The Declaration of Mobile Independence and Data Bill of Rights

Originally published by Rob Patey on IBM Securityintelligence.

Mobile Security Freedom As I was celebrating the birth of America’s freedom this July Fourth, I sparked a firecracker for the fact that I was able to use my tablet to take a meeting in a place where the Fourth of July is just another day of the week.


I was offered a stay of execution from the team, but an hour of my time was a small sacrifice, especially since the entire event took place on my iPad and mobile phone from my back porch.

About one-and-a-half scores ago, I remember waving a sparkler at Newark Liberty International Airport as my father headed off to Sweden for a meeting on July 5. The tablet, smartphone and the manifest destiny of last-mile broadband reaching fruition allowed me to turn off Harry Chapin’s “Cats in the Cradle” and spend time with my family watching fireworks once the meeting was finished.

This affordability — having the right device for the job at a time when I need to use it and from wherever I please — wasn’t a freedom simply handed to me. Like any great leap forward in liberation, battles were fought and accords of acceptable use had to be established between employee and employer.

As I recount some of this ancient mobile history and the hallmarks of security, productivity and mobility that resulted from them, I know some of you are going through these trials and tribulations right now. May you avoid the missteps of the past and join all of us forefathers (and mothers) for the next data deluge on the shores of the Internet of Things (IoT).

Freedom Is Never Free, Especially in Mobility

Before anyone can truly decry independence, mobile or otherwise, an upheaval from the status quo is required. An assist from France bolstered America’s liberation, and a few years later, the Bastille was taken by bayonets — not baguettes.

Since the first smartphone could sync with Active Directory, the already beleaguered IT group from the BlackBerry bonanza of the early 21st century showed rightful resistance to employee presumptions on data access. Just because you can, doesn’t mean you should. The email policy was born, and business leaders furiously rubbed rabbit feet for luck in hopes this would be enough to keep employees secure and satisfied.

It didn’t work. And today it really doesn’t work, but we’ll get there in a minute.

Mobile device management (MDM) offered the treatise of device choice balanced with one-window control. MDM became especially vital in the famous battle of bring-your-own-device (BYOD). Without the device and OS agnosticism of MDM and mobile app management (MAM), we might all still be in a state of technological dissemination without user representation.

Freedom from the confines of the office was finally won with the understanding that privacy can be maintained without completely obfuscating the view of IT. Now, policy can be crafted with a preamble of independence for both sides of technology enablement:

When in the course of business events, it becomes necessary for the enterprise to act as one people to dissolve inefficiencies that have disconnected them from each other and corporate data, and respect the freedom of choice to work on the equipment deemed best by the workers actually producing the work.

We hold these truths of mobile productivity to be self-evident, that all devices are created equal, that they are to be enabled by IT with rights to the same data as laptops and desktops and, finally, that usability is held in equal balance with security.

Mobile Independence Is a Privilege Governed by Data Rights

As devices grew more powerful, more expensive and more diversified with tablets and wearables, the concept of BYOD became more palatable to IT. However, these new abilities required more granular ways to control the data flowing in. Transient workers requiring two mailboxes on one device turned to containers. File shares could also live separated from device-level controls along with secure Web browsers and a host of other features that fulfilled a manifest destiny of productivity even when in transit. Enterprise mobility management (EMM) is the current term to define this broadening of devices, data, apps and access to devices.

One mobility program of enabling and securing endpoints, under one management pane of glass, giving mobile liberty to all.

Like the expansion of the United States, now that the mobile device has open freedom across this broad landscape of enterprise data, the CSO (or any level of security really) is a quintessential player in ensuring an uninterrupted flow of information. Mobile threat management (MTM) is how security can reach this new land. With MTM as part of a larger EMM solution, securing in-house and third-party apps from malware, advance jailbreaking or rooting rules and opening the way for seamless single sign-on access to all facets of the device becomes a reality.

