BYOD in the Enterprise

Size: px
Start display at page:

Download "BYOD in the Enterprise"

Transcription

1 BYOD in the Enterprise MDM. The solution to BYOD? Context Information Security October 2013 Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

2 Contents Executive Summary 3 Introduction 4 Likely Attack Vectors 6 Unauthorised Device Access 6 Malicious Applications 6 Vulnerability Exploitation 6 Jailbreaking 6 Rooting 7 Malicious Users 7 Attack Mitigations 8 Device Security 8 Remote Device Management 9 Policy Enforcement 10 Data Separation 10 Enterprise Data Encryption 11 Application Management 11 Compliance Actions 13 MDM Solutions 15 Airwatch 15 BlackBerry Universal Device Service 15 Good for Enterprise 16 MDM Solution Feature Comparison 17 Device Security 17 Remote Device Management 18 Policy Enforcement 20 Data Separation 21 Enterprise Data Encryption 23 Application Management 24 Device Interface Management 25 Update Management 26 Compliance Actions 27 Reporting and Logging 28 Conclusion 29 Appendix A: References 30 About Context 31 Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

3 Executive Summary Managing Bring Your Own Device (BYOD) within an enterprise environment poses a serious, continuous challenge for IT security professionals. As the line between the organisation and outside systems is blurred, the overall security of the enterprise can be affected. Organisations seeking to take full advantage of the numerous business benefits that widespread use of mobile devices by the workforce can offer, must strike a delicate balance between security requirements and the need to create a BYOD environment that users will be happy to utilise in part because if users come to regard security measures as unacceptably onerous they may seek to bypass them, thereby creating additional security vulnerabilities. In previous whitepapers Context has outlined best practice when securing enterprise provisioned mobile devices [1] [2]. But whilst those devices were fully owned and managed by the enterprise, in the era of BYOD this is no longer the case. Corporate pressure to reduce costs is also encouraging organisations to allow staff to use their own mobile devices to access sensitive corporate data. Securing personal mobile devices presents a more difficult challenge for organisations than securing devices managed by the enterprise, in part because of the nature of the devices themselves: easy to lose, likely to be lent to friends and family and attractive to thieves. The software on these devices may also contain security vulnerabilities that could lead to a user leaking sensitive data unwittingly, or could be exploited by a malicious user. Previous recommendations advising locking down mobile devices so that they can only be used in a corporate environment can no longer be applied to BYOD, because users are unwilling to give up control of their personal mobile devices in order to be able to access enterprise data. Yet organisations need to ensure that strong security controls are implemented to protect sensitive data. Increasingly, in order to manage these risks, organisations are turning to Mobile Device Management (MDM) solutions. In this whitepaper we outline the results of Context s assessments of three MDM solutions when used in conjunction with Android and ios mobile devices; and provide recommendations for best practice in the secure use of these solutions. Simply using good technology is no guarantee of success. Whenever any organisation implements security measures it must also draw on the cooperation and active efforts of end users. This is perhaps particularly important if it is attempting to secure BYOD environments. Whilst there is no realistic way to guarantee the security of a workable BYOD environment, organisations can take significant steps towards mitigation of security risks if they combine technical security controls with clearly defined acceptable use policies. These must clearly define acceptable use of all devices that will be connected to the enterprise BYOD environment and could be used to store or to access sensitive corporate data. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

4 Introduction BYOD implementations carry an inherent risk. In implementing BYOD organisations are asking users to secure enterprise data on their personal devices. This whitepaper examines the challenges and risks associated with allowing the use of personal mobile devices in an enterprise BYOD environment. While fully restrictive security policies are possible to configure with corporately owned and maintained devices, ultimately these restrictions are unrealistic in a BYOD environment. A successful BYOD implementation requires a fine balance of usability and security to ensure an appropriate level of user buy-in. However, insecure settings, device use and software update frequency can all affect the overall security of mobile devices, and in turn the security of corporate data in a BYOD environment. This whitepaper outlines good practice security guidelines for implementing BYOD. It then provides details of assessments made by Context of the capabilities of three major MDM solutions that could be used to implement the recommended policies. The two mobile device operating systems examined in this white paper are Google s Android and Apple s ios. Recent market research has shown that these two operating systems have the greatest market share of devices sold, with 79.0% and14.2% respectively, compared to a 3.3% market share for Windows Mobile and 2.7% for BlackBerry, in Q [3]. Clearly these are the devices most likely to be used in an organisation s BYOD environment. The MDM solutions Context chose to assess in this whitepaper are: Airwatch BlackBerry 10.0 Universal Device Service Good for Enterprise The Airwatch and Good for Enterprise solutions were chosen based on Magic Quadrant market data available from Gartner. The BlackBerry solution was assessed because of Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

5 the large number of organisations with a current BlackBerry environment which are in the process of repurposing those environments for mobile device management. The BlackBerry solution has recently incorporated functionality for managing the security of both Android and ios devices. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

6 Likely Attack Vectors In order to identify and assess required MDM solution functionality we need to consider the potential attack vectors that could be used against personal devices in a BYOD environment. While the basic threats are similar to those affecting corporately owned devices, the scenarios are somewhat different and present an expanded threat landscape. Unauthorised Device Access Modern mobile devices and newly released devices in particular are an attractive target for thieves. In addition to the obvious inconvenience of having a device stolen, there is also a risk of sensitive data being extracted. Devices lacking sufficient protection could expose sensitive corporate data stored on the device, or allow thieves access into the corporate environment via the compromised device. Personal devices are also often shared or lent to others, such as family or friends and this could also lead to the device being used by unauthorised persons. Devices which do not adequately protect corporate data could risk it being accidentally or intentionally leaked. Malicious Applications Applications of all kinds can be downloaded and installed from the various mobile App Stores for Android and ios devices. Malicious applications downloaded from an App Store, or otherwise installed on the device, would run on the same device as corporate data. Installed applications can perform any action permitted to them by the configured device permissions, such as registering as the default document viewer, reading the contents of shared storage, or turning on the device camera. As an extreme example, specific applications exist which can turn both Android and ios devices into remote bugs, allowing access to the camera and microphone, documents, messages and other files stored on the device [4]. Vulnerability Exploitation Security vulnerabilities in mobile operating systems and applications can affect the security of the device as a whole. As is the case for other types of software such as web browsers, attackers can exploit known vulnerabilities in order to gain remote control of the device and access the data it contains. In addition to malicious exploitation attempts, users will often exploit vulnerabilities in their devices in order to Jailbreak or Root the device. This process is generally performed to provide the user with greater access to their device, but can also significantly reduce the security of the device as a whole. Jailbreaking Jailbreaking is the process of compromising an ios device in order to run applications which have not been approved by the Apple App Store. Any application entered into the App Store must pass a review process by Apple in order to be approved for installation on ios devices. Many applications, for one reason or another, are not approved by Apple, so alternative App Stores have been created, like the Cydia App Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

