Challenge Accepted
Tackling enterprise mobility
- By Naeem Zafar
- Oct 01, 2012
In Greek mythology,
Pandora was given a
box—a container—
by the gods with instructions
not to open
it under any circumstance.
But because
Pandora was curious,
she opened this box and released all the
evil contained inside, which then spread
over the earth. The one thing that didn’t
escape Pandora’s box was the spirit of
hope. The lesson of Pandora could be,
in short, that containers secure enough
to lockdown all the evil in the world are
probably secure enough to protect good
things, too.
Today’s generation of smartphones are
attached to the average consumer’s hip.
We use our smartphones to help us with
everything from tracking workouts to taking
photos to getting driving directions to
checking the score of last night’s big game.
In today’s corporate environment, it is only
natural for employees to use their personal
mobile devices for work. The Bring Your
Own Device (BYOD) movement is changing
how businesses work. However, it is
also creating a nightmare for CIOs and
IT managers struggling to create a mobile
strategy that is not only secure but also
does not ruin the user experience.
Enterprise mobility introduces a host
of new concerns when it comes to securing
company data, and it can be broken down
into four key challenges. If these challenges
are addressed appropriately, the results
of proper BYOD policy can greatly improve
employee productivity and morale.
Make No Exceptions for
Mobile Authentication
The first hurdle is preserving a company’s
authentication process while accommodating
for the end user’s experience.
Companies spend copious amounts of
money putting together authentication infrastructures.
Whether it’s usernames and passwords,
smartcards, authentication tokens or digital
certificates—most of today’s authentication
solutions make the end user login
experience easy. But when companies go
mobile, and smartphones and their underlying
operating systems don’t support
the organization’s established authentication
strategies, the cost and complexity of
BYOD goes up.
To work around this challenge, some
companies make exceptions for mobile
users by reducing security requirements,
making it much easier for corporate data
to be compromised. We believe reducing
security requirements in mobile devices
is the wrong approach. Mobile devices
are easily lost or stolen, and with reduced
security technology, it’s like using a hook
latch lock on a door that needs deadbolts.
Ensure Data Security
The second challenge is data security—at
rest and in transit. The issue of data at rest
comes into play when sensitive corporate
data sits on a mobile device. If the device
is lost, the information on the device can
be easily compromised. Is that a risk you
are willing to take?
Some devices offer encryption, but
not all. IT departments want additional
security; they hope to hide encryption
keys and prevent hackers from breaking
into lost devices. Ideal BYOD solutions
offer a safe way to encrypt and protect
data beyond what the device manufacturers
offer.
Data in transit is data traveling back
and forth between corporate networks and
mobile devices. Traditionally, companies have turned to a device-level Virtual Private Network (VPN) to
securely channel data. A VPN works well for PCs and laptops because
IT departments lock the computers down and prevent users
from installing harmful applications. Employees who possess
mobile phones and tablets can install any application they desire;
rogue apps and malicious data can breach a device-level tunnel,
which can be catastrophic for a corporate network. Also, VPN
can result in an annoying user experience because it doesn’t support
secure Single Sign-On (SSO). Data needs to be protected,
whether it’s stationary or in motion. A proper BYOD solution
offers data safety in all situations.
Control of the Corporate Data
is Paramount
The next obstacle is controlling the data. If an employee leaves
the organization or loses his or her device, companies should
have the ability to remotely wipe data or lock access. An ideal
mobility solution provides fine-grain control over corporate data.
Companies need to decide when, where, and how often an employee
should access information in order to keep data as secure
as possible.
For example, if a company concludes that an employee who
works night shifts does not need enterprise access during the day,
the company should have the ability to restrict access to sensitive
information during certain times of the day or certain days of the
week in order to maintain security.
Don’t Mess With “My” Phone
This brings about the fourth barrier: separating corporate data
from personal data. While companies want fine-grain control
over corporate data, employees feel uncomfortable if their own
information is at the mercy of their employer. Ideally, employees
should have the ability to run business applications and personal
applications without worrying about a company spying on their
private data. Apps drive mobile productivity, and employees need
the freedom to have a single mobile solution that can run apps securely
without worrying about challenges described earlier. The
right solution should allow users to run Web apps, HTML5 apps
and native apps securely inside the container.
So how do companies address the challenges of BYOD and
move past the hurdles to gain productivity while saving money?
As far as the authentication process goes, companies should not
make exceptions for mobile users. Employees should follow the
same procedure as if they were sitting at their desk. If moving
between sites and applications requires re-authentication, the
mobile experience can be extremely painful. Logging on multiple
times to acquire information is frustrating. However, this problem
is addressed with SSO, which enables users to authenticate
only once. Using SSO eases the user experience and mirrors the
authentication process users have come to expect.
Data security is offered through a variety of sources, but
perhaps the best way to secure enterprise mobility is through
a secure container—a Pandora’s box on your smartphone that
offers additional security and encryption for the corporate data
contained on the mobile device. Container solutions offered by
various companies differ in the way they connect to the corporate
network. When deciding between container solutions, it’s important
to ensure that the connection back to the network is secure
and responsive, that it provides SSO across applications, and that
local data can be stored for offline access. Bitzer Mobile offers a
secure container approach and protects data using security keys
that are not stored on the device keychain.
Secure Container-Based Approach
Has the Right Balance
There are two popular ways to address data control: through mobile
device management (MDM) and through a secure container
approach. Both solutions allow companies to remotely control
devices. MDM falls short when it comes to separating corporate
data from personal data. MDM software sets profiles and pushes
applications to devices. Companies can see employee activity,
and if a company wishes to wipe corporate data, it often erases
personal data, too, opening up a host of privacy concerns.
There are also legal issues surrounding MDM software on
employee-owned devices, and there is a fine line when it comes
to employers controlling employee personal data. In addition, if
employees fear that the company will wipe their personal information,
they often won’t immediately report stolen or lost devices,
which defeats the original purpose. However, companies can
immediately wipe the container, and corporate data can later be
restored without compromising personal data, a maneuver that
reduces security risk.
Best Practice:
Securing Enterprise Mobility
The best practice when it comes to tackling enterprise mobility
is to have an end-to-end solution with which companies can
control and wipe corporate data without sacrificing the user
experience. Bitzer offers such a solution. Corporate data, applications,
and more are run in a secure container. They can
be controlled when needed through an Admin Control Panel.
Bitzer provides a corporate app store to manage which apps a
specific user has access to, and Bitzer preserves the user experience
by enabling employees to log on only once through SSO
integration. With the right approach, mobile devices can be secured
successfully and still be easy to use, gaining all the cost
benefits associated with BYOD—plus all the security benefits
of a closed environment, too.
Whether it is a corporate-owned device or an employee’s
personal device, IT departments still have to worry about authentication,
data security, data control, and isolating the personal
from the corporate. The secure container approach to enterprise
mobility from companies ensures that security policies
are applied only to the corporate data on a user’s smartphone
in BYOD environments. Additionally, corporate owned, personally
enabled (COPE) users can also benefit from AppTunnel
and SSO features that prevent the need for repeated authentication
to each internal site or application as they move around
the network.
This article originally appeared in the October 2012 issue of Security Today.