Challenge Accepted

Tackling enterprise mobility

In Greek mythology, Pandora was given a box—a container— by the gods with instructions not to open it under any circumstance. But because Pandora was curious, she opened this box and released all the evil contained inside, which then spread over the earth. The one thing that didn’t escape Pandora’s box was the spirit of hope. The lesson of Pandora could be, in short, that containers secure enough to lockdown all the evil in the world are probably secure enough to protect good things, too.

Today’s generation of smartphones are attached to the average consumer’s hip. We use our smartphones to help us with everything from tracking workouts to taking photos to getting driving directions to checking the score of last night’s big game. In today’s corporate environment, it is only natural for employees to use their personal mobile devices for work. The Bring Your Own Device (BYOD) movement is changing how businesses work. However, it is also creating a nightmare for CIOs and IT managers struggling to create a mobile strategy that is not only secure but also does not ruin the user experience.

Enterprise mobility introduces a host of new concerns when it comes to securing company data, and it can be broken down into four key challenges. If these challenges are addressed appropriately, the results of proper BYOD policy can greatly improve employee productivity and morale.

Make No Exceptions for Mobile Authentication

The first hurdle is preserving a company’s authentication process while accommodating for the end user’s experience. Companies spend copious amounts of money putting together authentication infrastructures.

Whether it’s usernames and passwords, smartcards, authentication tokens or digital certificates—most of today’s authentication solutions make the end user login experience easy. But when companies go mobile, and smartphones and their underlying operating systems don’t support the organization’s established authentication strategies, the cost and complexity of BYOD goes up.

To work around this challenge, some companies make exceptions for mobile users by reducing security requirements, making it much easier for corporate data to be compromised. We believe reducing security requirements in mobile devices is the wrong approach. Mobile devices are easily lost or stolen, and with reduced security technology, it’s like using a hook latch lock on a door that needs deadbolts.

Ensure Data Security

The second challenge is data security—at rest and in transit. The issue of data at rest comes into play when sensitive corporate data sits on a mobile device. If the device is lost, the information on the device can be easily compromised. Is that a risk you are willing to take?

Some devices offer encryption, but not all. IT departments want additional security; they hope to hide encryption keys and prevent hackers from breaking into lost devices. Ideal BYOD solutions offer a safe way to encrypt and protect data beyond what the device manufacturers offer.

Data in transit is data traveling back and forth between corporate networks and mobile devices. Traditionally, companies have turned to a device-level Virtual Private Network (VPN) to securely channel data. A VPN works well for PCs and laptops because IT departments lock the computers down and prevent users from installing harmful applications. Employees who possess mobile phones and tablets can install any application they desire; rogue apps and malicious data can breach a device-level tunnel, which can be catastrophic for a corporate network. Also, VPN can result in an annoying user experience because it doesn’t support secure Single Sign-On (SSO). Data needs to be protected, whether it’s stationary or in motion. A proper BYOD solution offers data safety in all situations.

Control of the Corporate Data is Paramount

The next obstacle is controlling the data. If an employee leaves the organization or loses his or her device, companies should have the ability to remotely wipe data or lock access. An ideal mobility solution provides fine-grain control over corporate data. Companies need to decide when, where, and how often an employee should access information in order to keep data as secure as possible.

For example, if a company concludes that an employee who works night shifts does not need enterprise access during the day, the company should have the ability to restrict access to sensitive information during certain times of the day or certain days of the week in order to maintain security.

Don’t Mess With “My” Phone

This brings about the fourth barrier: separating corporate data from personal data. While companies want fine-grain control over corporate data, employees feel uncomfortable if their own information is at the mercy of their employer. Ideally, employees should have the ability to run business applications and personal applications without worrying about a company spying on their private data. Apps drive mobile productivity, and employees need the freedom to have a single mobile solution that can run apps securely without worrying about challenges described earlier. The right solution should allow users to run Web apps, HTML5 apps and native apps securely inside the container.

So how do companies address the challenges of BYOD and move past the hurdles to gain productivity while saving money? As far as the authentication process goes, companies should not make exceptions for mobile users. Employees should follow the same procedure as if they were sitting at their desk. If moving between sites and applications requires re-authentication, the mobile experience can be extremely painful. Logging on multiple times to acquire information is frustrating. However, this problem is addressed with SSO, which enables users to authenticate only once. Using SSO eases the user experience and mirrors the authentication process users have come to expect.