7 Store [5], to provide access to mobile applications that have not been approved by Apple. In order to install and run unapproved applications on an ios device, system vulnerabilities must be used to bypass checks performed by the operating system on installed applications. In addition to allowing the installation of unapproved applications, applications on Jailbroken devices can run with higher privileges than would otherwise be available. This can allow applications access to areas of the operating system which would normally be protected on non-jailbroken devices. Jailbreaking of Android devices is generally not required as these devices are not restricted to installing applications from a single vetted App Store, or from an App Store at all. For example, Android App Stores are provided by Amazon, Google and Verizon. Rooting Rooting is the process of compromising an Android device in order to gain elevated operating system privileges. Applications which utilise elevated permissions granted by a Rooted device can perform actions which would not normally be permitted by the operating system or application sandbox. This could allow applications to change protected system configuration, read protected operating system and application files or interact directly with other applications on the device. Depending on the Android operating system provided by the device manufacturer, gaining Root access to a device may require the exploitation of operating system vulnerabilities. Malicious applications running on a Jailbroken or Rooted device could perform key logging, reading of sensitive application or operating system files or intercepting network traffic between the mobile device and connected network services. Malicious Users Finally, the risk of malicious users needs to be considered. A malicious user with access to sensitive corporate information could use their personal device in a BYOD environment to access data and exfiltrate it to non-corporate systems. ing data out of an organisation can leave audit logs which can be used in a data breach investigation, but downloading data on to a BYOD device then using personal on that device or another available file transfer mechanism to exfiltrate the data could be used to avoid logging, and potentially break the audit chain required for a breach investigation. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

8 Attack Mitigations Having defined the types of attacks most likely to affect personal devices used within an organisation s BYOD environment, consideration is now needed of the best ways to mitigate the risk of these attacks. In this section attack mitigation requirements are outlined, good practice policies defined, then reviewed against the chosen MDM solutions in subsequent sections. The policies defined in this section represent the minimum recommended settings in order to mitigate the previously identified likely attack vectors. These minimum recommended settings have been defined based on Context s extensive experience of producing security standards for both enterprise and the UK Government. Device Security Mobile devices should be configured with enforced security settings to protect enterprise data from disclosure in the event of a device being stolen. ios devices enforce encryption of data by default, but Android users are allowed to choose whether or not to encrypt device storage. In addition, the Android operating system does not provide native support for encryption of removable storage, such as external SD cards. However, some Android manufacturers and Network Operators have implemented their own proprietary extensions to address these required features on Android devices. In order to prevent disclosure of data stored on mobile devices, BYOD administrators need to be able to enforce strong authentication, data wiping on successive failed authentication attempts and data encryption on all areas of the device. At the very least mobile devices should be configured with a minimal password policy and full device encryption. Policy Notes Complex password requirements, with the following minimum requirements: Six characters Disable swipe to unlock [6] Enterprise data wipe on failed password Where available. Wipe data after seven incorrect authentication attempts. Device wipe on failed passwords, where enterprise data wipe on failed password is not available. Wipe device after seven incorrect authentication attempts. Device auto-lock. One minute. Enforce device encryption Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

9 Policy Enforce removable storage encryption Notes Where available. Remote Device Management In addition to securing the device, the facility to manage BYOD devices remotely is required. BYOD administrators require the ability to remotely wipe enterprise data, or prevent further data syncing of devices which are reported lost or stolen, or which belong to users who have left the organisation. Other features, such as remotely resetting passwords, locating devices and remotely viewing the device screen, can also help administrators to support users devices within the organisation. Robust remote device management processes should be defined, detailing specific actions BYOD administrators are required to take in the event of a lost or stolen device. Policy Unenroll device Notes Device lock Device wipe Device password reset Optional Enterprise data wipe Enterprise data lock Optional Enterprise data password reset Optional Locate device Optional Remote view device screen Optional Remote application uninstall Optional Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

10 Policy Enforcement To prevent users from bypassing applied security policies when accessing enterprise data and services, the ability to restrict data access and syncing to only enrolled, compliant devices is required. Functionality that ensures that all data is wiped from the mobile device if the policy is removed is also required. Policy Restrict corporate data access to enrolled devices Notes Prevent removal of MDM configuration Where available. Data Separation The ability to strictly separate data is required in order to prevent the mixing of personal and enterprise data in the same applications on a managed mobile device. Separate clients and document viewers should be considered, with restrictions on importing and exporting data from the underlying device. Strong data separation settings should be configured to prevent data from being accessed from non-approved applications on the device. Separate corporate and document viewing applications should be enforced, and document save, copy and paste restrictions applied. Policy Secure client Notes Secure document viewer Copy & Paste restrictions Restrict sending attachments Restrict receiving attachments Optional Restrict exporting documents to the device Restrict importing documents from the device Restrict backup of MDM data Where available. Prevent screen capture Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

11 Enterprise Data Encryption As personal mobile devices are often shared with or lent to other individuals by their owners, any enterprise data stored on a BYOD device needs to be protected from accidental disclosure to anyone who is not an authorised enterprise user. In addition to accidental disclosure, additional protection against intentional access attempts, whether following theft or via remote access of the device is also required. BYOD administrators require the ability to enforce an additional layer of encryption for enterprise data on the device to protect the data against accidental or intentional access attempts. Functionality allowing enterprise data to be securely encrypted, to be protected with complex authentication and to support secure wiping of enterprise data in the event of successive failed authentication attempts should be considered. Data encryption and strong authentication should be enforced on enterprise data containers. A stronger password policy than the general device policy should be applied to control enterprise data access. Policy Notes Complex MDM password requirements, with the following minimum requirements: Nine characters Complex Password expiry of 90 days Password history of 8 passwords Enterprise data wipe on failed password. Wipe data after five incorrect authentication attempts. encryption Document encryption Enterprise data auto-lock. One minute. Application Management Malicious or Jailbroken/Rooted applications running on a mobile device pose significant risk to enterprise data. Malicious applications can attempt to obtain enterprise data by, for example, registering as the default document viewer, monitoring shared storage or exploiting application or operating system weaknesses. BYOD administrators need to be able to define compliance policies to, at a minimum, detect devices which have been Jailbroken or Rooted as well as to perform application blacklisting of known bad applications. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

12 While the use of more secure, but also more restrictive, application whitelists are preferable, this is often unrealistic in a BYOD environment. In environments where whitelisting is not possible, a combination of Jailbreak/Root detection and the blacklisting of common post compromise applications such as Cydia on ios or SuperSU on Android should be implemented. Policy Application blacklist Notes. Detection of known bad applications should be performed. Application whitelist Optional Prevent installing applications Optional Jailbreak/Root detection Device Interface Management The restriction of physical device interfaces should be considered as a means of preventing enterprise data being copied from a managed device. This functionality can be used to prevent the device acting as a USB storage device, connecting to networking or using Bluetooth or NFC to transfer files from the device. Where possible, locking down physical interfaces should be considered. On Android devices, disabling USB management should be enforced to protect enterprise data and applications being debugged by malicious users. Policy Disable USB storage Notes Optional Disable USB management Disable Wi-Fi Optional Disable Bluetooth Optional Disable NFC Optional Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

