Managing the Spend of your Mobile Workforce

Similar documents
How To Protect Your Mobile Device From Attack

Vodafone Global Enterprise Deploy the Apple iphone across your Enterprise with confidence

End User Devices Security Guidance: Apple ios 8

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

Mobile Security and Management Opportunities for Telcos and Service Providers

Kaspersky Security for Mobile

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

Integrating Cisco ISE with GO!Enterprise MDM Quick Start

What We Do: Simplify Enterprise Mobility

Enterprise Mobility as a Service

Consumerization. Managing the BYOD trend successfully. Harish Krishnan, General Manager, Wipro Mobility Solutions

Corporate-level device management for BlackBerry, ios and Android

Comparing Alternatives for Business-Grade File Sharing. intermedia.net CALL US US ON THE WEB

BlackBerry 10.3 Work and Personal Corporate

I D C V E N D O R S P O T L I G H T. T a m i n g t h e C onsumerization of IT w ith C l o u d - B a s e d M obile De vi c e M a n a g e ment

TCS Hy5 Presidio Your Mobile Environment, Your Way Configure, Secure, Deploy. Mobility Solutions

Bell Mobile Device Management (MDM)

Cisco Mobile Collaboration Management Service

The ForeScout Difference

Mobile Device Management for CFAES

PULSE SECURE FOR GOOGLE ANDROID

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION

Mobile Workforce. Connect, Protect, and Manage Mobile Devices and Users with Junos Pulse and the Junos Pulse Mobile Security Suite.

Advanced Configuration Steps

Seqrite Mobile Device Management

Bell Mobile Device Management (MDM)

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

WHITE PAPER SMB Business Telephone Systems Options to Ensure Your Organization is Future Ready. By Peter Bernstein, Senior Editor TMCnet.

The. C s. of Mobile Device. Management

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

ForeScout MDM Enterprise

Security and Compliance challenges in Mobile environment

Smartphones and ipads: mobility blessing or technology support curse?

Enterprise-grade Mobile Application Quality across your Application Life cycle THE MOBILECLOUD PLATFORM Perfecto Mobile. All rights reserved.

IBM Cognos Mobile Overview

Laserfiche for Federal Government MEET YOUR AGENCY S MISSION

Dell World Software User Forum 2013

HIGH-SECURITY MOBILITY MANAGEMENT FROM BLACKBERRY

Windows Phone 8 devices will be used remotely over 3G, 4G and non-captive Wi-Fi networks to enable a variety of remote working approaches such as

Feature List for Kaspersky Security for Mobile

HIGH-SECURITY MOBILITY MANAGEMENT FROM BLACKBERRY

Securing Corporate on Personal Mobile Devices

Symantec Mobile Management 7.1

Introduction. What Is It?

Copyright 2013, 3CX Ltd.

How To Manage A Mobile Device Management (Mdm) Solution

Compliance Rule Sets in MaaS360

Reduce Mobile Phone Expense with Avaya Unified Communications

Guidance End User Devices Security Guidance: Apple ios 7

McAfee Enterprise Mobility Management Versus Microsoft Exchange ActiveSync

Chris Boykin VP of Professional Services

BEST PRACTICE GUIDE MOBILE DEVICE MANAGEMENT AND MOBILE SECURITY.

SOFTWARE ASSET MANAGEMENT

Trust Digital Best Practices

Sophos Mobile Control SaaS startup guide. Product version: 6

Executive s Guide to Cloud Access Security Brokers

Mobile device and application management. Speaker Name Date

EndUser Protection. Peter Skondro. Sophos

Software as a Service Business Model (Introducing SOA and Web Service)

The Challenge. The Solution. Achieve Greater Employee Productivity & Collaboration...while Protecting Critical Business Data

HTTPS Inspection with Cisco CWS

MANAGEMENT SOLUTIONS SAFEGUARD BUSINESS CONTINUITY AND PRODUCTIVITY WITH MIMECAST

Symantec Mobile Management Suite

Achieve Greater Employee Productivity & Collaboration...while Protecting Critical Business Data

WebRTC: Why You Should Care and How Avaya Can Help You. Joel Ezell Lead Architect, Collaboration Environment R&D

How To Protect Your Mobile Devices From Security Threats

Vodafone Secure Device Manager Administration User Guide

The Netskope Active Platform

FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution.