Data security is offered through a variety of sources, but perhaps the best way to secure enterprise mobility is through a secure container—a Pandora’s box on your smartphone that offers additional security and encryption for the corporate data contained on the mobile device. Container solutions offered by various companies differ in the way they connect to the corporate network. When deciding between container solutions, it’s important to ensure that the connection back to the network is secure and responsive, that it provides SSO across applications, and that local data can be stored for offline access. Bitzer Mobile offers a secure container approach and protects data using security keys that are not stored on the device keychain.

Secure Container-Based Approach Has the Right Balance

There are two popular ways to address data control: through mobile device management (MDM) and through a secure container approach. Both solutions allow companies to remotely control devices. MDM falls short when it comes to separating corporate data from personal data. MDM software sets profiles and pushes applications to devices. Companies can see employee activity, and if a company wishes to wipe corporate data, it often erases personal data, too, opening up a host of privacy concerns.

There are also legal issues surrounding MDM software on employee-owned devices, and there is a fine line when it comes to employers controlling employee personal data. In addition, if employees fear that the company will wipe their personal information, they often won’t immediately report stolen or lost devices, which defeats the original purpose. However, companies can immediately wipe the container, and corporate data can later be restored without compromising personal data, a maneuver that reduces security risk.

Best Practice: Securing Enterprise Mobility

The best practice when it comes to tackling enterprise mobility is to have an end-to-end solution with which companies can control and wipe corporate data without sacrificing the user experience. Bitzer offers such a solution. Corporate data, applications, and more are run in a secure container. They can be controlled when needed through an Admin Control Panel. Bitzer provides a corporate app store to manage which apps a specific user has access to, and Bitzer preserves the user experience by enabling employees to log on only once through SSO integration. With the right approach, mobile devices can be secured successfully and still be easy to use, gaining all the cost benefits associated with BYOD—plus all the security benefits of a closed environment, too.

Whether it is a corporate-owned device or an employee’s personal device, IT departments still have to worry about authentication, data security, data control, and isolating the personal from the corporate. The secure container approach to enterprise mobility from companies ensures that security policies are applied only to the corporate data on a user’s smartphone in BYOD environments. Additionally, corporate owned, personally enabled (COPE) users can also benefit from AppTunnel and SSO features that prevent the need for repeated authentication to each internal site or application as they move around the network.

This article originally appeared in the October 2012 issue of Security Today.

Featured

  • The Business Case for Video Analytics: Understanding the Real ROI

    For security professionals who may be hesitant to invest in video analytics, now's the time to reconsider. In a newly released Omdia report commissioned by BriefCam (now Milestone Systems), the research firm uncovered a compelling story: more than 85% of North American and European organizations that use video analytics achieve a return on investment within just one year. The study, which surveyed 140 end users across multiple industries, demonstrates that security technology is no longer just for security — it's a cross-organizational tool that delivers measurable business value far beyond traditional safety applications. Read Now

  • Survey: 54% of Organizations Cite Technical Debt as Top Hurdle to Identity System Modernization

    Modernizing identity systems is proving difficult for organizations due to two key challenges: decades of accumulated Identity and Access Management (IAM) technical debt and the complexity of managing access across multiple identity providers (IDPs). These findings come from the new Strata Identity-commissioned report, State of Multi-Cloud Identity: Insights and Trends for 2025. The report, based on survey data from the Cloud Security Alliance (CSA), highlights trends and challenges in securing cloud environments. The CSA is the world’s leading organization dedicated to defining standards, certifications, and best practices to help ensure a secure cloud computing environment. Read Now

  • Study: Only 35 Percent of Companies Include Cybersecurity Teams When Implementing AI

    Only 35 percent of cybersecurity professionals or teams are involved in the development of policy governing the use of AI technology in their enterprise, and nearly half (45 percent) report no involvement in the development, onboarding, or implementation of AI solutions, according to the recently released 2024 State of Cybersecurity survey report from ISACA, a global professional association advancing trust in technology. Read Now

  • New Report Series Highlights E-Commerce Threats, Fraud Against Retailers

    Trustwave, a cybersecurity and managed security services provider, recently released a series of reports detailing the threats facing the retail sector, marking the second year of its ongoing research into these critical security issues. Read Now

Featured Cybersecurity

Webinars

New Products

  • AC Nio

    AC Nio

    Aiphone, a leading international manufacturer of intercom, access control, and emergency communication products, has introduced the AC Nio, its access control management software, an important addition to its new line of access control solutions. 3

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure. 3