Portait-Handbook-Mobile Device Management Hb Final

Download Portait-Handbook-Mobile Device Management Hb Final

Post on 10-Nov-2015

226 views

Category:

Documents

7 download

Embed Size (px)

DESCRIPTION

MDM Portait Handbook

TRANSCRIPT

<ul><li><p>Mobile Device ManagementThe increase of BYOD in the enterprise has forced IT security teams to find new ways to secure corporate and personal data while allowing flexible user access. In this Tech Guide, learn vital information regarding the booming BYOD trend in the enterprise and how IT teams are looking to MDM solutions to control and protect corporate data on mobile devices. BY LISA PHIFER</p><p>Tech Guide</p><p>1 2 3 4EDITORS NOTE BYOD INCREASE </p><p>CALLS FOR ENTER-PRISE MOBILE DEVICE MANAGE-MENT SYSTEMS</p><p>MITIGATING BYOD RISKS WITH MOBILE DEVICE MANAGEMENT SYSTEMS </p><p>MDM 2.0: MEETING NEW MOBILITY MANAGEMENT NEEDS</p><p>VIRT</p><p>UAL</p><p>IZAT</p><p>ION</p><p>CLO</p><p>UD</p><p>APPL</p><p>ICAT</p><p>ION</p><p> DEV</p><p>ELO</p><p>PMEN</p><p>T</p><p>NET</p><p>WO</p><p>RKIN</p><p>G</p><p>STO</p><p>RAG</p><p>E AR</p><p>CHIT</p><p>ECTU</p><p>RE </p><p>DATA</p><p> CEN</p><p>TER </p><p>MAN</p><p>AGEM</p><p>ENT</p><p>BUSI</p><p>NES</p><p>S IN</p><p>TELL</p><p>IGEN</p><p>CE/A</p><p>PPLI</p><p>CATI</p><p>ON</p><p>S</p><p>DIS</p><p>ASTE</p><p>R RE</p><p>COVE</p><p>RY/C</p><p>OM</p><p>PLIA</p><p>NCE</p><p>SECU</p><p>RITY</p></li><li><p>2 MOBILE DEVICE MANAGEMENT</p><p>Home</p><p>Editors Note</p><p>BYOD Increase Calls For Enterprise Mobile Device Management </p><p>Systems</p><p>Mitigating BYOD Risks With Mobile Device </p><p>Management Systems</p><p>Mdm 2.0: Meeting New Mobility </p><p>Management Needs</p><p>OPENER3 lines is max title length.</p><p>Style title. Then use hard return to push last line of title to sit on </p><p>this baseline.</p><p>All pages: text begins on this baseline</p><p>OPENER1st text baseline begins here.</p><p>To change slug and # txt.</p><p>On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.</p><p>This will keep the slug text in front of the number</p><p>1EDITORS NOTEMDM Systems Take Hold as BYOD Booms</p><p>BYOD in the enterpriseisbooming,andITsecurityteamsaregrapplingto</p><p>control,monitorandprotectessentialcorporateinformationtransmitted</p><p>fromandstoredonmobiledevices.ITsecurityteamsneedtomaintainsecu-</p><p>rityandensurecompliancewhilestillallowingflexibleuseraccess.Sowhat</p><p>isanITsecurityteamtodo?</p><p>Inthistechnicalguide,wirelessexpert,LisaPhiferdiscusseshowthe</p><p>BYODtrendisleadingITteamstoinvestinanddeploymobiledeviceman-</p><p>agement(MDM)solutions.YoulllearnhowtodeterminewhetheranMDM</p><p>systemisrightforyourorganization,ifyourexistingsystemscanprovidethe</p><p>necessarysecuritycontrols,orifadditionaldevicemanagementfeaturesmay</p><p>berequired.OnceyouvedeterminedthatdeployinganMDMsystemisthe</p><p>rightchoiceforyourorganization,Phiferexplainshowtodeployandapply</p><p>MDMtoreducesecurityrisksbroughtonbyBYOD.Thisincludesenforc-</p><p>ingcomplianceandtestingtheMDMsystembeforefullydeployingitinyour</p><p>environment.