The Mobile Bill of Rights

Historically, the Fourth of July isn’t about the Bill of Rights, but I beg a bit of patriotic poetic liberty to hopefully offer the foundation for your mobile liberation:

  1. Free speech, text, mail, files and access on any mobile device or endpoint, if and only if employees respect corporate data on those devices being managed through some form of endpoint and mobile security.
  2. The right to bear BYOD, without abstention from IT: When a personal device is compromised, IT will still act to triage the security of data on that device. Likewise, when apps or access to internal networks are needed, IT shall enable those services to ensure expedience in delivery and integrity of data delivery.
  3. No employee shall willingly quarter malicious material on devices. If workers want to root or jailbreak to experiment with a cool new app or some OS-level optimization, the device is unable to accept corporate data until it is back in compliance.
  4. Device privacy shall be respected by IT. Yes, MDM and security tools give IT a look at device activity, but IT is not reading emails, texts or other personal material. I always balk at this EMM because if IT wanted, they could have been reading our emails for years now — but they don’t. With MDM, they can’t, and still this wild conspiracy permeates the cube farm.
  5. Mobile security is not a witch-hunt or an indictment on how employees spend their free time in the wide world of apps. Personal information remains off the table in mobile freedom.
  6. In light of a breach, theft or toddler who will only be calmed down by tapping away on your tablet, employees should expect a speedy lock, block, selective wipe or reset of the device to keep data safe.
  7. There is one set of rules governing acceptable mobile use and data delivery. A recent study titled “Why Is App Security Escaping Development?” showed 40 percent of in-house-developed apps are leaving the enterprise without the most basic security. This is an effort to stay competitive and meet the harsh deadlines necessitated by our new global economy. It will also prove foolhardy as black hats become more aware of these sieves in the corporate data structure.
  8. Excessive bailing on enrollment in mobile security programs shall not be coddled by IT. Yes, mobile security apps take up space on a phone or tablet. But not only is it worth it for the enterprise, it’s vital.
  9. IT enablement is just beginning and shows no signs of ending. If anything, it’s growing larger. Employees have simply gained new freedoms with device selection; the true business enablement of this world is squarely on the shoulders of IT and security teams.
  10. Mobile device and data access requires us all to think a little more wisely. Departments, work groups and individual workers should not seek out IT for every little issue with a phone glitch or tablet phantom turn-off. At a certain point, we all need to understand what is business and what is personal on our home screens. IT should not be charged with helping employees access their July Fourth barbecue pictures, just as an employee should never be given a Wi-Fi password on a sticky note and told, “Good luck.”


Avengers of Mobile Security…Uhhh…ARRRGRAGATE!!!!

A little business blog homage I conjured this week. The words are mine, the pictures are the work of my bosom buddy in the graphics group (name upon request).


  • When dastardly devices of mobility carelessly connect to WiFi!
  • When miscreant malware moles its way into network systems, lying in wait for a surreptitious subterranean attack!
  • When corporate documents are uploaded unknowingly to open file share sites by daft digital denizens!
  • When access to work productivity apps is assaulted by pitiful user experience and security sink holes!


Together, they harness IT best practices for data and device security, on a cloud more scalable and secure than Asgard (Note: encryption is used in many cases of mobile security versus Rainbow Bridges).

Tune-in true believers, MARVEL as the mobile avengers:

Hulk mobile security avengerSMASH Hulking Headaches of Mobile Deployment

Launching tablets and smartphones good. Giving access to wifi, email, files, apps with no agree to mobile security bad. No encryption means data not safe. No management of what connects to who and where bad. EMM must not be slow, not expensive, and not burden to IT with cloud architecture.

Hammer Away at Content on the Fly

thor mobile security avenger Ye lightening strikes of innovation rarely happen in the confines of darkened office halls. Nay, innovation will striketh over hill, mountain, or in shower. Giveth easy and secure content management to all of your kingdoms and business units. Mobile content management can oversee all sharing permissions, while imbuing security features down to the document level (including “cut & paste” trickery to move data into other apps).

Armor-Up in the Cloud

iron man mobile security avenger Adding new devices, operating systems, functionality, access controls and transaction level security requires new suits of armor for IT to deflect against system slowdowns and complete work stoppage (when content can’t be accessed on devices of choice). There are many suits to choose from in mobile protection today; from a separate workspace for transitory employees in healthcare, full device management for a clean-sweep of all (or some) data, to microscopic ant-size locks on apps, transaction and data on the fly.

Smart money says to use a common heads up display with one Enterprise Mobility Management centrifuge for every piece of functionality you need as you infuse more mobile into business operations. Sitting on a cloud frame also means powering-up in minutes, as opposed to the wait for a hellicarrier full of equipment to deploy.