Choosing an MDM Platform

IBM United States Software Announcement , dated February 3, 2015

Overview. Timeline Cloud Features and Technology

Ensuring the security of your mobile business intelligence

Datasheet FUJITSU Cloud Monitoring Service

What Is Cisco Mobile Workspace Solution?

Mitel Performance Analytics

Mobilizing Business Applications, Efficiently and Affordably

CTERA Enterprise File Services Platform Architecture for HP Helion Content Depot

Service Providers and WebRTC

ENZO UNIFIED SOLVES THE CHALLENGES OF REAL-TIME DATA INTEGRATION

White Paper. The Assurance Checklist for Branch Networks A pragmatic guide for building high performance branch office networks.

Enabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments

AirWatch Enterprise Mobility Management. AirWatch Enterprise Mobility Management

Mobile Device Management Version 8. Last updated:

Transcription:

Managing the Spend of your Mobile Workforce An Enterprise Guide to Effectively Managing and ling Mobile Data Usage 2015 Asavie Technologies

Contents Summary Mobile Data Options 1. Browser-layer Compression Tool via Cloud Services 2. Device Manufacturer Tools 3. Mobile Device Management 4. Cloud Hosted Proxy 5. Carrier Core Network 6. On-SIM At-a-glance: Mobile Data Management solutions Conclusion Moda from Asavie 2

Summary Mobilizing the workforce has been one of the dominant trends in business technology over the last five years and shows signs of accelerating rather than abating. According to Citrix (Mobile Analytics Report, February 2015), the number of devices managed in enterprises nearly doubled last year. And the data consumed is not just growing in volume, but also in sophistication. Mobile data is now more than email on the go. Video is becoming important for communication and remote conferencing as well as sharing content. Enterprise applications are increasingly mobilized with software vendors like Microsoft, SAP, Oracle and IBM focusing more on mobile development, satisfying an increasing appetite for remote access to critical services. IDC predicts that at least 25 per cent of an organization s software budgets will be spent on mobile application development, deployment, and management by 2017. The challenge for organizations is to reap the productivity benefits of mobilization without paying too heavy a price often literally for accessing data across 3G and 4G networks. The onus is on IT Departments and Enterprise Mobility Architects in particular, to assume what IDC describes as broker-integrate-manage as well as service orchestration functions. They must find ways to control inappropriate, insecure and unproductive mobile data usage. The number of devices managed in enterprises nearly doubled last year. A big focus will be on how and where data is consumed, avoiding the bill shock phenomenon where data consumption bursts through the limits of a company s data package and incurs substantial extra costs. With 75 per cent of business travellers taking at least three mobile devices on trips abroad (Vodafone research) and 18 per cent of business data consumed while roaming (Cisco), the need for governance and control is now a necessity. The good news is that mobile data usage solutions are readily available. You can control and manage the explosion in mobile data without hindering the productivity of the mobile worker. In this white paper, we will look at the options available. Very distinct approaches have emerged with solutions that can be deployed in different parts of the technology stack. You need to be sure you deploy a solution that is aligned to your requirements, now and into the future. 3

Browser-layer Compression Tool via Cloud Services Mobile Data Options Available in Chrome, Firefox and Opera, browser-based data compression and optimization is included in the IETF http/2.0 specification (via Google s SPDY protocol). In principle, the idea of a device-local mobile aware protocol that moves the heavy lifting into the cloud is a good one. There are, however, some significant gaps that make this approach of limited real word benefit for enterprise customers looking to control their mobile data spend. The biggest shortfall is an inability to capture and control App traffic. Apps are essentially single-purpose browsers that access and consume web services. If you rely on browser-based controls, you could miss any traffic that goes over apps. You risk a panacea effect you think data is controlled but it isn t. Another limitation is that in-browser controls apply only to human interface devices like tablets and smartphones, offering no protection on USB modems and MiFi devices, and missing tethered data entirely. Add to this the rising proportion of internet traffic that is encrypted or already compressed and it becomes clear that in-browser compression via the cloud is, at best, a nice-to-have. 1 Risk of accidental High Any data used outside of the optimized browser is unaffected by this control. Risk of malicious High Users could swap SIMs, install another browser, use apps, use a VPN or simply de-select the save data option. Rogue users looking to restore their ability to consume data in an uncontrolled fashion have an abundance of methods open to them. From a corporate compliance perspective, these methods are outside of an audit - leaving no trail to prove the cause of a large data bill. 4

