Introducing Office – Your new go-to mobile app for getting work done

As a financial Company we understand the impact of the New Office Application which is now available on the iOS & Google Play Store.

The issue I am facing is that I see a Data leakage point from the application itself.

We actively manage iOS devices for Corporate managed device as well as BYOD Devices.

Since users are able to download the application from app store -we have done some testing around for our managed devices where we have applied APP Policies to restrict data being copied and pasted as well as data being stored locally on the device – This has worked for us and aligned with our agreed setup.

However the issue we are facing is with the new transfer feature of this application where the camera can be used to scan a QR Code which is generated at transfer.office.com and we are able to create a pairing request to share files.

The QR code can be screenshot and sent to another user to create a secure file transfer connection.

Unfortunately we see this as a risk and something that falls out of DLP Scope.

For example important financial information can get sent out to other paired device from this application using the 10mb file transfer from anywhere around the world and this scenario could get replicated many times over.

Some Questions we face:

1. How can we protect the sensitive data from being sent out and being received from the application with the QR file transfer Feature?
2. Can the QR file transfer feature be disabled?
3. Can the camera be disabled for the app?
4. How can we protect this application from being downloaded/installed on a BYOD user device and setup our policies accordingly?
5. If we were to hide/block this application from being installed to device for Corporate managed iOS devices how can we do the same for BYOD Users where company portal is not installed but rather the use of MFA App?