Key Take Aways
- Email security, device compromise and separation of work and personal data are the major security concerns to consider when implementing a BYOD policy
- Survey and understand your security needs before evaluating an MDM solution
Background
At one point in time it was common to have two devices; one for work and one for personal use. That time has passed and many people are using one device for both obligations. This Bring Your Own Device (BYOD) trend is rapidly being adopted by organizations as both a way to cut costs and to meet the demands of their employees. As a result, many smart phone manufacturers are increasing their feature set in order to keep up with enterprise BYOD. One of the main challenges in adopting a BYOD policy is allowing a variety of devices to access organizational resources without compromising the security of the organization. To increase the likely success of a BYOD policy, many companies are turning to Mobile Device Management (MDM) platforms to help meet the needs of these security challenges. Navigate the complexities of MDM and BYOD – Contact Bluefletch for expert guidance!
In choosing the optimal MDM solution for your organization, the following are primary areas on which to focus your requirements analysis:
- Email Security Requirements
- Lost / Compromised Device Process
- Separation of Personal Data and Corporate Data
- Security vs Usability
- MDM Vendor Landscape
1. Email Security Requirements
Accessibility to email is one the main uses for mobile devices in the work place. Ideally you want a user to be able to easily access their email while maintaining a certain level of security. Although a password is required to initially set up an email client, if the device does not have any other security measures in place, such as a device passcode, anyone with physical access can view or send email on the device.
Policies such as encryption requirements, sync settings and password requirements can be implemented with an MDM solution in order to alleviate some security concerns. IT leaders can take this even further by disabling copy and paste features, forcing email to only open in a secure application, disabling the use of third-party email applications and even remotely wiping the device upon violation of security policies. Many MDM solutions also offer certificate management as another level of security to leverage for secure email.
BYOD Email Security Checklist:
* Enforce Encryption requirements and sync settings
* Disable third-party email applications
* Disable copy and paste features (if Appliable)
2. Lost or Compromised Devices
One of the major concerns of IT departments when implementing a BYOD policy are compromised devices. A device that is jailbroken or rooted can have an increased vulnerability to password theft, data interception or viruses. Many MDM solutions have mechanisms for determining if a device is compromised and allow policies to be put in place once a compromised device is detected. Actions can range from sending the user a warning message to remote wiping the device and restricting access. Many MDM solutions offer multiple types of compromise detection. Detection can occur upon initial MDM installation, within enterprise applications or via a scheduled check by the MDM agent. Optimize your BYOD strategy with robust MDM – Schedule a call with our specialists!
Compromised Device Security Checklist:
* Enable mechanisms/reporting to identify rooted and compromised devices
* Have a bi-directional communication process to connect with compromised users
* Restrict access to sensitive data
* Blacklist applications known as security holes
3. Separation of Personal Data and Corporate Data
Containerization is another option in creating a secure environment for users to access corporate data via their personal phones. Although users may access corporate resources via their personal devices there may be some concern with administrators being able to view their personal application or locations. Many MDM solutions are implementing the ability to create an isolated environment on a device that can access corporate resources. This can allow administrators to manage enterprise applications while alleviating privacy concerns for users. One example of this is Samsung KNOX, which creates a secure container where enterprise applications are completely separate from personal applications. The container contains its own home screen, launcher, applications and widgets and uses a separate encrypted file system. Another example of the use of containerization for email is the NitroDesk Touchdown. It’s an application that uses Microsoft’s Exchange ActiveSync to create a separate container to separate personal and corporate data.
Containerization Checklist:
* Implement containerization to isolate corporate and personal data
* Manage corporate resources on devices without having to manage the device
4. Security vs Usability
Security is definitely a priority when implementing a BYOD policy. However, the usability of the device needs to remain intact as well. Allowing users to use their devices as they normally would while also allowing secure access to work resource can increase productivity. A company implementing a basic BYOD policy can generate $350 of value annually and an employee can save on average 37 minutes per week.1
5. MDM Vendor Landscape
By some estimates there are over 100 MDM vendors in the marketplace currently. According to Gartner analysts Airwatch, MobileIron, Citrix, SAP, Good Technology and Fiberlink are considered industry leaders in the MDM space. Below is a list of the leaders in the MDM space as well as other notable MDM companies.
