Mobile Devices

For the past three days I have been in upgrade turmoil. There are two people in this house and between us we have three desktops, four laptops, two IPADs, two iPhones and2 iPods. All of these need upgrading at various times. Since we also like to keep our calendars and other data on them they also need securing. Add to those the number of external USB jump drives and external disk drives that are used to store data and for backups – it’s an awful lot of mobile data for just two people. And, like many of you out there, I do nearly everything using mobile technologies from paying bills to depositing checks so I really care about security of my devices. On top of that I have a couple of home networks (Wi-Fi and wired) that I have to keep secured.

So what does this have to do with businesses you ask? Although I may have a few more devices than most, today’s households now have at least one or two laptops, plus iPads, other tablets and phones. It is almost guaranteed that work information, even if it is just contacts, has made it onto those devices. People today want to be able to use their own resources wherever possible so that they are in an integrated environment, and this means that steps need to be taken to ensure corporate data is protected. Additionally, more people work from home so security of the home environment is critical. And for those of us who travel we have to worry about physical security of our mobile devices as well as network security when we use them in hotels or airports.

I am one of the people who wants to use my own resources. Because of a shoulder injury I don’t carry a laptop that weighs more than 2lb. I travel a lot and I don’t want to travel with 2 laptops, one for work and one for my own projects. So how do we deal with this from a business perspective without taking the draconian route?

In her blog in May 2016, Angie Zuniga talks about the 11 best practices of Mobile Device Management (MDM).  I was really happy to see that number one was to have a realistic policy. In particular, this has to apply to password policies. Too often the policy is for a really long password and/or you can’t reuse the last 15. This causes people to write them down which defeats the purpose. Personal devices are a way of life now and they need to be integrated into any MDM plans. If the plan is too restrictive people will try to find ways around it and this leads to even bigger security exposures.

One of the first things to think about is how to address the concerns of those using the devices. The question I am always asked is whether the corporation can see everything on the device and if they can wipe the whole device or just their data remotely. The main concern with phones seems to be whether the corporation can read text messages and personal email accounts. This is something that should be spelled out in the policy. I regularly remind people that email and texts should be treated like postcards and once they are sent you have no control on where they get shared to so if you don’t want it public then don’t send it.

A key component to an MDM strategy is education and the second is making it easy for users. I run firewalls, antivirus, etc. on all my devices that support it. I also back up my systems. Users should be educated on how to do this and on what portions the corporation will do and what portions they need to do. I am one of the iPhone users who does not back up to iCloud as I am paranoid about their security, especially after the number of celebrities who have had their iCloud accounts hacked.  So I backup my phone separately.

Corporate Options

No one wants to deal manually with the sheer magnitude of mobile devices in their corporation, regardless of whether they are individually or corporate owned. One solution for laptops is to provide the corporate environment in a VM (virtual machine) and let the users run it on whatever laptop they want. This allows the corporation to put whatever controls they want on the environment within the VM (typically something like Citrix) without impacting the user’s ability to do other things on their laptop. But this is just one piece of the puzzle.

MobileFirst and Maas360

MobileFirst Management is the application from IBM that provides the following capabilities:

• Unified management across devices
• Selective destruction of corporate data
• Configuration and enforcement of password policies, encryption, VPN access and camera use
• Use of an integrated enterprise app store
• Optimization of telecommunication expenses with detailed usage analysis
• User portal for management of mobile equipment, carrier plans and usage tracking

In June 2016 IBM released MobileFirst Foundation 8.0 which is built on hybrid cloud technology and provides the essential back-end services needed to provide for a successful corporate mobile experience. It provides an open platform to develop, test, secure and manage mobile applications and can be run on premises or in a private or public cloud. There is middleware (MobileFirst Server) that serves as a gateway between applications, back-end systems and cloud based services.

MaaS360 was formerly known as MobileFirst Protect and is a cloud-based enterprise mobility management platform that can be used to configure devices from a single screen. It allows for quick deployment and can manage the entire mobile device lifecycle and is available on a secure multitenant architecture. There are multiple separate features that can be ordered depending on the devices and options you want to support and they include individual device support, overall management support, email, antivirus options, security and compliance, application suites, lifecycle management and many other options. The core MDM features include device enrollment, configuration, security policy management, and device actions such as locking or wiping devices. Advanced MDM features include automated compliance, BYOD privacy settings, dashboards and reporting.

MaaS360 integrates with IBM security access manager to provide single sign-on (SSO) to resources that the company has enrolled and authenticated. This provides for enterprise grade data and application protection while still providing users access to the resources they need. Additional functions provided by Maas360 MDM include:

• Increasing security and compliance enforcement
• Reducing the cost of supporting mobile assets
• Enhancing application and performance management
• Helping to ensure better business continuity
• Increasing productivity and employee satisfaction

MaaS360 can provide an encapsulated environment that segregates corporate applications and data from personal applications and data on the devices. This allows for easy integration for BYODs (bring your own device) while ensuring protection of corporate resources. There is a cloud extender that allows for integration into enterprise systems without requiring on-site servers or major reconfigurations.

Summary

Mobile devices are everywhere – they can be corporate devices or personal devices or some hybrid but they are critical in many businesses to ensure competitiveness and to get immediate access to data. This leads to the need to contain business data on these devices so that corporate data is secure and protected. This is where MaaS360 and MobileFirst come in.
And if all this seems overwhelming to you there is always the option of managed services. Companies like Flagship offer the ability to setup and manage your MaaS360 environment so that you only have to create the policies and then the managed services company takes care of the day to day implementation.

References

MaaS360 IBM Home Page

MobileFirst IBM Home Page

Angie Zuniga – May 2016 BLOG on Mobile Device Management

Schedule a consultation to learn how Flagship and IBM can enable your IT to manage, update and protect corporate data in laptops, desktops, tablets and smartphones.

If you liked this blog, you also might like:  Mobile Device Management – Denial is not a Strategy

Stay connected online:

Facebook | Twitter | LinkedIn | Instagram