Portait-Handbook-Mobile Device Management Hb Final

Download Portait-Handbook-Mobile Device Management Hb Final

Post on 10-Nov-2015

223 views

Category:

Documents

7 download

DESCRIPTION

MDM Portait Handbook

TRANSCRIPT

  • Mobile Device ManagementThe increase of BYOD in the enterprise has forced IT security teams to find new ways to secure corporate and personal data while allowing flexible user access. In this Tech Guide, learn vital information regarding the booming BYOD trend in the enterprise and how IT teams are looking to MDM solutions to control and protect corporate data on mobile devices. BY LISA PHIFER

    Tech Guide

    1 2 3 4EDITORS NOTE BYOD INCREASE

    CALLS FOR ENTER-PRISE MOBILE DEVICE MANAGE-MENT SYSTEMS

    MITIGATING BYOD RISKS WITH MOBILE DEVICE MANAGEMENT SYSTEMS

    MDM 2.0: MEETING NEW MOBILITY MANAGEMENT NEEDS

    VIRT

    UAL

    IZAT

    ION

    CLO

    UD

    APPL

    ICAT

    ION

    DEV

    ELO

    PMEN

    T

    NET

    WO

    RKIN

    G

    STO

    RAG

    E AR

    CHIT

    ECTU

    RE

    DATA

    CEN

    TER

    MAN

    AGEM

    ENT

    BUSI

    NES

    S IN

    TELL

    IGEN

    CE/A

    PPLI

    CATI

    ON

    S

    DIS

    ASTE

    R RE

    COVE

    RY/C

    OM

    PLIA

    NCE

    SECU

    RITY

  • 2 MOBILE DEVICE MANAGEMENT

    Home

    Editors Note

    BYOD Increase Calls For Enterprise Mobile Device Management

    Systems

    Mitigating BYOD Risks With Mobile Device

    Management Systems

    Mdm 2.0: Meeting New Mobility

    Management Needs

    OPENER3 lines is max title length.

    Style title. Then use hard return to push last line of title to sit on

    this baseline.

    All pages: text begins on this baseline

    OPENER1st text baseline begins here.

    To change slug and # txt.

    On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.

    This will keep the slug text in front of the number

    1EDITORS NOTEMDM Systems Take Hold as BYOD Booms

    BYOD in the enterpriseisbooming,andITsecurityteamsaregrapplingto

    control,monitorandprotectessentialcorporateinformationtransmitted

    fromandstoredonmobiledevices.ITsecurityteamsneedtomaintainsecu-

    rityandensurecompliancewhilestillallowingflexibleuseraccess.Sowhat

    isanITsecurityteamtodo?

    Inthistechnicalguide,wirelessexpert,LisaPhiferdiscusseshowthe

    BYODtrendisleadingITteamstoinvestinanddeploymobiledeviceman-

    agement(MDM)solutions.YoulllearnhowtodeterminewhetheranMDM

    systemisrightforyourorganization,ifyourexistingsystemscanprovidethe

    necessarysecuritycontrols,orifadditionaldevicemanagementfeaturesmay

    berequired.OnceyouvedeterminedthatdeployinganMDMsystemisthe

    rightchoiceforyourorganization,Phiferexplainshowtodeployandapply

    MDMtoreducesecurityrisksbroughtonbyBYOD.Thisincludesenforc-

    ingcomplianceandtestingtheMDMsystembeforefullydeployingitinyour

    environment.

    Lastly,PhiferexplorestheideaofMDM2.0securityandcontrolbeyond

    smartphonesandtablets.Asmobilesecurityintheenterprisecontinuesto

    expand,takingalookatthefuturecanhelpITsecurityteamsprepareforthe

    nextwaveofMDM.PhiferdiscusseslettinggooftheideathatMDMisatool

    formobiledevicelockdown,butinsteadameansforprovidingcustomizable

    securityandcontrolbasedonausersneedsandpreferences.n

    Rachel Shuster

    Associate Managing Editor, TechTargets Security Media Group

  • 3 MOBILE DEVICE MANAGEMENT

    Home

    Editors Note

    BYOD Increase Calls For Enterprise Mobile Device Management

    Systems

    Mitigating BYOD Risks With Mobile Device

    Management Systems

    Mdm 2.0: Meeting New Mobility

    Management Needs

    OPENER3 lines is max title length.

    Style title. Then use hard return to push last line of title to sit on

    this baseline.

    All pages: text begins on this baseline

    OPENER1st text baseline begins here.

    To change slug and # txt.

    On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.

