Bring Your Own Device Mobile Security



Similar documents
Chris Boykin VP of Professional Services

Secure Your Mobile Device Access with Cisco BYOD Solutions

How To Protect Your Mobile Devices From Security Threats

BYOD How-To Guide. How do I securely deliver my company s applications and data to BYOD?

Guideline on Safe BYOD Management

A guide to enterprise mobile device management.

The Future of Mobile Device Management

What Is Cisco Mobile Workspace Solution?

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

BYOD Strategies: Chapter I

The flexible workplace: Unlocking value in the bring your own device era

AirWatch Solution Overview

Kaspersky Security for Mobile

How To Manage A Mobile Device Management (Mdm) Solution

Sophos Mobile Control

Storgrid EFS Access all of your business information securely from any device

The Maximum Security Marriage:

How To Write A Mobile Device Policy

Mobile Device Strategy

How To Manage A Corporate Device Ownership (Byod) On A Corporate Network (For Employees) On An Iphone Or Ipad Or Ipa (For Non-Usenet) On Your Personal Device

Embracing Complete BYOD Security with MDM and NAC

BYOD Guidance: BlackBerry Secure Work Space

{ipad Security} for K-12. Understanding & Mitigating Risk. plantemoran.com

Healthcare Buyers Guide: Mobile Device Management

How to Execute Your Next Generation of Mobile Initiatives. Ian Evans Vice President and Managing Director- EMEA, AirWatch by VMware

I D C V E N D O R S P O T L I G H T. T a m i n g t h e C onsumerization of IT w ith C l o u d - B a s e d M obile De vi c e M a n a g e ment

Cisco BYOD Smart Solution: Take a Comprehensive Approach to Secure Mobility

Comparing Alternatives for Business-Grade File Sharing. intermedia.net CALL US US ON THE WEB

CJIS SECURITY POLICY: VERSION 5.2 CHANGES AND THE UPCOMING REQUIREMENTS.

Answers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.

Where are Organizations Today? The Cloud. The Current and Future State of IT When, Where, and How To Leverage the Cloud. The Cloud and the Players

Securing Corporate on Personal Mobile Devices

BYOD: Should Convenience Trump Security? Francis Tam, Partner Kevin Villanueva, Senior Manager

BYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012

IT Self Service and BYOD Markku A Suistola

Consumerization. Managing the BYOD trend successfully. Harish Krishnan, General Manager, Wipro Mobility Solutions

Company Facts. 1,800 employees. 150 countries. 12,000 customers and growing. 17 languages. 11 global offices

Enterprise Mobility as a Service

Kaspersky Security 10 for Mobile Implementation Guide

Five Steps to Android Readiness

ForeScout MDM Enterprise

Securing BYOD With Network Access Control, a Case Study

If you can't beat them - secure them

Device Independence - BYOD -

Cisco Secure BYOD Solution

Building Apps for iphone and ipad. Presented by Ryan Hope, Sumeet Singh

People-centric IT: Bedeutung für das Identity und Access Management. Uwe Lüthy Solution Sales Specialist Core Infrastructure Microsoft Schweiz Gmbh

Mobile Security & BYOD Policy

Mobile Device Management in the Systems Management Ecosystem. Katie Wiederholt, Dell Software

mobilecho: 5-Step Deployment Plan for Mobile File Management

Samsung Mobile Security

FileDrawer An Enterprise File Sharing and Synchronization (EFSS) solution.

Feature List for Kaspersky Security for Mobile

Windows Phone 8.1 in the Enterprise

Enabling Seamless & Secure Mobility in BYOD, Corporate-Owned and Hybrid Environments

The ForeScout Difference

1. Introduction Activation of Mobile Device Management How Endpoint Protector MDM Works... 5

BYOD BEST PRACTICES GUIDE

Bring Your Own Device (BYOD) and Mobile Device Management. tekniqueit.com

When enterprise mobility strategies are discussed, security is usually one of the first topics

Bring Your Own Device (BYOD) and Mobile Device Management.