Shield Against Bad Apps & Malware

capt america mobile security avenger Mobile threat management is the newest shield slung directly at mobile malware’s underbelly. Alerts activate proactive security policies to keep bad data quarantined and the device off the network. Next level defense is happening now with SDK’s for in-house app development security, brining in developers to join the data captains of CISOs and IT enablement.

For those just joining the fray with a low arsenal of devices to support, mobile app management and a corporate app store are good training grounds in a controlled mobile state.

Slip into Intranets and Content Repositories Faster

black widow mobile security avenger No one wants to mash their way into the data they need for business, especially not when access to SharePoint, file shares and intranets can be made native in feel and function regardless of manufacturer or operating system.

With mobile gateways and secure web browsing, seamless moves can be made into almost any system where your employees find what they need quickly, quietly and with graceful ease.

Ready to become a mobile avenger? Visit our TOWER OF POWERFUL RESOURCES ready to arm you with videos, white papers, webinars and a free trial to empower your mobile security.

Students Twitter “#H8MDM StooPid MaaS360”: Educators Smirk in Sadistic Joy

Philadelphia PA – September 24 2014 – As students return for the fall semester with their iPads and Androids in tow, they’re noticing a very different mobile experience as they cross into the geofenced mobile safe zone now surrounding their school or university. 

Student Saddened by MDMThis location based force field offered by MaaS360 mobile protection ensures that when students want to use school resources for WiFi, App downloads and receiving lesson plans from teachers, they are doing so through the guided security of Mobile Device and Data Management.

And boy, are these kids pissed.

Twitter was rife with a flurry of putrid teen spirit as students found that within school systems, MaaS360 was now acting as a gatekeeper between twitter frittering away their days. However, once the school day was over and the security policies were lifted, #H8MDM began to trend with: 

‏‪@2plus2equalscarrot 5h
Maas360 is so stoopid, no more #minecraft in history

‪@MagikMaster765 2d

While we did not get a direct quote from MagikMaster765, his outrage against his parents is most likely indicative of the countless notices sent by schools before requesting an MDM enrollment, and the constant chiding from parents who read these notices and then tried desperately to communicate with a creature whose brain is still clearly in the very early stages of development.

Kids Outraged by Mobile Security, Educators Hopeful to Start Living Past Age 46 

Mike Cumstein, IT Administrator at Dan Quayle Junior High, had this to say about the first two tweets, “Did you know I was once suspended for wearing a Pac-Man watch to school. We’re telling the kids, they simply need to focus on school apps and you know…school, while in school. Our WiFi is not here to build your library of Arina Bieber mashups.” “On the other tweet, we started preparing for MaaS360 to handle our mobile security and app/content distribution at the end of last school year. We communicated then what we were doing in emails and message boards and continued to communicate right up until the day the kids received the text-message requesting enrollment. Here’s the thing that really makes me laugh though, they all accepted without having any clue what they were saying yes to. These kids jump into apps faster than our parents jumped into fishbowls to get a set of keys after eating fondue.”

More Mobile Security Features, More Twitter H8 from Students

shutterstock_151848722Mobile security on campuses, in businesses and any industry has evolved from pure mobile device management to encompass the entire mobile ecosystem. Features to protect and work on sensitive data has transcended this category to Enterprise Mobility Management with pure device controls for IT like block, lock and wipe becoming merely one facet of the bigger mobile enablement picture.

As other schools across the United States released deeper mobile controls with MaaS360, students responded with an almost righteous indignation towards violations of their rights. We asked Cumstein to provide a balanced IT perspective to separate truth from mere petulance.

‪@CauseImAppy 12 d
Cant chk FB in soc. MaaS360 says NO! #H8MDM

Cumstein’s Take: “Correct, MaaS360 can block apps by location with geofencing or even by time of day. Teachers noticed uploads of themselves on FB when they were in compromising positions, so we turned it off as well.”

‏‪@ClashOfCan 12 d
WTF MaaS360? Stop my camera from working? What I do to you?

Cumstein’s Take: “You need a camera for certain classes, others not so much. With MaaS360 security policies anyone can set up that kind of contextual security response.”

‪@2YearsTillGoldGrill 12d
WUSSUP w/ this (redacted)? Teaches sendin (redacted) homework to iPhone????