    This will keep the slug text in front of the number

    2MDM SYSTEMSBYOD Increase Calls for Enterprise Mobile Device Management Systems

    Multi-platform mobile device managementsystemsaregainingafoot-

    holdinenterprisesanxioustomeettheneedsoftodaysexpandingmobile

    workforce.Whilenosilverbullet,MDMtechnologycangiveITcentralized,

    scalablevisibilityandcontrolovertheunrulybring-your-owndevice(BYOD)

    trend.

    InarecentstudybyPonemonInstitute,mostorganizationsagreedthat

    mobiledevicescreatedbusinessriskbutwereimportanttoachievingbusi-

    nessobjectives.However,just39%haddeployedsecuritycontrolsneeded

    toaddressthatrisk;fewerthanhalfofthosecouldenforcemobilesecurity

    policies.

    Unfortunately,thislaxgovernancehasalreadyresultedinnon-compli-

    anceanddatabreaches.InPonemonssurvey,59%saidemployeesdisen-

    gagedfundamentalmeasuressuchaspasswords;another12%wereunsure.

    Itshould,therefore,comeasnosurprisethathalfofthoseorganizationshad

    experiencedmobiledatalossduringthepastyear.

    Giventherashofemployee-ownedsmartphonesandtabletsnowfinding

    theirwayintotheworkplace,ITsimplymustfindawaytomanagemobile

    applicationandsystemaccesswhilekeepingcorporatedatasecure.Fortu-

    nately,anewcropofmulti-platformMDMproductsandservicesstandready

    tohelpITachievetheseobjectivesandmitigateBYODrisks.However,or-

    ganizationsneedtounderstandthebenefits,nuancesandlimitationsofthis

    emergingtechnologybeforetakingtheplunge.

    THE RISE OF MULTI-PLATFORM MDM

    Mobiledevicemanagementsystemsarenotarecentphenomenon.

  • 4 MOBILE DEVICE MANAGEMENT

    Home

    Editors Note

    BYOD Increase Calls For Enterprise Mobile Device Management

    Systems

    Mitigating BYOD Risks With Mobile Device

    Management Systems

    Mdm 2.0: Meeting New Mobility

    Management Needs

    OPENER3 lines is max title length.

    Style title. Then use hard return to push last line of title to sit on

    this baseline.

    All pages: text begins on this baseline

    OPENER1st text baseline begins here.

    To change slug and # txt.

    On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.

    This will keep the slug text in front of the number

    2MDM SYSTEMSEnterpriseshavelongmanagedcompany-issuedBlackBerrysandWindows

    MobilesviaBlackBerryEnterpriseServer(BES)andMicrosoftExchangeAc-

    tiveSync(EAS).ButyesterdaysnarrowlyfocusedMDMscouldnothandle

    theconsumersmartphonesandtabletsthatfloodedtheworkplacefollow-

    ingApplesiPhonereleasein2007.Ashandsetprocurementrapidlyshifted

    fromemployertoemployee,drivenbybudgetcutsandworkforcedemands,

    ITgroupswereleftscramblingformoreextensibletools.

    Initially,IThadlittlechoicebuttoreduceiPhoneriskbyapplyingEAS

    policiestopreventcorporateemailaccessbynon-passcodedphonesand

    remotelywipethosethatwerelost.Butthesebasicmeasuresfellshortof

    governanceneeds.Certainly,theydidnotsatisfycompliancemandatesto

    encryptdataatrest,norcouldtheydeliverproofofcontinuousenforce-

    mentormeetaccesstrackingandauditrequirements.AlthoughEASsup-

    portinnewerdevicescontinuestoexpand,thismessaging-centricapproach

    isplaguedbyinconsistencyandcannotmeetbroadermobilitymanagement

    requirements.

    Byearly2010,iPhoneshadbeenjoinedbyiPadsandAndroids,fueling

    growthofthemulti-platformMDMmarket.Nichemulti-platformMDMs

    previouslyusedbycellularcompaniesandhighlymobileverticalssuchas

    retailquicklyexpandedtoembraceiOS4,followedbyAndroid2.2.Today,

    multi-platformMDMsareviablealternativestoBESorEAS,givingenter-

    prisesasinglepaneofglassthroughwhichtomonitorandmanageanin-

    creasinglydiversearrayofcorporateandbring-your-ownphonesandtablets.

    MDM BREADTH AND DEPTH

    UnlikeBES,whichusesaproprietaryapproachtomanageonlyRIMdevices

    runningtheBlackBerryOS,multi-platformMDMsarethird-partyprod-

    uctsthatuseopenAPIstotapthenativeinterfacesandcapabilitiesoffered

    bymanydifferentdevices.Today,itiscommonforMDMstomanageApple

    devicesrunningiOS4+,Samsung/Motorola/HTC/LGdevicesrunningAn-

    droid2.2+,andanarrayofhandheldandembeddeddevicesrunningWinCE

    andWindowsMobile.LimitedMDMsupportcanalsobefoundforWindows

  • 5 MOBILE DEVICE MANAGEMENT

    Home

    Editors Note

    BYOD Increase Calls For Enterprise Mobile Device Management

    Systems

    Mitigating BYOD Risks With Mobile Device

    Management Systems

    Mdm 2.0: Meeting New Mobility

    Management Needs

    OPENER3 lines is max title length.