</p><p>Lastly,PhiferexplorestheideaofMDM2.0securityandcontrolbeyond</p><p>smartphonesandtablets.Asmobilesecurityintheenterprisecontinuesto</p><p>expand,takingalookatthefuturecanhelpITsecurityteamsprepareforthe</p><p>nextwaveofMDM.PhiferdiscusseslettinggooftheideathatMDMisatool</p><p>formobiledevicelockdown,butinsteadameansforprovidingcustomizable</p><p>securityandcontrolbasedonausersneedsandpreferences.n</p><p>Rachel Shuster</p><p>Associate Managing Editor, TechTargets Security Media Group</p></li><li><p>3 MOBILE DEVICE MANAGEMENT</p><p>Home</p><p>Editors Note</p><p>BYOD Increase Calls For Enterprise Mobile Device Management </p><p>Systems</p><p>Mitigating BYOD Risks With Mobile Device </p><p>Management Systems</p><p>Mdm 2.0: Meeting New Mobility </p><p>Management Needs</p><p>OPENER3 lines is max title length.</p><p>Style title. Then use hard return to push last line of title to sit on </p><p>this baseline.</p><p>All pages: text begins on this baseline</p><p>OPENER1st text baseline begins here.</p><p>To change slug and # txt.</p><p>On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.</p><p>This will keep the slug text in front of the number</p><p>2MDM SYSTEMSBYOD Increase Calls for Enterprise Mobile Device Management Systems</p><p>Multi-platform mobile device managementsystemsaregainingafoot-</p><p>holdinenterprisesanxioustomeettheneedsoftodaysexpandingmobile</p><p>workforce.Whilenosilverbullet,MDMtechnologycangiveITcentralized,</p><p>scalablevisibilityandcontrolovertheunrulybring-your-owndevice(BYOD)</p><p>trend.</p><p>InarecentstudybyPonemonInstitute,mostorganizationsagreedthat</p><p>mobiledevicescreatedbusinessriskbutwereimportanttoachievingbusi-</p><p>nessobjectives.However,just39%haddeployedsecuritycontrolsneeded</p><p>toaddressthatrisk;fewerthanhalfofthosecouldenforcemobilesecurity</p><p>policies.</p><p>Unfortunately,thislaxgovernancehasalreadyresultedinnon-compli-</p><p>anceanddatabreaches.InPonemonssurvey,59%saidemployeesdisen-</p><p>gagedfundamentalmeasuressuchaspasswords;another12%wereunsure.</p><p>Itshould,therefore,comeasnosurprisethathalfofthoseorganizationshad</p><p>experiencedmobiledatalossduringthepastyear.</p><p>Giventherashofemployee-ownedsmartphonesandtabletsnowfinding</p><p>theirwayintotheworkplace,ITsimplymustfindawaytomanagemobile</p><p>applicationandsystemaccesswhilekeepingcorporatedatasecure.Fortu-</p><p>nately,anewcropofmulti-platformMDMproductsandservicesstandready</p><p>tohelpITachievetheseobjectivesandmitigateBYODrisks.However,or-</p><p>ganizationsneedtounderstandthebenefits,nuancesandlimitationsofthis</p><p>emergingtechnologybeforetakingtheplunge.</p><p>THE RISE OF MULTI-PLATFORM MDM</p><p>Mobiledevicemanagementsystemsarenotarecentphenomenon.</p></li><li><p>4 MOBILE DEVICE MANAGEMENT</p><p>Home</p><p>Editors Note</p><p>BYOD Increase Calls For Enterprise Mobile Device Management </p><p>Systems</p><p>Mitigating BYOD Risks With Mobile Device </p><p>Management Systems</p><p>Mdm 2.0: Meeting New Mobility </p><p>Management Needs</p><p>OPENER3 lines is max title length.</p><p>Style title. Then use hard return to push last line of title to sit on </p><p>this baseline.</p><p>All pages: text begins on this baseline</p><p>OPENER1st text baseline begins here.</p><p>To change slug and # txt.</p><p>On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.</p><p>This will keep the slug text in front of the number</p><p>2MDM SYSTEMSEnterpriseshavelongmanagedcompany-issuedBlackBerrysandWindows</p><p>MobilesviaBlackBerryEnterpriseServer(BES)andMicrosoftExchangeAc-</p><p>tiveSync(EAS).ButyesterdaysnarrowlyfocusedMDMscouldnothandle</p><p>theconsumersmartphonesandtabletsthatfloodedtheworkplacefollow-</p><p>ingApplesiPhonereleasein2007.Ashandsetprocurementrapidlyshifted</p><p>fromemployertoemployee,drivenbybudgetcutsandworkforcedemands,</p><p>ITgroupswereleftscramblingformoreextensibletools.