Deployment Guide Sept-2014 rev. a. Array Networks Deployment Guide: AG Series and DesktopDirect with VMware Horizon View 5.2

Cisco Mobile Collaboration Management Service

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Mobile Device Management Version 8. Last updated:

Supplier Information Security Addendum for GE Restricted Data

CDW PARTNER REVIEW GUIDE MOBILE DEVICE MANAGEMENT

Total Enterprise Mobility

EasiShare Whitepaper - Empowering Your Mobile Workforce

What is Driving BYOD Adoption? SOLUTION CARD WHITE PAPER

How To Make Bring Your Own Device A Plus, Not A Risk

Whitepaper. How MSPs are Increasing Revenues by Solving BYOD Issues. nfrascaletm. Infrascale Phone: Web:

Kaspersky Security for Mobile Administrator's Guide

IT Resource Management & Mobile Data Protection vs. User Empowerment

Generating leads with Meraki's Systems Manager. Partner Training"

BENEFITS OF MOBILE DEVICE MANAGEMENT

MobileIron for ios. Our Mobile IT Platform: Purpose-Built for Next Gen Mobility. MobileIron Platform: Accelerating ios Adoption in the Enterprise

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

Emerging threats for the healthcare industry: The BYOD. By Luca Sambucci

Transcription:

Abstract Energized by the capability of consumer mobile devices employees demanded them in the workplace. Information technology organizations had neither the time nor budget to satisfy employee demands. Enterprises align employee demands with technology organization limitations by establishing a bring-your-own-device policy and infrastructure enabling employee productivity and securing enterprise data and systems. Security controls the enterprise places on employee devices must respect employee privacy and must not impact personal activity or user experience. Enterprises with successful BYOD programs achieve higher employee productivity, higher employee retention, and lower information technology costs. Bring-Your-Own-Device Launch of iphone in June 2007 and ipad in April 2010 marked the beginning of a new era in consumer electronics. Global smartphone shipment volume reached 491.4 million units in 2011, up 61.3% from 304.7 million units shipped in 2010 1. Smartphones currently comprise over 50% of U.S. mobile handsets 2. In April 2012, Gartner 3 forecast worldwide tablet sales of 118.9 million units in 2012, a 98% increase from 2011 sales of 60 million units. In late 2012 the tablet market may experience a growth spurt Gartner could not have forecast before Microsoft announced 4 in June 2012 the Surface tablet to be based on the Windows 8 operating system. Energized by the capability of these consumer mobile devices employees demanded them in the workplace. IDC s 2011 worldwide survey 5 of over 3,000 information workers and business executives in nine countries concluded 69% of information workers reported using smartphones and 13% use tablets for business purposes. Cisco Internet Business Solutions Group surveyed 600 enterprise information technology leaders from 18 industries 6 and concluded 78% percent of U.S. white-collar employees use a mobile device for work purposes. Energized by the capability of consumer mobile devices employees demanded them in the workplace. Information technology organizations had neither the time nor budget to satisfy employee demands. Enterprises align employee demands with technology organization limitations by establishing a bringyour-own-device policy and infrastructure enabling employee productivity and securing enterprise data and systems. 65 % of white-collar workers in their organizations require mobile connectivity to do their jobs. 48% of knowledge workers telecommute at least once per week. Employees who were not provided with enterprise mobile devices used their personal devices to access enterprise systems even when they were not authorized to do so. Employees who received