Cumstein’s Take: “Oh ya, content distribution and editing. We really want this one, but our teachers aren’t there yet from a lesson plan standpoint. But with Secure Content distribution all homework can be delivered, edited and then submitted by class, groups or student. Very cool stuff. What school district was it? Is that close to here?”

While the tweets continue, it has become eminently clear that once again children are incapable of fully understanding the world or any issues beyond their myopic scope of view. Fortunately MaaS360 is in place to at least govern mobile behavior until these future leaders and ultimate harbingers of our doom develop some level of self-actualization and empathy.

“The preceding press release is fictitious(ish). Real students have tweeted hatred for MDM, and I reflected those sentiments. No one endorses or approves this post except the part of my soul that received a cathartic release from expressing the sentiments of real people in real language without CorpSpeak.” 

Mobility Management 101: Talking Tech to Teachers & Staff

As schools and universities across the globe trade their textbooks for tablets and slide rules for smartphones, the IT staff of these institutions must rise to the challenge of protecting and managing these new endpoints of burgeoning knowledge.

To aid in this vital endeavor, Fiberlink, an IBM company, hosted a 1-hour Webinar to help translate common mobility management terms into staff and teacher speak . According to webinar hosts Frank Gentile and Tyler Hoy, education mobility specialists with Fiberlink, the toughest challenge facing IT in education is evangelizing the virtues of mobile device management, mobile app management and mobile content management to budget approvers and teachers within the school district.

Unlike other industries, educational organizations often rely on bootstrap resources to manage smartphones and tablets. There are even scenarios where there are no IT resources within a district, leaving teachers with the burden of managing a technology landscape that is still misunderstood even within the most erudite IT circles.

To find out just how many schools are currently contemplating mobility, the Webinar opened with a simple poll to determine the audience’s timeframe for mobile enablement. 40% of attendees were already in a pilot program for implementing mobile devices. Another 40% had plans to initiate a pilot program before the close of this school year, while the final 20% were ready to launch a program before the end of the current calendar year.

Mobile Policies Prevent “Running in the Halls”

School is as much about learning societal rules as it is about facts and formulas. With the proliferation of mobile communication and productivity applications, students would be wise to learn the mobile rules of conduct they will be expected to follow when they enter the workforce. Policies within a mobility management platform are those first lines of defense, just as a hall monitor stops kids from pushing and shoving their way to class.

According to the second Webinar poll, over 50% of attendees were not enforcing basic policy protection (like passcodes) or remediation for lost or stolen devices (like blocking or wiping a device).  To take the severity of the situation another step, policies also quickly enable access to WiFi, apps and school content. Some participants said they were relying on Apple Configurator to meet some of these needs, but the need to physically tether devices to a management console leaves little to no room for scalability. Also, this approach only addresses one OS, Apple. In a world where Android dominates the consumer market and schools look to cut costs by relying on Bring Your Own Device Programs, the Configurator model breaks down rapidly.

With mobility management solutions like MaaS360, all devices are enrolled into the system and configured over the air. This means with the push of one button, IT (or a teacher) can easily push a notification to students via SMS or email. Once a student hits “accept”(or whatever custom End-user Licence Agreement, or EULA, the school wishes to enforce), the device is enrolled and policies are enforced.

Now, not only are devices connected to network resources, but also the administrator now has a clear view of the school’s digital footprint. Device types, installed apps, OS types and versions are all easily accessible from the front-page watchlist. If a student tries to jailbreak or root the device, policies spring into action to place the mobile rapscallion in digital detention until they are back in compliance. Digital detention can also be used when passcode entries reach their limit or for devices not on the latest and greatest operating system version (or to keep devices on older OS versions until all the bugs are worked out in the latest and greatest).

Learning: There’s an App for That!

school-lockersIn actuality there are thousands of apps that can harness the power of young minds and further foster the teacher student relationship in the digital age. However, IT has struggled with the best way to distribute the apps they want on phones and control time wasters like Flappy Bird or Candy Crush.

Enter Mobile App Management. With this tool in place IT can blacklist (ban) or whitelist (allow) both public and custom developed apps. Another popular control model is Kiosk mode, while often used in retail environments for point of sale or inventory lookup, this mode can be customized to turn school owned devices into running just the apps set by IT.

