Challenge Accepted

Tackling enterprise mobility

In Greek mythology, Pandora was given a box—a container— by the gods with instructions not to open it under any circumstance. But because Pandora was curious, she opened this box and released all the evil contained inside, which then spread over the earth. The one thing that didn’t escape Pandora’s box was the spirit of hope. The lesson of Pandora could be, in short, that containers secure enough to lockdown all the evil in the world are probably secure enough to protect good things, too.

Today’s generation of smartphones are attached to the average consumer’s hip. We use our smartphones to help us with everything from tracking workouts to taking photos to getting driving directions to checking the score of last night’s big game. In today’s corporate environment, it is only natural for employees to use their personal mobile devices for work. The Bring Your Own Device (BYOD) movement is changing how businesses work. However, it is also creating a nightmare for CIOs and IT managers struggling to create a mobile strategy that is not only secure but also does not ruin the user experience.

Enterprise mobility introduces a host of new concerns when it comes to securing company data, and it can be broken down into four key challenges. If these challenges are addressed appropriately, the results of proper BYOD policy can greatly improve employee productivity and morale.

Make No Exceptions for Mobile Authentication

The first hurdle is preserving a company’s authentication process while accommodating for the end user’s experience. Companies spend copious amounts of money putting together authentication infrastructures.

Whether it’s usernames and passwords, smartcards, authentication tokens or digital certificates—most of today’s authentication solutions make the end user login experience easy. But when companies go mobile, and smartphones and their underlying operating systems don’t support the organization’s established authentication strategies, the cost and complexity of BYOD goes up.

To work around this challenge, some companies make exceptions for mobile users by reducing security requirements, making it much easier for corporate data to be compromised. We believe reducing security requirements in mobile devices is the wrong approach. Mobile devices are easily lost or stolen, and with reduced security technology, it’s like using a hook latch lock on a door that needs deadbolts.

Ensure Data Security

The second challenge is data security—at rest and in transit. The issue of data at rest comes into play when sensitive corporate data sits on a mobile device. If the device is lost, the information on the device can be easily compromised. Is that a risk you are willing to take?

Some devices offer encryption, but not all. IT departments want additional security; they hope to hide encryption keys and prevent hackers from breaking into lost devices. Ideal BYOD solutions offer a safe way to encrypt and protect data beyond what the device manufacturers offer.

Data in transit is data traveling back and forth between corporate networks and mobile devices. Traditionally, companies have turned to a device-level Virtual Private Network (VPN) to securely channel data. A VPN works well for PCs and laptops because IT departments lock the computers down and prevent users from installing harmful applications. Employees who possess mobile phones and tablets can install any application they desire; rogue apps and malicious data can breach a device-level tunnel, which can be catastrophic for a corporate network. Also, VPN can result in an annoying user experience because it doesn’t support secure Single Sign-On (SSO). Data needs to be protected, whether it’s stationary or in motion. A proper BYOD solution offers data safety in all situations.

Control of the Corporate Data is Paramount

The next obstacle is controlling the data. If an employee leaves the organization or loses his or her device, companies should have the ability to remotely wipe data or lock access. An ideal mobility solution provides fine-grain control over corporate data. Companies need to decide when, where, and how often an employee should access information in order to keep data as secure as possible.

For example, if a company concludes that an employee who works night shifts does not need enterprise access during the day, the company should have the ability to restrict access to sensitive information during certain times of the day or certain days of the week in order to maintain security.

Don’t Mess With “My” Phone

This brings about the fourth barrier: separating corporate data from personal data. While companies want fine-grain control over corporate data, employees feel uncomfortable if their own information is at the mercy of their employer. Ideally, employees should have the ability to run business applications and personal applications without worrying about a company spying on their private data. Apps drive mobile productivity, and employees need the freedom to have a single mobile solution that can run apps securely without worrying about challenges described earlier. The right solution should allow users to run Web apps, HTML5 apps and native apps securely inside the container.

So how do companies address the challenges of BYOD and move past the hurdles to gain productivity while saving money? As far as the authentication process goes, companies should not make exceptions for mobile users. Employees should follow the same procedure as if they were sitting at their desk. If moving between sites and applications requires re-authentication, the mobile experience can be extremely painful. Logging on multiple times to acquire information is frustrating. However, this problem is addressed with SSO, which enables users to authenticate only once. Using SSO eases the user experience and mirrors the authentication process users have come to expect.

Data security is offered through a variety of sources, but perhaps the best way to secure enterprise mobility is through a secure container—a Pandora’s box on your smartphone that offers additional security and encryption for the corporate data contained on the mobile device. Container solutions offered by various companies differ in the way they connect to the corporate network. When deciding between container solutions, it’s important to ensure that the connection back to the network is secure and responsive, that it provides SSO across applications, and that local data can be stored for offline access. Bitzer Mobile offers a secure container approach and protects data using security keys that are not stored on the device keychain.

Secure Container-Based Approach Has the Right Balance

There are two popular ways to address data control: through mobile device management (MDM) and through a secure container approach. Both solutions allow companies to remotely control devices. MDM falls short when it comes to separating corporate data from personal data. MDM software sets profiles and pushes applications to devices. Companies can see employee activity, and if a company wishes to wipe corporate data, it often erases personal data, too, opening up a host of privacy concerns.

There are also legal issues surrounding MDM software on employee-owned devices, and there is a fine line when it comes to employers controlling employee personal data. In addition, if employees fear that the company will wipe their personal information, they often won’t immediately report stolen or lost devices, which defeats the original purpose. However, companies can immediately wipe the container, and corporate data can later be restored without compromising personal data, a maneuver that reduces security risk.

Best Practice: Securing Enterprise Mobility

The best practice when it comes to tackling enterprise mobility is to have an end-to-end solution with which companies can control and wipe corporate data without sacrificing the user experience. Bitzer offers such a solution. Corporate data, applications, and more are run in a secure container. They can be controlled when needed through an Admin Control Panel. Bitzer provides a corporate app store to manage which apps a specific user has access to, and Bitzer preserves the user experience by enabling employees to log on only once through SSO integration. With the right approach, mobile devices can be secured successfully and still be easy to use, gaining all the cost benefits associated with BYOD—plus all the security benefits of a closed environment, too.

Whether it is a corporate-owned device or an employee’s personal device, IT departments still have to worry about authentication, data security, data control, and isolating the personal from the corporate. The secure container approach to enterprise mobility from companies ensures that security policies are applied only to the corporate data on a user’s smartphone in BYOD environments. Additionally, corporate owned, personally enabled (COPE) users can also benefit from AppTunnel and SSO features that prevent the need for repeated authentication to each internal site or application as they move around the network.

This article originally appeared in the October 2012 issue of Security Today.


Featured Cybersecurity

New Products

  • LiftMaster Garage Door Opener

    LiftMaster Garage Door Opener

    LiftMaster Transforms the Garage Door Opener Into a Sleek Smart Home Device That Does More Than Open and Close the Garage Door 3

  • Dinkle DKU Barrier Terminal Blocks

    Dinkle DKU Barrier Terminal Blocks

    New DKU screw type terminal blocks use a spring-guided system where the screws are integrated and captive within the terminal enclosure. These screws can be backed out so that ring- or U-shaped cable lugs can be inserted, without the possibility of losing the screw. 3

  • FlexPower® Global™ Series (FPG) from LifeSafety Power

    FlexPower® Global™ Series (FPG) from LifeSafety Power

    The FlexPower® Global™ Series (FPG) from LifeSafety Power—designed to provide DC power for access control systems in international applications—is now PSE listed for Japan and compatible with the country’s 100VAC applications. 3