Resource Library

Find videos, customer case studies, datasheets, whitepapers and more to learn how Commvault can help you make your data work for you.

The 5 Features You Absolutely, Positively Must Have to Secure Your Mobile Endpoints

eBook Whitepaper



Corporations know that they should secure their users’ mobile endpoint devices. But how? Rigid corporate announcements don’t work – users are already bringing in their personal devices, or they have personal data stored on company devices. Ignoring the problem doesn’t work – data breaches coming from unsecured and unencrypted laptops are epic in proportion. Restricting mobile devices to within a narrow perimeter of secure data centers doesn’t work – first, your mobile users are on the go; and second, thieves can and do steal laptops out of offices.

The reality is that mobile devices, especially laptops, are consistently under threat from disgruntled employees, determined thieves and opportunists. Even when people lose their laptops, you cannot be sure that whoever picks it up doesn’t have bad motives in mind. Data protection has a critical role of course, you need to get lost data back – but the first line of defense is to secure devices against loss, and to make certain that even if a would-be thief makes away with a laptop, they will not collect any data from it.

There are five critical security features that you need to confidently secure mobile devices and protect against would-be thieves and hackers. (And forgetful employees.) You need a mobile security suite that lets you 1) encrypt files and folders to a data breach, 2) control user access, 3) remotely wipe drives when you have to, 4) geo-locate missing or stolen laptops, and 5) automate these actions using policies.


In 2014, the healthcare industry reported a record number of regulated data breaches. Many people are used to thinking about data breaches being the result of determined digital attacks – but in fact, nearly 80% of them were a result of unencrypted stolen computers and USB thumb drives.1 Encryption is critical for securing data outside of the firewall. Encryption makes sure that even if a thief gains access to your data, they cannot even read it, let alone use it. Intelligent security tools with standards like FIPS 140-2 will serve industry and government regulations such as SOX and HIPAA. Look for encryption that operates at the granular level of files and folders.


In theory, user passwords are an important security measure. In practice, users choose weak passwords, rarely change them, and gravitate towards an informal master password that they use for as many applications and services as possible. These factors combine to make password cracking a popular pastime for way too many people. Encourage your users to set strong passwords but guard their backs with secure single sign-on (SSO) or two-factor authentication (2FA). SSO uses a third-party service for master password verification, while 2FA requires two layers of user authentication instead of a simple user ID and password.


When you cannot find a laptop and it’s at high risk of data breach, remotely wipe the drive. Selectively wiping protected data is preferable to a default full drive wipe, in case the employee still hopes to recover their digital picture albums. But you can and should wipe sensitive work data. It’s not always IT who initiates the wipe: ideally users can initiate their own if needed. Don’t limit wiping to simple deletion; choose a tool that also zeros out blocks, so disk recovery is useless to the thieves.