Mobile Device Management for CFAES



Similar documents
ForeScout MDM Enterprise

The ForeScout Difference

Cisco Mobile Collaboration Management Service

1. What are the System Requirements for using the MaaS360 for Exchange ActiveSync solution?

MDM Mobile Device Management

McAfee Enterprise Mobility Management

Advanced Configuration Steps

M a as3 6 0 fo r M o bile D evice s

How To Write A Mobile Device Policy

Athena Mobile Device Management from Symantec

How To Protect The Agency From Hackers On A Cell Phone Or Tablet Device

Symantec Mobile Management 7.2

Chris Boykin VP of Professional Services

Building Apps for iphone and ipad. Presented by Ryan Hope, Sumeet Singh

Feature List for Kaspersky Security for Mobile

Answers to these questions will determine which mobile device types and operating systems can be allowed to access enterprise data.

Symantec Mobile Management for Configuration Manager 7.2

Symantec Mobile Management 7.1

Workplace-as-a-Service BYOD Management

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

ipad in Business Mobile Device Management

SysAid MDM User Guide for ios

iphone in Business Mobile Device Management

Ensuring the security of your mobile business intelligence

Mobile First Government

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Embracing Complete BYOD Security with MDM and NAC

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION

Symantec Mobile Management 7.1

How To Manage A Mobile Device Management (Mdm) Solution

How To Protect Your Mobile Devices From Security Threats

The User is Evolving. July 12, 2011

TCS Hy5 Presidio Your Mobile Environment, Your Way Configure, Secure, Deploy. Mobility Solutions

Deploying iphone and ipad Mobile Device Management

Mobile Device Management and Security Glossary

Frequently Asked Questions & Answers: Bring Your Own Device (BYOD) Policy

Total Enterprise Mobility. Norbert Elek

Addressing NIST and DOD Requirements for Mobile Device Management

Managing iphones, ipads, and Androids with Exchange ActiveSync. Presented by Val Hetrick

Symantec Mobile Management Suite

SysAid MDM User Guide for Android

MaaS360 Mobile Device Management (MDM) Administrators Guide

How To Manage A Corporate Device Ownership (Byod) On A Corporate Network (For Employees) On An Iphone Or Ipad Or Ipa (For Non-Usenet) On Your Personal Device

Bell Mobile Device Management (MDM)

Kaspersky Security for Mobile

COMMONWEALTH OF PENNSYLVANIA DEPARTMENT S OF PUBLIC WELFARE, INSURANCE AND AGING

McAfee Enterprise Mobility Management Versus Microsoft Exchange ActiveSync

What We Do: Simplify Enterprise Mobility

Five Steps to Android Readiness

BENEFITS OF MOBILE DEVICE MANAGEMENT

Protecting Criminal Justice Information: Achieving CJIS Compliance on Mobile Devices

Ben Hall Technical Pre-Sales Manager

Quick Start Guide. Version R9. English

ADDING STRONGER AUTHENTICATION for VPN Access Control

Kony Mobile Application Management (MAM)

The Oracle Mobile Security Suite: Secure Adoption of BYOD

CentraStage & Apple Configurator

AirWatch for Android Devices

10 BEST PRACTICES FOR MOBILE DEVICE MANAGEMENT (MDM)

Data Loss Prevention Whitepaper. When Mobile Device Management Isn t Enough. Your Device Here. Good supports hundreds of devices.

When enterprise mobility strategies are discussed, security is usually one of the first topics

Enterprise Mobility as a Service

Good for Enterprise Good Dynamics

Mobile Device Management

Enterprise- Grade MDM

Compliance Rule Sets in MaaS360

Systems Manager Cloud Based Mobile Device Management

Addressing NIST and DOD Requirements for Mobile Device Management (MDM) Essential Capabilities for Secure Mobility.

Healthcare Buyers Guide: Mobile Device Management

Deploy secure, corporate access for mobile device users with the Junos Pulse Mobile Security Suite

Thanks for joining We ll start at 10am

Hands on, field experiences with BYOD. BYOD Seminar

BYOD: End-to-End Security

Junos Pulse for Google Android

Mobile Device Strategy

Cloud Services MDM. ios User Guide

BYOD. and Mobile Device Security. Shirley Erp, CISSP CISA November 28, 2012

Guideline on Safe BYOD Management

IT Resource Management & Mobile Data Protection vs. User Empowerment

AirWatch for ios Devices

CounterACT Plugin Configuration Guide for ForeScout Mobile Integration Module MaaS360 Version ForeScout Mobile

Sophos Mobile Control User guide for Apple ios. Product version: 4

EOH Cloud Mobile Device Management. EOH Cloud Services - EOH Cloud Mobile Device Management

BYOD Guidelines A practical guide for implementing a successful BYOD Management program in an organization of any size.