Device Manufacturer Tools Mobile Data Options The Android 4 (Ice Cream Sandwich) mobile OS introduced a rudimentary data usage widget which has been progressively enhanced in version updates. Similarly, Apple s ios offers information on data usage and the ability to disable cellular data on a per-application basis. Windows Phone offers a cloud-connected data optimizer. For power-users looking to control their own data usage, these tools are highly effective and will tell them when they are getting close to their monthly quota. However, the user-focused nature of the tools is precisely what makes them less useful to enterprise management. They do not provide overarching control. Users are free to reset the tools as they see fit something that is all the more likely if bill shock is felt elsewhere in the organization. Managing disparate users with multiple control systems makes it impossible to apply policies in a uniform fashion. Device manufacturer solutions are supplementary tools for end-user and consumer devices they can t stop a subscriber from accessing data. 2 Risk of accidental High Users may accidentally reset or change data limits; they may misunderstand the information provided, or forget to amend settings when roaming. Risk of malicious High Users could swap SIMs to another device, ignore warnings or change settings. Changes made on the device are easily reversed and no audit or permissions trail exists to reliably report on data usage centrally. 5

Mobile Data Options Mobile Device Management Many Mobile Device Management (MDM) suites offer an element of data control typically oriented around reporting data usage up to an IT Manager and back to the device user. While MDM solutions are essential for any sizable rollout of mobile services, they fail to take granular action on mobile data usage events. The service tends towards blunt options, like: Roaming: Yes/No and Data: On/Off. MDM solutions also struggle because of their place in the technology stack they communicate with APIs exposed by the device manufacturers and mostly report on data usage. Based on triggers, actions may be issued to the device, such as blocking data while roaming, but it s another blunt instrument approach. While a bill shock incident might be prevented, it will also deprive users of critical business tools like email, and could block the very functionalities like remote lock or wipe you need. Care must also be exercised due to the fragmented nature of MDM feature availability. Each mobile eco-system publishes different APIs, so MDM data control on an ios device, for example, may be very different to the same feature on Windows Phone. Abstraction from real information is another problem. An MDM solution can t tell the difference between a Netflix show and a PowerPoint download so it will block (or allow) both. This is a fundamental weakness it shares with all the solutions considered so far. 3 Risk of accidental Medium MDM services are good at reporting on data but give users free reign to consume data if standard policies are applied. Stricter policies risk rendering the device less useful for core business purposes. Risk of malicious Medium Users could swap SIMs to another device and even un-enroll from MDM. If correctly deployed, MDM services are hard to circumvent but their data control components present little to stop a user s consumption, malicious or otherwise. 6

Cloud Hosted Proxy Mobile Data Options Some Mobile Data (MDC) solutions rely on a cloud hosted proxy server that is added to the cellular data settings on the mobile device. This approach offers some improvement on the solutions described above, but still misses the mark for enterprises looking to impose order on their mobile estate. Cloud hosted proxy offers a partial solution, but in audit terms a partial solution is useless as bill shock can still occur. Another problem is that the proxy-based approach is unable to control Windows Phone, Blackberry and all USB modem or MiFi devices. Proxy solutions rely on a local configuration that may not be mandatory, so a user can potentially opt out of proxy control or simply use a VPN to hide their traffic. Users that have figured out how to move their SIM from their work device to a personal device will also be able to circumvent proxy services. 4 Risk of accidental High Cloud proxy services see only HTTP traffic and need to man-in-the middle any encrypted streams if they are to be effective. In tests, one proxy service missed over 80 per cent of the traffic load of the top 100 apps. Risk of malicious High Users could swap SIMs, install another browser, use apps, use a VPN or tether via the device. A technical user will find many ways to access data that ought to be blocked. 7

