A little business blog homage I conjured this week. The words are mine, the pictures are the work of my bosom buddy in the graphics group (name upon request).
- When dastardly devices of mobility carelessly connect to WiFi!
- When miscreant malware moles its way into network systems, lying in wait for a surreptitious subterranean attack!
- When corporate documents are uploaded unknowingly to open file share sites by daft digital denizens!
- When access to work productivity apps is assaulted by pitiful user experience and security sink holes!
CALL IN THE AVENGERS OF ENTERPRISE MOBILITY MANAGEMENT AND SECURITY AND EFFICIENCY AND TRANSPARENCY AND ANY “ENCY” YOU NEED TO TRUST SMARTPHONES AND TABLETS
Together, they harness IT best practices for data and device security, on a cloud more scalable and secure than Asgard (Note: encryption is used in many cases of mobile security versus Rainbow Bridges).
Tune-in true believers, MARVEL as the mobile avengers:
Launching tablets and smartphones good. Giving access to wifi, email, files, apps with no agree to mobile security bad. No encryption means data not safe. No management of what connects to who and where bad. EMM must not be slow, not expensive, and not burden to IT with cloud architecture.
Hammer Away at Content on the Fly
Ye lightening strikes of innovation rarely happen in the confines of darkened office halls. Nay, innovation will striketh over hill, mountain, or in shower. Giveth easy and secure content management to all of your kingdoms and business units. Mobile content management can oversee all sharing permissions, while imbuing security features down to the document level (including “cut & paste” trickery to move data into other apps).
Armor-Up in the Cloud
Adding new devices, operating systems, functionality, access controls and transaction level security requires new suits of armor for IT to deflect against system slowdowns and complete work stoppage (when content can’t be accessed on devices of choice). There are many suits to choose from in mobile protection today; from a separate workspace for transitory employees in healthcare, full device management for a clean-sweep of all (or some) data, to microscopic ant-size locks on apps, transaction and data on the fly.
Smart money says to use a common heads up display with one Enterprise Mobility Management centrifuge for every piece of functionality you need as you infuse more mobile into business operations. Sitting on a cloud frame also means powering-up in minutes, as opposed to the wait for a hellicarrier full of equipment to deploy.
Shield Against Bad Apps & Malware
Mobile threat management is the newest shield slung directly at mobile malware’s underbelly. Alerts activate proactive security policies to keep bad data quarantined and the device off the network. Next level defense is happening now with SDK’s for in-house app development security, brining in developers to join the data captains of CISOs and IT enablement.
For those just joining the fray with a low arsenal of devices to support, mobile app management and a corporate app store are good training grounds in a controlled mobile state.
Slip into Intranets and Content Repositories Faster
No one wants to mash their way into the data they need for business, especially not when access to SharePoint, file shares and intranets can be made native in feel and function regardless of manufacturer or operating system.
With mobile gateways and secure web browsing, seamless moves can be made into almost any system where your employees find what they need quickly, quietly and with graceful ease.
Ready to become a mobile avenger? Visit our TOWER OF POWERFUL RESOURCES ready to arm you with videos, white papers, webinars and a free trial to empower your mobile security.
Philadelphia PA – September 24 2014 – As students return for the fall semester with their iPads and Androids in tow, they’re noticing a very different mobile experience as they cross into the geofenced mobile safe zone now surrounding their school or university.
This location based force field offered by MaaS360 mobile protection ensures that when students want to use school resources for WiFi, App downloads and receiving lesson plans from teachers, they are doing so through the guided security of Mobile Device and Data Management.
And boy, are these kids pissed.
Twitter was rife with a flurry of putrid teen spirit as students found that within school systems, MaaS360 was now acting as a gatekeeper between twitter frittering away their days. However, once the school day was over and the security policies were lifted, #H8MDM began to trend with:
Maas360 is so stoopid, no more #minecraft in history
#H8MDM H8MaaS360 H8PARENTS FOR SELLING OUT MY PHONE
While we did not get a direct quote from MagikMaster765, his outrage against his parents is most likely indicative of the countless notices sent by schools before requesting an MDM enrollment, and the constant chiding from parents who read these notices and then tried desperately to communicate with a creature whose brain is still clearly in the very early stages of development.
