cipher local data but also to authenticate and master accesses.
  • The implementation of updated and available information imposes to open the computer system outward without compromising security while maintaining a flexibility of use.
  • The evolution of this type of attacks obliges to design a data flow analysis up to the application level and not only a network scanning as before.

Methodology

First an inventory of the existing infrastructures needs to be carried out. Quite often, these must be adapted to be opened to mobility.

Some services require the implementation of supplementary elements in order to guarantee as much security as possible in the access and information control. Furthermore, rationalisation of the request allows reducing the possible costs while taking broader services into account.

Example of cost

In the framework of this review, the company comprises 5,000 collaborators and 550 mobile elements. They seek advice from a dealer who proposes the following conclusions:

Area and scope:

Exemple mobilite 1

Estimate for the securisation cost:

This price is a low estimate. It does not take the maintenance into account (around 15% above the initial price).

Exemple mobilite 2

BlueKrypt, thanks to a rationalisation of the needs and precise targeting of the objectives, while taking the existing situation into account, divided this initial investment by two.