magazine - Connect-World
magazine - Connect-World
magazine - Connect-World
- No tags were found...
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Mobile security<br />
employee to move data to clouds outside<br />
enterprise control. Mobile devices are also<br />
constantly connecting to any available<br />
network, private or public whether or not it<br />
is trusted. As a result, data moving between<br />
a device and the corporate network is<br />
vulnerable to man-in-the-middle attacks via<br />
rogue Wi-Fi hotspots. Mobile IT needs to be<br />
able to secure data-in-motion as it travels to<br />
and from the device.<br />
Lockdown will fail<br />
Mobile devices should never be locked down<br />
like laptops because lockdown fundamentally<br />
damages the user experience impeding<br />
productivity and impairing adoption. The<br />
core tenet of successful mobile deployments<br />
is the preservation of user experience. A<br />
mobile program will not be sustainable<br />
if user experience is compromised when<br />
employees start using their personal devices<br />
for corporate email and apps.<br />
Every computing deployment, whether<br />
mobile or not, carries some risk of content<br />
loss. With mobile, there are several best<br />
practices which organizations follow to<br />
mitigate this risk to the point that it is<br />
acceptable given the positive business value<br />
of mobile.<br />
Best Practices for Securing Mobile Content<br />
Email attachments are the primary source<br />
of enterprise documents on mobile devices.<br />
Mobile IT’s challenge is to give users access<br />
to business email on their mobile devices<br />
while ensuring those users cannot save<br />
business email attachments to apps or clouds<br />
outside IT security controls. The security<br />
challenge of mobility for the enterprise is<br />
that this one-click sharing of information<br />
from the device to external services is<br />
simple and frequent. A business email<br />
attachment can quickly end up in Dropbox<br />
without any malicious intent or even effort<br />
on the part of the user.<br />
Ensure every device is under management<br />
Every device needs to be connected to<br />
a Mobile IT platform that can secure<br />
and manage the device, the apps, and<br />
the content. If the user deactivates or<br />
removes the management client from the<br />
device, that will trigger a policy violation<br />
in the system. The system should be<br />
configured to immediate block the device<br />
and the apps on it from accessing the<br />
corporate network.<br />
Monitor the operating system<br />
When a device’s operating system is<br />
jailbroken or rooted the established data<br />
security measures are no longer reliable.<br />
Therefore, automated rules should<br />
immediately quarantine the device, remove<br />
corporate data, and notify the administrator.<br />
Companies should also determine what<br />
versions of an operating system they are<br />
willing to support. Devices running on<br />
the latest version will be up-to-date with<br />
all available security patches while older<br />
versions will not.<br />
Set and enforce passcode policy and<br />
encryption: Passcode enforcement prevents<br />
unauthorized access to the device. Companies<br />
should also implement an auto-wipe policy<br />
that wipes the device completely after<br />
a predefined number of failed password<br />
attempts. This minimizes the risk of brute<br />
force attacks on lost or stolen devices.<br />
Protect email and attachments<br />
Restricting email forwarding prevents<br />
corporate email from being forwarded<br />
through the user’s personal email account on<br />
the device. It also prevents emails from being<br />
moved by the user from a corporate inbox to<br />
a personal inbox. Companies also need to be<br />
able to restrict the ability to use third-party<br />
file readers or document management apps to<br />
open email attachments. When an attachment<br />
is opened in one of these apps, it can be<br />
saved or distributed completely without<br />
the knowledge of IT. As a result, email<br />
attachments are the biggest risk of mobile<br />
data loss.<br />
Establish identity<br />
Especially in BYOD initiatives, user and<br />
device identity must be strongly established.<br />
Securing email, Wi-Fi, and VPN access<br />
using certificates protects identity and<br />
also improves the user experience since<br />
certificates provide complex credentials<br />
automatically.<br />
Define the role of iCloud<br />
In a well-designed corporate deployment,<br />
iCloud will not increase the risk of data loss.<br />
iCloud does not back up any email or PIM<br />
content that comes from corporate sources<br />
such as Exchange or Notes. iCloud also does<br />
not back up encrypted data, which means data<br />
from apps that use iOS Data Protection will<br />
not be stored in iCloud.<br />
Blacklist known threats<br />
The mobile app landscape moves quickly<br />
but most organizations have identified a set<br />
of file readers or other apps that they do not<br />
trust. These apps should be blacklisted so that<br />
if an employee downloads a blacklisted app,<br />
a remediation action will be automatically<br />
triggered. This action could range from a<br />
simple non-compliance SMS notification to a<br />
full device quarantine which strips the device<br />
of all enterprise email, apps, connectivity, and<br />
settings until the threat is removed.<br />
Conclusion<br />
The old model for content security was<br />
‘heavy containerization’. A container is set of<br />
protected data. This data is separated from all<br />
other data on the device and is protected from<br />
unauthorized apps or users.<br />
In the first generation of enterprise mobility,<br />
all business data and associated apps were<br />
segregated into monolithic, email-based<br />
containers. While this protected business<br />
data, it forced users into an experience they<br />
did not like.<br />
People buy an iPhone, iPad or Android<br />
device because they love the user<br />
experience that was developed specifically<br />
for that device. When they use that<br />
device at work they want to be able to<br />
have that same experience. The heavy<br />
containerization approach forces people<br />
to flip between enterprise and personal<br />
screens on their device or requires they<br />
use a third-party email app instead of the<br />
native experience they love. Not only do<br />
these approaches compromise productivity<br />
but they create security risks as employees<br />
figure out workarounds.<br />
In the new generation of enterprise<br />
mobility, user experience is core and the<br />
new answer is ‘targeted containerization,’<br />
securing the enterprise content within the<br />
native experience and leaving the personal<br />
content untouched. Mobile First companies<br />
know that mobile access to corporate<br />
content is critical and their vision is that<br />
employees can work the way they want to,<br />
on the device of their choice, with the apps<br />
that they love, and access to the content<br />
they need, all in a secure environment. •<br />
42 • EMEA 2013