    Style title. Then use hard return to push last line of title to sit on

    this baseline.

    All pages: text begins on this baseline

    OPENER1st text baseline begins here.

    To change slug and # txt.

    On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.

    This will keep the slug text in front of the number

    2MDM SYSTEMSPhoneandWebOSdevices.However,thedegreeofmonitoringandcontrol

    deliveredforeachmanageddevicevariesbymake/modelandOSversion.

    Forexample,MDMscanusuallyenforcedevice-levelaccesscontrolson

    iOSandAndroiddevices.OniOS,ITmayrequirealphanumericpasscodes

    withminimumlengthandspecialcharactersandlimitpasscodeage,reuse,

    idletime,orfailedentryattempts.OnAndroid3+,ITcanenforceallofthis,

    plusrequireupper/lowercaseletters,digits,andsymbols.EveryMDMthat

    supportsiOSandAndroidexhibitsthisdifferencebecauseitreflectsnative

    OScapabilities.However,theextenttowhicheachMDMtriestohidesuch

    differencesunderunifiedconsoleswith

    aconsistentlookandfeelvarieswidely.

    Inothercases,mobiledeviceman-

    agementsystemscandolittletomask

    underlyingdiversity.Forexample,IT

    canuseanyMDMonthemarkettore-

    questafull-devicewipe.Becauseall

    AppleiPhonesandiPadsnowsupport

    full-deviceencryption,remotewipe

    easilyrendersdatainaccessible.How-

    ever,wipingmostAndroidphonessim-

    plyresetsthemtofactorydefault,leavingcleartextbehindonremovable

    storage.MDMscannoteliminatethisnativeshortcomingdoingsofallsto

    devicemanufacturers.ButMDMscanprovidetoolstocentrallyinvokere-

    motewipe,confirmarequestedwipehasbeencompleted,reportonallwiped

    devices(includingownershipandlastknownlocation),andclearlydescribe

    theconsequencesforeachwipeddevice.

    ThisiswhereMDMdepthcomesintoplay.SomeMDMssticktomanag-

    inghardware,softwareandpolicies.OtherMDMspileonvalue-addedse-

    curitymeasures.Forexample,someMDMscreatetheirownauthenticated,

    encrypteddatacontainersonmanageddevices.Anyenterprisedatastored

    inthosecontainerscanbereliablywiped,evenonphonesandtabletsthat

    donotsupportnativefull-deviceencryption.Moreover,thisapproachlets

    On iOS, IT may require alphanumeric passcodes with mini-mum length and special characters and limit passcode age, reuse, idle time, or failed entry attempts.

  • 6 MOBILE DEVICE MANAGEMENT

    Home

    Editors Note

    BYOD Increase Calls For Enterprise Mobile Device Management

    Systems

    Mitigating BYOD Risks With Mobile Device

    Management Systems

    Mdm 2.0: Meeting New Mobility

    Management Needs

    OPENER3 lines is max title length.

    Style title. Then use hard return to push last line of title to sit on

    this baseline.

    All pages: text begins on this baseline

    OPENER1st text baseline begins here.

    To change slug and # txt.

    On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.

    This will keep the slug text in front of the number

    2MDM SYSTEMSITwipedataconsistentlyacrossallMDM-supportedplatforms.However,

    MDMsthatincludethesevalue-addstendtohavemoredevice-specificde-

    pendenciesandlimitationsthanMDMsthatfocusonmanagement.

    LIFECYCLE MANAGEMENT

    Enterprisesflockingtomulti-platformMDMtechnologytogainITvisibility

    andcontroloverpersonallyowneddevicesmayfindithardtodirectlycom-

    pareproducts.Heritageplaysarole:SomeMDMshistoricallyfocusedon

    mobileexpensemanagement,othersstartedwithmobileapplicationman-

    agementandstillothersspecializedinmobilesecurity.Yetmostofthese

    MDMsdeliverfoundationalcapabilitiessuchasinventoryandpolicyman-

    agementthatcausethemtoappear

    superficiallysimilar.Drillingbeyond

    functionalcomparisoncanalsoreveal

    significantdifferencesinautomation,

    usability,scalabilityandintegration.

