Challenge Accepted

Tackling enterprise mobility

In Greek mythology, Pandora was given a box—a container— by the gods with instructions not to open it under any circumstance. But because Pandora was curious, she opened this box and released all the evil contained inside, which then spread over the earth. The one thing that didn’t escape Pandora’s box was the spirit of hope. The lesson of Pandora could be, in short, that containers secure enough to lockdown all the evil in the world are probably secure enough to protect good things, too.

Today’s generation of smartphones are attached to the average consumer’s hip. We use our smartphones to help us with everything from tracking workouts to taking photos to getting driving directions to checking the score of last night’s big game. In today’s corporate environment, it is only natural for employees to use their personal mobile devices for work. The Bring Your Own Device (BYOD) movement is changing how businesses work. However, it is also creating a nightmare for CIOs and IT managers struggling to create a mobile strategy that is not only secure but also does not ruin the user experience.

Enterprise mobility introduces a host of new concerns when it comes to securing company data, and it can be broken down into four key challenges. If these challenges are addressed appropriately, the results of proper BYOD policy can greatly improve employee productivity and morale.

Make No Exceptions for Mobile Authentication

The first hurdle is preserving a company’s authentication process while accommodating for the end user’s experience. Companies spend copious amounts of money putting together authentication infrastructures.

Whether it’s usernames and passwords, smartcards, authentication tokens or digital certificates—most of today’s authentication solutions make the end user login experience easy. But when companies go mobile, and smartphones and their underlying operating systems don’t support the organization’s established authentication strategies, the cost and complexity of BYOD goes up.

To work around this challenge, some companies make exceptions for mobile users by reducing security requirements, making it much easier for corporate data to be compromised. We believe reducing security requirements in mobile devices is the wrong approach. Mobile devices are easily lost or stolen, and with reduced security technology, it’s like using a hook latch lock on a door that needs deadbolts.

Ensure Data Security

The second challenge is data security—at rest and in transit. The issue of data at rest comes into play when sensitive corporate data sits on a mobile device. If the device is lost, the information on the device can be easily compromised. Is that a risk you are willing to take?

Some devices offer encryption, but not all. IT departments want additional security; they hope to hide encryption keys and prevent hackers from breaking into lost devices. Ideal BYOD solutions offer a safe way to encrypt and protect data beyond what the device manufacturers offer.

Data in transit is data traveling back and forth between corporate networks and mobile devices. Traditionally, companies have turned to a device-level Virtual Private Network (VPN) to securely channel data. A VPN works well for PCs and laptops because IT departments lock the computers down and prevent users from installing harmful applications. Employees who possess mobile phones and tablets can install any application they desire; rogue apps and malicious data can breach a device-level tunnel, which can be catastrophic for a corporate network. Also, VPN can result in an annoying user experience because it doesn’t support secure Single Sign-On (SSO). Data needs to be protected, whether it’s stationary or in motion. A proper BYOD solution offers data safety in all situations.

Control of the Corporate Data is Paramount

The next obstacle is controlling the data. If an employee leaves the organization or loses his or her device, companies should have the ability to remotely wipe data or lock access. An ideal mobility solution provides fine-grain control over corporate data. Companies need to decide when, where, and how often an employee should access information in order to keep data as secure as possible.

For example, if a company concludes that an employee who works night shifts does not need enterprise access during the day, the company should have the ability to restrict access to sensitive information during certain times of the day or certain days of the week in order to maintain security.

Don’t Mess With “My” Phone

This brings about the fourth barrier: separating corporate data from personal data. While companies want fine-grain control over corporate data, employees feel uncomfortable if their own information is at the mercy of their employer. Ideally, employees should have the ability to run business applications and personal applications without worrying about a company spying on their private data. Apps drive mobile productivity, and employees need the freedom to have a single mobile solution that can run apps securely without worrying about challenges described earlier. The right solution should allow users to run Web apps, HTML5 apps and native apps securely inside the container.

So how do companies address the challenges of BYOD and move past the hurdles to gain productivity while saving money? As far as the authentication process goes, companies should not make exceptions for mobile users. Employees should follow the same procedure as if they were sitting at their desk. If moving between sites and applications requires re-authentication, the mobile experience can be extremely painful. Logging on multiple times to acquire information is frustrating. However, this problem is addressed with SSO, which enables users to authenticate only once. Using SSO eases the user experience and mirrors the authentication process users have come to expect.

Data security is offered through a variety of sources, but perhaps the best way to secure enterprise mobility is through a secure container—a Pandora’s box on your smartphone that offers additional security and encryption for the corporate data contained on the mobile device. Container solutions offered by various companies differ in the way they connect to the corporate network. When deciding between container solutions, it’s important to ensure that the connection back to the network is secure and responsive, that it provides SSO across applications, and that local data can be stored for offline access. Bitzer Mobile offers a secure container approach and protects data using security keys that are not stored on the device keychain.