Kids Outraged by Mobile Security, Educators Hopeful to Start Living Past Age 46
Mike Cumstein, IT Administrator at Dan Quayle Junior High, had this to say about the first two tweets, “Did you know I was once suspended for wearing a Pac-Man watch to school. We’re telling the kids, they simply need to focus on school apps and you know…school, while in school. Our WiFi is not here to build your library of Arina Bieber mashups.” “On the other tweet, we started preparing for MaaS360 to handle our mobile security and app/content distribution at the end of last school year. We communicated then what we were doing in emails and message boards and continued to communicate right up until the day the kids received the text-message requesting enrollment. Here’s the thing that really makes me laugh though, they all accepted without having any clue what they were saying yes to. These kids jump into apps faster than our parents jumped into fishbowls to get a set of keys after eating fondue.”
More Mobile Security Features, More Twitter H8 from Students
Mobile security on campuses, in businesses and any industry has evolved from pure mobile device management to encompass the entire mobile ecosystem. Features to protect and work on sensitive data has transcended this category to Enterprise Mobility Management with pure device controls for IT like block, lock and wipe becoming merely one facet of the bigger mobile enablement picture.
As other schools across the United States released deeper mobile controls with MaaS360, students responded with an almost righteous indignation towards violations of their rights. We asked Cumstein to provide a balanced IT perspective to separate truth from mere petulance.
@CauseImAppy 12 d
Cant chk FB in soc. MaaS360 says NO! #H8MDM
Cumstein’s Take: “Correct, MaaS360 can block apps by location with geofencing or even by time of day. Teachers noticed uploads of themselves on FB when they were in compromising positions, so we turned it off as well.”
@ClashOfCan 12 d
WTF MaaS360? Stop my camera from working? What I do to you?
Cumstein’s Take: “You need a camera for certain classes, others not so much. With MaaS360 security policies anyone can set up that kind of contextual security response.”
WUSSUP w/ this (redacted)? Teaches sendin (redacted) homework to iPhone????
Cumstein’s Take: “Oh ya, content distribution and editing. We really want this one, but our teachers aren’t there yet from a lesson plan standpoint. But with Secure Content distribution all homework can be delivered, edited and then submitted by class, groups or student. Very cool stuff. What school district was it? Is that close to here?”
While the tweets continue, it has become eminently clear that once again children are incapable of fully understanding the world or any issues beyond their myopic scope of view. Fortunately MaaS360 is in place to at least govern mobile behavior until these future leaders and ultimate harbingers of our doom develop some level of self-actualization and empathy.
“The preceding press release is fictitious(ish). Real students have tweeted hatred for MDM, and I reflected those sentiments. No one endorses or approves this post except the part of my soul that received a cathartic release from expressing the sentiments of real people in real language without CorpSpeak.”
As schools and universities across the globe trade their textbooks for tablets and slide rules for smartphones, the IT staff of these institutions must rise to the challenge of protecting and managing these new endpoints of burgeoning knowledge.
To aid in this vital endeavor, Fiberlink, an IBM company, hosted a 1-hour Webinar to help translate common mobility management terms into staff and teacher speak . According to webinar hosts Frank Gentile and Tyler Hoy, education mobility specialists with Fiberlink, the toughest challenge facing IT in education is evangelizing the virtues of mobile device management, mobile app management and mobile content management to budget approvers and teachers within the school district.
Unlike other industries, educational organizations often rely on bootstrap resources to manage smartphones and tablets. There are even scenarios where there are no IT resources within a district, leaving teachers with the burden of managing a technology landscape that is still misunderstood even within the most erudite IT circles.
To find out just how many schools are currently contemplating mobility, the Webinar opened with a simple poll to determine the audience’s timeframe for mobile enablement. 40% of attendees were already in a pilot program for implementing mobile devices. Another 40% had plans to initiate a pilot program before the close of this school year, while the final 20% were ready to launch a program before the end of the current calendar year.
Mobile Policies Prevent “Running in the Halls”
School is as much about learning societal rules as it is about facts and formulas. With the proliferation of mobile communication and productivity applications, students would be wise to learn the mobile rules of conduct they will be expected to follow when they enter the workforce. Policies within a mobility management platform are those first lines of defense, just as a hall monitor stops kids from pushing and shoving their way to class.