Dell World Software User Forum 2013

1 Mobile Device Management

Unified Windows Device Management in the Enterprise

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Codeproof Mobile Security & SaaS MDM Platform

IBM Endpoint Manager for Mobile Devices

Absolute Manage MDM. John Wu Systems Engineer

SYNCSHIELD FEATURES. Preset a certain task to be executed. specific time.

Transcription:

Mobile Device Management for CFAES What is Mobile Device Management? As smartphones and other mobile computing devices grow in popularity, management challenges related to device and data security are beginning to arise. Mobile computing devices such as smartphones and tablets are increasing in power and memory, and, although they are not replacing personal computers on a full-time basis, they are often used as primary communication devices. Also, the number of vendors and platforms in the mobile computing device market continues to increase, adding complexity to support and management efforts. The purpose of mobile device management (MDM) is to assist CFAES faculty and staff with connecting mobile computing devices to CFAES and/or university applications and services for the performance of university business. Mobile computing devices can be wireless devices such as tablet computers, smartphones, and other devices with wi-fi or cellular connections. The overriding goals of MDM are to position CFAES to realize the benefits and efficiencies associated with mobile computing devices, to assist employees with IT security policy compliance, and to mitigate risks though the appropriate application of policies and procedures. Why was MaaS360 chosen as the MDM solution? In order to help ensure that their user s mobile computing devices comply with university IT security and data policies, the CFAES IT support organizations must have visibility into and an appropriate level of control over the mobile devices that are connecting to CFAES and/or university applications and services, whether these devices are employee owned or provided by the university. This visibility with an appropriate level of control must be accomplished without undue impact upon the usability and performance of the devices. The MaaS360 mobile device management service provides a comprehensive set of capabilities to configure devices for access to university systems and services and to ensure that these devices, and the university data stored on them, are secure. We selected MaaS360 because it is one of the most comprehensive, yet least intrusive, products available. It will not interfere with or slow the operation of a device, yet allows IT support staff to quickly determine the security status of the device, or to take action in the event that the device is compromised, lost, or stolen. These capabilities were the reason MaaS360 was chosen for mobile computing device management. Why is MaaS360 needed? All CFAES faculty and staff are required to comply with university and CFAES data and IT security policies when using mobile computing devices for university business. As a result, CFAES IT support organizations are being called upon to provide an appropriate level of support, and to ensure that IT security monitoring and reporting can be accomplished. As compliance with university and CFAES data and IT security policies is an individual requirement for all faculty and staff, users are turning to their local IT support organizations MDM for CFAES 03/30/2011 v1.1 Page 1

for help. Finally, CFAES is required to report to the Office of the CIO on the details of its compliance with the policies that apply to the use of mobile computing devices. MaaS360 allows the CFAES IT support staff to provision, secure, and manage today s expanding suite of mobile computing devices all from a single portal while minimizing risk to the college and university. The MaaS360 service enables the IT support staff to manage and maintain mobile computing devices in a manner similar to today s support of personal computers. How will compliance be determined? The university s IT security policy that applies to mobile computing device configuration and management is the one currently in effect for personal computers, the Client Computing Security Standard (CCSS). A separate policy specifically for mobile computing devices is under development but has not been released. The terms of the CCSS define the requirements for compliance. The CCSS can be found at http://ocio.osu.edu/itsecurity/framework/ucss/ccss/ Who determines if a device is in compliance? The university s data and IT security policies require the CFAES IT support staff to certify that all devices connecting to the university network or supporting infrastructure are in compliance. Who makes a device compliant if a device is determined to not be compliant? What are the specific steps that will be taken to make a device compliant? When a mobile device's software or configuration is identified as presenting an IT risk by being out of compliance with the CCSS or other applicable policies, CFAES IT support staff and the user will work together to determine how best to address the risk. CFAES IT support staff include college, departmental, and unit level personnel. The CCSS provides for various remedies to accomplish compliance, and it is the responsibility of the CFAES IT support staff to work with the user to find the most appropriate remedy. CFAES IT support will be governed by the understanding that the university is not a corporation and our IT risk management must be appropriate to our academic and research mission. How will MaaS360 be implemented in CFAES? In order to establish an effective support program for mobile computing devices, CFAES will separate devices into three distinct classes: (1) trusted standard devices that are owned and provided by CFAES (Platform service); (2) acceptable devices that are personally owned (Appliance service); (3) unsupported non-standard devices that are personally owned and MDM for CFAES 03/30/2011 v1.1 Page 2