</p><p>Initially,IThadlittlechoicebuttoreduceiPhoneriskbyapplyingEAS</p><p>policiestopreventcorporateemailaccessbynon-passcodedphonesand</p><p>remotelywipethosethatwerelost.Butthesebasicmeasuresfellshortof</p><p>governanceneeds.Certainly,theydidnotsatisfycompliancemandatesto</p><p>encryptdataatrest,norcouldtheydeliverproofofcontinuousenforce-</p><p>mentormeetaccesstrackingandauditrequirements.AlthoughEASsup-</p><p>portinnewerdevicescontinuestoexpand,thismessaging-centricapproach</p><p>isplaguedbyinconsistencyandcannotmeetbroadermobilitymanagement</p><p>requirements.</p><p>Byearly2010,iPhoneshadbeenjoinedbyiPadsandAndroids,fueling</p><p>growthofthemulti-platformMDMmarket.Nichemulti-platformMDMs</p><p>previouslyusedbycellularcompaniesandhighlymobileverticalssuchas</p><p>retailquicklyexpandedtoembraceiOS4,followedbyAndroid2.2.Today,</p><p>multi-platformMDMsareviablealternativestoBESorEAS,givingenter-</p><p>prisesasinglepaneofglassthroughwhichtomonitorandmanageanin-</p><p>creasinglydiversearrayofcorporateandbring-your-ownphonesandtablets.</p><p>MDM BREADTH AND DEPTH</p><p>UnlikeBES,whichusesaproprietaryapproachtomanageonlyRIMdevices</p><p>runningtheBlackBerryOS,multi-platformMDMsarethird-partyprod-</p><p>uctsthatuseopenAPIstotapthenativeinterfacesandcapabilitiesoffered</p><p>bymanydifferentdevices.Today,itiscommonforMDMstomanageApple</p><p>devicesrunningiOS4+,Samsung/Motorola/HTC/LGdevicesrunningAn-</p><p>droid2.2+,andanarrayofhandheldandembeddeddevicesrunningWinCE</p><p>andWindowsMobile.LimitedMDMsupportcanalsobefoundforWindows</p></li><li><p>5 MOBILE DEVICE MANAGEMENT</p><p>Home</p><p>Editors Note</p><p>BYOD Increase Calls For Enterprise Mobile Device Management </p><p>Systems</p><p>Mitigating BYOD Risks With Mobile Device </p><p>Management Systems</p><p>Mdm 2.0: Meeting New Mobility </p><p>Management Needs</p><p>OPENER3 lines is max title length.</p><p>Style title. Then use hard return to push last line of title to sit on </p><p>this baseline.</p><p>All pages: text begins on this baseline</p><p>OPENER1st text baseline begins here.</p><p>To change slug and # txt.</p><p>On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.</p><p>This will keep the slug text in front of the number</p><p>2MDM SYSTEMSPhoneandWebOSdevices.However,thedegreeofmonitoringandcontrol</p><p>deliveredforeachmanageddevicevariesbymake/modelandOSversion.</p><p>Forexample,MDMscanusuallyenforcedevice-levelaccesscontrolson</p><p>iOSandAndroiddevices.OniOS,ITmayrequirealphanumericpasscodes</p><p>withminimumlengthandspecialcharactersandlimitpasscodeage,reuse,</p><p>idletime,orfailedentryattempts.OnAndroid3+,ITcanenforceallofthis,</p><p>plusrequireupper/lowercaseletters,digits,andsymbols.EveryMDMthat</p><p>supportsiOSandAndroidexhibitsthisdifferencebecauseitreflectsnative</p><p>OScapabilities.However,theextenttowhicheachMDMtriestohidesuch</p><p>differencesunderunifiedconsoleswith</p><p>aconsistentlookandfeelvarieswidely.