- Airwatch: AirWatch is considered an industry leader with over 7000 customers currently. Airwatch offers Enterprise Mobility Management via both the cloud and on-premise. The company is rapidly expanding and has taken the lead in Tablet Content Management. Some of it’s strengths are that it’s highly scalable, has strong content management capabilities and aggressive pricing.
- Microsoft InTune: Microsoft InTune is Microsoft’s MDM solution. InTune includes System Center Configuration Manager (SCCM) and can manage Windows, Android and Apple devices.
- SOTI: SOTI is an established company with a successful history managing Android and IOS devices as well as rugged devices. SOTI has over 10,000 Enterprise MDM customers. SOTI’s MobiControl allows help desk staff live remote control of Android devices and remote view for iOS applications via the MobiControl iOS SDK.
- Symantec: Symantec launched Symantec Mobile Management Suite in 2012 and acquired Odyssey Software and Nukona to provide a more robust MDM offering. Symantec has integrated strong security features and benefits from it’s name recognition.
- Zenprise(Citrix): Citrix acquired Zenprise in 2012 and offers both cloud and on-premise MDM solutions. Zenprise offers broad device support including BlackBerry and Kindle Fire. Citrix has a long history of supporting mobile endpoints and remote access.
- MobileIron: MobileIron is classified as a leader in the MDM landscape and focuses on the mobile lifecycle. MobileIron offers both cloud and on-premise solutions. MobileIron provided one of the first enterprise app store and also focuses of self-service lessening the IT load.
- SAP: SAP is a global provider of business software and invested in the MDM market to support it’s customer and partners. SAP acquired technologies from Sybase and expanded it’s MDM offering under the Afaria name. SAP focuses on scalability integration, application development and usability. SAP also offers real time Telecom Expense Manager to monitor data usage and roaming charges.
- Good Technology: Good Technology has been one of the pioneers in containerization. Good recently acquired AppCentral in order to offer a cloud solution as well as it’s on-premise solution. Good offers a strong platform to provide secure communications between it’s own apps, enterprise applications and many third-party independent software vendor apps.
- Fiberlink: Fiberlink’s MaaS360 is a cloud-based MDM solution and does not have an on-premise solution. MaaS360 features fast and easy deployments. Fiberlink tends to serve organizations that are contained by tight regulations.
- IBM: IBM recently introduced IBM Mobile Foundation which incorporates a mobile app development platform with mobile app management. IBM supports iOS, Android, Blackberry, Symbian, Windows Mobile and Windows Phone. IBM can also leverage it’s global capabilities and enterprise reach.
- BoxTone: Boxtone assumed control of Motorola 3LM security technology for Android and has built a range of technology provider partnerships. BoxTone’s strength is it’s on-premise solution but it SaaS solution is gaining traction. BoxTone’s focus is on integrated service management with automation, service desk support, proactive monitoring and reporting tools. Secure and manage diverse devices – Let Bluefletch transform your MDM approach!
1. Loucks, Jeff, et. al The Financial Impact of BYOD: A Model of BYOD’s Benefits to Global Companies Retrieved from http://www.cisco.com/web/about/ac79/docs/re/byod/BYOD-Economics_Econ_Analysis.pdf
2. Redmond, Phillip, et. al Magic Quadrant for Mobile Device Management Software 23 May 2013 Retrieved from https://download.air-watch.com/download/f9f10100010058c29f2f
Industry-specific Insights and Best Practices: Retail
The Mobile-First Retail Experience
In the retail sector, mobile devices play a crucial role in delivering exceptional customer experiences and enabling efficient operations. Retailers increasingly rely on mobile devices for tasks such as inventory management, point-of-sale (POS) systems, clienteling, and in-store navigation. As a result, implementing effective BYOD and MDM strategies is essential for ensuring secure and seamless mobile operations.
