Challenge Accepted

Tackling enterprise mobility

In Greek mythology, Pandora was given a box—a container— by the gods with instructions not to open it under any circumstance. But because Pandora was curious, she opened this box and released all the evil contained inside, which then spread over the earth. The one thing that didn’t escape Pandora’s box was the spirit of hope. The lesson of Pandora could be, in short, that containers secure enough to lockdown all the evil in the world are probably secure enough to protect good things, too.

Today’s generation of smartphones are attached to the average consumer’s hip. We use our smartphones to help us with everything from tracking workouts to taking photos to getting driving directions to checking the score of last night’s big game. In today’s corporate environment, it is only natural for employees to use their personal mobile devices for work. The Bring Your Own Device (BYOD) movement is changing how businesses work. However, it is also creating a nightmare for CIOs and IT managers struggling to create a mobile strategy that is not only secure but also does not ruin the user experience.

Enterprise mobility introduces a host of new concerns when it comes to securing company data, and it can be broken down into four key challenges. If these challenges are addressed appropriately, the results of proper BYOD policy can greatly improve employee productivity and morale.

Make No Exceptions for Mobile Authentication

The first hurdle is preserving a company’s authentication process while accommodating for the end user’s experience. Companies spend copious amounts of money putting together authentication infrastructures.

Whether it’s usernames and passwords, smartcards, authentication tokens or digital certificates—most of today’s authentication solutions make the end user login experience easy. But when companies go mobile, and smartphones and their underlying operating systems don’t support the organization’s established authentication strategies, the cost and complexity of BYOD goes up.

To work around this challenge, some companies make exceptions for mobile users by reducing security requirements, making it much easier for corporate data to be compromised. We believe reducing security requirements in mobile devices is the wrong approach. Mobile devices are easily lost or stolen, and with reduced security technology, it’s like using a hook latch lock on a door that needs deadbolts.

Ensure Data Security

The second challenge is data security—at rest and in transit. The issue of data at rest comes into play when sensitive corporate data sits on a mobile device. If the device is lost, the information on the device can be easily compromised. Is that a risk you are willing to take?

Some devices offer encryption, but not all. IT departments want additional security; they hope to hide encryption keys and prevent hackers from breaking into lost devices. Ideal BYOD solutions offer a safe way to encrypt and protect data beyond what the device manufacturers offer.

Data in transit is data traveling back and forth between corporate networks and mobile devices. Traditionally, companies have turned to a device-level Virtual Private Network (VPN) to securely channel data. A VPN works well for PCs and laptops because IT departments lock the computers down and prevent users from installing harmful applications. Employees who possess mobile phones and tablets can install any application they desire; rogue apps and malicious data can breach a device-level tunnel, which can be catastrophic for a corporate network. Also, VPN can result in an annoying user experience because it doesn’t support secure Single Sign-On (SSO). Data needs to be protected, whether it’s stationary or in motion. A proper BYOD solution offers data safety in all situations.

Control of the Corporate Data is Paramount

The next obstacle is controlling the data. If an employee leaves the organization or loses his or her device, companies should have the ability to remotely wipe data or lock access. An ideal mobility solution provides fine-grain control over corporate data. Companies need to decide when, where, and how often an employee should access information in order to keep data as secure as possible.

For example, if a company concludes that an employee who works night shifts does not need enterprise access during the day, the company should have the ability to restrict access to sensitive information during certain times of the day or certain days of the week in order to maintain security.

Don’t Mess With “My” Phone

This brings about the fourth barrier: separating corporate data from personal data. While companies want fine-grain control over corporate data, employees feel uncomfortable if their own information is at the mercy of their employer. Ideally, employees should have the ability to run business applications and personal applications without worrying about a company spying on their private data. Apps drive mobile productivity, and employees need the freedom to have a single mobile solution that can run apps securely without worrying about challenges described earlier. The right solution should allow users to run Web apps, HTML5 apps and native apps securely inside the container.

So how do companies address the challenges of BYOD and move past the hurdles to gain productivity while saving money? As far as the authentication process goes, companies should not make exceptions for mobile users. Employees should follow the same procedure as if they were sitting at their desk. If moving between sites and applications requires re-authentication, the mobile experience can be extremely painful. Logging on multiple times to acquire information is frustrating. However, this problem is addressed with SSO, which enables users to authenticate only once. Using SSO eases the user experience and mirrors the authentication process users have come to expect.

Data security is offered through a variety of sources, but perhaps the best way to secure enterprise mobility is through a secure container—a Pandora’s box on your smartphone that offers additional security and encryption for the corporate data contained on the mobile device. Container solutions offered by various companies differ in the way they connect to the corporate network. When deciding between container solutions, it’s important to ensure that the connection back to the network is secure and responsive, that it provides SSO across applications, and that local data can be stored for offline access. Bitzer Mobile offers a secure container approach and protects data using security keys that are not stored on the device keychain.

