Month: December 2014

In Part I of How to Build a BYOD Policy, we took you through the steps you can take to determine your BYOD policy and define your company’s BYOD objectives, your users, the apps and data they need to fulfill these objectives, and the security bases you need to cover form the foundation of a BYOD policy tailored for your business.

Now comes the challenging part – How to secure the apps and data required without compromising your business goals. Any policy which fails to strike this balance will effectively fail in realizing the true goal of BYOD.

Once you identify the complexity and sensitivity of the data and apps that require mobile access, you need to determine which security approach can best satisfy all of your BYOD requirements. There are a variety of platforms in the market, but they can mainly be defined as solutions that manage data security on devices and those that manage it off of devices. Here are the pros and cons that accompany the paths you can take towards turning your BYOD policy into a reality:

1. Rely on your existing platforms

Think business-as-usual is an option for your company? Perhaps your research shows that your employees only need to access email, calendar and contacts to be productive away from the office. Most Microsoft Exchange platforms include built-in device management features for their email solution. Relying solely on this security might be an option to consider for some small or medium-sized businesses (SMBs). Some companies in this situation simply choose not to implement a BYOD-focused security solution and rely on those features instead for their security.

Pros: This approach requires both minimal licensing costs and configuration from your IT management.

Cons: The moment your organization wants to use workplace apps that contain more data, this approach becomes unsustainable. You will not be able to support enterprise or consumer apps which contain sensitive data. Another drawback to this minimalist approach is that your users will need to configure themselves and set up their own security. All organizations have employees that are less tech-savvy than others, and this opens up user-error scenarios that can be very problematic. We’ve seen how this movie has played out in the past, and it could end up giving your IT an ongoing headache.

2. Mobile Device Management (MDM)

All you need to know about how mainstream MDM has become is to do a Google search of BYOD solutions. This approach involves installing MDM agent/provisioning within the employee’s mobile device and securing these apps with encryption.

Pros: MDM has been the most popular route for organizations in recent years. If your organization is looking to secure relatively “light data” apps such as email, calendar and contacts, MDM has proven to deliver an adequate level of security and data control for IT management. IT is able to block rooted and jailbroken devices, for example, as well as perform remote wiping of the employee devices which have been hacked, lost or stolen. MDM also automatically configures apps for the user – removing at least part of the learning curve and reducing user authentication risks.

Cons: As MDM implementation within the organization has matured, there are concrete limitations that have become clearer, and they exist on both sides of the management-employee spectrum. For management, the nature of MDM being an on-device security solution requires constant application of patches and other security measures to combat attackers and security gaps. Because encryption keys are locate on the device, they are prone to being breached by outside intruders. Your corporate data is what’s at stake here. Because this data is stored within the employee device, MDM security is compelled to do a remote wipe of a lost/stolen or compromised device. This resonates negatively with employees, who fear that they will lose some or all of their personal files and lose their privacy. There are several studies including a recent one by Ovum which show that this issue alone detracts employees from following BYOD policies such as reporting their lost/stolen device right away.

Lately, MDM solutions have also offered Mobile Application Management (MAM) tools to help guard against mobile app security threats. However, these tools are less mature in the field, and not as recognized for providing sufficient security. MAM tools also face problematic challenges in deploying apps effectively across different devices, OSs and versions.

Another major issue you should consider when evaluating MDM as a solution is how robust your data needs are. If your defined BYOD data goes beyond email tools and requires access to apps which store a significant amount of sensitive client information (i.e. CRM and ERP software), then enforcing security on BYOD devices becomes much more difficult to maintain, and will add significant work resources and security burden on your IT.

3. Virtual Mobile Infrastructure

Often referred to as “Mobile VDI”, VMI has been garnering a lot of attention over the past two years. This approach is unique from the other solutions in the market because, at its core, it involves managing all corporate apps and data away from devices and on a remote and secured cloud-based server. This philosophy involves running a mobile operating system compatible with all major OSs on a server and transferring apps and data onto devices as a display using as thin client.

Pros: The advantages of implementing VMI extend to both security management as well as BYOD employees. From a security perspective, it’s much easier to manage critical enterprise data from a secured datacenter than it is to apply patches and combat malicious apps that attack the myriad of different mobile device models. Consequently, your IT overhead will decrease significantly and free up resources for other projects which can aid your organization. No data on the device means that remote wiping becomes completely unnecessary. When an employee leaves the company or loses their device, IT can simply block access from the server to the affected device, removing employee fears and encouraging them to report lost or stolen devices right away. IT gains peace of mind knowing that there aren’t compromised devices in your network that have simply not been reported.

If your employees are demanding apps that help improve productivity, efficiency and collaboration when working remotely, they will want to work with apps that are made for a mobile interface, just like the consumer apps they’ve grown accustomed to. VMI’s mobile platform was developed for a mobile interface and is compatible with iOS and HTML5 apps as well.