According to the second Webinar poll, over 50% of attendees were not enforcing basic policy protection (like passcodes) or remediation for lost or stolen devices (like blocking or wiping a device). To take the severity of the situation another step, policies also quickly enable access to WiFi, apps and school content. Some participants said they were relying on Apple Configurator to meet some of these needs, but the need to physically tether devices to a management console leaves little to no room for scalability. Also, this approach only addresses one OS, Apple. In a world where Android dominates the consumer market and schools look to cut costs by relying on Bring Your Own Device Programs, the Configurator model breaks down rapidly.
With mobility management solutions like MaaS360, all devices are enrolled into the system and configured over the air. This means with the push of one button, IT (or a teacher) can easily push a notification to students via SMS or email. Once a student hits “accept”(or whatever custom End-user Licence Agreement, or EULA, the school wishes to enforce), the device is enrolled and policies are enforced.
Now, not only are devices connected to network resources, but also the administrator now has a clear view of the school’s digital footprint. Device types, installed apps, OS types and versions are all easily accessible from the front-page watchlist. If a student tries to jailbreak or root the device, policies spring into action to place the mobile rapscallion in digital detention until they are back in compliance. Digital detention can also be used when passcode entries reach their limit or for devices not on the latest and greatest operating system version (or to keep devices on older OS versions until all the bugs are worked out in the latest and greatest).
Learning: There’s an App for That!
In actuality there are thousands of apps that can harness the power of young minds and further foster the teacher student relationship in the digital age. However, IT has struggled with the best way to distribute the apps they want on phones and control time wasters like Flappy Bird or Candy Crush.
Enter Mobile App Management. With this tool in place IT can blacklist (ban) or whitelist (allow) both public and custom developed apps. Another popular control model is Kiosk mode, while often used in retail environments for point of sale or inventory lookup, this mode can be customized to turn school owned devices into running just the apps set by IT.
Mobile Container: The School’s Cleanest Locker
For enterprising schools that want to reap the cost savings of Bring Your Own Device, a mobile container would be the wisest choice for true security.
The container acts as a partition keeping school email, documents, apps and even web browsing in a separate passcode protected space. Even school-owned devices can benefit from these controls especially from the perspectives of web access and content distribution. A safe internet playground is not only the norm these days for students at home it also allows schools to meet Child Internet Protection Act (CIPA) requirements with robust filters based on categories or specific URL blocking.
Also of security note: within the containerized document sharing environment schools can abandon free cloud collaboration tools like Dropbox and Google Docs for a private cloud alternative. This low-cost, but infinitely more secure, alternative facilitates permission controls, sharing and even editing of the most popular file types being used today.
For the final poll of the Webinar, Fiberlink asked attendees what part of mobility management was most pressing for their district. App management was the clear winner taking 50% of the votes, while over-the-air configuration, digital detention, content control and secure browser shared the rest of the votes.
Educating (and Monitoring) the Educators
While much of the webinar and following Q&A focused on the needs of students, Frank and Tyler were quick to mention the ability to bring teachers and staff into the mobility management fold. Since MaaS360 policies can be customized into groups, the rules for adults on campus can be more flexible than the rules placed on students while ensuring their devices that are carrying sensitive student records can be located, blocked or even wiped in an adverse event.
Savvy school budget and IT leaders are rapidly learning that mobile is a first, not second screen experience, requiring the same controls and safety measures as more archaic endpoints like laptops and desktops. Mobile device management, mobile app management and mobile content management are questions of when, not if.
IT departments have had a love/hate affair with Android since the first time the Google’s Green Guy raised his antennae: they loved the devices for themselves, while loathing the idea of end-users having access to such and open and flexible mobile OS.
In the early days of mobility, this fear of Android was a good survival instinct for these warriors of the firewall frontline. No forced email encryption…an App store rife with nefarious blackhats trying to capture data…and more fragmentation than a jigsaw puzzle when it comes to device type and OS version were all strong signs for IT to beware.
Today, management tools for mobility have assuaged those initial techie trepidations to make Android smartphones and tablets a viable entrée for enterprise palpability that can sit right beside Apple’s iOS. Recently, Fiberlink, an IBM company, scoured the millions of devices currently being managed by their Enterprise Mobility Management solution, MaaS360, to see just how Android is enabling enterprise mobile productivity.