Mobile Data Options Many Mobile Network Operators provide customers with advice of charge systems that are rudimentary at best. These spend alerts are sometimes backed up with carrier core actions, such as blocking roaming, or applying a rate limit and slowing down data speeds, for example. Of the solutions reviewed so far, carrier core controls are the only ones aligned to the actual issue data cost and bundle overage. The carrier authorizes every data session and counts every packet, albeit with delays before the bill arrives. Simply put, the carrier is the choke point through which all mobile data is routed. Carrier Core Network However aligned this approach is from a technical perspective, its purpose is at odds with an IT or Procurement Department looking for timely data and granular control. Carrier-led controls are messaged back to the end-user device, usually by SMS. This gives the end-user the power to accept-the-charges and use data irrespective of corporate policy. Moreover, neither the user nor the IT function can make granular decisions about how much and what types of data to permit and when. Carrier core controls are provided for consumer usage, driven partly by legislative pressure. In an ideal world, carriers would expose these internal rating and charging functions to the enterprise customer. Until they do, bill shock and overages will continue to happen. Enterprises, of necessity, trust mobile carriers to bill for used data, but they also want some say in how the data service is used and be able to customize how it is accessed. 5 Risk of accidental Medium A user may ignore spend limits or miss SMS notifications if they are using MiFi or a USB modem. Advice of charge events are often messaged in abstract terms e.g. You have spent 50 to continue reply PASS, and can easily be dismissed by the user. Risk of malicious Nil Attacks on a carrier core data control engine are limited to configuration edge cases. The approach is considered robust because of the carrier s position as a trusted provider. 8

Mobile Data Options Applying data controls at the carrier layer offers the certainty that all billed data is seen, but the key to successful Mobile Data is to provide more granular detail and enable automated actions based on events. On-SIM data control offers access to the carriers own RADIUS and enables enterprise customers to set their own per-employee (or per-device) rules on the volume and type of data they can access. All current and future mobile platforms are covered as well as every type of SIM-enabled device mobile handsets, tablets, MiFi, data cards. Leveraging the SIM removes the need to certify a given platform or keep up with vendor releases. On-SIM 6 Risk of accidental Nil All cellular data usage is observed by an on-sim control so the same policies apply even where a SIM is transferred to another device. Users cannot hide their data usage via apps, VPNs or other services. A correctly configured on-sim control can, for example, allow access to only corporate mail whilst roaming, irrespective of the device platform, something no other solution can do. Risk of malicious Nil On-SIM controls are functionally impossible for an attacker to subvert, even with physical access to the mobile device. The controls are driven from the same data source as the carrier s own bill. 9

Mobile Data Management solutions At-a-glance: Browser On- Device MDM Proxy Carrier Core SIM- Based Cloud-based Yes No Yes Yes Yes Yes Real-time control No No Yes* No Yes Yes Protect against SIM Swapping No No No No Yes Yes tethering No? No No No Yes Bandwidth control No No No Yes Yes Yes ios Yes Yes Yes Yes Yes Yes Android Yes Yes Yes Yes Yes Yes Windows Yes Yes Yes No Yes Yes Blackberry Yes Yes Yes No Yes Yes MiFi No No No No Yes Yes USB modem No No No No Yes Yes Admin controlled No No Yes Yes No Yes * Only data on/data off 10

Conclusion The explosion in mobile data services is empowering the enterprise to facilitate new ways of working. Traditional office walls have disappeared as employees with SIM-enabled devices are encouraged to work from anywhere, anytime. The benefits are increased productivity; the challenge is mitigating the risk of overspending on data. This white paper demonstrates that the solution must start on the SIM. To apply policies at the most effective control level, across every mobile platform and device type, a SIM-based approach is the best fit for the enterprise. If the user changes their device, the policies still stand. Properly deployed, there is no scope for tampering with settings that are centrally managed. The benefits are increased productivity; the challenge is mitigating the risk of overspending on data. 11

Moda from Asavie A world-leading provider of cloud services to mobile carriers, Asavie has developed a Software-as-a-Service (SaaS) solution Moda that controls SIM-set policies from a customer portal. Moda ticks all the boxes that matter to an enterprise: Cloud service highly scalable with no systems integration challenges or infrastructure investment required. SIM-based works with every type of SIM-enabled device: mobile handsets, tablets, MiFi, data cards. Sets policies limit internet access speeds, block websites and set mobile data limits; permit or deny access to 25 categories of web site covering over 875 million urls; prevent rich media streaming services as data usage limits are approached, restricting users to mission critical tasks. zones and speeds set different usage policies for different geographic locations to stop travelling employees clocking up hefty roaming charges. Gain insights turn real-time visibility of data usage into valuable insights with powerful reporting capabilities. Stay secure and tamperproof put the SIM card in another device and policies still apply; keep devices and data secure with Locate, Lock and Wipe functionality. For more information, contact your carrier Account Manager about solutions to control your mobile data costs, or contact Asavie directly at www.asavie.com/our-solutions/moda/ 12

www.asavie.com twitter.com/asavie www.facebook.com/asavie

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information