</p><p>Inothercases,mobiledeviceman-</p><p>agementsystemscandolittletomask</p><p>underlyingdiversity.Forexample,IT</p><p>canuseanyMDMonthemarkettore-</p><p>questafull-devicewipe.Becauseall</p><p>AppleiPhonesandiPadsnowsupport</p><p>full-deviceencryption,remotewipe</p><p>easilyrendersdatainaccessible.How-</p><p>ever,wipingmostAndroidphonessim-</p><p>plyresetsthemtofactorydefault,leavingcleartextbehindonremovable</p><p>storage.MDMscannoteliminatethisnativeshortcomingdoingsofallsto</p><p>devicemanufacturers.ButMDMscanprovidetoolstocentrallyinvokere-</p><p>motewipe,confirmarequestedwipehasbeencompleted,reportonallwiped</p><p>devices(includingownershipandlastknownlocation),andclearlydescribe</p><p>theconsequencesforeachwipeddevice.</p><p>ThisiswhereMDMdepthcomesintoplay.SomeMDMssticktomanag-</p><p>inghardware,softwareandpolicies.OtherMDMspileonvalue-addedse-</p><p>curitymeasures.Forexample,someMDMscreatetheirownauthenticated,</p><p>encrypteddatacontainersonmanageddevices.Anyenterprisedatastored</p><p>inthosecontainerscanbereliablywiped,evenonphonesandtabletsthat</p><p>donotsupportnativefull-deviceencryption.Moreover,thisapproachlets</p><p>On iOS, IT may require alphanumeric passcodes with mini-mum length and special characters and limit passcode age, reuse, idle time, or failed entry attempts.</p></li><li><p>6 MOBILE DEVICE MANAGEMENT</p><p>Home</p><p>Editors Note</p><p>BYOD Increase Calls For Enterprise Mobile Device Management </p><p>Systems</p><p>Mitigating BYOD Risks With Mobile Device </p><p>Management Systems</p><p>Mdm 2.0: Meeting New Mobility </p><p>Management Needs</p><p>OPENER3 lines is max title length.</p><p>Style title. Then use hard return to push last line of title to sit on </p><p>this baseline.</p><p>All pages: text begins on this baseline</p><p>OPENER1st text baseline begins here.</p><p>To change slug and # txt.</p><p>On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.</p><p>This will keep the slug text in front of the number</p><p>2MDM SYSTEMSITwipedataconsistentlyacrossallMDM-supportedplatforms.However,</p><p>MDMsthatincludethesevalue-addstendtohavemoredevice-specificde-</p><p>pendenciesandlimitationsthanMDMsthatfocusonmanagement.</p><p>LIFECYCLE MANAGEMENT</p><p>Enterprisesflockingtomulti-platformMDMtechnologytogainITvisibility</p><p>andcontroloverpersonallyowneddevicesmayfindithardtodirectlycom-</p><p>pareproducts.Heritageplaysarole:SomeMDMshistoricallyfocusedon</p><p>mobileexpensemanagement,othersstartedwithmobileapplicationman-</p><p>agementandstillothersspecializedinmobilesecurity.Yetmostofthese</p><p>MDMsdeliverfoundationalcapabilitiessuchasinventoryandpolicyman-</p><p>agementthatcausethemtoappear</p><p>superficiallysimilar.Drillingbeyond</p><p>functionalcomparisoncanalsoreveal</p><p>significantdifferencesinautomation,</p><p>usability,scalabilityandintegration.</p><p>Onewaytoreduceconfusionisto</p><p>prefaceMDMproductselectionwith</p><p>aninventoryofbusinessmobilityneeds</p><p>andusecases.WhenIDCsurveyed</p><p>businessesabouttheirabilitytosup-</p><p>portconsumerdevicesinthework-</p><p>place,fouroutoffiverespondentsidentifiedpolicycomplianceanddata</p><p>security/accessastopconcerns.However,nearlythesamepercentagecited</p><p>ensuringITsupportandresourceavailability,readyingmobileapplications</p><p>andsettingemployeesupwithmultipledevicesasmajorissues.Inother</p><p>words,choosinganMDMbasedonitsabilitytomeetsecurityneedsalone</p><p>maybeshortsighted.</p><p>Instead,beginwithlifecyclemanagement.Eveniftheemployerdoesnot</p><p>ownanemployeesmobiledevice,itownsthebusinessdataandapplications</p><p>storedonthatdevice.Startbyestablishingaprocessfortrackingandmanag-</p><p>ingthoseassetsthrougheachdeviceslifetime.