    Onewaytoreduceconfusionisto

    prefaceMDMproductselectionwith

    aninventoryofbusinessmobilityneeds

    andusecases.WhenIDCsurveyed

    businessesabouttheirabilitytosup-

    portconsumerdevicesinthework-

    place,fouroutoffiverespondentsidentifiedpolicycomplianceanddata

    security/accessastopconcerns.However,nearlythesamepercentagecited

    ensuringITsupportandresourceavailability,readyingmobileapplications

    andsettingemployeesupwithmultipledevicesasmajorissues.Inother

    words,choosinganMDMbasedonitsabilitytomeetsecurityneedsalone

    maybeshortsighted.

    Instead,beginwithlifecyclemanagement.Eveniftheemployerdoesnot

    ownanemployeesmobiledevice,itownsthebusinessdataandapplications

    storedonthatdevice.Startbyestablishingaprocessfortrackingandmanag-

    ingthoseassetsthrougheachdeviceslifetime.

    Enterprises flocking to multiplatform MDM technology to gain IT visibility and control over personally owned devices may find it hard to directly compare products.

  • 7 MOBILE DEVICE MANAGEMENT

    Home

    Editors Note

    BYOD Increase Calls For Enterprise Mobile Device Management

    Systems

    Mitigating BYOD Risks With Mobile Device

    Management Systems

    Mdm 2.0: Meeting New Mobility

    Management Needs

    OPENER3 lines is max title length.

    Style title. Then use hard return to push last line of title to sit on

    this baseline.

    All pages: text begins on this baseline

    OPENER1st text baseline begins here.

    To change slug and # txt.

    On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.

    This will keep the slug text in front of the number

    2MDM SYSTEMSDoingsocreatesanessentialfoundationfornotjustsecuritymanage-

    ment,butexpensetracking,userassistance,applicationanddatadeployment

    andmore.MDMscanenablelifecyclemanagementbyautomatingdeviceen-

    rollment,monitoringandde-enrollment,independentofownership.Most

    MDMssupportIT-initiatedenrollment;somealsoofferuser-initiateden-

    rollment.Eitherway,usersfollowlinkstoaself-helpenrollmentportalwhere

    theyarepromptedtoentercredentials.

    Behindthescenes,theMDMtypicallyauthenticatestheuserandcom-

    paresuseranddevicetoIT-definedpolicies.Ifthisuserispermittedtoen-

    rollthisdevice,basedonmake/model,OS,ownershipandgroupmembership,

    accessmaybeauthorized.MDMsmaydisplayanacceptableusepolicyand

    issueadevicecertificatebeforecontinuingontoprovisionthedeviceover-

    the-air,applyingdevicesettings,securitypoliciesandapplications.

    Byautomatingenrollment,ITcandeliverscalablesupportformanyper-

    sonallyowneddeviceswhileplacingwelldefinedlimitsonacceptableuse.

    Devicesthatpassmustercanbeoutfittedforsafeproductivebusinessuse,

    leavingITwell-positionedtocontinuallymonitoractivityandenforcesecu-

    ritypolicycompliance.Ifanenrolleddeviceshouldbelostorstolenorbe-

    comenon-compliant,ITcanuseMDMtoremotelyfind,lockorwipeit.

    Inaddition,MDMmaybeusedtoinvoketemporarystop-lossactionssuch

    asremovingsettingsthatpermitcorporateemail,VPNorapplicationaccess.

    Eventually,whentheemployeeleavesthecompanyorthedeviceisreplaced,

    MDMcaneasilyde-enrollitwhilewipingcorporateassets.ManyMDMscan

    nowdifferentiatebetweenfull-deviceandenterprisewipe,lettingITdecom-

    missionanemployeesdevicewithoutharmingpersonaldata.n

  • 8 MOBILE DEVICE MANAGEMENT

    Home

    Editors Note

    BYOD Increase Calls For Enterprise Mobile Device Management

    Systems

    Mitigating BYOD Risks With Mobile Device

    Management Systems

    Mdm 2.0: Meeting New Mobility

    Management Needs

    OPENER3 lines is max title length.

    Style title. Then use hard return to push last line of title to sit on

    this baseline.

    All pages: text begins on this baseline

    OPENER1st text baseline begins here.

    To change slug and # txt.

    On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.

    This will keep the slug text in front of the number

    3DEPLOYING MDMMitigating BYOD Risks With Mobile Device Management Systems

    Once enterprises understand thebenefitsandlimitationsofmobilede-

    vicemanagement(MDM)technologyandbegindeployinganMDMsolution,

    ITcannowdeploy,auditandenforceappropriatesecuritycontrols.