OnPoint Consulting, Inc. enterprise mobile devices often experienced a range of frustrations. They wondered why they needed to carry around two functionally equivalent devices such as an enterprise Blackberry and a personal iphone. They wondered why the enterprise device was an obsolete version when their personal device was the latest version with the most advanced features. Others wondered why the enterprise forced them to use an ios device when they much preferred an Android device. Faced with these frustrations, employees often used their personal device for business purposes when outside of the office. Information technology organizations often had a completely different perspective. Platform standardization, including a pre-configured end point image, is an essential tool for managing procurement costs, operational costs, and security. Many enterprises lock down their devices preventing any employee customization or installation. Even if they wanted to support the multitude of devices and operating systems, they had neither the time nor budget to design, test, and deploy images for every new product release. Upgrading users to the latest and most capable device was incompatible with technology refresh strategy and budget. Mixing personal and enterprise data on a device posed security, privacy, and compliance issues. Allowing employees complete freedom violated acceptable use principles and policy. Inevitably information technology organizations were overwhelmed by the tidal wave of consumer electronics. Forrester reports 7 59% of firms now officially support use of personally owned smartphones for business purposes. Consumerization of information technology has led enterprises to align employee demands with technology organization limitations by establishing a bring-your-own-device (BYOD) policy and infrastructure enabling employee productivity and securing enterprise data and systems. Roger Baker, Assistant Secretary for Information and Technology for the Department of Veterans Affairs, recently stated 8, I think it s possible we have issued our last contract to buy desktop computers I can see the point at which the way you access the information you use to do your work is through a device that you have personally selected, you own and are authorized to bring to work. BYOD is implemented in three different models. 1) The enterprise purchases the device, pays for service, and permits the employee to use the device for personal purposes consistent with acceptable use policy. This is actually an attempt to avoid BYOD and is unlikely to satisfy most employee requirements. 2) The employee purchases the device and pays for service but it permitted to use the device for enterprise work. This is unlikely to meet enterprise security requirements without placing impediments to employee productivity. 3) The employee purchases the device and pays for service. The enterprise adds security controls to the device that protect enterprise data and systems, protect employee privacy, and permit complete freedom of use for personal purposes. This approach is generally accompanied by an enterprise stipend (fixed or tied to device purchase and service plan costs) in return for the benefit to the enterprise and the employee s acceptance of security controls related to work use of the device. 2

User Experience User experience is one key to the success of consumer electronics. Consumer electronics were designed with ease of use. Application stores where individuals can purchase applications for only a few dollars enable each individual to customize the application space for their own interests and tastes. Browsers and email applications designed for consumer electronics are particularly important access tools for consumers. Successful BYOD programs must respect consumer application preferences. If employees access enterprise applications via a browser, the application must be configured to function properly with the employee selected browser so he/she can use the same browser for personal and work purposes. The same principle applies to email. Security controls the enterprise places on employee devices must not impact personal activity user experience. Employees must be able to access web sites (e.g., gambling) that would be inappropriate for access from an enterprise provided device. Employees must be able to install User experience is one key to the success of consumer electronics. Security controls the enterprise places on employee devices must not impact personal activity user experience. applications that would be inappropriate for an enterprise device (e.g., games). The entire user experience, when the device is used for personal activities, must remain unchanged. To the maximum extent possible, users should be provided with a consistent experience for work and personal activity. In addition, employees must have the freedom to leverage any network access mode they choose. This includes wireless and wired private networks, public networks (e.g., restaurants, malls), and cell phone networks. Enterprises must not collect and must have no access to employee personal data. Enterprises must not access any indicators of activity not explicitly related to work. Employee Privacy Most enterprises subject employees to an acceptable use policy prohibiting activities inappropriate for the work place, limiting or prohibiting personal use, and controlling device configuration. In addition, employees are informed that their activities may be monitored and recorded and all data are subject to enterprise access including their email. BYOD policy must reverse these controls. Enterprises must not collect and must have no access to employee personal data (e.g., documents, photographs), private data 9 also known as personally identifiable information, email or other messages, address books, or passwords. Enterprises must not access location tracking, Internet site history logs, phone call logs, or any other indicators of activity not explicitly related to work. 3

