Answers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.



Similar documents
McAfee Enterprise Mobility Management Versus Microsoft Exchange ActiveSync

Kaspersky Security for Mobile

Mobile Device Management for CFAES

IBM Endpoint Manager for Mobile Devices

The Future of Mobile Device Management

How To Protect The Agency From Hackers On A Cell Phone Or Tablet Device

Mobile Device Management and Security Glossary

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Symantec Mobile Management Suite

Symantec Mobile Management 7.1

Symantec Mobile Management for Configuration Manager 7.2

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Cisco Mobile Collaboration Management Service

Symantec Mobile Management 7.2

How To Manage A Corporate Device Ownership (Byod) On A Corporate Network (For Employees) On An Iphone Or Ipad Or Ipa (For Non-Usenet) On Your Personal Device

A Brief Insight on IOS deployment in Education System- need for 3 rd Platform implementation in Schools

Workplace-as-a-Service BYOD Management

Symantec Mobile Management 7.1

How To Write A Mobile Device Policy

Tom Schauer TrustCC cell

MDM Mobile Device Management

Windows Phone 8.1 Mobile Device Management Overview

Secure, Centralized, Simple

Athena Mobile Device Management from Symantec

Mobile Protection. Driving Productivity Without Compromising Protection. Brian Duckering. Mobile Trend Marketing

MDM: Enabling Productivity in the world of mobility. Sudhakar S Peddibhotla Director of Engineering, Good Technology

AirWatch for Android Devices

AirWatch Solution Overview

Smart Givaudan. From BYOD experience to new mobile opportunities

Introducing KASPERSKY ENDPOINT SECURITY FOR BUSINESS.! Guyton Thorne! Sr. Manager System Engineering!

10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM)

When enterprise mobility strategies are discussed, security is usually one of the first topics

Special Report. Choosing the right mobile device platform for your business

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

ForeScout MDM Enterprise

The ForeScout Difference

Harry Fike Frostburg State University Office of Information Technology Technical Services

Mobile device and application management. Speaker Name Date

APPLE & BUSINESS. ios ENTERPRISE SECURITY ENTERPRISE NEEDS CONFIGURATION PROFILES

Chris Boykin VP of Professional Services

Choosing an MDM Platform

Feature List for Kaspersky Security for Mobile

Guideline on Safe BYOD Management

CHOOSING AN MDM PLATFORM

BYOD Guidelines A practical guide for implementing a successful BYOD Management program in an organization of any size.

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

Data Loss Prevention Whitepaper. When Mobile Device Management Isn t Enough. Your Device Here. Good supports hundreds of devices.

A guide to enterprise mobile device management.

What We Do: Simplify Enterprise Mobility

Five Steps to Android Readiness

Mobile Device Management Glossary.

Building Apps for iphone and ipad. Presented by Ryan Hope, Sumeet Singh

Bell Mobile Device Management (MDM)

DEVICE MANAGEMENT EXTENSIONS

McAfee Enterprise Mobility Management

Frequently Asked Questions & Answers: Bring Your Own Device (BYOD) Policy

How To Protect Your Mobile Devices From Security Threats

M a as3 6 0 fo r M o bile D evice s

SIMPLIFY MULTI-PLATFORM ENTERPRISE MOBILITY MANAGEMENT

Simplifying Desktop Mgmt With Novell ZENworks

BYOD and Its Impact on IT. Making it easy to deploy, integrate and manage Macs, iphones and ipads in a Windows environment

Managing Mobility. 10 top tips for Enterprise Mobility Management

An Intelligent Solution for the Mobile Enterprise

Auditing the Security and Management of Smart Devices. ISACA Dallas Meeting February 13, 2014

Mobile Workforce. Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite.

IT Self Service and BYOD Markku A Suistola

SysAid MDM User Guide for Android

HIGH-SECURITY MOBILITY MANAGEMENT FROM BLACKBERRY

Mobile Iron User Guide

The Maximum Security Marriage:

Embracing Complete BYOD Security with MDM and NAC

Xperia TM. Read about how Xperia TM devices can be administered in a corporate IT environment

Say Yes to BYOD How Fortinet Enables You to Protect Your Network from the Risk of Mobile Devices WHITE PAPER

How To Manage A Mobile Device Management (Mdm) Solution

iphone in Business Mobile Device Management

Absolute Manage MDM. John Wu Systems Engineer

Compliance Management for Mobile Devices

Agenda. Enterprise challenges. Hybrid identity. Mobile device management. Data protection. Offering details

Company Facts. 1,800 employees. 150 countries. 12,000 customers and growing. 17 languages. 11 global offices

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION

Securing Enterprise Mobility for Greater Competitive Advantage

Transcription:

Mobility options and landscapes are evolving quickly for the corporate enterprise. Mobile platform providers such as Apple, Google and Microsoft, and leading device hardware vendors are constantly updating their product line-ups with new smart devices that fit a wide range of business needs and technical requirements. In addition, wireless coverage from the mobile operators is non-uniform across all geographic areas. These factors have greatly taxed the budgets and resources of enterprises supplying corporate-owned devices to their employees. To address these challenges, many enterprises are allowing their employees to bring your own device (BYOD) to access to corporate data. BYOD access allows end-users to pick a smart device that best suits their individual requirements, and a mobile operator that has optimized coverage for their geographic location. A BYOD policy empowers end-users with the power of choice but can have the opposite effect on an enterprise s IT organization. IT, in most cases, is charged with securing and managing servers, desktops, and laptops. When the enterprise adds managing and securing BYOD mobile devices into the mix, it can prove to be a daunting task. There are some fundamental questions that require answers before a successful implementation of a BYOD model. These questions are: What mobile security policies should be enforced on BYOD mobile devices to protect enterprise data? How will these mobile security policies be implemented on BYOD mobile devices? Answers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data. 2