Key Challenges:
- Securing customer data and payment information
- Managing a diverse range of mobile devices and operating systems
- Ensuring compliance with industry regulations, such as the Payment Card Industry Data Security Standard (PCI DSS)
- Enabling seamless integration with existing retail systems and applications
Best Practices:
Implement Secure Mobile Payments and POS Systems
- Enforce strict security policies for mobile POS systems, including encryption, tokenization, and secure data transmission protocols.
- Leverage MDM solutions to manage and secure mobile POS devices, ensuring they meet compliance requirements and are protected against cyber threats.
Enhance In-Store Experience with Mobile Clienteling
- Empower sales associates with mobile devices for clienteling, allowing them to access customer data, inventory information, and make personalized recommendations.
- Use containerization or virtualization technologies to separate corporate and personal data on BYOD devices, ensuring customer data remains secure.
Streamline Inventory Management and Operations
- Deploy mobile applications for inventory management, allowing associates to scan barcodes, update stock levels, and track merchandise in real-time.
- Implement MDM solutions to manage and secure these mobile devices, ensuring efficient and secure inventory operations.
Prioritize Data Security and Compliance
- Enforce strict data encryption and access control policies for customer data and payment information.
- Implement remote wipe capabilities and device lockdown features to protect sensitive data in case of device loss or theft.
- Regularly update mobile devices and applications to address security vulnerabilities and maintain compliance with industry regulations.
Enable Seamless Integration with Retail Systems
- Ensure that BYOD and MDM solutions seamlessly integrate with existing retail systems, such as inventory management, customer relationship management (CRM), and point-of-sale (POS) systems.
- Leverage mobile application management (MAM) capabilities to securely distribute and manage corporate applications on personal devices.
By implementing these best practices, retailers can leverage the benefits of BYOD and MDM strategies while ensuring data security, compliance, and an exceptional customer experience.
Emerging Trends and Technologies
Artificial Intelligence and Machine Learning
Artificial Intelligence (AI) and Machine Learning (ML) are revolutionizing the BYOD and MDM landscape. These technologies can be leveraged to enhance security, automate processes, and improve decision-making.
Potential Applications:
- User and Entity Behavior Analytics (UEBA): AI and ML can be used to analyze user behavior patterns and detect anomalies that may indicate potential security threats or policy violations.
- Automated Policy Enforcement: ML algorithms can be used to dynamically adjust and enforce BYOD and MDM policies based on real-time risk assessments and device posture.
- Predictive Analytics: AI and ML can be used to predict potential security risks, device vulnerabilities, and user behavior patterns, enabling proactive risk mitigation and policy adjustments.
Advanced Security Features
As cyber threats continue to evolve, organizations are adopting advanced security features to enhance their BYOD and MDM strategies.
Emerging Technologies:
- Biometrics: Biometric authentication methods, such as fingerprint scanners, facial recognition, or iris scanners, can provide an additional layer of security for accessing corporate data on personal devices.
- Zero-Trust Architecture: A zero-trust approach assumes that all devices and users, regardless of their location or ownership, are potential threats. It enforces strict access controls, continuous monitoring, and verification for every access attempt.
- Containerization and Virtual Mobile Infrastructure (VMI): Containerization and VMI technologies enable the creation of secure, isolated environments on mobile devices, separating corporate data and applications from personal data and preventing data leakage.
5G and Edge Computing
The advent of 5G networks and edge computing technologies will significantly impact the BYOD and MDM landscape, enabling new use cases and presenting new challenges.
Potential Implications:
- Increased Bandwidth and Low Latency: 5G networks will provide higher bandwidth and lower latency, enabling seamless access to cloud-based resources and applications from mobile devices.
- Edge Computing: Edge computing brings computing power and data processing closer to the source, reducing latency and enabling real-time processing of data from mobile devices, enhancing security and performance.
- IoT and Edge Device Management: With the proliferation of Internet of Things (IoT) devices and edge computing, MDM solutions will need to evolve to manage and secure a diverse range of connected devices beyond traditional mobile devices.
These emerging trends and technologies highlight the need for organizations to stay vigilant and adapt their BYOD and MDM strategies to address evolving security challenges and leverage new opportunities for enhanced productivity and efficiency.Try it Now!