OnPoint Consulting, Inc. Access Models Four access models, listed in Figure 1, present a range of benefits and security challenges. The least popular model with smartphone and tablet users is the virtual desktop. In this model the enterprise provided desktop is replicated on the employee s personal device. This has a relatively low security challenge because both the data and applications are on a server in the enterprise data center, protocols are strictly controlle, and the network link is encrypted. The user experience mimics the desktop experience rather than the device experience. If the employee device is a desktop or laptop computer the employee should find the experience acceptable. If the device is a tablet or smartphone, employee acceptance will be low and the BYOD program will have minimal success. Application Data Security challenge User experience Portability Offline productivity Native Local **** **** * **** Native Server *** **** * - Browser Server ** *** **** - Virtual Server ** * **** - desktop Figure 1 Access models Second is the browser model. In this model the employee accesses all enterprise applications via the native browser. Because the data and applications remain on the enterprise server, the network link is encrypted, and access protocols are controlled, the security challenge is low and has probably already been addressed for mobile employees with enterprise issued laptop computers. This model works well for applications that lend themselves to a browser interface. The user experience is poor for applications which, like email, have a high quality user experience with device native applications. Browser and virtual desktop models are highly portable requiring little or no effort for compatibility with multiple devices. The two other models are based on native applications providing excellent user experience with either public or enterprise developed applications. They are distinguished by data being located on enterprise servers or on the employee device. Portability is rated low because compatibility is required with the device operating system. This drawback is mitigated by the 98% market dominance 10 of ios and Android operating systems. Blackberry is projected to capture 1% if 2012 sales. Windows 8 will likely capture enough market share to require compatibility. Employees may circumvent the security model by finding ways to capture enterprise data on their device for more convenient processing. The enterprise data is then protected by whatever security controls the employee implements for his/her personal data. Recognizing this vulnerability the best option is to address the security challenge of protecting enterprise data held locally on the employee device. This model has the additional advantage of enabling employee offline productivity in the absence of a network link. 4

To the extent that security controls do not restrict reasonable behavior or impose excessive or complex burdens, most employees will accept them in return for the benefits of using the device of their choice configured as they so desire. Enterprise Security Most employees participating in BYOD programs recognize the need to protect enterprise systems and data. They are generally willing to accept what appear to them as reasonable security controls that do not burden excessively their personal use. Compliance with security controls depends on simplicity and convenience. To the extent that security controls do not restrict reasonable behavior or impose excessive or complex burdens, most employees will accept them in return for the benefits of using the device of their choice configured as they so desire. Employees should be required to comply with an enterprise acceptable use policy. The policy should separately address use of enterprise devices (on or off enterprise networks), use of employee devices on enterprise networks, use of employee devices accessing enterprise systems or data over the Internet or on their device, and personal use of employee devices. Employees who use personal devices in the office over enterprise networks should expect to encounter filters preventing access to inappropriate sites and should only engage in activities appropriate to the work environment. Typical BYOD security controls visible to the employee include strong passwords for identity authentication and device access control. After a period of inactivity employees are required to reenter their password. Multiple failed access attempts may lock the device, requiring enterprise administrator unlock, and/or wipe (delete all) enterprise data. Many devices have the capability to share their Internet access with nearby devices by creating a wireless local area network. BYOD security controls typically disable this capability while enterprise data or networks are being accessed to prevent access by unauthorized individuals or devices. Controls often prevent copying enterprise data to cloud storage or file sharing sites other than those provided by the enterprise or in the enterprise data center. Most other security controls should be almost undetectable by employees. Enterprise data stored on the device is generally encrypted and may be stored in a separate container (partition). Connections to the enterprise network over the Internet are encrypted creating a virtual private network (VPN) automatically established in the background when the employee initiates network access. Access privileges may be tiered based on the device. Employees may notice this if they are prohibited from accessing certain systems from outside the enterprise network or from personal devices. This policy should be the exception and not the default to encourage employee compliance. Mobile application management may control which applications access enterprise data. Malware protection and firewalls are mandated. Enterprise data is wiped from lost devices which may also be locked. Security scans assure that all controls are in place and prohibit access to enterprise data and systems if enterprise or manufacturer controls have been compromised 11 (tampered with or disabled). BYOD access is generally initiated by self service device registration at an enterprise portal. After employee identification and authentication based on credentials in the enterprise directory service, the employee supplies the device media access control (MAC) address enabling the portal to 5

