BYOD Part 2: Enterprise Mobility Management and Mobile Security

The first part of this two part series discussed BYOD Enterprise strategy and Policy. A few references in the article were made to enterprise mobility management and mobile security in this article and policy is a key factor in management, enforcement and resulting overall security for mobile device usage within the organization. This could apply to organization-owned or employee-owned devices, however in this case we will focus on an organization’s BYOD program.

Enterprise Mobility Management

Enterprise Mobility Management (EMM) also referred to as mobile device management (MDM, which is actually a component of EMM), represents a managed services solution for organizations to manage and monitor devices used within an organization be they organization-owned or employee owned (as in Bring Your Own Device). EMM is focused in large part on an organization’s BYOD program.

One such company is MobileIron a well-known provider of Enterprise Mobility Management solutions. MobileIron presents a “Mobile First” strategy in which organizations create business processes and applications with the mobile device in mind first. An important aspect of thinking Mobile First, according to MobileIron, is ensuring that content is available and secure so that end users can do their jobs with the device of their choice and the experience they expect. MobileIron builds a complete and well-architected enterprise mobility management platform for end users to feel confident in the long-term success of mobile initiatives.

MobileIron provides mobile device, app and content management software solutions.

Case Study: Equinix

Equinix connects more than 4,000 companies directly to their customers and partners inside the world’s most networked data centers. Businesses leverage the Equinix interconnection platform in 31 strategic markets across the Americas, EMEA, and Asia-Pacific. Founded in 1998 by two Internet visionaries, Equinix is headquartered in Redwood City, California and has more than 2,600 employees. The company earned revenues of $1.6 billion in 2011.

To ensure it could meet the demands of its tech-savvy global workforce, Equinix’s small information security staff implemented the MobileIron Platform. Equinix uses MobileIron to push new apps to employee devices, automate security policy enforcement, selectively or completely wipe data from lost or stolen devices, and maintain an up-to-the-minute view of its mobile environment.

For further information on this case study click on this link.

Other popular Enterprise Mobility Management companies are AirWatch by VMware, Good Technology, IBM and Dell.

Data Protection

One of the greatest concerns of an organization’s BYOD program is that of data protection, wherein their files and data may just be the most valuable assets. If this information is compromised in any type of manner, it could lead to major issues for that organization, including financial. Certain applications and solutions (hardware and software-based) help to take a further step toward securing these resources.

Accellion provides a secure alternative to other particular solutions for mobile workforce private cloud file sharing. Their newest product kiteworks is a mobile-first solution with a sophisticated new user-experience and three-tier private cloud architecture designed to enable people to work securely wherever they are. The secure online file-sharing function facilitates team and project collaboration, including virtual data rooms and deal rooms via secure file sharing and task management capabilities. It enables users to collaborate with others inside and outside the office enabling and work securely wherever, on whatever device.

Accellion provides a mobile content platform that enables secure access and sharing of enterprise content

Case study: Needham Bank

Needham Bank had a major challenge to solve: providing secure access to financial files for recipients
outside of the company. The organization’s large, project-based initiatives depended on it and email
was no longer a viable option. For example, a construction loan or a high-end leased office park might
involve 100 different appraisals, all of which needed to get into the hands of the appropriate lawyers
and appraisers. However, being able to send the documents was just one piece of the equation;
employees also needed to review documents, edit as required and easily collaborate to see projects
through to fruition.

Any collaboration solution chosen had to be deployed in a private cloud environment in order to
maintain industry compliance. Plus, the bank required a truly agnostic solution – one that worked
seamlessly across operating systems, mobile devices and various file servers and data repositories
such as Microsoft SharePoint.

For further information on this case study click on this link.

Ironkey by Imation is a provider of encrypted flash drives, external hard drives and workspace solutions that protect the mission-critical mobile workforce and their sensitive data. A recent study revealed that employees (in corporate, healthcare and government for example) are taking confidential information away from the office without the knowledge of their employer. Nearly two in five respondents said either they, or someone they know, have lost or had stolen a device in a public place.IronKey products ensure enterprise control to how your company data is protected and who has authorization to access that data.

Ironkey also manufactures the Windows to Go mobile drive, a Microsoft certified solution, which is essentially a PC on a Stick™ that equips employees and contractors with a portable Windows 8.1 corporate image. It comes complete with your applications, security controls and access policies stored on a ruggedized, fully manageable hardware encrypted USB flash drive.