that have a consumer orientation (Concierge service). By classifying devices in this manner, CFAES can achieve the goals of policy compliance, cost control, auditable security, and defined responsibilities with its support program. A model for mobile computing device support was developed to address the three classes. 1. Platform Service CFAES owns the device, is fully responsible for support, and provides full device support (operating system, applications, configuration, etc.). Management software will be loaded on the device. 2. Appliance Service Employee owns the device, CFAES and employee share responsibility for support. Management software will be loaded on the device. Support is limited to e-mail, calendaring, and select applications. 3. Concierge Service Employee owns the device and assumes primary responsibility for support with limited assistance from CFAES. Functionality of CFAES management software may be limited or unsupported by the device. Employee assumes personal responsibility for compliance with CFAES and university policies. Custom, hands-on IT support may be available for a fee. Under this model, management software will be installed on the mobile computing device in order to ensure that it is in compliance with the university s policies. The management software chosen for this purpose is MaaS360. Eligible mobile computing devices will be enrolled in the MaaS360 service by CFAES IT support staff via a management portal. The enrollment process requires that IT support staff have physical access to the device in order to install the MaaS360 client software. We believe that you will have a positive experience with MaaS360 and will recognize the many benefits of allowing your IT support resource to efficiently manage your mobile computing device, with your permission. Choosing No Support under the CFAES MDM Standard and Agreement An employee may choose No Support for their personally owned device under the CFAES MDM standard and agreement. No Support is defined to mean that CFAES will provide no assistance to the employee with regard to managing the device or connecting the device to CFAES and/or university applications and services. The employee acknowledges his or her personal responsibility for compliance with all CFAES and university policies. Employees who choose not to have their personally owned device supported under the agreement, and then connect that device to CFAES and/or university applications and services, assume personal responsibility for compliance with CFAES and university policies. Employees who connect unsupported devices acknowledge that CFAES IT support personnel are not responsible for assisting them in the event of an IT security incident involving the device or access to a CFAES or university application or service. What this means in practical terms is that if a non-supported device is involved in an IT MDM for CFAES 03/30/2011 v1.1 Page 3

security incident, the employee may be held personally responsible for any consequences that result from the incident. This includes receiving no support from CFAES before, during, or after the university s formal security incident response. The employee may be personally responsible for any legal or financial consequences that result from the incident. What will MaaS360 do? MaaS360 allows the CFAES IT support staff to provision, secure, and manage today s expanding suite of mobile computing devices all from a single portal while minimizing risk to the college and university. The MaaS360 service enables the IT support staff to manage and maintain mobile computing devices in a manner similar to today s support of personal computers. Specifically, MaaS360 provides five services: provision, manage, secure, monitor, and support. Provision MaaS360 enables the configuration and device enrollment process with automatic default policies for Exchange ActiveSync (the new university e-mail system), for iphone, ipad, BlackBerry, and Android devices, including the Kindle Fire. MaaS360 does not require the installation of an app on Apple ios devices for enrollment, and maintains a small footprint on other devices, thus avoiding performance and usability issues. MaaS360 discovers new users and devices, and allows the IT support staff to launch a simple end user selfservice Over-The-Air (OTA) enrollment process. Device enrollment takes just minutes. Manage MaaS360 provides a unified management console for all smartphones, tablets, and other mobile devices with centralized policy and control across multiple platforms. Through automated workflows, IT support staff can discover, enroll, manage and report on mobile devices. In addition, role-based MaaS360 portal rights allow for expanded or restricted access for authorized users as their needs require. Over-The-Air configuration management provides simple delivery and maintenance of device profiles, including Wi-Fi and VPN settings. Through device quarantine and approval, IT support staff can be automatically notified of any new devices on the network, and can approve and manage them, ensuring compliance with university policies. MaaS360 delivers cross-platform application management capabilities. MaaS360 allows CFAES to have its own app catalog, offered on the devices it supports, that presents users with approved or recommended public applications, in-house developed applications, and the ability to push updates of those applications as they are made available. In addition, CFAES can use MaaS360 SDKs for developing in-house apps for key functions such as authentication, updates, and usage reporting. These apps can be invaluable tools for building and managing specialized applications and services for program delivery. By MDM for CFAES 03/30/2011 v1.1 Page 4