13 Update Management As mobile operating system vulnerabilities are discovered, reported and fixed, vendors make patches available for download. However, in the case of both Android and ios devices, these patches and updates are not applied automatically. Where users are given the choice, software updates are often not applied at all. The lead time for vendors to issue updates is also often much slower than in the desktop operating system world. This issue is compounded further in the case of Android, by the fact that individual OEMs and Network Operators are required to test and integrate updates into their stock build before pushing it out to client devices. This means that often devices can go unpatched for long periods of time, making them potentially vulnerable to any known operating system vulnerabilities for an extended period. To properly mitigate this risk, BYOD administrators must be able to query the currently running operating system version and patch level of enrolled devices, to report on patching processes and to inform users when they are running old versions of operating system builds and applications. Mobile devices should be restricted to set minimum operating system versions. Context recommends that for Android devices the lowest version permitted should be 4.2; and that for ios devices the lowest version permitted should be Policy Operating System version verification Notes, the following minimum versions should be enforced: Android 4.2 ios Force Operating System update Where available. Compliance Actions BYOD administrators need to be able to respond to compliance failures with a number of remedial actions. For minor compliance violations, the ability to send a message to the user and the IT management team is sufficient. For more serious violations, administrators may require functionality to prevent the affected device from syncing or accessing enterprise data, or even to wipe enterprise data from the device and block it from future enrolment. Suitable responses to compliance violations need to be configured. As a minimum measure, alerts should be raised with both the BYOD administrators and affected users when compliance issues occur. Preventing syncing or wiping enterprise data from devices are measures that could be deployed in response to more severe compliance violations. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

14 Policy Send report on compliance failure Notes. Minor compliance violations. Prevent syncing on compliance failure. Compliance violations, e.g. blacklisted application installed. Wipe enterprise data on compliance failure. Major compliance violations, e.g. Jailbreak/Root detection. Block enterprise applications on compliance failure Optional Lock device on compliance failure Optional Wipe device on compliance failure Optional Reporting and Logging Finally, BYOD administrators need to be able to perform adequate reporting, logging and asset tracking in order to effectively monitor a BYOD environment. Policy Generate device usage reports Notes Generate compliance failure reports Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

15 MDM Solutions Each assessed MDM solution was reviewed for functionality and assessed against the criteria outlined above. The following sections list the pros and cons of each of the assessed solutions, along with the results of the criteria assessment. Airwatch The Airwatch MDM solution provides access to corporate via Exchange Active Sync and corporate documents, and MDM management via a dedicated MDM server within an organisation. Pros: Provides advanced security settings on Android devices which support manufacturer extended APIs Provides MDM management features over and above the built-in operating system features Cons: No dedicated corporate application on ios devices Separate document viewer, client and MDM applications Relies heavily on external applications for viewing documents which can lead to data leakage It should be noted that a number of encryption implementation and data leakage weaknesses were identified by Context during the review of the Airwatch MDM solution. These have since been reported to Airwatch for remediation. BlackBerry Universal Device Service The BlackBerry Universal Device Service (UDS) solution provides MDM management and data access via dedicated BlackBerry servers within an organisation. BlackBerry UDS can extend existing BlackBerry Enterprise Service infrastructure in order to manage Android and ios devices. Pros: Integrates into existing BlackBerry Enterprise Service infrastructure Good authentication settings for enterprise data Cons: Provides only basic MDM management features available in the built-in to the device operating systems Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

16 Good for Enterprise Good for Enterprise provides enterprise data and access via a Good Network Operations Centre (NOC), which communicates with a dedicated Good server within an organisation. All MDM devices communicate with the Good NOC which relays data between a managed mobile device and the organisation. Pros: Integrated , calendar and document viewer for office and PDF files Good authentication settings for enterprise data Cons: All traffic must traverse a Good NOC, this could enterprise expose data to regulatory requirements of the country of residence of the NOC Provides only basic MDM management features available in the built-in to the device operating systems Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

17 MDM Solution Feature Comparison In this section the available security controls are compared across the selected MDM solutions. Device Security The following table compares the available device security settings on the assessed MDM solutions: Policy Airwatch BlackBerry Good for Enterprise Android ios Android ios Android ios Complex password requirements Yes Yes Yes Yes Yes Yes Enterprise data wipe on failed password No No No No No No Device wipe on failed passwords Yes Yes Yes Yes Yes Yes Device auto-lock Yes Yes Yes Yes Yes Yes Enforce device encryption Yes N/A Yes N/A Yes N/A Enforce removable storage encryption Partial 1 N/A No N/A No N/A 1 Removable storage can be enforced when vendor specific extensions are installed, such as Samsung For Enterprise (SAFE), or the LG and HTC specific APIs. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

18 Remote Device Management The following table compares the available remote device management settings on the assessed MDM solutions: Policy Airwatch BlackBerry Good for Enterprise Android ios Android ios Android ios Unenroll device Yes Yes Yes Yes Yes Yes Device lock Yes Yes Yes Yes Yes Yes Device wipe Yes Yes Yes Yes Yes Yes Device password reset Yes Yes Yes Yes Yes Yes Enterprise data wipe Yes Yes Yes Yes Yes Yes Enterprise data lock No No Yes Yes Yes Yes Enterprise data password reset Yes Yes Yes Yes Yes Yes Locate device Partial 2 Yes No No No No Remote view device screen Partial 2 Yes No No No No Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

19 Policy Airwatch BlackBerry Good for Enterprise Remote application uninstall Partial 3 No No No No No 1 Locate device and remote view available when vendor specific extensions are installed, such as Samsung For Enterprise (SAFE), or the LG and HTC specific APIs. 2 Remote application uninstall requires user acceptance. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

20 Policy Enforcement The following table compares the available policy enforcement settings on the assessed MDM solutions: Policy Airwatch BlackBerry Good for Enterprise Android ios Android ios Android ios Restrict corporate data access to enrolled devices Yes Yes Yes Yes Yes Yes Prevent removal of MDM configuration Partial 1 Yes No No No Yes 1 Prevent removal of MDM configuration available when vendor specific extensions are installed, such as Samsung For Enterprise (SAFE), or the LG and HTC specific APIs. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

21 Data Separation The following table compares the available data separation settings on the assessed MDM solutions: Policy Airwatch BlackBerry Good for Enterprise Android ios Android ios Android ios Secure client Yes No Yes Yes Yes Yes Secure document viewer Yes Yes Yes Yes Yes Yes Copy & Paste restrictions Yes Partial 2 Yes Yes Yes Yes Restrict sending attachments Yes No Yes Yes Yes Yes Restrict receiving s attachments No No Yes Yes Yes Yes Restrict exporting documents to the device Partial 1 Partial 2 Yes Yes Yes Yes Restrict importing documents from the device Yes Partial 2 Yes Yes Yes Yes Restrict backup of MDM data Partial 3 Partial 3 No Partial 5 No Partial 5 Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

22 Policy Airwatch BlackBerry Good for Enterprise Prevent screen capture Partial 4 Yes No Yes No Yes 1 Airwatch client cannot be restricted from saving documents to the mobile device. Documents cannot be exported from the Airwatch Secure Content Locker. 2 Airwatch on ios devices integrates with the built in ios client. Specific attachment restrictions cannot be applied. Documents cannot be exported from the Airwatch Secure Content Locker. 3 System backups can be restricted on ios devices and Android devices using vendor specific extensions, such as Samsung For Enterprise (SAFE), or the LG or HTC APIs. However, restricting only the backup of MDM data is not possible. 4 Screen captures can be prevented when vendor specific extensions are installed, such as Samsung For Enterprise (SAFE), or the LG and HTC specific APIs. 5 System backups can be restricted on ios devices. However, restricting only the backup of MDM data is not possible. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