    Typically,ITcanuseMDMtoremotelyconfigurenativedevicesettings

    toreflectsecuritypolicies,including:requiringaPINorpassword;enabling

    auto-lockandauto-wipefeatures;encryptingdataatrestonthedevice,re-

    movablemediaorinthecloud;protectingdata-in-motionoveremail,VPN

    orWi-Fi;andselectivelydisablinghardwareandOSfeaturessuchasinte-

    gratedcameras.Whenproperlyconfigured,thesenativesettingsdelivermost

    (butnotall)mobilesecuritybestpracticesforpersonalsmartphonesand

    tablets.

    Aspreviouslynoted,supportedpoliciesdovarybydevicemake/modeland

    OS.However,mobiledevicemanagementsystemsgenerallytrytomaximize

    ITaccesstonativesettings.Forexample,anyMDMthatsupportsiOSdevice

    managementletsITseteveryApple-supportedConfigurationProfileattri-

    bute.MDM-configuredcontrolsforAndroidaremorevariedbecausethede-

    vicesthemselvesaremorediverse.Notably,manufacturerssuchasSamsung

    andMotorolahaveextendednativeAPIswithproprietaryattributestogive

    ITgreatervisibility,controlandflexibility.

    Ultimately,mobilesecuritymanagementrequirescarefulanalysisofnative

    deviceandOSfeaturesneededtoimplementpoliciesandconfirmationthat

    anyMDMunderconsiderationcandelivervisibilityandcontroloverthose

    features.Wherenativecapabilitiesareinsufficient,MDMscanalsohelpby

    deploying,configuringandenforcingthird-partysecuritymeasures.

    Forexample,healthcareorganizationsoftenuseMDMtocentrallydeploy

  • 9 MOBILE DEVICE MANAGEMENT

    Home

    Editors Note

    BYOD Increase Calls For Enterprise Mobile Device Management

    Systems

    Mitigating BYOD Risks With Mobile Device

    Management Systems

    Mdm 2.0: Meeting New Mobility

    Management Needs

    OPENER3 lines is max title length.

    Style title. Then use hard return to push last line of title to sit on

    this baseline.

    All pages: text begins on this baseline

    OPENER1st text baseline begins here.

    To change slug and # txt.

    On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.

    This will keep the slug text in front of the number

    3DEPLOYING MDMtwo-factorauthentication,VPNclientsandvirtualdesktopapplications.En-

    terprisesconcernedaboutmobilemalwarecanuseMDMtopushsandboxed

    browsersandantimalware.ToanMDM,thesearesimplyapplicationsthat

    mustbeinstalledandmaintained.Forthisreason,organizationsfocused

    onMDMtoenablesecurityshouldalsoevaluateeachproductsapplication

    managementcapabilities.

    ENFORCING COMPLIANCE WITH MDM TECHNOLOGY

    Forsmallmobileworkforces,ITcouldenrolldevicesonebyone,manually

    installingrequiredsecurityandbusinessapplications,butthatdoesnotscale

    nordoesitenablecontinuousmonitoringandenforcement.Thisiswhere

    MDMtechnologycanyieldreturnoninvestmentthroughlogging,auditing

    andcomplianceenforcement.

    Mobiledevicemanagementsystemscancapitalizeontheirover-the-air

    accesstoenrolledsmartphonesandtablets.Evenifdevicesneverreturnto

    theoffice,MDMscanpollthemtoverifysettingsanddetecteventssuchas

    PINdisablementorblacklistedapplicationinstallation.Somemobiledevices

    andsettingscanbemonitoredfromafarusingnothingmorethannative

    APIsnotablyAppleiPadsandiPhones.DeeperthanEASinsightonother

    devices(e.g.,Android,WindowsMobile)usuallyrequiresinstallingadevice-

    residentMDMagent.

    Today,MDMvendorspublishtheiragentsattheGoogleAndroidMar-

    ketortheAppleAppStorewhereuserscanfreelydownloadthem.Uponin-

    stallation,agentsconnecttoacorporateMDMserverthatmaybeinstalled

    on-premises,hostedbyamanagedserviceprovider,oroperatedasacloud

    service.Thereafter,MDMagentscanserveasITseyesandears,loggingac-

    tivities,reportingonevents,andcarryingoutMDMrequeststhatgobeyond

    nativecapabilities.

    Forexample,ithasbecomecommonforMDMagentstoofferjailbreakor

    rootdetection.Jailbreakingorrootingposebusinessrisksbecausetheyren-

    dertheunderlyingOSunreliableandraiseconcernsaboutdeviceintegrity.

    JailbrokenAppledevicesarevulnerabletomobilemalwaredownloadedfrom

  • 10 MOBILE DEVICE MANAGEMENT

    Home

    Editors Note

    BYOD Increase Calls For Enterprise Mobile Device Management

    Systems

    Mitigating BYOD Risks With Mobile Device

    Management Systems

    Mdm 2.0: Meeting New Mobility

    Management Needs

    OPENER3 lines is max title length.

