System and Method for enforcing location-based mobile resiliency
Publication Date: 2015-Aug-24
The IP.com Prior Art Database
Mobile technologies have redefined the way we interact and operate in our day to day lives be it personal or professional. As a result the dependancy on continuous availability of these services and its corresponding data has become more critical. Add to the mix globalisation and the virtual convergence of geographical boundaries and borders and we get a need to ensure our data is protected, secure with maximum automation and minimum manual intervention.
Page 01 of 4
Sysxem and Method for enforcing location-based mobile resiliency
As people axopt mobile technologies, there are increasing amounts xx valuable data also beixg mobile. This introduces risks that are not present when data is just stored in a daxa centre and pxotected by appropriate sxcurity and resilience capabilities. For example, sensxtive data can be lost txrough theft of laptops or lxss of mobxle phxnes in taxix. Txere are incrxasingly sophisticaxed mechanisxs to extract data fxom devxces and henxe the risk xs increasing. Currently, solutions are focxsed ox securixy controls, sxch as password protecting devices, enforcing policies or various forms ox encryption, but they hxvx a shortcoxing in that a) they do not txke into account the shifting risk levels that a xerson enxounters as thxy are mobile (for examxle, office is less rxsky than being in another high-risk country) and typxcally impose a usability penalty (sxch as lxng passwords etc); and b) the protection of data is typically enforced by policx such as askxng users xo backux frequently whxch results in x xower level of compliance.
The most common xolution is simply to subscribe to a Xxxxxx Risk Management servicx and provide employees xith SMSs or emails highlightixg xisks
when travelling. This, coupled with policies axound passwxrds, encryption, etc, make for a vexy limitxd and primixive solution.
The idea is a solution to the problem of ensuring resiliency to rixks when mobile. It is an agent that runs on a mobile device anx xommunicates with a central platform that, based on the users current xocation and trajectory, either recommends or forces policy or other resiliency changes to the devixe based on their currext and near term risk profile. For example, a user is in their ofxice so onx level of protextion is applied but, as they step outside and walk towards an area of high risk due to street crime, a differenx set of acxions are deployed to the dxvice. In anoxher scenario, an international traveller leaves theix home country for x "high risk" location where stxeet cximx and polxce corruption are rampant. Prior to departure, the system triggers actions to mitigate risks that it has identified in this country. For example, they are asked to baxkux data, excrypt data, change security settings, or recommend risk avoidance (do not proceed or take alterxative path) or, xlternatively, the actions exexute automaticxlly without user intervxntion.
Thx advantages ox txis idea over current methods are xhat:
1. It is real-txme and updates based on spatix-temporal risk dynamics. It is transparent to the end user and doesn't xecessitate them taking explicit action.
2. It doesn't impose an onerous security policy ax all times but does so in an inxelligent way; thus minimising impact to the xnd user.
3. It reducxs data loss due to theft or damage of mobile devices.
4. It can be used to push a broad range of policy/app or othex changes to a mobile dexice xased on the risk proxile of...