Smartphones Smolder Tablets
When looking at all Android usage across MaaS360’s platform, smartphones trump tablets 84% to a paltry 16%. This stat isn’t really rife with surprise since email is the original killer app and since leaving behind the dark days of 2.0 the OS has become infinitely more secure.
However, IT still needs to be wary. Even though the Android OS lives in a 4.0 world, many users have yet to leave behind their elder operating systems for fear of change (and updating a slew of apps and other logins). This requires IT to use some form of Mobile Device Management to get these OS laggards up to current standards using policy controls for security and mobility management sanity.
Samsung: Android’s Enterprise Savior
Device diversity has always been a hallmark of the Android OS. It’s this wide stratum between high-end and more affordable manufacturers that has made Android the clear consumer choice across the globe.
Currently the Android device leaders in the enterprise consist of:
Top 5 Android Manufacturers Managed by MaaS360 MDM
The top 5 make up 90% of all Android devices in the enterprise, and include:
- Samsung: 56%
- Motorola: 22%
- HTC: 8%
- LG: 2%
- Asus: 2%
- Other: 10% (Amazon, Huawei, Sony, CASIO, Pegatron)
While a short list, it’s broad enough that IT seriously needs to take a minute when considering BYOD programs allowing Android devices. Despite sharing the same “engine” each of these devices are very different under the hood. To make an impact in the market, all of these devices share their own unique features and custom baked apps that IT must decide either to allow or block until work is over. From the useful Samsung SAFE feature to less than useful bloatware beleaguering other devices, all features must be part of an enterprise mobility planning conversation.
The diversification of Android is only going to continue if the rumor’s flying out of Mobile World Congress 2014 hold any credence. With the Nokia X Window’s skinned device Android device representing the low end of the market and Samsung’s possibly waterproof, iris scanning S5 feature bonanza at the high end, the Android management challenge for IT will only increase in 2014. Fortunately, Mobile Device management solutions have also evolved in line with devices, experiencing their own evolution from simple device watchdog programs to fully enabled Enterprise Mobility Management protecting devices, apps and content.
Say what you will about BlackBerry, but there was always one saving grace for their devices – a tactile keyboard. This one simple feature of user experience kept many in the enterprise tapping away gleefully on these “bricks with clicks” despite fallacies from apps to…well…everything else…when compared to iOS and Android devices.
Now, Tactus technology has taken all of the teeth out of BlackBerry’s bite with the invention of tactile screens for all of today’s smartphones and tablets.
Here’s how it works: Tactus adds a small polymer layer to the Gorilla Glass on tablets and smartphones that when activated by the user adds fluid stretching the surface with micro-fluids above the device’s A to Zs. While keyboards will be the first and prevalent use for this technology, Tactus can also elevate the gaming experience by making joysticks slip free as well as A & B buttons for the more serious mobile gamers.
Oh the Places Tactile Screens Can Go
Tactus unveiled their uplifting mobile experience at the 2013 Consumer Electronics Show (CES) in beta form. CES 2014 shows the technology ready for wide market adoption.
Let’s take a minute though to speculate what Tactus might be showcasing at CES 2015 and beyond, especially when it comes to transcending beyond the basics of business or simple consumer wants.
Healthcare: Fiberlink Communications, an IBM Company, saw a record number of hospitals and other healthcare organizations sign-up for their mobile device management platform MaaS360 in 2013. Doctors and nurses are foregoing hospital provided computers on wheels (COWs) and traditional laptops for the easier to use (and carry) smartphones and tablets. This was especially prevalent in nursing staff where Bring Your Own Device (BYOD) isn’t a luxury, but a necessity considering many are transitory between facilities.
Currently, many of these devices are simply being used to access medical records. However, as I recently learned at my dermatologist, the App market is exploding for medical devices. My mole mapping has transformed from being written down in sentences to being visually displayed on a cartoon of my body. One tap at a time the doctor was able to place my most suspect moles on a virtual figure of my frame. With Tactus technology the weight and density of each malicious spot could be displayed in startling 3-D accuracy.
Move forward a few more years and we could see raised buttons on screens become the console for performing robotic assisted surgeries that today require a Pac-Man size joystick. While the patients might find it disconcerting, doctors will appreciate the world of 2020 when they can do emergency surgeries remotely from their tablet.