23 Enterprise Data Encryption The following table compares the available enterprise data encryption settings on the assessed MDM solutions: Policy Airwatch BlackBerry Good for Enterprise Android ios Android ios Android ios Complex MDM password requirements Yes Partial 1 Yes Yes Yes Yes Enterprise data wipe on failed password Yes Partial 1 Yes Yes Yes Yes encryption Yes No Yes Yes Yes Yes Document encryption Yes Yes Yes Yes Yes Yes Enterprise data auto-lock Yes Partial 1 Yes Yes Yes Yes 1 Airwatch on ios devices integrates with the built in ios client. Separate encryption and authentication settings cannot be applied. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

24 Application Management The following table compares the available applications management settings on the assessed MDM solutions: Policy Airwatch BlackBerry Good for Enterprise Android ios Android ios Android ios Application blacklist Yes Yes No No Yes Yes Application whitelist Yes Yes Yes Yes No Yes Prevent installing applications Partial 1 Yes No Yes No Yes Jailbreak / Root detection Yes Yes Yes Yes Yes Yes 1 Prevent installing applications available when vendor specific extensions are installed, such as Samsung For Enterprise (SAFE), or the LG and HTC specific APIs. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

25 Device Interface Management The following table compares the available device interface management settings on the assessed MDM solutions: Policy Airwatch BlackBerry Good for Enterprise Android ios Android ios Android ios Disable USB storage Partial 1 No No No No No Disable USB management Partial 1 No No No No No Disable Wi-Fi Partial 1 No No Yes No No Disable Bluetooth Partial 1 No No No No No Disable NFC Partial 1 N/A No N/A No N/A 1 This functionality is available when vendor specific extensions are installed, such as Samsung For Enterprise (SAFE), or the LG and HTC specific APIs. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

26 Update Management The following table compares the available update management settings on the assessed MDM solutions: Policy Airwatch BlackBerry Good for Enterprise Android ios Android ios Android ios Operating System version verification Yes Yes Yes Yes Yes Yes Force Operating System update No No No No No No Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

27 Compliance Actions The following table compares the available compliance action settings on the assessed MDM solutions: Policy Airwatch BlackBerry Good for Enterprise Android ios Android ios Android ios Send report on compliance failure Yes Yes Yes Yes Yes Yes Prevent syncing on compliance failure Yes Yes Yes Yes Yes Yes Wipe enterprise data on compliance failure Yes Yes Yes Yes Yes Yes Block enterprise applications on compliance failure Yes Yes No No Yes Yes Lock device on compliance failure No No No No No No Wipe device on compliance failure No No Yes Yes No No Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

28 Reporting and Logging The following table compares the available reporting and logging settings on the assessed MDM solutions: Policy Airwatch BlackBerry Good for Enterprise Android ios Android ios Android ios Generate device usage reports Yes Yes Yes Yes Yes Yes Generate compliance failure reports Yes Yes Yes Yes Yes Yes Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

29 Conclusion While the above recommended policy settings and processes will help organisations mitigate the risk of attacks against personal devices in a BYOD environment, they should not be considered to be comprehensively secure. MDM solutions can only lock down mobile devices to the extent that underlying operating systems will permit, and BYOD implementations can only lock down devices to a level that users are willing to accept. Due to this, BYOD implementations carry an inherent risk. Technical issues that may reduce the overall security of an MDM implementation include: Detection of Jailbroken / Rooted devices and malicious applications requires constant refinement. Lacking operating system support for fine-grained or advanced management features. Implementation weaknesses of MDM solutions may inadvertently leak sensitive information. Apposed to purely technical issues, users can also limit the effectiveness of MDM solutions: Users may continue to download apps from various App Stores, disregarding the operating system permissions requested by the applications. Technical users may find ways around Jailbreak/Root detection in order have this level of access whilst simultaneously accessing enterprise data. Finally, organisations implementing BYOD must also complement technical security controls with Acceptable Use policies which clearly define acceptable usage of all devices that will be connected to the enterprise BYOD environment. Users should also be made aware the implications of the restrictions put in place and the management controls granted to the organisation, such as remote device wiping, locating devices and resetting device passwords. Whilst it is possible to impose fully restrictive policies with corporately owned and maintained devices, ultimately the imposition of such restrictions are unrealistic in a BYOD environment. A successful BYOD implementation requires a fine balance of usability and security, otherwise user buy-in will be low. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

30 Appendix A: References [ 1 ] Context Inforation Security, Smartphones in the Enterprise, [Online]. Available: White_Paper.pdf. [ 2 ] Context Information Security, Tablets in the Enterprise, [Online]. Available: [ 3 ] Gartner, Gartner Says Smartphone Sales Grew 46.5 Percent in Second Quarter of 2013 and Exceeded Feature Phone Sales for First Time, [Online]. Available: [ 4 ] D. Danchev, How cybercriminals create and operate Androidbased botnets, [Online]. Available: [ 5 ] Cydia, [Online]. Available: [ 6 ] A. J. Aviv, Smudge Attacks on Smartphone Touch Screens, [Online]. Available: pdf. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

31 About Context Context Information Security is an independent security consultancy specialising in both technical security and information assurance services. The company was founded in Its client base has grown steadily over the years, thanks in large part to personal recommendations from existing clients who value us as business partners. We believe our success is based on the value our clients place on our product-agnostic, holistic approach; the way we work closely with them to develop a tailored service; and to the independence, integrity and technical skills of our consultants. The company s client base now includes some of the most prestigious blue chip companies in the world, as well as government organisations. The best security experts need to bring a broad portfolio of skills to the job, so Context has always sought to recruit staff with extensive business experience as well as technical expertise. Our aim is to provide effective and practical solutions, advice and support: when we report back to clients we always communicate our findings and recommendations in plain terms at a business level as well as in the form of an in-depth technical report. Context Information Security 30 Marsh Wall, London, E14 9TP +44 (0) / 32

Guideline on Safe BYOD Management

Guideline on Safe BYOD Management CMSGu2014-01 Mauritian Computer Emergency Response Team CERT-MU SECURITY GUIDELINE 2011-02 Enhancing Cyber Security in Mauritius Guideline on Safe BYOD Management National Computer Board Mauritius Version

More information

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com {ipad Security} plantemoran.com for K-12 Understanding & Mitigating Risk Plante Moran The ipad is in K-12. Since its debut in April 2010, the ipad has quickly become the most popular tablet, outselling

More information

What Is BYOD? Challenges and Opportunities

What Is BYOD? Challenges and Opportunities Wor k s pac es Mobi l i t ysol ut i ons Bl uewi r esol ut i ons www. bl uewi r e. c o. uk What Is BYOD? Challenges and Opportunities What is BYOD How Secure is Your BYOD Environment? Bring your own device

More information

BYOD Guidance: BlackBerry Secure Work Space

BYOD Guidance: BlackBerry Secure Work Space GOV.UK Guidance BYOD Guidance: BlackBerry Secure Work Space Published 17 February 2015 Contents 1. About this guidance 2. Summary of key risks 3. Secure Work Space components 4. Technical assessment 5.

More information

BlackBerry 10.3 Work and Personal Corporate

BlackBerry 10.3 Work and Personal Corporate GOV.UK Guidance BlackBerry 10.3 Work and Personal Corporate Published Contents 1. Usage scenario 2. Summary of platform security 3. How the platform can best satisfy the security recommendations 4. Network

More information

Data Protection Act 1998. Bring your own device (BYOD)

Data Protection Act 1998. Bring your own device (BYOD) Data Protection Act 1998 Bring your own device (BYOD) Contents Introduction... 3 Overview... 3 What the DPA says... 3 What is BYOD?... 4 What are the risks?... 4 What are the benefits?... 5 What to consider?...