    Style title. Then use hard return to push last line of title to sit on

    this baseline.

    All pages: text begins on this baseline

    OPENER1st text baseline begins here.

    To change slug and # txt.

    On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.

    This will keep the slug text in front of the number

    3DEPLOYING MDMnon-Applewebsites.RootedAndroiddevicesareevenmorevulnerablebe-

    causeapplicationscanaccessnormallyprivilegedfeatures.

    Byimmediatelydetectingsuchactivity,MDMagentscannotifyadminis-

    tratorsandusers.ITcaneveninstallenforcementpoliciesthatautomatically

    takeactionssuchasdisablingemailorVPNaccessorremovingenterprise

    applicationsorevenwipinganoffendingdevice.Althoughavailableactions

    arelimitedbythemobileOS,theycanstillgoalongwaytowardsreducing

    businessriskandencouragingvoluntarycompliance.

    TEST-DRIVE MDM SYSTEMS BEFORE BUYING

    LikeanyothertechnologydesignedtoassistITwithsecurityenforcement,

    MDMisameanstoanend.OrganizationsshouldnotexpectMDMstomagi-

    callykeepamobileworkforcesecureanymorethanafirewallcanbeexpected

    tokeepacorporatenetworksafe.MDMsrequirecarefulselection,basedon

    abilitytomeetbusinessneeds,implementdesiredpolicies,integratewith

    existinginfrastructureandsupportworkflows.

    ThoseworkflowsandrelatedITprocessesshouldnotbeleftasapost-de-

    ploymentexercise.Diversitywithinthemulti-platformMDMmarketbe-

    comesmostapparentwhenorganizationsbegintouseproductstomanage

    real-worlddevices.Forbestresults,pilotafewMDMproductsbyattempting

    toassertandenforceanacceptableusepolicyonvariousdevicesofimpor-

    tancetoyourworkforce.n

  • 1 1 MOBILE DEVICE MANAGEMENT

    Home

    Editors Note

    BYOD Increase Calls For Enterprise Mobile Device Management

    Systems

    Mitigating BYOD Risks With Mobile Device

    Management Systems

    Mdm 2.0: Meeting New Mobility

    Management Needs

    OPENER3 lines is max title length.

    Style title. Then use hard return to push last line of title to sit on

    this baseline.

    All pages: text begins on this baseline

    OPENER1st text baseline begins here.

    To change slug and # txt.

    On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.

    This will keep the slug text in front of the number

    4MDM 2.0MDM 2.0: Meeting New Mobility Management Needs

    While security teams aregettingagriponsmartphonesandtablets

    throughbasicmobiledevicemanagement(MDM),enterprisemobilityre-

    quirementscontinuetoevolve.Toaddresstheseadvancedneeds,betterin-

    tegratedandmoregranularMDMtoolsareemerging.Letslookatsomeof

    theseinnovationsandhowtoputthemtowork.

    MDMproductsinitiallyfocusedondeviceinventoryandprovisioningbut

    haveexpandedtoaddressabroaderrangeofneeds,fromsecuritycontrolsto

    expensemanagement.However,BYODisnowdrivinginterestinmoregranu-

    lartoolstomanagenotonlyentiredevices,butalsotheindividualbusiness

    assetscarriedonthem,specifically,applicationsandcontent.

    TodaysMDMproductsoftenincludeapplicationmanagementfunctions,

    rangingfromsoftwareinventoryandwhitelist/blacklistcontrolstoapplica-

    tioninstallation,configuration,updateanddisablement/removal.Onein-

    novationcalledappwrappingbeefsupenterpriseappstomeetsecurity

    requirements.FiberlinkCommunicationsCorp.sMaaS360SecureProduc-

    tivitySuitecanunpackIT-uploadedapps;insertcannedsecurityfunctions

    (suchasauthenticationordataleakprevention);andrepackthemfordeploy-

    mentontomanageddevices.Thiscanhelpemployersdeliverconsistently

    securedappswithoutrelyingonlyonhighlyvariablenativedeviceandapp

    capabilities.

    Anothertrendisdecouplingsecurelymanageddatafromfull-blowndevice

    management.AirWatchsMobileContentManagementproductcombines

    basicdeviceenrollmentandcompliancewithdata-centricfunctions,includ-

    ingasecurecontainerinwhichtoplaceenterprisedataandtoolsthatIT

    canusetodeploy,updateanddeletedata.WhenaBYODisenrolled,ITcan

  • 12 MOBILE DEVICE MANAGEMENT

    Home

    Editors Note

    BYOD Increase Calls For Enterprise Mobile Device Management

    Systems

    Mitigating BYOD Risks With Mobile Device

    Management Systems

    Mdm 2.0: Meeting New Mobility

    Management Needs

    4OPENER

    3 lines is max title length.Style title. Then use hard return to push last line of title to sit on

    this baseline.