Financial & Legal: How many email signatures have you seen apologizing for typos because a message was sent from a mobile device? For the financial and legal markets, there are no excuses for the famed fat fingering of information. In the beginning of the smartphone craze, email security was the main reason these industries shunned the hysteria for touch screens. Once email encryption became the norm though, there was still a leeriness to move away from BlackBerry because the touch keyboard ensured accuracy. When you are in an industry where the terminology isn’t standard in spell check, one must rely on themselves to write the right words. With Tactus technology, tort won’t be as easily changed to tortoise.
Retail: I’m stretching here a bit (pardon the pun), but I truly envision a tomorrow where the feel of these new tactile buttons will be able to be manipulated to finally bring bricks and clicks together in the virtual world. How many times have you loved an outfit online, only to have it arrive on your doorstep with a fabric that’s scratchier than Laura Ingalls Wilder wear. Wouldn’t it be a wonderful experience to actually feel the fabric before you add it to your cart?
Obviously we could extrapolate this technology to every industry if we just imagine: In education where phones could become a “Please Touch” museum on the go, or in manufacturing where again precision level joysticks could move human intervention on the assembly line to a lounge chair affair. Tactus is the advent technology we’ve wanted since the television entered our living rooms. For today the technology is a simple keyboard, with a little imagination though, Tactus has the potential to finally obliterate the virtual and physical divide.
Can IT COPE with BYOD? Apparently Not!
By Rob Patey
In our acronym-happy world, Corporate Owned Personally Enabled (COPE) is simply a new way of saying “mobility as it has always been.” Basically, the company owns the employee’s phone and decides exactly what is and is not permitted on the device. From apps to encryption, IT makes the majority of the rules. While some personal freedom exists for the employee, the limitations are greater than the liberties.
Bring Your Own Device (BYOD) is the upstart concept that gained notoriety when tablets hit the scene, smartphones got smarter with connectivity to corporate resources like email and Wi-Fi, and data plans became infinitely more affordable. While many companies showed boons in productivity from BYOD, security concerns and support of multiple mobile operating systems caused much consternation for IT.
Mobile Device Management became the great mediator in this debate. With MDM, IT finally had the ability to identify the devices connecting to resources and then apply policy rules to rein in any rogues on the network. Technically speaking, with MDM in their arsenal, IT could apply controls on email and apps to BYOD devices as easily as they could to devices they procured for employees. But that’s technically speaking. Persnickety little things like freewill and the mantra of “not on my device” has apparently left many BYOD devices far more open than their COPE counterparts – and now we have the data to prove it.
Again, while it’s technically possible to impose the same rules for all devices, many organizations still respect their employees’ ability to make sound choices with their own devices. Now, with personal liberty kudos out of the way, we can ask whether IT is making the right choice in this regard.
Security and control are issues that must be examined industry by industry and company by company. While certain tenets like email encryption should be applied across the board, other facets of mobility like apps, YouTube access and cloud file sharing get a bit stickier. In highly regulated industries like finance, healthcare and government, access to applications like Dropbox should be a concern on any device. However, for an SMB working on a lean IT budget, Dropbox becomes a must-have to keep the business growing and information flowing amongst employees. Likewise, with YouTube and other apps, restricting marketing access is a serious impediment to employees’ jobs as they look for inspiration to create campaigns. Folks in finance though, could probably live without access to a million silly cat videos.
As the data shows, COPE is still a more secure option, but that’s a cultural choice versus a technological imperative. At the end of the day, you need to decide what is right for your business and your employees’ well-being and productivity. Whether you choose a more stringent or more lax approach is up to you. Just know that MDM solutions are available to accommodate the security and control you need along whichever path you choose.
While BlackBerry has been on a downward spiral since the first touch devices started to hit the market, events over the past few weeks seem to have taken the company that first inspired our love of all things mobile from on-the-ropes to down-for-the-count.
The first crushing blow came from the news of the “king of tiny keyboards” opening up the doors for sale: a 4.7 billion dollar cry for salvation from lackluster BB Z10 sales that was exacerbated by market fervor for Apple’s new darlings, the iPhones 5S and 5C.
Next came Gartner analyst Ken Dulaney’s ominous advice, “Gartner recommends that our [BlackBerry enterprise] clients take no more than six months to consider and implement alternatives to BlackBerry. We’re emphasizing that all clients should immediately ensure they have backup mobile data management plans and are at least testing alternative devices to BlackBerry.”