More information

Hands on, field experiences with BYOD. BYOD Seminar

Hands on, field experiences with BYOD. BYOD Seminar Hands on, field experiences with BYOD. BYOD Seminar Brussel, 25 september 2012 Agenda Challenges RIsks Strategy Before We Begin Thom Schiltmans Deloitte Risk Services Security & Privacy Amstelveen tschiltmans@deloitte.nl

More information

Auditing the Security and Management of Smart Devices. ISACA Dallas Meeting February 13, 2014

Auditing the Security and Management of Smart Devices. ISACA Dallas Meeting February 13, 2014 Securely Manage your devices, applications and data. Deploy your corporate policies on smart devices. Comply with Regulatory Laws. Auditing the Security and Management of Smart Devices ISACA Dallas Meeting

More information

Guidance End User Devices Security Guidance: Apple ios 7

Guidance End User Devices Security Guidance: Apple ios 7 GOV.UK Guidance End User Devices Security Guidance: Apple ios 7 Updated 10 June 2014 Contents 1. Changes since previous guidance 2. Usage Scenario 3. Summary of Platform Security 4. How the Platform Can

More information

Addressing NIST and DOD Requirements for Mobile Device Management

Addressing NIST and DOD Requirements for Mobile Device Management Addressing NIST and DOD Requirements for Mobile Device Management Whitepaper 2013 ForeScout Technologies, Inc. All rights reserved. Call Toll-Free: 1.866.377.8771 www.forescout.com Contents 1. OVERVIEW

More information

End User Devices Security Guidance: Apple ios 8

End User Devices Security Guidance: Apple ios 8 GOV.UK Guidance End User Devices Security Guidance: Apple ios 8 Published Contents 1. Changes since previous guidance 2. Usage scenario 3. Summary of platform security 4. How the platform can best satisfy

More information

SYNCSHIELD FEATURES. Preset a certain task to be executed. specific time.

SYNCSHIELD FEATURES. Preset a certain task to be executed. specific time. SYNCSHIELD FEATURES This document describes the diversity of SyncShield features. Please note that many of the features require a certain platform version, often earlier software versions do not support

More information

Mobile Security BYOD and Consumer Apps

Mobile Security BYOD and Consumer Apps Mobile Security BYOD and Consumer Apps Adam Shnider, Managing Director, Coalfire October 16, 2012 Agenda I. The Mobile World - Trends I. Mobile devices - threats and risks I. BYOD Security Top Five I.

More information

Addressing NIST and DOD Requirements for Mobile Device Management (MDM) Essential Capabilities for Secure Mobility. www.maas360.

Addressing NIST and DOD Requirements for Mobile Device Management (MDM) Essential Capabilities for Secure Mobility. www.maas360. MaaS360.com > White Paper Addressing NIST and DOD Requirements for Mobile Device Management (MDM) Essential Capabilities for Secure Mobility www.maas360.com 1 Copyright 2014 Fiberlink Communications Corporation.

More information

TechnoLabs Software Services Pvt Ltd. Enterprise Mobility - Mobile Device Security

TechnoLabs Software Services Pvt Ltd. Enterprise Mobility - Mobile Device Security Enterprise Mobility - Mobile Device Security Story Context: TechnoLabs has been focusing and offers Enterprise Mobility as one of its solution offering. No can deny the fact that mobile computing can bring

More information

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0 Security Guide BlackBerry Enterprise Service 12 for ios, Android, and Windows Phone Version 12.0 Published: 2015-02-06 SWD-20150206130210406 Contents About this guide... 6 What is BES12?... 7 Key features

More information

Kaspersky Security for Mobile

Kaspersky Security for Mobile Kaspersky Security for Mobile See. Control. Protect. MOVING TARGETS Mobile devices play a key role in connectivity and productivity. But they also introduce new risks to the business: in the past 12 months

More information

Mobile First Government

Mobile First Government Mobile First Government An analysis of NIST and DISA requirements for the adoption of commercially available mobility platforms by government agencies August 2013 415 East Middlefield Road Mountain View,

More information

Android Security. Device Management and Security. by Stephan Linzner & Benjamin Reimold

Android Security. Device Management and Security. by Stephan Linzner & Benjamin Reimold Android Security Device Management and Security by Stephan Linzner & Benjamin Reimold Introducing Stephan Linzner Benjamin Reimold Consultant, Software Engineer Mobile Developer Founder of Stuttgart GTUG

More information

Policy Checklist. Directorate of Performance and Reform. Stephen Hylands, Head of Information Technology

Policy Checklist. Directorate of Performance and Reform. Stephen Hylands, Head of Information Technology Policy Checklist Name of Policy: Purpose of Policy: Directorate responsible for Policy Name & Title of Author: Does this meet criteria of a Policy? Trade Union consultation? Equality Screened by: Date

More information

BYOD AND ME. How cell phone hacking effects your business.! Richard Rigby CEO Wraith Intelligence

BYOD AND ME. How cell phone hacking effects your business.! Richard Rigby CEO Wraith Intelligence BYOD AND ME How cell phone hacking effects your business! Richard Rigby CEO Wraith Intelligence 90% of companies will offer BYOD, or bring-your-own-device options to employees by 2014, according to Gartner.

More information

Emerging threats for the healthcare industry: The BYOD. By Luca Sambucci www.deepsecurity.us

Emerging threats for the healthcare industry: The BYOD. By Luca Sambucci www.deepsecurity.us Emerging threats for the healthcare industry: The BYOD Revolution By Luca Sambucci www.deepsecurity.us Copyright 2013 Emerging threats for the healthcare industry: The BYOD REVOLUTION Copyright 2013 Luca

More information

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING INFORMATION TECHNOLOGY STANDARD Name Of Standard: Mobile Device Standard Domain: Security Date Issued: 09/07/2012 Date Revised:

More information

Mobile Security Standard

Mobile Security Standard Mobile Security Standard Title Mobile Security Standard Mobile Device Security Category Version: 18/07/2013 PUBLISHED Author:, IT Services Contact: itsecurity@contacts.bham.ac.uk Mobile Security Standard

More information

www.pwchk.com Bring Your Own Device (BYOD) & Customer Data Protection Are You Ready?

www.pwchk.com Bring Your Own Device (BYOD) & Customer Data Protection Are You Ready? www.pwchk.com Bring Your Own Device (BYOD) & Customer Data Protection Are You Ready? Why is this important to you? Background Enterprise mobility through Bring-Your-Own-Device (BYOD) has been around for

More information

Embracing BYOD. Without Compromising Security or Compliance. Sheldon Hebert SVP Enterprise Accounts, Fixmo. Sheldon.Hebert@fixmo.

