Mobile Devices
For the past three days I have been in upgrade turmoil. There are two people in this house and between us we have three desktops, four laptops, two IPADs, two iPhones and2 iPods. All of these need upgrading at various times. Since we also like to keep our calendars and other data on them they also need securing. Add to those the number of external USB jump drives and external disk drives that are used to store data and for backups – it’s an awful lot of mobile data for just two people. And, like many of you out there, I do nearly everything using mobile technologies from paying bills to depositing checks so I really care about security of my devices. On top of that I have a couple of home networks (Wi-Fi and wired) that I have to keep secured.
So what does this have to do with businesses you ask? Although I may have a few more devices than most, today’s households now have at least one or two laptops, plus iPads, other tablets and phones. It is almost guaranteed that work information, even if it is just contacts, has made it onto those devices. People today want to be able to use their own resources wherever possible so that they are in an integrated environment, and this means that steps need to be taken to ensure corporate data is protected. Additionally, more people work from home so security of the home environment is critical. And for those of us who travel we have to worry about physical security of our mobile devices as well as network security when we use them in hotels or airports.
I am one of the people who wants to use my own resources. Because of a shoulder injury I don’t carry a laptop that weighs more than 2lb. I travel a lot and I don’t want to travel with 2 laptops, one for work and one for my own projects. So how do we deal with this from a business perspective without taking the draconian route?
In her blog in May 2016, Angie Zuniga talks about the 11 best practices of Mobile Device Management (MDM). I was really happy to see that number one was to have a realistic policy. In particular, this has to apply to password policies. Too often the policy is for a really long password and/or you can’t reuse the last 15. This causes people to write them down which defeats the purpose. Personal devices are a way of life now and they need to be integrated into any MDM plans. If the plan is too restrictive people will try to find ways around it and this leads to even bigger security exposures.
One of the first things to think about is how to address the concerns of those using the devices. The question I am always asked is whether the corporation can see everything on the device and if they can wipe the whole device or just their data remotely. The main concern with phones seems to be whether the corporation can read text messages and personal email accounts. This is something that should be spelled out in the policy. I regularly remind people that email and texts should be treated like postcards and once they are sent you have no control on where they get shared to so if you don’t want it public then don’t send it.
A key component to an MDM strategy is education and the second is making it easy for users. I run firewalls, antivirus, etc. on all my devices that support it. I also back up my systems. Users should be educated on how to do this and on what portions the corporation will do and what portions they need to do. I am one of the iPhone users who does not back up to iCloud as I am paranoid about their security, especially after the number of celebrities who have had their iCloud accounts hacked. So I backup my phone separately.
Corporate Options
No one wants to deal manually with the sheer magnitude of mobile devices in their corporation, regardless of whether they are individually or corporate owned. One solution for laptops is to provide the corporate environment in a VM (virtual machine) and let the users run it on whatever laptop they want. This allows the corporation to put whatever controls they want on the environment within the VM (typically something like Citrix) without impacting the user’s ability to do other things on their laptop. But this is just one piece of the puzzle.
MobileFirst and Maas360
MobileFirst Management is the application from IBM that provides the following capabilities:
- Unified management across devices
- Selective destruction of corporate data
- Configuration and enforcement of password policies, encryption, VPN access and camera use
- Use of an integrated enterprise app store
- Optimization of telecommunication expenses with detailed usage analysis
- User portal for management of mobile equipment, carrier plans and usage tracking
In June 2016 IBM released MobileFirst Foundation 8.0 which is built on hybrid cloud technology and provides the essential back-end services needed to provide for a successful corporate mobile experience. It provides an open platform to develop, test, secure and manage mobile applications and can be run on premises or in a private or public cloud. There is middleware (MobileFirst Server) that serves as a gateway between applications, back-end systems and cloud based services.
MaaS360 was formerly known as MobileFirst Protect and is a cloud-based enterprise mobility management platform that can be used to configure devices from a single screen. It allows for quick deployment and can manage the entire mobile device lifecycle and is available on a secure multitenant architecture. There are multiple separate features that can be ordered depending on the devices and options you want to support and they include individual device support, overall management support, email, antivirus options, security and compliance, application suites, lifecycle management and many other options. The core MDM features include device enrollment, configuration, security policy management, and device actions such as locking or wiping devices. Advanced MDM features include automated compliance, BYOD privacy settings, dashboards and reporting.