OnPoint Consulting, Inc. identify the specific device and its type. If the device is an approved type, the employee authorizes the portal to install enterprise native applications and security controls. Employees typically have options including wiping personal data or geo-locating a lost device. Based on access control policy, privileges are established aligned with the user role, group, and device tier. With registration complete, the employee attains new dimensions of freedom and productivity in his/her work life. The complexity of providing security to multiple operating systems and a rapidly evolving device environment led a number of vendors to develop enterprise mobile device management (MDM) systems. Some are offered as software for enterprises to install in their management environment and some are offered as cloud-based software services. Gartner 12 recently reviewed offerings by 20 MDM vendors and identified AirWatch, MobileIron, Fiberlink, Zenprise, and Good Technology as the leaders. They identified 40 additional vendors who offered some type of MDM capability but did not qualify for their review. With a high quality MDM system and well designed security and privacy policy enterprises achieve high levels of employee compliance and effective protection of enterprise systems and data. Conclusion The consumerization of information technology will result in most enterprises adopting a BYOD program. Successful BYOD programs enable employees to select their device and applications, use them as they please for personal purposes, enable access to enterprise systems and data, preserve user experience, respect and protect employee privacy, and un-intrusively deploy security controls. Information technology organizations need to size enterprise networks for BYOD employees, ensure high network availability, provide internal wireless networks for mobile devices, establish security and acceptable use policies, and implement MDM systems. Enterprises with successful BYOD programs achieve higher employee productivity, higher employee retention, and lower information technology costs. If they also implement telecommuting programs, they achieve additional productivity and retention gains, improved employee attendance, and facility cost reductions. 1 IDC, Smartphone Market Hits All-Time Quarterly High Due To Seasonal Strength and Wider Variety of Offerings, www.idc.com, February 6, 2012. 2 Kathryn Weldon, Bring Your Own Device - How to Protect Business Information and Empower Your Employees at the Same Time, www.currentanalysis.com, June 2012. 3 Gartner, Gartner Says Worldwide Media Tablets Sales to Reach 119 Million Units in 2012, www.gartner.com, April 10, 2012. 4 Microsoft News Center, Microsoft Announces Surface: New Family of PCs for Windows, www.microsoft.com, June 18, 2012. 5 IDC, 2011 Consumerization of IT Study : Closing the Consumerization Gap, www.idc.com, July 2011. 6 Cisco Internet Business Solutions Group, BYOD and Virtualization, www.cisco.com/ibsg, 2012. 7 Forrester, Market Overview: On-Premises Mobile Device Management Solutions, Q3 2011, www.forrester.com, January 3, 2012. 8 Kathleen Miller, VA may stop buying desktop PCs, The Washington Post, July 2, 2012. 9 The Privacy Act of 1974 (as amended) defines of private records as, any item, collection, or grouping of information about an individual including, but not limited to, his education, financial transactions, medical history, and criminal or employment history and that contains his name, or the identifying number, symbol, 6

or other identifying particular assigned to the individual, such as a finger or voice print or a photograph. NIST Special Publication 800-122, Guide to Protecting the Confidentiality of Personally Identifiable Information (PII), April 2012, defines personally identifiable information as any information about an individual including (1) any information that can be used to distinguish or trace an individual s identity, such as name, social security number, date and place of birth, mother s maiden name, or biometric records; and (2) any other information that is linked or linkable to an individual, such as medical, educational, financial, and employment information. 10 Brooke Crothers, IDC forecast: ipad up, Android down, BlackBerry irrelevant, news.cnet.com, June 14, 2012. 11 AirWatch, Enabling Bring Your Own Device (BYOD) in the Enterprise, www.air-watch.com, April 2012, states, Devices that have been modified to remove security limitations imposed by manufacturers are known as jailbroken or rooted devices. 12 Gartner, Magic Quadrant for Mobile Device Management Software, www.gartner.com, May 17, 2012 (revised June 21, 2012). 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information