Embracing BYOD. Without Compromising Security or Compliance. Sheldon Hebert SVP Enterprise Accounts, Fixmo. Sheldon.Hebert@fixmo. Embracing BYOD Without Compromising Security or Compliance The Mobile Risk Management Company Sheldon Hebert SVP Enterprise Accounts, Fixmo Sheldon.Hebert@fixmo.com New Realities of Enterprise Mobility

More information

Mobile Device Management for CFAES

Mobile Device Management for CFAES Mobile Device Management for CFAES What is Mobile Device Management? As smartphones and other mobile computing devices grow in popularity, management challenges related to device and data security are

More information

Chris Boykin VP of Professional Services

Chris Boykin VP of Professional Services 5/30/12 Chris Boykin VP of Professional Services Future Com! 20 years! Trusted Advisors! Best of brand partners! Brand name customers! 1000 s of solutions delivered!! 1 5/30/12 insight to the future, bringing

More information

Windows Phone 8 devices will be used remotely over 3G, 4G and non-captive Wi-Fi networks to enable a variety of remote working approaches such as

Windows Phone 8 devices will be used remotely over 3G, 4G and non-captive Wi-Fi networks to enable a variety of remote working approaches such as GOV.UK Guidance End User Devices Security Guidance: Windows Phone 8 Updated 14 October 2013 Contents 1. Usage Scenario 2. Summary of Platform Security 3. How the Platform Can Best Satisfy the Security

More information

Mobility, Security Concerns, and Avoidance

Mobility, Security Concerns, and Avoidance By Jorge García, Technology Evaluation Centers Technology Evaluation Centers Mobile Challenges: An Overview Data drives business today, as IT managers and security executives face enormous pressure to

More information

How To Manage A Mobile Device Management (Mdm) Solution

How To Manage A Mobile Device Management (Mdm) Solution Mobile Device Management Buyers Guide IT departments should be perceived as the lubricant in the machine that powers an organization. BYOD is a great opportunity to make life easier for your users. But

More information

Managing and Securing the Mobile Device Invasion. 2012 IBM Corporation

Managing and Securing the Mobile Device Invasion. 2012 IBM Corporation Managing and Securing the Mobile Device Invasion 2012 IBM Corporation Please Note: IBM s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM

More information

A guide to enterprise mobile device management.

A guide to enterprise mobile device management. WHITEPAPER A guide to enterprise Beyond expectation. www.azzurricommunications.co.uk Introduction. As smartphones and tablets proliferate in the enterprise, IT leaders are under pressure to implement an

More information

Use of tablet devices in NHS environments: Good Practice Guideline

Use of tablet devices in NHS environments: Good Practice Guideline Use of Tablet Devices in NHS environments: Good Practice Guidelines Programme NPFIT Document Record ID Key Sub-Prog / Project Technology Office Prog. Director Chris Wilber Status APPROVED Owner James Wood

More information

Good for Enterprise Good Dynamics

Good for Enterprise Good Dynamics Good for Enterprise Good Dynamics What are Good for Enterprise and Good Dynamics? 2012 Good Technology, Inc. All Rights Reserved. 2 Good is far more than just MDM Good delivers greater value and productivity

More information

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER FORTINET Say Yes to BYOD PAGE 2 Introduction Bring Your Own Device (BYOD) and consumerization

More information

Samsung Mobile Security

Samsung Mobile Security Samsung Mobile Security offering enhanced core capabilities for enterprise mobility Samsung Enterprise Mobility Enterprise-ready Mobility management for your business Samsung Mobile Security offers enterprise

More information

How To Write A Mobile Device Policy

How To Write A Mobile Device Policy BYOD Policy Implementation Guide BYOD Three simple steps to legally secure and manage employee-owned devices within a corporate environment We won t bore you with the typical overview that speaks to the

More information

Mobile Device Management. Andrius Šaveiko andrius.saveiko@atea.lt

Mobile Device Management. Andrius Šaveiko andrius.saveiko@atea.lt Mobile Device Management Andrius Šaveiko andrius.saveiko@atea.lt Content Mobile Device Management (MDM) where to start? Situation on MDM market MDM solutions very similar, but very different ios, Android,

More information

Sample Mobile Device Security Policy

Sample Mobile Device Security Policy Sample Mobile Device Security Policy Using this policy One of the challenges facing IT departments today is securing both privately owned and corporate mobile devices, such as smartphones and tablet computers.

More information

White Paper. Data Security. The Top Threat Facing Enterprises Today

White Paper. Data Security. The Top Threat Facing Enterprises Today White Paper Data Security The Top Threat Facing Enterprises Today CONTENTS Introduction Vulnerabilities of Mobile Devices Alarming State of Mobile Insecurity Security Best Practices What if a Device is

More information

Kony Mobile Application Management (MAM)

Kony Mobile Application Management (MAM) Kony Mobile Application Management (MAM) Kony s Secure Mobile Application Management Feature Brief Contents What is Mobile Application Management? 3 Kony Mobile Application Management Solution Overview

More information

Windows Phone 8.1 in the Enterprise

Windows Phone 8.1 in the Enterprise Windows Phone 8.1 in the Enterprise Version 1.4 MobileIron 415 East Middlefield Road Mountain View, CA 94043 USA Tel. +1.650.919.8100 Fax +1.650.919.8006 info@mobileiron.com Introduction 3 Why Windows

More information

Frequently Asked Questions & Answers: Bring Your Own Device (BYOD) Policy

Frequently Asked Questions & Answers: Bring Your Own Device (BYOD) Policy Frequently Asked Questions & Answers: Bring Your Own Device (BYOD) Policy Converting a Device Whose phones will be wiped on Wednesday, January 30? If you continue to have a company-paid phone, you are

More information

White Paper. Data Security. journeyapps.com

White Paper. Data Security. journeyapps.com White Paper Data Security CONTENTS The JourneyApps Commitment to Security Geographic Location of Cloud Hosting Infrastructure-Level Security Protection of Data Through Encryption Data Life Cycle Management

More information

IT Resource Management & Mobile Data Protection vs. User Empowerment

IT Resource Management & Mobile Data Protection vs. User Empowerment Enterprise Mobility Management Buyers Guide IT Resource Management & Mobile Data Protection vs. User Empowerment Business leaders and users are embracing mobility and enjoying the flexibility and productivity

More information

BYPASSING THE ios GATEKEEPER

BYPASSING THE ios GATEKEEPER BYPASSING THE ios GATEKEEPER AVI BASHAN Technology Leader Check Point Software Technologies, Ltd. OHAD BOBROV Director, Mobile Threat Prevention Check Point Software Technologies, Ltd. EXECUTIVE SUMMARY

More information

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION Response Code: Offeror should place the appropriate letter designation in the Availability column according

More information

Bell Mobile Device Management (MDM)

Bell Mobile Device Management (MDM) Bell MDM Business FAQs 1 Bell Mobile Device Management (MDM) Frequently Asked Questions INTRODUCTION Bell Mobile Device Management provides business customers an all in one device administration tool to

More information

Top 8 Steps for Effective Mobile Security

Top 8 Steps for Effective Mobile Security Top 8 Steps for Effective Mobile Security Larry Pesce With thanks to Chris Crowley and Joshua Wright Top 8 Steps for Effective Mobile Security 2012 Chris Crowley/Joshua Wright 1 Outline Three Truths About

More information

BYOD: End-to-End Security

BYOD: End-to-End Security BYOD: End-to-End Security Alen Lo MBA(CUHK), BSc(HKU), CISA, CCP, CISSP, CISM, CEH IRCA Certified ISMS Lead Auditor, itsmf ISO 20000 Auditor Principal Consultant i-totalsecurity Consulting Limited alenlo@n2nsecurity.com

More information

Mobile Device Management:

Mobile Device Management: Mobile Device Management: A Risk Discussion for IT Decision Makers Mobile Device Management (MDM) software provides IT organizations with security-relevant capabilities that support the integration of

More information

[BRING YOUR OWN DEVICE POLICY]