leveraging the MaaS360 mobile device management platform, CFAES can speed in-house development, reduce security risks to university infrastructure, and reduce costs, by avoiding the implementation of separate mobile application development platforms or gateways. Secure MaaS360 provides dynamic, end-to-end security and compliance management capabilities for enrolled devices. Enforcement of passcode policies and strong encryption keys can protect both university and personal data on mobile devices. CFAES IT support staff can configure device passcode policies to meet university IT security standards, and actively monitor devices to ensure compliance. Through real-time compliance management, MaaS360 can detect when a device attempts to opt out of security policies, when prohibited applications are installed, or if SIM changes have been initiated. Based on this information, IT support staff can take automated policy actions, such as sending a message to the user, blocking e-mail or data access, or wiping university data from the device. Through passcode and device management policies, IT support staff can protect university and personal data from theft, and restrict unapproved features and applications. Remote wipe actions can ensure that lost or stolen devices are not a data risk, and with selective wipe, can delete university data while leaving personal data intact. Monitor MaaS360 can deliver an interactive, graphical summary of mobile computing device operations and compliance, which is necessary for university IT security compliance reporting. MaaS360 provides integrated reporting and analytics with a high level view into the mobile device landscape, offering hardware and software inventory reports, plus configuration and vulnerability details. Support Supporting mobile workers requires a 24x7 operation that is always available. CFAES IT support staff require the ability to diagnose and resolve device, user, or application issues in real time from a centralized portal. MaaS360 provides robust help desk capabilities for support procedures such as locating a device with GPS, resetting a user s passcode, and sending a direct message to a device. MaaS360 also provides an end-user support portal that allows users to do basic self-management of their device, such as wiping or resetting the password on a lost device. How MaaS360 will be used CFAES MDM Standard and Agreement The implementation of MaaS360 will be governed by the CFAES Mobile Computing Device Standard and Agreement (Agreement). A copy of version 1.0 of the document can be found here: http://itac.cfaes.ohio-state.edu/adopted-mobile-computing-device-standard-andagreement MDM for CFAES 03/30/2011 v1.1 Page 5

Employees agree to and accept that the mobile computing device may be erased or formatted upon registration into or transfer/termination from CFAES and/or university applications and services if needed. This is necessary in order for CFAES IT support staff to ensure that the device has not been compromised prior to being connected to CFAES and/or university applications and services, and to ensure that any university institutional data and CFAES management software is removed from the device when connection to these applications and services is no longer required. CFAES IT support staff will make an effort to avoid the removal of the employee s personally owned data and applications. The MaaS360 service will be used to provision, manage, secure, monitor, and support mobile computing devices used by faculty and staff for university business. When a mobile device is identified as presenting an IT risk, CFAES IT support staff and the user will work together to determine how best to address the risk. CFAES IT support staff will be governed by the understanding that the university is not a corporation and our IT risk management must be appropriate to our academic and research mission. CFAES IT support resources will not use MaaS360 to monitor anyone's specific use of a mobile computing device. The university's computing policies strictly prohibit the monitoring of faculty and staff computer or mobile device use except when such monitoring has been approved, in advance, by the university CIO. Anyone who violates this provision is subject to termination. Employees are encouraged to make frequent and complete backups of their mobile computing device on a regular basis. Although MaaS360 can be used to restore the configuration of a device, the service cannot replace lost data or applications. What MaaS360 won t do. Monitor your use of a mobile computing device The MaaS360 service provides the capability of monitoring how a mobile computing device is configured. The service does not collect or report any data related to a user s specific use of the device, other than to show what software is installed, what data is present, and how the device has been configured. Also, the university's computing policies strictly prohibit the monitoring of faculty and staff computer and mobile device use except when such monitoring has been approved, in advance, by the university CIO. Anyone who violates this provision is subject to termination. Make changes to your mobile device without your knowledge - The CFAES implementation of MaaS360 will be used to provision, manage, secure, monitor, and support mobile computing devices used by faculty and staff for university business. When a mobile device requires intervention, CFAES IT support staff will work with you to determine how best to address the issue. IT support staff will be governed by the understanding that the university is not a corporation and our IT management practices must be appropriate to our academic and research mission. How will MaaS360 help me? MDM for CFAES 03/30/2011 v1.1 Page 6

Keep your device safe and secure MaaS360 s service allows you to comply easily with university data and IT security policies and regulations, protecting both your personal data and university data from loss or exposure. Improve your personal productivity and satisfaction Mass360 provides mobile device management services that allow you to select the device that best meet your needs, without burdensome management overhead. IT support staff can enroll and provision your selection of device quickly, providing reliable, secure, and easy access to university e-mail, data, and applications. Enable IT support to react to security threats and breaches MaaS360 can assist IT support staff with the quarantine and recovery of mobile computing devices that have been lost, stolen, or compromised. This is a requirement of the university s IT security standards. By addressing these situations in a prompt manner, downtime is reduced, and IT support staff can put your mobile device back into service quickly with a higher degree of quality. MDM for CFAES 03/30/2011 v1.1 Page 7

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information