Israel Lifshitz

According to a recent Gartner report, “by 2016, 20% of enterprise BYOD programs will fail due to deployment of mobile device management measures that are too restrictive.” Creating balanced BYOD policies that ensure your organization’s data security is no small feat. If your policies are too restrictive, no one will participate. You need to think outside of the security box. These 5 tips can help IT to ensure the proper BYOD balance.

  • Define policies that users can live with.
  • BYOD is about freedom of choice.
  • Make a clear separation between our work and personal lives on the device.
  • Prefer BYOD options that don’t leave data on the device.
  • Communicate and use common sense.

Define Policies That Users Can Live With

Heed the lessons of previous BYOD experiments. Your users will never agree to handing over their devices so you can disable screenshots. Unless you run a spy agency, you don’t need geotracking on your employees’ devices. You also don’t need access to any of their personal apps. Focus on what you absolutely need in order to secure enterprise data. If you don’t, your employees will not participate in your BYOD program.

BYOD is about freedom of choice

BYOD is a consumer lead revolution; IT definitely didn’t invent it. Keep in mind that BYOD is about freedom of choice. I am appalled when I see BYOD rules that dictate which device models employees can work on. When it comes to apps, offer a few choices for each type of app that your employees will be using. Add a few email, calendar and document editing apps to your Enterprise App Store.

A recent Gartner reports states that “your employees use many devices and they expect to use any device or application anytime, anywhere.” Internalize this.

Make a clear separation between our work and personal lives on the device

Almost every BYOD solution includes email, a calendar and a contacts. Make sure your employees know not to use their work apps for personal use. If and when they leave your company, those apps will be deleted from their device. Make it clear to your employees where IT has rights (on the work apps) and that they should never forward work emails to their personal email account. Good fences make good BYOD policy.

Prefer BYOD options that don’t leave data on the device

Choose apps that do not store data on the device. When app data is stored in the cloud, there is much less potential for data leaks. IT will need less policies and it will make the employee’s life easier. Your employees will be thrilled to know that work data doesn’t join them everywhere they go.

Communicate and use common sense

Communicate your BYOD policies to your employees – on paper and in person. Instead of sending a dry email full of technical terms that non-IT personnel will never understand, convene a BYOD workshop and give everyone a chance to ask questions.

Make it crystal clear what IT will do with the administrative rights they have on your users’ devices. Let them know that you will never use the “nuclear option” and wipe the entire device. It is important that they are aware that the worst case scenario is waking up and finding their work apps and data wiped. In the post-Snowden revelations era, mobile users want to know that you will never look at their private data nor will you perform backups. They now know what metadata is and you need to assuage their concerns.

Mistakes are bound to occur; don’t install a regime of fear. Isn’t it better when employees feel free to approach IT and say, “I think I made a mistake with our app. How do I fix it?” Let them know they can come down from the tree and they will share their experiences and mishaps with you.

 

Israel Lifshitz

The NSA isn’t the only government agency reeling from “the Snowden disclosures.” Whatever your views on the young man’s actions, the impact will be felt in every government, military and intelligence agency around the world.

According to NBC News, Snowden had access to NSA servers via a thin client computer. The thin client acts as a poorly secured projector which nonetheless allows a user to connect a thumb drive and copy data.

Last summer, Bradley Manning (of Wikileaks notoriety) was sentenced to 35 years for leaking over 700,000 classified documents. Manning downloaded data from army computers and was able to copy it to an SD card and burn a CD-R copy.

While German and Brazilian leaders publicly decry American espionage, the spymasters have learned a valuable lesson:

Never allow data on employee devices or computers

IT managers responsible for securing classified data are like chess players. They are paid to anticipate future moves by their adversaries. The benefits and risks associated with mobile technologies spread at the speed of light.

Your data belongs in one place and one place only – your datacenter. The rule is simple – once your data leaves your datacenter to employee devices and PCs, game over.

The answer is in the cloud

Now that we’ve determined that all of your data remains on your datacenter, how do we allow employees to work?

The virtualized enterprise cloud

Unlike regular transferred data, virtualized data is raw data that you can control. Sending bitmaps is a lot safer than sending real data. It severely limits your potential losses. What if Snowden had been using a virtualized cloud session in his role as an NSA sysadmin? The server in Washington or Virginia would have stored classified data, as it does now. Instead of a thin client, Snowden’s computer or device would have acted as a display. In this scenario, Snowden would have tried to copy NSA data from a virtualized session and discovered that there was no data to be found.

The same goes for Bradley Manning. What if he had logged into a virtualized session while serving in Iraq? He would have connected his SD card to the army computer and discovered there was nothing to copy.

There is no way to prevent every data leak just as there is no way to attain a 0% crime rate. But we can – and should – make it harder. We can begin by preventing massive data exports. The next Snowden can take screenshots or manually take photos of the device, thereby creating a “lossy data export.” It is a lot easier to spot a government employee engaged in a “clicking frenzy” than it is to catch him in the act with a thumb drive. Screenshots will never get you 700,000 classified documents.

Virtualization isn’t new, nor is the cloud. The innovation lies in mixing these two wonderful tools. The right recipe will go a long way to solve the challenges of modern data security.

Asi Mugrabi

I know they’re following me, so I run. I run like hell. I got to the point where I can easily outpace the slower zombies; it’s the fast ones that scare me.

If you come across a terrified face running with headphones, don’t be alarmed. It’s called “Zombies, Run!” – an app that motivates better than the toughest talking nutritionist. My workout was boring and I needed something to push me harder than a gym coach with a six pack on his chest. Zombie, Run transforms my workout into a fantasy story. It’s the perfect mix of two great things – RPG (role playing games) and exercise. It tracks my progress as I level up and keep my distance from gruesome looking zombies. The soundtrack is amazing – when I hear them closing in on me, my adrenaline kicks in and I set a new personal best. The expression on my face is haunting. I wonder what the old lady walking her dog thinks.

Zombie, Run! costs $3.99 on Google Play (Android) and the App Store (iOS).

Not all of my friends are into the zombie thing. At Nubo, a few of us use RunKeeper, another great exercise app. We share a leaderboard and chat about our progress at work. When I try a new route, RunKeeper remembers it so I can do it again. RunKeeper is free on both Google Play and the App Store.

MyFitnessPal has helped me to get rid of extra calories. It comes with a calorie counter so I know how much a tempting chocolate cake is worth. The more I run, the more it “lets” me eat. MyFitnessPal is also free for Android and iOS.

asi-mugrabi

Exercise apps are much more motivating than self-help books and boring lectures. Adding a social aspect and fear factor have done wonders for my health. I love trying out the latest apps and it’s fun to share these experiences with friends. What will they think of next?

Gotta go, a pack of blood dripping zombies are grabbing my Nikes!