Secure Container-Based Approach Has the Right Balance

There are two popular ways to address data control: through mobile device management (MDM) and through a secure container approach. Both solutions allow companies to remotely control devices. MDM falls short when it comes to separating corporate data from personal data. MDM software sets profiles and pushes applications to devices. Companies can see employee activity, and if a company wishes to wipe corporate data, it often erases personal data, too, opening up a host of privacy concerns.

There are also legal issues surrounding MDM software on employee-owned devices, and there is a fine line when it comes to employers controlling employee personal data. In addition, if employees fear that the company will wipe their personal information, they often won’t immediately report stolen or lost devices, which defeats the original purpose. However, companies can immediately wipe the container, and corporate data can later be restored without compromising personal data, a maneuver that reduces security risk.

Best Practice: Securing Enterprise Mobility

The best practice when it comes to tackling enterprise mobility is to have an end-to-end solution with which companies can control and wipe corporate data without sacrificing the user experience. Bitzer offers such a solution. Corporate data, applications, and more are run in a secure container. They can be controlled when needed through an Admin Control Panel. Bitzer provides a corporate app store to manage which apps a specific user has access to, and Bitzer preserves the user experience by enabling employees to log on only once through SSO integration. With the right approach, mobile devices can be secured successfully and still be easy to use, gaining all the cost benefits associated with BYOD—plus all the security benefits of a closed environment, too.

Whether it is a corporate-owned device or an employee’s personal device, IT departments still have to worry about authentication, data security, data control, and isolating the personal from the corporate. The secure container approach to enterprise mobility from companies ensures that security policies are applied only to the corporate data on a user’s smartphone in BYOD environments. Additionally, corporate owned, personally enabled (COPE) users can also benefit from AppTunnel and SSO features that prevent the need for repeated authentication to each internal site or application as they move around the network.

This article originally appeared in the October 2012 issue of Security Today.


  • Enforcing Zero Trust in a Hybrid Work Environment

    Enforcing Zero Trust in a Hybrid Work Environment

    The effects of the pandemic have rippled across the business world like a meteor hitting a pond, creating a new plethora of challenges that incorporated into MBA curriculum for years to come. Read Now

  • First Responders Give NIST Their Communications Tech Wish Lists

    First Responders Give NIST Their Communications Tech Wish Lists

    Our first responders have spoken. An extensive research project conducted by experts at the National Institute of Standards and Technology (NIST) reveals what our country’s police, fire, emergency medical and 911 dispatch responders think about the communications technology they use on a regular basis and how they would like developers to improve it in the future. Read Now

  • Study Finds U.S. Enterprises Hit by Short-staffed Security Operations Centers

    Study Finds U.S. Enterprises Hit by Short-staffed Security Operations Centers

    ManageEngine, the enterprise IT management division of Zoho Corporation, recently announced results from its new study, Cloud Security Outlook 2023. The study found that enterprises have a limited number of analysts running their security operations centers (SOCs) and are deploying multiple tools in an attempt to address their cloud security challenges. Read Now

  • Report: More Than Half of Organizations Have Experienced an Insider Threat in the Past Year

    Report: More Than Half of Organizations Have Experienced an Insider Threat in the Past Year

    Gurucul, a provider of solutions in the Next Generation SIEM market, and Cybersecurity Insiders, a 600,000+ member online community for information security professionals, recently released its annual 2023 Insider Threat Report. Overall, results indicate insider threats are a top concern at organizations of all kinds; only 3% of respondents surveyed are not concerned with insider risk. Read Now

Featured Cybersecurity

New Products

  • BIO-key MobileAuth

    BIO-key MobileAuth

    BIO-key International has introduced its new mobile app, BIO-key MobileAuth™ with PalmPositive™ the latest among over sixteen strong authentication factors available for BIO-key's PortalGuard® Identity-as-a-Service (IDaaS) platform. 3

  • Dinkle DKU Barrier Terminal Blocks

    Dinkle DKU Barrier Terminal Blocks

    New DKU screw type terminal blocks use a spring-guided system where the screws are integrated and captive within the terminal enclosure. These screws can be backed out so that ring- or U-shaped cable lugs can be inserted, without the possibility of losing the screw. 3

  • Hanwha Techwin Wisenet XRN-6410DB4 / mXRN-3210B4

    Hanwha Techwin Wisenet XRN-6410DB4 / mXRN-3210B4

    Hanwha Techwin America, a global supplier of IP and analog video surveillance solutions, unveiled two new Wisenet X series NVRs that support the industry’s first video playback and recording of up to 8K super-high-resolution images. 3