Windows 8.1 To Go

Brian Kelly is IronKey’s U.S. Federal Practice Manager, responsible for all IronKey engagement with the Federal government. He says, “I strongly believe that remote work will continue to see tremendous growth in both the public and private sectors over the next few years… Employers must have a sound, mobile security approach that is not a detriment to their worker’s productivity. The operating assumption on a ‘work from home’ policy needs to consider that, if your practices are too strict or cumbersome, your employees will find a way around them because they value convenience over security. IronKey solutions help provide your users and IT departments with a simple, secure and manageable platform from which real world productivity can occur.” 

Ironkey Windows to Go features a range of safeguards from strong password protection and AES 256-bit hardware encryption to the FIPS 140-2 Level 3 validated security of IronKey Workspace W700 drives (pictured above).

Windows to Go use case: Disaster Recovery/Business Continuity

Problem: After losing enormous amounts of worker productivity nationwide due to weather and other disasters, this federal agency needed to craft a plan that would enable its workforce the ability to access critical networks and applications — with or without government-issued equipment like a laptop or tablet.

Business Situation: The agency could utilize the full functionality of their Microsoft Enterprise License Agreement – without incurring any additional licensing costs — to enable Windows To Go.

Solution: By deploying a secure IronKey Workspace solution, agency employees could have access to a fully managed, agency-approved Windows environment. Users are able to authenticate and boot their device from nearly any host machine — government-issued or personal with total environment isolation.

Mobile Security

Enterprise Mobility Management continues to be seen as a growing necessity for device,app and data management in the enterprise. Along with an EMM platform (such as Airwatch, MobileIron or Good), enterprise IT departments may require a full-scale mobile security approach and with that in mind there are certain companies that provide advanced and sophisticated solutions to monitor devices, enforce policy and secure assets. One such enterprise mobile security provider is AirPatrol, a company which provides a location-based mobile and cybersecurity platform.Their main solution — ZoneDefense, gives you capability of exact mobile device locationing, monitoring and policy enforcement on WiFi and Cellular networks.

Here is an example of how ZoneDefense works:

With ZoneDefense you’re capable of exact mobile device locationing, monitoring and policy enforcement on Wi-Fi and cellular networks.

The ZoneDefense Mobile Device Security Platform provides full-scope detection, locationing and monitoring of mobile devices to fully manage and mitigate the risks presented by rogue applications and careless or potentially malicious users. Looking at the image above, notice that there are blue and red color coded circles, the blue being devices that are registered (organization approved) and managed under policy, while the red (otherwise known as rogue) are those that are not provisioned under policy, in essence non-registered devices.. These are the devices that essentially may come under scrutiny as they move around the premises.

For registered devices ZoneDefense can automatically change security and application restrictions based on device location and user privileges. Devices color coded in red that are unknown and operating in monitored zones can be recognized with just a glance, while real time alerting provides immediate notice of any of these rogue devices entering secured zones. One of the main things that highlights the AirPatrol mobile security solution is that it integrates directly with most of the major EMM provider platforms, giving IT management full-scale BYOD management and security that includes policy enforcement as well.

“It’s impossible to fix something you don’t understand but that’s what many corporations are trying to do today with BYOD. MDMs are a step in the right direction but one policy for all situations isn’t enough. Sometimes a user on the same device needs different access depending on where they are – no camera in the conference room but use in other rooms, access to the corporate Wi-Fi while in the building but not in the parking lot. It’s about having the right capabilities in the right place at the right time, location is what makes it all possible.” – Cleve Adams, AirPatrol Corporation CEO​

AirPatrol mobile security integrates with numerous enterprise mobility management comp[any solutions to provide further security for the organization’s BYOD program.

AirPatrol use case: Healthcare 

Healthcare is now mobile. Many doctors operate out of multiple offices or hospitals instead of only one location. In the United States, 80 percent of top hospitals are testing or piloting iPads. However, regulations such as HIPPA and HiTech, and issues around PII (Personal Identification Information) or data loss risk are reducing the speed of mobile adoption.

Example: A misplaced iPad could result in PII loss, risk for the patient and multiple legal issues for the hospital group. Doctors need access to the right information while in the hospital zone but do not need access to sensitive information while outside of the appropriate campuses.

Solution: Through ZoneDefense, the doctors in the case study institution are granted access to relevant patient information at the current location while applications and device capabilities that are not needed are removed to reduce data loss risk. The paired MDM can erase devices leave the approved area for use due to the location information ZoneDefense sends. One other advantage to note, with ZoneDefense, all patient information is no longer available when the device is taken off the hospital grounds since the requirements for accessing the information such as located within the hospital are no longer met.​