</p><p>Enterprises flocking to multiplatform MDM technology to gain IT visibility and control over personally owned devices may find it hard to directly compare products.</p></li><li><p>7 MOBILE DEVICE MANAGEMENT</p><p>Home</p><p>Editors Note</p><p>BYOD Increase Calls For Enterprise Mobile Device Management </p><p>Systems</p><p>Mitigating BYOD Risks With Mobile Device </p><p>Management Systems</p><p>Mdm 2.0: Meeting New Mobility </p><p>Management Needs</p><p>OPENER3 lines is max title length.</p><p>Style title. Then use hard return to push last line of title to sit on </p><p>this baseline.</p><p>All pages: text begins on this baseline</p><p>OPENER1st text baseline begins here.</p><p>To change slug and # txt.</p><p>On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.</p><p>This will keep the slug text in front of the number</p><p>2MDM SYSTEMSDoingsocreatesanessentialfoundationfornotjustsecuritymanage-</p><p>ment,butexpensetracking,userassistance,applicationanddatadeployment</p><p>andmore.MDMscanenablelifecyclemanagementbyautomatingdeviceen-</p><p>rollment,monitoringandde-enrollment,independentofownership.Most</p><p>MDMssupportIT-initiatedenrollment;somealsoofferuser-initiateden-</p><p>rollment.Eitherway,usersfollowlinkstoaself-helpenrollmentportalwhere</p><p>theyarepromptedtoentercredentials.</p><p>Behindthescenes,theMDMtypicallyauthenticatestheuserandcom-</p><p>paresuseranddevicetoIT-definedpolicies.Ifthisuserispermittedtoen-</p><p>rollthisdevice,basedonmake/model,OS,ownershipandgroupmembership,</p><p>accessmaybeauthorized.MDMsmaydisplayanacceptableusepolicyand</p><p>issueadevicecertificatebeforecontinuingontoprovisionthedeviceover-</p><p>the-air,applyingdevicesettings,securitypoliciesandapplications.</p><p>Byautomatingenrollment,ITcandeliverscalablesupportformanyper-</p><p>sonallyowneddeviceswhileplacingwelldefinedlimitsonacceptableuse.</p><p>Devicesthatpassmustercanbeoutfittedforsafeproductivebusinessuse,</p><p>leavingITwell-positionedtocontinuallymonitoractivityandenforcesecu-</p><p>ritypolicycompliance.Ifanenrolleddeviceshouldbelostorstolenorbe-</p><p>comenon-compliant,ITcanuseMDMtoremotelyfind,lockorwipeit.</p><p>Inaddition,MDMmaybeusedtoinvoketemporarystop-lossactionssuch</p><p>asremovingsettingsthatpermitcorporateemail,VPNorapplicationaccess.</p><p>Eventually,whentheemployeeleavesthecompanyorthedeviceisreplaced,</p><p>MDMcaneasilyde-enrollitwhilewipingcorporateassets.ManyMDMscan</p><p>nowdifferentiatebetweenfull-deviceandenterprisewipe,lettingITdecom-</p><p>missionanemployeesdevicewithoutharmingpersonaldata.n</p></li><li><p>8 MOBILE DEVICE MANAGEMENT</p><p>Home</p><p>Editors Note</p><p>BYOD Increase Calls For Enterprise Mobile Device Management </p><p>Systems</p><p>Mitigating BYOD Risks With Mobile Device </p><p>Management Systems</p><p>Mdm 2.0: Meeting New Mobility </p><p>Management Needs</p><p>OPENER3 lines is max title length.</p><p>Style title. Then use hard return to push last line of title to sit on </p><p>this baseline.</p><p>All pages: text begins on this baseline</p><p>OPENER1st text baseline begins here.</p><p>To change slug and # txt.</p><p>On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.</p><p>This will keep the slug text in front of the number</p><p>3DEPLOYING MDMMitigating BYOD Risks With Mobile Device Management Systems</p><p>Once enterprises understand thebenefitsandlimitationsofmobilede-</p><p>vicemanagement(MDM)technologyandbegin...</p></li></ul>