Security Policies Determining which security policies to apply to BYOD devices is a tedious endeavor. BYOD devices contain both corporate and personal data and applications. IT must specify security policies that protect corporate data while allowing maximum flexibility for personal use. Flexibility is core, but securing corporate data on the device is paramount. To protect corporate data, following policies are most commonly applied in organizations that implement BYOD: 1. Require PIN (Passcode) with the following characteristics: a. Depending on the organization, Simple (i.e. allowing a PIN such as 1234 ), or Complex (passcodes with a minimum specified number of non-alpha characters), may be required b. Minimum PIN (Passcode) length is specified, which is typically set to 4 to 6 characters depending on the enterprise 2. Require that data is encrypted while the device is at rest (i.e. not in use by the device user) 3. Specify maximum inactivity time to invoke PIN (Passcode). Typically that time is set to 5 minutes 4. Specify maximum number of failed PIN (Passcode) attempts before device wipes. Typically set to 10 failed attempts Best Practice: Protecting corporate data on BYOD devices is paramount in allowing access. The policies above are not all encompassing, and some organizations have implemented even more restrictive policies. IT must implement the mobile security policies that best suit the organization s security posture and requirements. 3

Mobile Policy Implementation Choosing how mobile security policies are deployed to BYOD devices is another critical decision IT must make. As a starting point, IT may choose to deploy policies to BYOD devices through Exchange ActiveSync. Exchange ActiveSync provides a limited set of security policy capabilities; however, many organizations require more advanced mobile security policies that go beyond those available from Exchange ActiveSync such as: ios jailbreak or Android rooting detection to prevent compromised devices that can be easily hijacked by malicious 3 rd party apps from accessing corporate data User identification/device certificate creation and deployment to quickly and easily provide users with secure access to corporate resources Wi-Fi configuration capability to enable only approved devices to access corporate Wi-Fi networks Device unlock to enable a device to be remotely unlocked in the event that the user forgets the device s PIN code A mobile device management (MDM) solution is required to implement these advance mobile security policies. These solutions operate independently from Exchange ActiveSync and most have a device agent that resides on the device. In addition to implementing advanced mobile security policies, these MDM solutions often also have advanced features such as in-house deployment of corporate applications, documents and media to ensure that users have access to apps and data required by the enterprise; and comprehensive device hardware, software and health reporting. IT has many options when choosing a MDM solution. Some solutions are stand-alone and require additional hardware while others leverage industry standard management platforms that the enterprise may have already deployed. The chosen MDM solution should be able to communicate with the device agent over the air (OTA) including WWAN and Wi-Fi network connections. 4

Choosing the right MDM solution for the enterprise quickly becomes an important task. Some important questions to ask MDM solution vendors are as follows: Does the MDM solution integrate with industry standard management platforms? Can BYOD devices be easily identifiable and grouped within the MDM solution for policy assignment? How does the end-user obtain the MDM device agent for the device? How does IT control which BYOD users are allowed to enroll the device in MDM? How are policies applied to the device? How does MDM resolve policy conflicts? Does the MDM solution have an end-user self-service portal? How is device wipe confirmation handled with BYOD devices in lost/stolen cases? What compliance reports are available for review? Best Practice: IT must choose how to apply and manage policies on BYOD devices to protect corporate data. Choosing the right solution becomes paramount because changing MDM products mid-stream has proven to be problematic and costly for many organizations. 5

Allowed Mobile Operating Systems and Devices While quickly evolving, not all mobile operating systems are at the same level of maturity from a security and management perspective. In addition, the mobile device hardware must be able to support the latest features. The good example of this situation are the OS and device hardware elements required to meet a policy such as enforcing encryption of data on a device at rest. On Apple ios, the device hardware must be 3GS or newer and it must be running ios3 to enforce this policy. Apple iphones prior to the 3GS release do not have the necessary hardware capabilities to encrypt data on the device. For Android, the minimum version that supports data encryption is 3.0 or later, and currently version 3.x is only available on Android tablet devices. No smartphone devices with Android currently support data encryption at rest. Future Android releases for smartphones are expected to support data encryption at rest. Microsoft differs in their two mobile device platform offerings. Windows Mobile being the most mature of all of the available operating systems has offered data encryption at rest since the release of the Windows Mobile 6.1. While broadly supported on ruggedized barcode scanning devices, Windows Mobile is being retired in the consumer space and device availability is sparse at best. Microsoft has recently released Windows Phone 7 in the consumer market place making it the newest mobile operating system to launch. Windows Phone 7 does not support data encryption at rest on any current device platform. Other mobile security policies that an organization s IT staff requires for BYOD devices may be not be uniformly supported across mobile OS versions, device manufacturers, or device types, so it is incumbent on the IT staff to specify the exact mobile device types and OS versions that will be allowed to access corporate data. 6

Best Practice: IT must determine the security posture the enterprise will take on BYOD devices before determining what mobile operating systems are allowed to interact with corporate data and resources. As evidenced above, different mobile operating system have different capabilities and these capabilities differ even among versions. Mobile operating systems should be reviewed frequently because they change rapidly. Today, a version of the OS may not meet enterprise requirements but the OS may meet requirements tomorrow. Mobile operating systems should be reviewed frequently because they change rapidly. Today, a version of the OS may not meet enterprise requirements but the OS may meet requirements tomorrow. Conclusion The good news is that solutions do exist for IT to have a successful implementation of BYOD devices. A systemic approach should be taken in the approach to BYOD devices. IT should never lose sight of ensuring that corporate data is secured on the mobile device. 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information