Despite the popularity of iOS and Android devices, BlackBerry has been a dominant force in security-conscious industries like finance and government. With BlackBerry’s tenuous future, can these or any industry afford to sit on their hands and wait for BES support to just go dark? Quite simply, no, they can’t. The productivity boons that come from smartphones and tablets have become a matter of course for getting things done whether part of a corporate owned program (COPE) or as part of a Bring Your Own Device (BYOD) program. So what’s the alternative to keep the wheels of mobile productivity moving while ensuring the same lock-tight security that was offered by BlackBerry?
iOS 7 & Mobile Device Management – Soothing the CrackBerry DTs
While the physical keyboard has gone the way of the dinosaur, the other benefits offered by the BlackBerry experience—like native OS security and isolation of corporate data—have taken exponential leaps forward with iOS 7 and Mobile Device Management (MDM) solutions.
The walled-garden of Apple apps and lack of fragmentation have made it the corporate go-to choice for mobility especially with the rise of BYOD, but BlackBerry was still a favorite for organizations that wanted that small extra level of security and control of corporate data.
Recently, Fiberlink held iOS 7 Webinars (Part 1 & Part 2) to introduce the enterprise-features available in the updated operating system. With these changes comes the extra assurance for IT, compliance, and legal that they will maintain the same levels of control and security they found in the days when BES reigned supreme.
A few business-ready features include:
- Open In Management: Control data leaks from corporate apps, documents and accounts with MDM right out of the box.
- Per App VPN: Enable your managed apps to securely connect to corporate networks and information.
- Volume Purchase Program (VPP): Save money by retaining full ownership and control over VPP licenses of apps and books when users no longer need them.
- MDM enrollment Options: Includes a number of new commands, queries, and configuration options that make third-party MDM solutions even more powerful.
- Enterprise Single Sign On (SSO): Enable authentication into corporate apps just once, making it easier for your users to be more efficient and productive.
- Third-Party App Data Protection: Leverage encryption of app data automatically using the user’s passcode to create a strong and unique encryption key.
Further control can be found in the implementation of the right MDM solution—one that can support iOS and Android and handle your legacy BlackBerry devices until they are phased out. Some control features include:
- Touch ID Control: Turn on/off fingerprint unlocking and report whether it is enabled on a device.
- Silent App Install: Automatically install apps on supervised devices.
- Report on Activation Lock: Know when Activation Lock in Find My iPhone is enabled (used as a theft deterrent) locking a device to the user’s Apple ID.
- Personal Hot Spot Control: Turn on/off personal hot spot provided through a carrier and report whether it is enabled on a device.
The final piece of the security puzzle can be found in container solutions that provide a dual persona experience, like the MaaS360 Secure Productivity Suite. With these capabilities in place, all corporate emails, documents and apps with access to network resources are held within a “sandboxed” environment to control the movement of data and avoid leaks.
While BlackBerry devices may linger for a little while longer, business is run on planning. You need to know what tomorrow will bring so you can avoid any unnecessary downtime.
by Rob Patey
Passcodes serve as the “lowest hanging fruit” of mobile security for enterprises, yet recent data from Fiberlink’s MaaS360 platform uncovers this startling fact: 15% of organizations still don’t enforce this most basic security measure.
Looking at 200,000 of the 2 million plus devices we manage for industries across the globe, we learned that passcode security still has a long way to go for complete protection of data on smartphones and tablets.
Limitless Passcode Options – Limited Implementation
It would help to first define the options available for passcode protection on mobile devices. The three most common categories are:
- PIN/Simple Passcode: Just numbers or letters
- Alphanumeric Passcode: Combination of numbers and letters
- Complex Passcode: Combination of numbers letters and special characters
According to the data, the PIN/simple passcode prevails overall with an overwhelming 93% majority. Of those deploying this basic approach, 73% use only 4-5 characters—further highlighting this pervasive simplicity.
Why is this troubling? i09 recently did a report showcasing a robot constructed for a paltry $300 that can crack these codes in just under 24 hours–and that’s a high-end estimate. Also, considering most people use repeatable digits on their phone or tablet, regular old human hackers can usually get into your smartphone in 10 tries or less.