Cons: Because data is located remotely, offline users who are unable to connect to a WiFi network or device data plan cannot access their mobile apps in these circumstances. This scenario usually presents itself when an employee is traveling by air, sea, or underground areas which don’t support online access. Getting feedback from your employees as to how important offline access is and how often this scenario is relevant will help you determine if VMI is right for you.

4. Niche Mobility Tools

These tools can be implemented in addition to the security approaches above, but are not capable of running independently as a stand-alone solution:

Multi-persona platforms: A Multi-persona platform is implemented at the OS level in the mobile device to create separate and secured user personas on a smartphone. Some manufacturers such as Samsung Knox and the latest version of Android Lollipop offer this feature. For Enterprise Mobility, a work persona is installed to manage all corporate apps and data. Each persona is isolated from the other and exchanging data between them is prohibited by policy standards that are determined in advance.

HTML5 platform: Although Android and iOS continue to the dominant OSs, some organizations have turned to HTML5-based apps. This alternative to native apps allows your organization to use browser-based apps without relying on proprietary platforms.

Turning policy into reality

You now have the information to write your BYOD policy and choose the right platform that meets your business needs. But how will you be able to make the necessary changes to align business processes with your vision for the future? In Part III of this series, we’ll explain how you can put your BYOD policy into practice and ensure your processes give you the platform to gain from mobility benefits securely.

Enterprise Mobility continued to make the headlines in 2014, with more innovative mobile devices and security threats and vulnerabilities than ever before. The fallout from many of these events offer valuable lessons learned, and how BYOD organizations adapt their priorities accordingly will have a huge impact on the industry going forward. Here are five of the most significant developments you can expect to see play out in 2015.

1. Rise of the Phablets

Look for Phablets to become a disruptive technology and dominant force as BYOD devices of choice. The larger display size they offer will make these devices an attractive all-in-one solution for many smartphone and tablet users. They’re not an entirely new phenomenon, but the expected surge of the iPhone 6 Plus will launch them into the spotlight like never before. The buzz created by this device will almost certainly transcend their increased share of the retail market and as a result, Phablets are set to make a big splash on BYOD as the devices that can almost do it all. Expect their influence to trigger a notable decline in BYOD usage of Tablets especially in 2015 and beyond. BYOD employees will shift from using tablets to Phablets as a solution to their mobile needs. App developers will need to adapt quickly so that their apps run optimally for this new form factor.

2. Is the honeymoon over for MDM?

Many security vendors have added MAM (Mobile Application Management) and MIM (Mobile Information Management) tools to their existing Mobile Device Management (MDM) solution of choice. Together, these services are being packaged as EMM (Enterprise Mobility Management) and being promoted as an all-inclusive mobile security solution. There’s no doubt that together these approaches address several security concerns – but collectively they still do not add up to the comprehensive enterprise mobility solution that enterprises require. EMM implementation on the ground is still at a relatively early phase, so BYOD companies and EMM providers are still very much in the “honeymoon stage” with these services. Just like a young and developing romance, the security flaws will eventually be uncovered as EMM implementation becomes more mature. Since MDM is still the anchor steering this approach the limits to their effectiveness will become apparent as employee feedback will start cycling back to organizations. For IT, the costs of managing all of these on-device security requirements will also become an issue.

3. Mobile Apps – Security will Take Center Stage

In 2014 I said that mobile apps would graduate beyond standard apps and that we would see organizations investing in more robust and data-rich enterprise apps like CRMs and ERPs in order to enable employees in being more productive. With more complex apps and data being adopted into BYOD, securing these apps will be paramount. Many security tools such as MDM and MAM will be trialed but they require a lot of IT customization such as App Wrapping and Containerization. It will be interesting to see how successful they will be and whether they will be continue to be selected over time.

4. Vertical BYOD Solutions will become Bigger

Look for more vendors to target specific industries and tailor their security solutions for those that need higher-level security and are dealing with difficult challenges as a result of BYOD implementation. Healthcare for example sees doctors often working outside of the hospital or clinic, yet they need access to mobile apps more than ever before. Ensuring Protected Health Information (PHI) on these apps is an absolute must with the compliance and liability issues required under HIPAA (Health Insurance Portability and Accountability Act). Banks and financial institutions also have a heightened need to secure extremely sensitive customer and corporate information while putting BYOD into practice. Then you have both public and private defense agencies for which cybersecurity threats and their accompanying challenges are unique, and those stakes have never been higher. Their security specifications require them to use their own customized devices and adopt more of a COPE (Corporate Owned Personally Enabled) policy. These industries represent niche opportunities for vendors who will roll out mobile offerings in increasing numbers.

5. Virtualization Technology will Make a Splash

As organizations gather analytics and weigh the advantages and disadvantages of different ways to manage BYOD, the big picture will slowly but surely come into focus. Increasing reliance on mobile devices means mobile-first security solutions will take precedence. While we’ve heard the importance of “following the data” often in 2014, more organizations will shift philosophies on the best way to achieve that, with more CIOs looking to manage data security away from personal devices entirely. Both on-device (Multi-Persona) and off-device virtualization such as VMI (Virtual Mobile Infrastructure) will become a larger part of the BYOD landscape as a result.