    All pages: text begins on this baseline

    OPENER1st text baseline begins here.

    MDM 2.0

    To change slug and # txt.

    On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.

    This will keep the slug text in front of the number

    auto-pushdocumentstoasecurestorageareathatissubjecttopoliciesthat

    controlofflineviewing,cut/pasteandotherdocumentsecuritymanagement

    activities.IfthatBYODlaterbecomesnon-compliant,ITcanremovethe

    containeranditsdocumentswithoutneedingorhavingtheabilitytowipe

    theentiredevice.

    RESPECTING PERSONAL PRIVACY

    MoregranularapplicationandcontentmanagementcapabilitiescanhelpIT

    enablebroadermobilitywithlesseffectonpersonalprivacy.However,some

    MDMproductsaremovingtooffermoregranularprivacyoptionstoaddress

    bothemployeeandlegal/regulatory

    concerns.

    BlackBerryEnterpriseService10

    includesBlackBerryBalance,amanage-

    mentcapabilitythatcarvesoutseparate

    secureWorkandPersonalspaces

    onBlackBerry10devices.Thisdual

    personaapproachoffersmorethana

    securecontainer;itcreatesanIT-man-

    aged,authenticated,encryptedWork

    Spaceinwhichemployeescaninter-

    actwithcorporateemail,secureWeb

    browsingandotherbusinessapplications.Employeeshavethefreedomtoin-

    stallanythingtheywantintheirownPersonalSpace,withoutbeingshackled

    byITpolicies,orworryingaboutITsnoopingonprivateactivities.

    AnotherwayinwhichMDMproductsaremovingtoenablepersonalfree-

    dominconcertwithITcontrolisgeo-fencing.Thistechniquecombinesa

    userscurrentlocationwithIT-definedpolicies.CitrixSystemsInc.sZe-

    nMobileMDMproductcanenforceproxy-basedURLfiltersanddisablede-

    vicecapabilities,suchascameraswhenusedinsideasecurefacility,but

    automaticallyliftthoserestrictionswhenthatdevicemovesoutsidethe

    fence.However,location-awarenesscanbeadouble-edgedsword;theres

    Another way in which MDM products are moving to enable per-sonal free dom in con-cert with IT control is geo-fencing. This tech-nique combines a users current location with IT-defined policies.

  • 13 MOBILE DEVICE MANAGEMENT

    Home

    Editors Note

    BYOD Increase Calls For Enterprise Mobile Device Management

    Systems

    Mitigating BYOD Risks With Mobile Device

    Management Systems

    Mdm 2.0: Meeting New Mobility

    Management Needs

    4OPENER

    3 lines is max title length.Style title. Then use hard return to push last line of title to sit on

    this baseline.

    All pages: text begins on this baseline

    OPENER1st text baseline begins here.

    MDM 2.0

    To change slug and # txt.

    On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.

    This will keep the slug text in front of the number

    adifferencebetweenusingcurrentlocationtomakepolicydecisionsand

    trackinghistoricallocation.Thelattercanraiseprivacyconcernsandso

    shouldbedoneonlywithcareand,ofcourse,consent.

    LEVERAGING INTEGRATION

    AsMDMproductsmature,theyarebecomingbetterintegratedwithexist-

    ingenterpriseinfrastructure.Tighterintegrationcanfacilitatebusinessmo-

    bility.Forexample,enterpriseSharePointresourcesorclouddataservices

    madeavailabletomobileusersviaintegrationwithmanagedsecurecontain-

    ers.Inaddition,MDMintegrationwithinfrastructurecanbehelpfulindeliv-

    eringseamless,securemobileuserexperience.

    EnterpriseidentitymanagementisahotareaofinnovationforMDM

    products.MostMDMproductscanbeconfiguredtointerfacewithenterprise

    directoriesmostoftenActiveDirectoryorLDAbindingenrolleddevices

    toauthorizeduseridentitiesand,perhaps,theirgroupmemberships.Secure-

    AuthCorp.sIdPisoneproductthattakesidentitymanagementintegration

    furtherbyusingidentityandaccessmanagement(IAM)andsingle-sign-on

    asamobilegatewayintotheenterprise.Forexample,ratherthangrantingac-

    cesstomanagedmobiledevices,IdPgrantsmobileaccesstoenrolledusers,

    basedonauthenticatedidentityandSSOtokens.