While there is no one-size-fits-all rule for passcode protection, IT can use several barometers for the proper approach in their industry. Healthcare, financial services and public sector organizations have some of the strictest audit requirements when it comes to data protection, with regulations like HIPAA, HITECH, FINRA and FISMA compliance constantly looming over their heads. Given these factors, it comes with little surprise that organizations under these umbrellas are the most fastidious when it comes to passcode enforcement through mobile device management policies and passcode complexity.
Passcodes Most Enforced Through Automated Policies by Industry (% of devices protected)
- Healthcare: 97%
- Professional Services: 87%
- Public Sector: 85%
- Consumer/Retail: 81%
- Financial Services: 79%
- Manufacturing: 78%
- Education: 41%
Most Complex Passcodes by Industry (% of devices using alphanumeric or complex passcodes)
- Public Sector: 18%
- Financial Services: 9%
- Professional Services: 6%
- Healthcare: 4%
- Consumer/Retail: 3%
- Manufacturing: 3%
- Education: 1%
No One Right Answer
While a 10-digit complex passcode rife with special characters would help IT and CSOs sleep better at night, the pitfalls of such a draconian approach would greatly outweigh the benefits. Currently only 7% of organizations are employing a complex passcode, but even these organizations must exercise prudent caution. User experience must still be considered in the greater scheme of things as much as security. Human error could easily turn an overly complex passcode into a headache for IT quicker than you can type 432#$%hippa. If you must employ such complexity in your passcodes, a containerization approach can provide complexity on business device functions while leaving the personal side of the device more accessible.
Balance is the order of the day, a pragmatic marriage of user experience coupled with industry best-practices. Regardless of what passcode approach you take in securing mobility, the automation of Mobile Device Management (MDM) policies is an essential element to standardizing a vast ecosystem of device types and operating systems. Furthermore, policies in MDM can help automate remediation workflows when a user locks themselves out of their device or decides to root/jailbreak a device in order to bypass passcode protection all together. Warn, block or wipe are all at IT’s disposal depending on the severity of the infraction. Also, with MDM, IT gets a clear daily view, through their Watchlist, of which devices are passing passcode muster and which devices are still trying to pass on passcodes altogether.
Where do you stand on Passcodes? Share your best-practices in the comments below.
Mobile connectivity and Bring Your Own Device (BYOD) continue to grow at an explosive rate for the modern company. Sadly though, much of this connectivity is happening outside the view of IT and the security office.
In a recent survey sponsored by Harris Interactive and Fiberlink, over 2,000 working US adults were asked if they use their personal smartphones and tablets for work activities. Not surprising was that 51% said yes. What was surprising and frankly disconcerting for IT and their information security cohorts, is that many of these workers are treating company data as recklessly as they would a soccer schedule or recipes.
For example, among employees who use mobile devices for work (either their own or employer-issued), the survey showed:
- 25 percent have opened/saved a work attachment file into a third-party app (e.g., QuickOffice, Dropbox, Evernote).
- 20 percent admit to having cut/pasted work-related email or attachments from company email to their personal email accounts.
- 18 percent say they’ve accessed websites that are blocked by their company’s IT policy.
These numbers become even more startling when the survey also revealed that less than one-half of 1% of users has any level of corporate security installed on their devices.
The chances of a malicious attack are slim (for now), but accidents happen every day on devices as we evolve from using our thumbs over our index fingers. One wrong swipe and an employee has now shared sensitive financial data on Facebook or pinned schematics on Pinterest.
Light at the End of the Tunnel
To protect devices entering the workplace, solutions like Enterprise Mobility Management for device, app and content security can help IT gain tighter controls without sacrificing the true freedom of BYOD.
In addition Dual-Persona offerings, like MaaS360’s Secure Productivity Suite, keep all work and personal information separate. IT sets the security policies like passcode strength and sharing options like to “cut and paste, or not to cut and paste.” With these controls in place, all mobile data adheres to overarching corporate security policies and stringent regulatory concerns for industries like healthcare, financial and public sector.
“Hmmm, I don’t think my employees would go for that.” Not so fast, when asked in the survey over 61% said they were somewhat likely to support IT assistance with security as long as they could keep using their own device.
If you choose not to support smartphones and tablets, our survey clearly shows people will find a way to connect WiFi and email regardless. If you are supporting mobile device connectivity without enterprise mobility management, be ready for the inevitable, not probable, data leakage event.