[BRING YOUR OWN DEVICE POLICY] 2013 Orb Data Simon Barnes [BRING YOUR OWN DEVICE POLICY] This document specifies a sample BYOD policy for use with the Orb Data SaaS MDM service Contents 1 ACCEPTABLE USE... 3 1.1 GENERAL RULES... 3 2

More information

AirWatch for Android Devices

AirWatch for Android Devices Overview What is AirWatch AirWatch is the mobile device management (MDM) system provided by UMHS to ensure security for smart phones and tablets that connect to the UMHS environment. AirWatch provides

More information

IT Resource Management vs. User Empowerment

IT Resource Management vs. User Empowerment Mobile Device Management Buyers Guide IT Resource Management vs. User Empowerment Business leaders and users are embracing mobility and enjoying the flexibility and productivity leading to rising mobile

More information

Healthcare Buyers Guide: Mobile Device Management

Healthcare Buyers Guide: Mobile Device Management Healthcare Buyers Guide: Mobile Device Management Physicians and other healthcare providers see value in using mobile devices on the job. BYOD is a great opportunity to provide better and more efficient

More information

Mobile Security: Threats and Countermeasures

Mobile Security: Threats and Countermeasures Mobile Security: Threats and Countermeasures Introduction Mobile devices are rapidly becoming the primary end-user computing platform in enterprises. The intuitive user-experience, robust computing capabilities,

More information

Do you want to mobilize your entire work process efficiently? Do you want to protect your most valuable asset data?

Do you want to mobilize your entire work process efficiently? Do you want to protect your most valuable asset data? Do you want to mobilize your entire work process efficiently? Do you want to protect your most valuable asset data? Are you aware of the possible consequences of the misuse of your mobile devices? IT S

More information

MDM and beyond: Rethinking mobile security in a BYOD world

MDM and beyond: Rethinking mobile security in a BYOD world MDM and beyond: Rethinking mobile security in a BYOD world 2013 Citrix and TechTarget Table of Contents Summary.... 3 Introduction... 3 Current business challenges with BYOD... 4 Securing mobile devices

More information

Guidance End User Devices Security Guidance: Apple OS X 10.9

Guidance End User Devices Security Guidance: Apple OS X 10.9 GOV.UK Guidance End User Devices Security Guidance: Apple OS X 10.9 Published 23 January 2014 Contents 1. Changes since previous guidance 2. Usage Scenario 3. Summary of Platform Security 4. How the Platform

More information

4 Steps to Effective Mobile Application Security

4 Steps to Effective Mobile Application Security Mobile Application Security Whitepaper 4 Steps to Effective Mobile Application Security Table of Contents Executive Summary 3 Mobile Security Risks in Enterprise Environments 4 The Shortcomings of Traditional

More information

10 Quick Tips to Mobile Security

10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security 10 Quick Tips to Mobile Security contents 03 Introduction 05 Mobile Threats and Consequences 06 Important Mobile Statistics 07 Top 10 Mobile Safety Tips 19 Resources 22

More information

Mobile Device Strategy

Mobile Device Strategy Mobile Device Strategy Technology Experience Bulletin, TEB: 2012-01 Mobile Device Strategy Two years ago, the Administrative Office of Pennsylvania Courts (AOPC) standard mobile phone was the Blackberry.

More information

Tom Schauer TrustCC tschauer@trustcc.com 253.468.9750 - cell

Tom Schauer TrustCC tschauer@trustcc.com 253.468.9750 - cell Tom Schauer TrustCC tschauer@trustcc.com 253.468.9750 - cell Mobile Mobile Mobile Devices in the CU Environ Mobile Banking Risks and Reward Tom Schauer ü Since 1986 ü TrustCC Founded TrustCC in 2001 ü

More information

End User Devices Security Guidance: Apple OS X 10.10

End User Devices Security Guidance: Apple OS X 10.10 GOV.UK Guidance End User Devices Security Guidance: Apple OS X 10.10 Published Contents 1. Changes since previous guidance 2. Usage scenario 3. Summary of platform security 4. How the platform can best

More information

BlackBerry 10.3 Work Space Only

BlackBerry 10.3 Work Space Only GOV.UK Guidance BlackBerry 10.3 Work Space Only Published Contents 1. Usage scenario 2. Summary of platform security 3. How the platform can best satisfy the security recommendations 4. Network architecture

More information

Feature List for Kaspersky Security for Mobile

Feature List for Kaspersky Security for Mobile Feature List for Kaspersky Security for Mobile Contents Overview... 2 Simplified Centralized Deployment... 2 Mobile Anti-Malware... 3 Anti-Theft / Content Security... Error! Bookmark not defined. Compliance

More information

How To Protect Your Mobile Device From Attack

How To Protect Your Mobile Device From Attack Manage and Secure the Mobile Data, Not Just the Device Stijn Paumen VP Business Development, Wandera The Great Platform Shift 60,000,000 iphone BlackBerry 50,000,000 40,000,000 30,000,000 20,000,000 10,000,000

More information

perspective The battle between MDM and MAM: Where MAM fills the gap? Abstract - Payal Patel, Jagdish Vasishtha (Jags)

perspective The battle between MDM and MAM: Where MAM fills the gap? Abstract - Payal Patel, Jagdish Vasishtha (Jags) perspective The battle between MDM and MAM: Where MAM fills the gap? - Payal Patel, Jagdish Vasishtha (Jags) Abstract MDM Mobile Device Management and MAM Mobile Application Management are main Enterprise

More information

A Guide to Consumerization & Building a BYOD Policy June 2012

A Guide to Consumerization & Building a BYOD Policy June 2012 INTRODUCTION iphones, ipads, Android-powered devices, and Windows phones have grown into powerful computing platforms, and their use allows enterprise employees to connect to work as never before. These

More information

Mobile Application Security Sharing Session May 2013

Mobile Application Security Sharing Session May 2013 Mobile Application Security Sharing Session Agenda Introduction of speakers Mobile Application Security Trends and Challenges 5 Key Focus Areas for an mobile application assessment 2 Introduction of speakers

More information

Secure Mobile Solutions

Secure Mobile Solutions Secure Mobile Solutions Manage workloads securely on the move sevices@softbox.co.uk 01347 812100 www.softbox.co.uk Contents Secure Mobile Solutions Key Features and Benefits Integration and Management

More information

Mobile Security & BYOD Policy

Mobile Security & BYOD Policy Mobile Security & BYOD Policy Sarkis Daglian Assistant Manager, Desktop Support Office of Information Technology Isaac Straley UCI Information Security Officer Office of Information Technology Speakers

More information

Feature Matrix MOZO CLOUDBASED MOBILE DEVICE MANAGEMENT

Feature Matrix MOZO CLOUDBASED MOBILE DEVICE MANAGEMENT Feature Matrix MOZO CLOUDBASED MOBILE DEVICE MANAGEMENT Feature Mobile Mobile OS Platform Phone 8 Symbian Android ios General MDM settings: Send SMS *(1 MOZO client settings (Configure synchronization

More information

Bring Your Own Devices (BYOD) Information Governance Guidance

Bring Your Own Devices (BYOD) Information Governance Guidance Bring Your Own Devices (BYOD) Information Governance Guidance 1. Purpose The purpose of this document is to provide guidelines that will support organisations wishing to enable the use of Bring Your Own