Mobile Container: The School’s Cleanest Locker

For enterprising schools that want to reap the cost savings of Bring Your Own Device, a mobile container would be the wisest choice for true security.

The container acts as a partition keeping school email, documents, apps and even web browsing in a separate passcode protected space. Even school-owned devices can benefit from these controls especially from the perspectives of web access and content distribution. A safe internet playground is not only the norm these days for students at home it also allows schools to meet Child Internet Protection Act (CIPA) requirements with robust filters based on categories or specific URL blocking.

Also of security note: within the containerized document sharing environment schools can abandon free cloud collaboration tools like Dropbox and Google Docs for a private cloud alternative. This low-cost, but infinitely more secure, alternative facilitates permission controls, sharing and even editing of the most popular file types being used today.

For the final poll of the Webinar, Fiberlink asked attendees what part of mobility management was most pressing for their district. App management was the clear winner taking 50% of the votes, while over-the-air configuration, digital detention, content control and secure browser shared the rest of the votes.

Educating (and Monitoring) the Educators

While much of the webinar and following Q&A focused on the needs of students, Frank and Tyler were quick to mention the ability to bring teachers and staff into the mobility management fold. Since MaaS360 policies can be customized into groups, the rules for adults on campus can be more flexible than the rules placed on students while ensuring their devices that are carrying sensitive student records can be located, blocked or even wiped in an adverse event.

Savvy school budget and IT leaders are rapidly learning that mobile is a first, not second screen experience, requiring the same controls and safety measures as more archaic endpoints like laptops and desktops.  Mobile device management, mobile app management and mobile content management are questions of when, not if.

Android Acceptance Accelerates in Enterprise BYOD [STATS]

IT departments have had a love/hate affair with Android since the first time the Google’s Green Guy raised his antennae: they loved the devices for themselves, while loathing the idea of end-users having access to such and open and flexible mobile OS.

In the early days of mobility, this fear of Android was a good survival instinct for these warriors of the firewall frontline. No forced email encryption…an App store rife with nefarious blackhats trying to capture data…and more fragmentation than a jigsaw puzzle when it comes to device type and OS version were all strong signs for IT to beware.

Android-enterprise-KingToday, management tools for mobility have assuaged those initial techie trepidations to make Android smartphones and tablets a viable entrée for enterprise palpability that can sit right beside Apple’s iOS. Recently, Fiberlink, an IBM company, scoured the millions of devices currently being managed by their Enterprise Mobility Management solution, MaaS360, to see just how Android is enabling enterprise mobile productivity.

Smartphones Smolder Tablets

When looking at all Android usage across MaaS360’s platform, smartphones trump tablets 84% to a paltry 16%. This stat isn’t really rife with surprise since email is the original killer app and since leaving behind the dark days of 2.0 the OS has become infinitely more secure.

However, IT still needs to be wary. Even though the Android OS lives in a 4.0 world, many users have yet to leave behind their elder operating systems for fear of change (and updating a slew of apps and other logins). This requires IT to use some form of Mobile Device Management to get these OS laggards up to current standards using policy controls for security and mobility management sanity.

 Samsung: Android’s Enterprise Savior

Device diversity has always been a hallmark of the Android OS. It’s this wide stratum between high-end and more affordable manufacturers that has made Android the clear consumer choice across the globe.

Currently the Android device leaders in the enterprise consist of:

Top 5 Android Manufacturers Managed by MaaS360 MDM

The top 5 make up 90% of all Android devices in the enterprise, and include:

  • Samsung: 56%
  • Motorola: 22%
  • HTC: 8%
  • LG: 2%
  • Asus: 2%
  • Other: 10% (Amazon, Huawei, Sony, CASIO, Pegatron)

While a short list, it’s broad enough that IT seriously needs to take a minute when considering BYOD programs allowing Android devices. Despite sharing the same “engine” each of these devices are very different under the hood. To make an impact in the market, all of these devices share their own unique features and custom baked apps that IT must decide either to allow or block until work is over. From the useful Samsung SAFE feature to less than useful bloatware beleaguering other devices, all features must be part of an enterprise mobility planning conversation.

The diversification of Android is only going to continue if the rumor’s flying out of Mobile World Congress 2014 hold any credence. With the Nokia X Window’s skinned device Android device representing the low end of the market and Samsung’s possibly waterproof, iris scanning S5 feature bonanza at the high end, the Android management challenge for IT will only increase in 2014. Fortunately, Mobile Device management solutions have also evolved in line with devices, experiencing their own evolution from simple device watchdog programs to fully enabled Enterprise Mobility Management protecting devices, apps and content.