    TIGHTER INTEGRATION

    MDMproductsarealsoachievingtighterintegrationwithenterpriseWLAN

    infrastructure,ineffectusingthenetworkasaspringboardformoreauto-

    mateddeviceenrollment.Networkscomposedofwirelessaccesspointsand

    switchesfromAerohivecanbeconfiguredtodetectandfingerprintnewmo-

    biledevices,automaticallyredirectingthemtoaJAMFSoftwareorAirWatch

    MDMenrollmentportalforzero-touchprovisioning.Integratedapproaches,

    suchasthese,makeiteasiertoexpandmobilitytomoreuserswhiledeter-

    ringenterpriseaccessbyunknownandpotentiallyriskyBYODs.

    Astheseexamplesshow,todaysMDMproductsarenolongermonolithic

    systemsfocusedonbasicdevicemanagementandlittlemore.Infact,as

  • 14 MOBILE DEVICE MANAGEMENT

    Home

    Editors Note

    BYOD Increase Calls For Enterprise Mobile Device Management

    Systems

    Mitigating BYOD Risks With Mobile Device

    Management Systems

    Mdm 2.0: Meeting New Mobility

    Management Needs

    4OPENER

    3 lines is max title length.Style title. Then use hard return to push last line of title to sit on

    this baseline.

    All pages: text begins on this baseline

    OPENER1st text baseline begins here.

    MDM 2.0

    To change slug and # txt.

    On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.

    This will keep the slug text in front of the number

    MDMproductsgrowmorecapableandsophisticated,manyarebeingdecou-

    pledintoalacartecapabilities,whichallowITtomanageandsecuremobil-

    itydifferentlyforeachbusinessunitorworkgroup.

    Sodontbefooledbylabels;digdeeperintotheactualcapabilitiesoffered

    byeachMDMproduct,lookingforinnovationsthatcanhelpyourorganiza-

    tionexpandmobilitytodiverseusersandmanagetheirriskseffectively.The

    sameMDMproductmaywellsupportenterpriseidentity-based,full-de-

    vicemanagementforhigh-riskworkers;lighter-weightbutsecuredata-only

    managementforknowledgeworkers;andsecurely-wrappedappmanagement

    toenablenarrowaccessbyallothermobileworkers.

    Inshort,avoidthinkingaboutMDMasatoolforold-schoolcorporatede-

    vicelockdown.Developusecasesanddesiredsecuritypoliciesthatfocuson

    managingandsecurityonlyat-riskcorporateassets,thenletthosepolicies

    driveyoursearchforsuitableMDMproductsandcapabilitypackages.n

  • 15 MOBILE DEVICE MANAGEMENT

    Home

    Editors Note

    BYOD Increase Calls For Enterprise Mobile Device Management

    Systems

    Mitigating BYOD Risks With Mobile Device

    Management Systems

    Mdm 2.0: Meeting New Mobility

    Management Needs

    OPENER3 lines is max title length.

    Style title. Then use hard return to push last line of title to sit on

    this baseline.

    All pages: text begins on this baseline

    OPENER1st text baseline begins here.

    To change slug and # txt.

    On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.

    This will keep the slug text in front of the number

    ABOUTTHE

    AUTHOR

    LISA PHIFER ownsCoreCompetence,aconsultingfirmspecializinginbusinessuseofemergingnetworkandsecuritytechnology.Shehasbeeninvolvedinthedesign,implementationandevaluationofinternetworking,securityandman-agementproductsfor30years. ThisTechnicalGuideonMobile Device

    Management isaSecurityMediaGroupe-publication.

    Robert RichardsonEditorial Director

    Eric ParizoSenior Site Editor

    Kathleen RichardsFeatures Editor

    Kara GattineSenior Managing Editor

    Rachel ShusterAssociate Managing Editorr

    Linda KouryDirector of Online Design

    Neva ManiscalcoGraphic Designer

    Doug OlenderVice President/Group Publisherdolender@techtarget.com

    TechTarget 275 Grove Street, Newton, MA 02466

    www.techtarget.com

    2013TechTargetInc.Nopartofthispublicationmaybetransmittedorreproducedinanyformorbyanymeanswithoutwrittenpermissionfromthepublisher.TechTargetreprintsareavailablethroughTheYGSGroup.

    About TechTarget:TechTargetpublishesmediaforinformationtechnologyprofessionals.Morethan100focusedwebsitesenablequickaccesstoadeepstoreofnews,adviceandanalysisaboutthetech-nologies,productsandprocessescrucialtoyourjob.Ourliveandvirtualeventsgiveyoudirectaccesstoindependentexpertcommentaryandadvice.AtITKnowledgeExchange,oursocialcommunity,youcangetadviceandsharesolutionswithpeersandexperts.

Recommended

View more >