Key Take Aways
- Email security, device compromise and separation of work and personal data are the major security concerns to consider when implementing a BYOD policy
- Survey and understand your security needs before evaluating an MDM solution
At one point in time it was common to have two devices; one for work and one for personal use. That time has passed and many people are using one device for both obligations. This Bring Your Own Device (BYOD) trend is rapidly being adopted by organizations as both a way to cut costs and to meet the demands of their employees. As a result, many smart phone manufacturers are increasing their feature set in order to keep up with enterprise BYOD. One of the main challenges in adopting a BYOD policy is allowing a variety of devices to access organizational resources without compromising the security of the organization. To increase the likely success of a BYOD policy, many companies are turning to Mobile Device Management (MDM) platforms to help meet the needs of these security challenges.
In choosing the optimal MDM solution for your organization, the following are primary areas on which to focus your requirements analysis:
- Email Security Requirements
- Lost / Compromised Device Process
- Separation of Personal Data and Corporate Data
- Security vs Usability
- MDM Vendor Landscape
1. Email Security Requirements
Accessibility to email is one the main uses for mobile devices in the work place. Ideally you want a user to be able to easily access their email while maintaining a certain level of security. Although a password is required to initially set up an email client, if the device does not have any other security measures in place, such as a device passcode, anyone with physical access can view or send email on the device.
Policies such as encryption requirements, sync settings and password requirements can be implemented with an MDM solution in order to alleviate some security concerns. IT leaders can take this even further by disabling copy and paste features, forcing email to only open in a secure application, disabling the use of third-party email applications and even remotely wiping the device upon violation of security policies. Many MDM solutions also offer certificate management as another level of security to leverage for secure email.
BYOD Email Security Checklist:
* Enforce Encryption requirements and sync settings
* Disable third-party email applications
* Disable copy and paste features (if Appliable)
2. Lost or Compromised Devices
One of the major concerns of IT departments when implementing a BYOD policy are compromised devices. A device that is jailbroken or rooted can have an increased vulnerability to password theft, data interception or viruses. Many MDM solutions have mechanisms for determining if a device is compromised and allow policies to be put in place once a compromised device is detected. Actions can range from sending the user a warning message to remote wiping the device and restricting access. Many MDM solutions offer multiple types of compromise detection. Detection can occur upon initial MDM installation, within enterprise applications or via a scheduled check by the MDM agent.
Compromised Device Security Checklist:
* Enable mechanisms/reporting to identify rooted and compromised devices
* Have a bi-directional communication process to connect with compromised users
* Restrict access to sensitive data
* Blacklist applications known as security holes
3. Separation of Personal Data and Corporate Data
Containerization is another option in creating a secure environment for users to access corporate data via their personal phones. Although users may access corporate resources via their personal devices there may be some concern with administrators being able to view their personal application or locations. Many MDM solutions are implementing the ability to create an isolated environment on a device that can access corporate resources. This can allow administrators to manage enterprise applications while alleviating privacy concerns for users. One example of this is Samsung KNOX, which creates a secure container where enterprise applications are completely separate from personal applications. The container contains its own home screen, launcher, applications and widgets and uses a separate encrypted file system. Another example of the use of containerization for email is the NitroDesk Touchdown. It’s an application that uses Microsoft’s Exchange ActiveSync to create a separate container to separate personal and corporate data.
* Implement containerization to isolate corporate and personal data
* Manage corporate resources on devices without having to manage the device
4. Security vs Usability
Security is definitely a priority when implementing a BYOD policy. However, the usability of the device needs to remain intact as well. Allowing users to use their devices as they normally would while also allowing secure access to work resource can increase productivity. A company implementing a basic BYOD policy can generate $350 of value annually and an employee can save on average 37 minutes per week.1
5. MDM Vendor Landscape2
By some estimates there are over 100 MDM vendors in the marketplace currently. According to Gartner analysts Airwatch, MobileIron, Citrix, SAP, Good Technology and Fiberlink are considered industry leaders in the MDM space. Below is a list of the leaders in the MDM space as well as other notable MDM companies.
- Airwatch: AirWatch is considered an industry leader with over 7000 customers currently. Airwatch offers Enterprise Mobility Management via both the cloud and on-premise. The company is rapidly expanding and has taken the lead in Tablet Content Management. Some of it’s strengths are that it’s highly scalable, has strong content management capabilities and aggressive pricing.
- Microsoft InTune: Microsoft InTune is Microsoft’s MDM solution. InTune includes System Center Configuration Manager (SCCM) and can manage Windows, Android and Apple devices.
- SOTI: SOTI is an established company with a successful history managing Android and IOS devices as well as rugged devices. SOTI has over 10,000 Enterprise MDM customers. SOTI’s MobiControl allows help desk staff live remote control of Android devices and remote view for iOS applications via the MobiControl iOS SDK.
- Symantec: Symantec launched Symantec Mobile Management Suite in 2012 and acquired Odyssey Software and Nukona to provide a more robust MDM offering. Symantec has integrated strong security features and benefits from it’s name recognition.
- Zenprise(Citrix): Citrix acquired Zenprise in 2012 and offers both cloud and on-premise MDM solutions. Zenprise offers broad device support including BlackBerry and Kindle Fire. Citrix has a long history of supporting mobile endpoints and remote access.
- MobileIron: MobileIron is classified as a leader in the MDM landscape and focuses on the mobile lifecycle. MobileIron offers both cloud and on-premise solutions. MobileIron provided one of the first enterprise app store and also focuses of self-service lessening the IT load.
- SAP: SAP is a global provider of business software and invested in the MDM market to support it’s customer and partners. SAP acquired technologies from Sybase and expanded it’s MDM offering under the Afaria name. SAP focuses on scalability integration, application development and usability. SAP also offers real time Telecom Expense Manager to monitor data usage and roaming charges.
- Good Technology: Good Technology has been one of the pioneers in containerization. Good recently acquired AppCentral in order to offer a cloud solution as well as it’s on-premise solution. Good offers a strong platform to provide secure communications between it’s own apps, enterprise applications and many third-party independent software vendor apps.
- Fiberlink: Fiberlink’s MaaS360 is a cloud-based MDM solution and does not have an on-premise solution. MaaS360 features fast and easy deployments. Fiberlink tends to serve organizations that are contained by tight regulations.
- IBM: IBM recently introduced IBM Mobile Foundation which incorporates a mobile app development platform with mobile app management. IBM supports iOS, Android, Blackberry, Symbian, Windows Mobile and Windows Phone. IBM can also leverage it’s global capabilities and enterprise reach.
- BoxTone: Boxtone assumed control of Motorola 3LM security technology for Android and has built a range of technology provider partnerships. BoxTone’s strength is it’s on-premise solution but it SaaS solution is gaining traction. BoxTone’s focus is on integrated service management with automation, service desk support, proactive monitoring and reporting tools.
1. Loucks, Jeff, et. al The Financial Impact of BYOD: A Model of BYOD’s Benefits to Global Companies Retrieved from http://www.cisco.com/web/about/ac79/docs/re/byod/BYOD-Economics_Econ_Analysis.pdf
2. Redmond, Phillip, et. al Magic Quadrant for Mobile Device Management Software 23 May 2013 Retrieved from https://download.air-watch.com/download/f9f10100010058c29f2f