MaaS360 integrates with IBM security access manager to provide single sign-on (SSO) to resources that the company has enrolled and authenticated. This provides for enterprise grade data and application protection while still providing users access to the resources they need. Additional functions provided by Maas360 MDM include:
- Increasing security and compliance enforcement
- Reducing the cost of supporting mobile assets
- Enhancing application and performance management
- Helping to ensure better business continuity
- Increasing productivity and employee satisfaction
MaaS360 can provide an encapsulated environment that segregates corporate applications and data from personal applications and data on the devices. This allows for easy integration for BYODs (bring your own device) while ensuring protection of corporate resources. There is a cloud extender that allows for integration into enterprise systems without requiring on-site servers or major reconfigurations.
Summary
Mobile devices are everywhere – they can be corporate devices or personal devices or some hybrid but they are critical in many businesses to ensure competitiveness and to get immediate access to data. This leads to the need to contain business data on these devices so that corporate data is secure and protected. This is where MaaS360 and MobileFirst come in.
And if all this seems overwhelming to you there is always the option of managed services. Companies like Flagship offer the ability to setup and manage your MaaS360 environment so that you only have to create the policies and then the managed services company takes care of the day to day implementation.
References
Angie Zuniga – May 2016 BLOG on Mobile Device Management
Schedule a consultation to learn how Flagship and IBM can enable your IT to manage, update and protect corporate data in laptops, desktops, tablets and smartphones.
If you liked this blog, you also might like: Mobile Device Management – Denial is not a Strategy
IBM Security
IBM's integrated solutions harness security-relevant information from across your organization, and use analytics and automation to provide context and help you detect threats faster, identify vulnerabilities, prioritize risks, perform forensics analysis and automate compliance activities. 
-
Video: Don’t Drown in a Sea of Cyberthreats: Mitigate Attacks with IBM BigFix & QRadar
-
Security teams can be overwhelmed by a sea of vulnerabilities–without the contextual data to help them focus their efforts on the weaknesses that are most likely to be exploited. Cyberthreats need to be stopped before they cause significant financial and reputation damage to an organization. You need an endpoint security platform that can detect threats, prioritize risks and respond within minutes to shut down an attack or vulnerability that could compromise your endpoints.IBM BigFix seamlessly integrates with IBM QRadar to provide closed loop vulnerability management, accelerating risk prioritization and incident response to mitigate potential attacks giving you an integrated threat protection system to keep your endpoints and data secure.For more information, please visit http://ibm.co/1oSThIF
-
Infographic: A survey of the cyber security landscape
-
Understand the threat landscape to improve your security posture. There’s very little that cyber criminals can do today that’s truly new—and yet, 2015 was filled with serious incidents across the entire industry. View our 2016 Cyber Security Intelligence infographic to learn more, and determine what you can do to improve your security posture.
-
Video: Endpoint Management with IBM BigFix
-
Discover, manage and control your endpoints–in real time. With IBM BigFix, you can find and fix problems in minutes with real-time visibility and control into all your endpoints. Our single-console, single-agent, single-server architecture helps reduce the cost, risk and effort of managing virtually any mix of endpoints—so you can focus on higher value projects for increased productivity.To learn more about IBM BigFix, please visit http://ibm.co/1Ok4bBs
-
Video: IBM MaaS360 Enterprise Mobility Management
-
IBM MaaS360 has massively redefined mobile security and productivity for enterprise management. Identity and access, malware protection and a containerized environment that feels native await inside your free 30 day trial. Start managing iOS, Android and Windows phones and tablets today https://ibm.biz/Bd4a8g
-
Study: 2016 Cost of Data Breach Study: Global Analysis
-
IBM and Ponemon Institute released the 2016 Cost of Data Breach Study: Global Analysis. According to this research, the average total cost of a data breach for the 383 companies participating in this research increased from $3.79 to $4 million. The average cost paid for each lost or stolen record containing sensitive and confidential information increased from $154 in 2015 to $158 in this year’s study.
Read the complete report to learn more.
-
White Paper: Rewriting the rules of patch management with IBM BigFix
-
Learn how IBM BigFix combines the separate pieces of the patch management puzzle into an intelligent simplified solution.