Tactile Touchscreens at CES 14 Bludgeon BlackBerry’s Last Bastion of Hope

Say what you will about BlackBerry, but there was always one saving grace for their devices – a tactile keyboard. This one simple feature of user experience kept many in the enterprise tapping away gleefully on these “bricks with clicks” despite fallacies from apps to…well…everything else…when compared to iOS and Android devices.

Now, Tactus technology has taken all of the teeth out of BlackBerry’s bite with the invention of tactile screens for all of today’s smartphones and tablets.

tactus tactile touchscreenYou CAN Touch This

Here’s how it works: Tactus adds a small polymer layer to the Gorilla Glass on tablets and smartphones that when activated by the user adds fluid stretching the surface with micro-fluids above the device’s A to Zs. While keyboards will be the first and prevalent use for this technology, Tactus can also elevate the gaming experience by making joysticks slip free as well as A & B buttons for the more serious mobile gamers.

Oh the Places Tactile Screens Can Go

Tactus unveiled their uplifting mobile experience at the 2013 Consumer Electronics Show (CES) in beta form. CES 2014 shows the technology ready for wide market adoption.

Let’s take a minute though to speculate what Tactus might be showcasing at CES 2015 and beyond, especially when it comes to transcending beyond the basics of business or simple consumer wants.

Healthcare: Fiberlink Communications, an IBM Company, saw a record number of hospitals and other healthcare organizations sign-up for their mobile device management platform MaaS360 in 2013. Doctors and nurses are foregoing hospital provided computers on wheels (COWs) and traditional laptops for the easier to use (and carry) smartphones and tablets. This was especially prevalent in nursing staff where Bring Your Own Device (BYOD) isn’t a luxury, but a necessity considering many are transitory between facilities.

Currently, many of these devices are simply being used to access medical records. However, as I recently learned at my dermatologist, the App market is exploding for medical devices. My mole mapping has transformed from being written down in sentences to being visually displayed on a cartoon of my body. One tap at a time the doctor was able to place my most suspect moles on a virtual figure of my frame. With Tactus technology the weight and density of each malicious spot could be displayed in startling 3-D accuracy.

Move forward a few more years and we could see raised buttons on screens become the console for performing robotic assisted surgeries that today require a Pac-Man size joystick. While the patients might find it disconcerting, doctors will appreciate the world of 2020 when they can do emergency surgeries remotely from their tablet.

Financial & Legal: How many email signatures have you seen apologizing for typos because a message was sent from a mobile device? For the financial and legal markets, there are no excuses for the famed fat fingering of information. In the beginning of the smartphone craze, email security was the main reason these industries shunned the hysteria for touch screens. Once email encryption became the norm though, there was still a leeriness to move away from BlackBerry because the touch keyboard ensured accuracy. When you are in an industry where the terminology isn’t standard in spell check, one must rely on themselves to write the right words. With Tactus technology, tort won’t be as easily changed to tortoise.

Retail: I’m stretching here a bit (pardon the pun), but I truly envision a tomorrow where the feel of these new tactile buttons will be able to be manipulated to finally bring bricks and clicks together in the virtual world. How many times have you loved an outfit online, only to have it arrive on your doorstep with a fabric that’s scratchier than Laura Ingalls Wilder wear. Wouldn’t it be a wonderful experience to actually feel the fabric before you add it to your cart?

Obviously we could extrapolate this technology to every industry if we just imagine: In education where phones could become a “Please Touch” museum on the go, or in manufacturing where again precision level joysticks could move human intervention on the assembly line to a lounge chair affair. Tactus is the advent technology we’ve wanted since the television entered our living rooms. For today the technology is a simple keyboard, with a little imagination though, Tactus has the potential to finally obliterate the virtual and physical divide.

Mobile Device Management Advertising – DONE REAL!!!!

Here’s a banner ad I conjured espousing the TRUTH about IT’s constant struggle to manage and secure smartphones and tablets in the enterprise.

If you have a Ralph, you definitely need some mobile device management (#MDM) to keep him (and the company) safe. 

#MDM Mobile Device Management