More information

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper

Securing Patient Data in Today s Mobilized Healthcare Industry. A Good Technology Whitepaper Securing Patient Data in Today s Mobilized Healthcare Industry Securing Patient Data in Today s Mobilized Healthcare Industry 866-7-BE-GOOD good.com 2 Contents Executive Summary The Role of Smartphones

More information

IBM Endpoint Manager for Mobile Devices

IBM Endpoint Manager for Mobile Devices IBM Endpoint Manager for Mobile Devices A unified platform for managing mobile devices together with your traditional endpoints Highlights Address business and technology issues of security, complexity

More information

Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices

Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices It s common today for law enforcement

More information

ForeScout MDM Enterprise

ForeScout MDM Enterprise Highlights Features Automated real-time detection of mobile Seamless enrollment & installation of MDM agents on unmanaged Policy-based blocking of unauthorized Identify corporate vs. personal Identify

More information

The ForeScout Difference

The ForeScout Difference The ForeScout Difference Mobile Device Management (MDM) can help IT security managers secure mobile and the sensitive corporate data that is frequently stored on such. However, ForeScout delivers a complete

More information

STRONGER AUTHENTICATION for CA SiteMinder

STRONGER AUTHENTICATION for CA SiteMinder STRONGER AUTHENTICATION for CA SiteMinder Adding Stronger Authentication for CA SiteMinder Access Control 1 STRONGER AUTHENTICATION for CA SiteMinder Access Control CA SITEMINDER provides a comprehensive

More information

Integrating Cisco ISE with GO!Enterprise MDM Quick Start

Integrating Cisco ISE with GO!Enterprise MDM Quick Start Integrating Cisco ISE with GO!Enterprise MDM Quick Start GO!Enterprise MDM Version 3.x Overview 1 Table of Contents Overview 3 Getting GO!Enterprise MDM Ready for ISE 5 Grant ISE Access to the GO!Enterprise

More information

BENEFITS OF MOBILE DEVICE MANAGEMENT

BENEFITS OF MOBILE DEVICE MANAGEMENT BENEFITS OF MOBILE DEVICE MANAGEMENT White Paper 2013 SUMMARY OVERVIEW This white paper outlines the benefits of Mobile Device Management in different use cases. SyncShield is a Mobile Device Management

More information

Google Identity Services for work

Google Identity Services for work INTRODUCING Google Identity Services for work One account. All of Google Enter your email Next Online safety made easy We all care about keeping our data safe and private. Google Identity brings a new

More information

Cyber Essentials Scheme

Cyber Essentials Scheme Cyber Essentials Scheme Requirements for basic technical protection from cyber attacks June 2014 December 2013 Contents Contents... 2 Introduction... 3 Who should use this document?... 3 What can these

More information

MDM: Enabling Productivity in the world of mobility. Sudhakar S Peddibhotla Director of Engineering, Good Technology

MDM: Enabling Productivity in the world of mobility. Sudhakar S Peddibhotla Director of Engineering, Good Technology MDM: Enabling Productivity in the world of mobility Sudhakar S Peddibhotla Director of Engineering, Good Technology Disclaimer None of the content in this presentation can be consider Good Technology s

More information

We Manage Mobility. www.soti.net. Manage Secure Support Monitor Track. Balhar Dosangh Director, Strategic Alliances balhar@soti.

We Manage Mobility. www.soti.net. Manage Secure Support Monitor Track. Balhar Dosangh Director, Strategic Alliances balhar@soti. We Manage Mobility Manage Secure Support Monitor Track Balhar Dosangh Director, Strategic Alliances balhar@soti.net www.soti.net MOBILE DEVICE MANAGEMENT THE LANDSCAPE WE PREDICT THROUGH 2017, 90% OF

More information

Enterprise Apps: Bypassing the Gatekeeper

Enterprise Apps: Bypassing the Gatekeeper Enterprise Apps: Bypassing the Gatekeeper By Avi Bashan and Ohad Bobrov Executive Summary The Apple App Store is a major part of the ios security paradigm, offering a central distribution process that

More information

Building Apps for iphone and ipad. Presented by Ryan Hope, Sumeet Singh

Building Apps for iphone and ipad. Presented by Ryan Hope, Sumeet Singh Building Apps for iphone and ipad Presented by Ryan Hope, Sumeet Singh 1 Let s continue the conversation! @MaaS360 [Share comments, continue Q&A, suggest future topics] #MaaS360Webinar Click the link in

More information

If you can't beat them - secure them

If you can't beat them - secure them If you can't beat them - secure them v1.0 October 2012 Accenture, its logo, and High Performance delivered are trademarks of Accenture. Preface: Mobile adoption New apps deployed in the cloud Allow access

More information

IBM United States Software Announcement 215-078, dated February 3, 2015

IBM United States Software Announcement 215-078, dated February 3, 2015 IBM United States Software Announcement 215-078, dated February 3, 2015 solutions provide a comprehensive, secure, and cloud-based enterprise mobility management platform to protect your devices, apps,

More information

GETS AIRWATCH MDM HANDBOOK

GETS AIRWATCH MDM HANDBOOK GETS AIRWATCH MDM HANDBOOK October 2014 Abstract Using AirWatch, a mobile device management tool, within the public sector. GTA Product and Services Group EXECUTIVE SUMMARY.. 2 INTRODUCTION TO THE GETS

More information

AirWatch for ios Devices

AirWatch for ios Devices Overview What is AirWatch AirWatch is the mobile device management (MDM) system provided by UMHS to ensure security for smart phones and tablets that connect to the UMHS environment. AirWatch provides

More information

Elevation of Mobile Security Risks in the Enterprise Threat Landscape

Elevation of Mobile Security Risks in the Enterprise Threat Landscape March 2014, HAPPIEST MINDS TECHNOLOGIES Elevation of Mobile Security Risks in the Enterprise Threat Landscape Author Khaleel Syed 1 Copyright Information This document is an exclusive property of Happiest

More information

Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD

Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD STRATEGY ANALYTICS INSIGHT October 2012 Yes MAM: How Mobile Device Management Plus Mobile Application Management Protects and Addresses BYOD By Mark Levitt, Analyst/Director at Strategy Analytics BYOD

More information

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment Paul Luetje Enterprise Solutions Architect Table of Contents Welcome... 3 Purpose of this document...

More information

Mobile computing. Does your organisation have any safe options? The better the question. The better the answer. The better the world works.

Mobile computing. Does your organisation have any safe options? The better the question. The better the answer. The better the world works. Mobile computing Does your organisation have any safe options? The better the question. The better the answer. The better the world works. The big picture The mobile security risk surface Devices Jailbreak

More information

How To Secure Your Mobile Devices

How To Secure Your Mobile Devices SAP White Paper Enterprise Mobility Protect Your Enterprise by Securing All Entry and Exit Points How Enterprise Mobility Management Addresses Modern-Day Security Challenges Table of Contents 4 Points

More information

Say Yes to BOYD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices

Say Yes to BOYD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices Say Yes to BOYD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices Introduction Bring Your Own Device (BYOD) and consumerization of IT are all phrases that serve to encompass

More information

The Truth About Enterprise Mobile Security Products

The Truth About Enterprise Mobile Security Products The Truth About Enterprise Mobile Security Products Presented by Jack Madden at TechTarget Information Security Decisions 2013 Welcome to my enterprise mobile security product session! Instead of printing

More information