Mobile device usage in the workplace has become widespread. And security on mobile devices is the next frontier for today’s IT departments. As IT departments roll-out new policies and technologies, they force mobile device users to jump through extra hoops in order to access the files they need. Users try to find innovative ways around such restrictions. For some, this means downloading a file from SharePoint to their desktop and then emailing it to themselves, or uploading it to personal Cloud storage for easy access.
Mobile security vendors are recognizing that device protection alone is not adequate. Security should focus on the data, and information rights management needs to be in place at all times. Microsoft Rights Management Services provides the data security organizations need to ensure their data remains safe when downloaded to a mobile device.
The native email and document viewing apps on iOS and Android devices do not support RMS protected emails and documents. To enable these scenarios, we have partnered with vendors like TITUS who integrate Microsoft RMS technology into their mobile solutions.
I recently had the opportunity to speak with TITUS about their mobile security solutions which incorporate Microsoft RMS.
Dan: Hello Charlie. Could you please introduce us to TITUS and your role?
Sure Dan. TITUS has created a number of security solutions that help organizations protect their data regardless of its location – on the desktop, in the cloud, or on mobile devices. TITUS solutions combine classification and information rights management to persistently protect information. As the Vice-President of Mobile Solutions at TITUS, it is my task to deliver security solutions that help organizations protect their sensitive information on mobile devices.
Can you tell me more about your mobile solution?
TITUS Classification for Mobile is made up of two apps – TITUS Mail and TITUS Docs – which are secure containers that protect email and documents stored on mobile devices while letting administrators create data loss prevention policies that protect against inappropriate sharing. As you know Dan, the best way to protect shared data is to apply RMS protection. Until now however, it has been difficult for Apple iOS and Android users to take advantage of Microsoft RMS. With TITUS Mail and TITUS Docs apps, users can now access and protect data using AD and Azure RMS seamlessly from within the TITUS apps.
What specific RMS scenarios do your solutions enable?
With TITUS mobile solutions:
- Users of Apple Mail have the ability to open and view RMS protected email and attachments
- Users can open and view RMS protected Office documents (docx, doc, xlsx, xls, etc.) and pfiles on iOS devices
- Users have the ability to RMS protect documents on their iOS device
- Users are provided with a secure, business email app for iOS and Android that supports seamless viewing of RMS protected messages
Who would use these solutions?
Any organization that wants to protect their email and documents, and control how that information is shared from mobile devices. Our customers cross all sectors, from military to corporate enterprises to government.
Do the TITUS apps use the IRM support in Exchange ActiveSync to provide viewing of RMS messages for the mobile user?
No, the message is actually unlocked on the device. While using IRM ActiveSync effectively hides RMS authentication and decryption from the user, removing the encryption at the server means the data may be unprotected and at risk when stored on the device. Another issue with using IRM ActiveSync is that it cannot decrypt email attachments if they were protected before they were attached. By leveraging the RMS 4.1 SDK, TITUS is able to protect the message all the way to the mobile device, and is able to open individually protected attachments.
What is the user experience like?
Decrypting an email or document is a seamless process that takes place within the TITUS app. When a user clicks on a protected file, they are asked to authenticate. Once authenticated, the file is presented to them just like any other email or document. The user then has as much freedom to edit or forward the file as the RMS permissions allow.
Users can also encrypt a document simply by clicking on the lock icon. The user chooses the RMS template they want to use and the file is now protected.
Does a user have to authenticate each time they open a protected file?
No. Only once per session.
What other data loss policies does your solution employ?
All files inside the TITUS apps are AES-256 encrypted in addition to any Microsoft RMS rights that may be applied. Classifications enable greater nuance to our data loss policies. By using the file sensitivity in the policy, it is possible for organizations to set different rules for each classification, such as controlling what can be printed, copied, or uploaded. More broadly, TITUS scans outgoing email to check for PII and can enable email geofencing which will block email from reaching the device when it is in specific regions. Administrators can set a policy to automatically delete email after a specific inactivity period and expire documents after a set period of time. These policies work independently of any MDM initiated remote data wipes, which is important as IT personnel are finding that lost personal devices are not always reported. In environments where users bring their own phone, they will often replace a lost mobile without telling IT until they try to activate the new device.
You mentioned MDM. Is TITUS Classification for Mobile a Mobile Device Management solution?
No, but it will work with any MDM.
What can we expect from the future? Can you take us along your roadmap?
The demand for Microsoft RMS capabilities is driving our roadmap in interesting ways. For instance, TITUS Docs supports direct access to SharePoint sites and libraries. We want to ensure we support all the scenarios involved with retrieving an RMS protected document or file from SharePoint and automatically protecting files uploaded to SharePoint from mobile devices.
Can someone trial your software?
A free version of both TITUS Mail and TITUS Docs are available on the Apple App store and Google Play. For a full trial with all the security and policy features enabled you will need to contact TITUS directly.
How does someone reach you for a full trial or further questions?
The easiest way is to visit our website at: http://www.titus.com/mobile-data-security-products.php
Or email us at firstname.lastname@example.org
And that’s it. I encourage you to try out the free version of the TITUS Mail and TITUS Docs apps and provide your iOS and Android users with access to RMS protected email and files. As always, let us know what you think.
Dan on behalf of the RMS team