Secure Container-Based Approach Has the Right Balance

There are two popular ways to address data control: through mobile device management (MDM) and through a secure container approach. Both solutions allow companies to remotely control devices. MDM falls short when it comes to separating corporate data from personal data. MDM software sets profiles and pushes applications to devices. Companies can see employee activity, and if a company wishes to wipe corporate data, it often erases personal data, too, opening up a host of privacy concerns.

There are also legal issues surrounding MDM software on employee-owned devices, and there is a fine line when it comes to employers controlling employee personal data. In addition, if employees fear that the company will wipe their personal information, they often won’t immediately report stolen or lost devices, which defeats the original purpose. However, companies can immediately wipe the container, and corporate data can later be restored without compromising personal data, a maneuver that reduces security risk.

Best Practice: Securing Enterprise Mobility

The best practice when it comes to tackling enterprise mobility is to have an end-to-end solution with which companies can control and wipe corporate data without sacrificing the user experience. Bitzer offers such a solution. Corporate data, applications, and more are run in a secure container. They can be controlled when needed through an Admin Control Panel. Bitzer provides a corporate app store to manage which apps a specific user has access to, and Bitzer preserves the user experience by enabling employees to log on only once through SSO integration. With the right approach, mobile devices can be secured successfully and still be easy to use, gaining all the cost benefits associated with BYOD—plus all the security benefits of a closed environment, too.

Whether it is a corporate-owned device or an employee’s personal device, IT departments still have to worry about authentication, data security, data control, and isolating the personal from the corporate. The secure container approach to enterprise mobility from companies ensures that security policies are applied only to the corporate data on a user’s smartphone in BYOD environments. Additionally, corporate owned, personally enabled (COPE) users can also benefit from AppTunnel and SSO features that prevent the need for repeated authentication to each internal site or application as they move around the network.

This article originally appeared in the October 2012 issue of Security Today.


  • 12 Commercial Crime Sites to Do Your Research

    12 Commercial Crime Sites to Do Your Research

    Understanding crime statistics in your industry and area is crucial for making important decisions about your security budget. With so much information out there, how can you know which statistics to trust? Read Now

  • Boosting Safety and Efficiency

    Boosting Safety and Efficiency

    In alignment with the state of Mississippi’s mission of “Empowering Mississippi citizens to stay connected and engaged with their government,” Salient's CompleteView VMS is being installed throughout more than 150 state boards, commissions and agencies in order to ensure safety for thousands of constituents who access state services daily. Read Now

  • Live From GSX: Post-Show Review

    Live From GSX: Post-Show Review

    This year’s Live From GSX program was a rousing success! Again, we’d like to thank our partners, and IPVideo, for working with us and letting us broadcast their solutions to the industry. You can follow our Live From GSX 2023 page to keep up with post-show developments and announcements. And if you’re interested in working with us in 2024, please don’t hesitate to ask about our Live From programs for ISC West in March or next year’s GSX. Read Now

    • Industry Events
    • GSX
  • People Say the Funniest Things

    People Say the Funniest Things

    By all accounts, GSX version 2023 was completely successful. Apparently, there were plenty of mix-ups with the airlines and getting aircraft from the East Coast into Big D. I am all ears when I am in a gathering of people. You never know when a nugget of information might flip out. Read Now

    • Industry Events
    • GSX

Featured Cybersecurity


New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame. 3

  • Automatic Systems V07

    Automatic Systems V07

    Automatic Systems, an industry-leading manufacturer of pedestrian and vehicle secure entrance control access systems, is pleased to announce the release of its groundbreaking V07 software. The V07 software update is designed specifically to address cybersecurity concerns and will ensure the integrity and confidentiality of Automatic Systems applications. With the new V07 software, updates will be delivered by means of an encrypted file. 3

  • Camden CM-221 Series Switches

    Camden CM-221 Series Switches

    Camden Door Controls is pleased to announce that, in response to soaring customer demand, it has expanded its range of ValueWave™ no-touch switches to include a narrow (slimline) version with manual override. This override button is designed to provide additional assurance that the request to exit switch will open a door, even if the no-touch sensor fails to operate. This new slimline switch also features a heavy gauge stainless steel faceplate, a red/green illuminated light ring, and is IP65 rated, making it ideal for indoor or outdoor use as part of an automatic door or access control system. ValueWave™ no-touch switches are designed for easy installation and trouble-free service in high traffic applications. In addition to this narrow version, the CM-221 & CM-222 Series switches are available in a range of other models with single and double gang heavy-gauge stainless steel faceplates and include illuminated light rings. 3