Tag Archives: bring your own device

Mobility Management 101: Talking Tech to Teachers & Staff

As schools and universities across the globe trade their textbooks for tablets and slide rules for smartphones, the IT staff of these institutions must rise to the challenge of protecting and managing these new endpoints of burgeoning knowledge.

To aid in this vital endeavor, Fiberlink, an IBM company, hosted a 1-hour Webinar to help translate common mobility management terms into staff and teacher speak . According to webinar hosts Frank Gentile and Tyler Hoy, education mobility specialists with Fiberlink, the toughest challenge facing IT in education is evangelizing the virtues of mobile device management, mobile app management and mobile content management to budget approvers and teachers within the school district.

Unlike other industries, educational organizations often rely on bootstrap resources to manage smartphones and tablets. There are even scenarios where there are no IT resources within a district, leaving teachers with the burden of managing a technology landscape that is still misunderstood even within the most erudite IT circles.

To find out just how many schools are currently contemplating mobility, the Webinar opened with a simple poll to determine the audience’s timeframe for mobile enablement. 40% of attendees were already in a pilot program for implementing mobile devices. Another 40% had plans to initiate a pilot program before the close of this school year, while the final 20% were ready to launch a program before the end of the current calendar year.

Mobile Policies Prevent “Running in the Halls”

School is as much about learning societal rules as it is about facts and formulas. With the proliferation of mobile communication and productivity applications, students would be wise to learn the mobile rules of conduct they will be expected to follow when they enter the workforce. Policies within a mobility management platform are those first lines of defense, just as a hall monitor stops kids from pushing and shoving their way to class.

According to the second Webinar poll, over 50% of attendees were not enforcing basic policy protection (like passcodes) or remediation for lost or stolen devices (like blocking or wiping a device).  To take the severity of the situation another step, policies also quickly enable access to WiFi, apps and school content. Some participants said they were relying on Apple Configurator to meet some of these needs, but the need to physically tether devices to a management console leaves little to no room for scalability. Also, this approach only addresses one OS, Apple. In a world where Android dominates the consumer market and schools look to cut costs by relying on Bring Your Own Device Programs, the Configurator model breaks down rapidly.

With mobility management solutions like MaaS360, all devices are enrolled into the system and configured over the air. This means with the push of one button, IT (or a teacher) can easily push a notification to students via SMS or email. Once a student hits “accept”(or whatever custom End-user Licence Agreement, or EULA, the school wishes to enforce), the device is enrolled and policies are enforced.

Now, not only are devices connected to network resources, but also the administrator now has a clear view of the school’s digital footprint. Device types, installed apps, OS types and versions are all easily accessible from the front-page watchlist. If a student tries to jailbreak or root the device, policies spring into action to place the mobile rapscallion in digital detention until they are back in compliance. Digital detention can also be used when passcode entries reach their limit or for devices not on the latest and greatest operating system version (or to keep devices on older OS versions until all the bugs are worked out in the latest and greatest).

Learning: There’s an App for That!

school-lockersIn actuality there are thousands of apps that can harness the power of young minds and further foster the teacher student relationship in the digital age. However, IT has struggled with the best way to distribute the apps they want on phones and control time wasters like Flappy Bird or Candy Crush.

Enter Mobile App Management. With this tool in place IT can blacklist (ban) or whitelist (allow) both public and custom developed apps. Another popular control model is Kiosk mode, while often used in retail environments for point of sale or inventory lookup, this mode can be customized to turn school owned devices into running just the apps set by IT.

Mobile Container: The School’s Cleanest Locker

For enterprising schools that want to reap the cost savings of Bring Your Own Device, a mobile container would be the wisest choice for true security.

The container acts as a partition keeping school email, documents, apps and even web browsing in a separate passcode protected space. Even school-owned devices can benefit from these controls especially from the perspectives of web access and content distribution. A safe internet playground is not only the norm these days for students at home it also allows schools to meet Child Internet Protection Act (CIPA) requirements with robust filters based on categories or specific URL blocking.

Also of security note: within the containerized document sharing environment schools can abandon free cloud collaboration tools like Dropbox and Google Docs for a private cloud alternative. This low-cost, but infinitely more secure, alternative facilitates permission controls, sharing and even editing of the most popular file types being used today.

For the final poll of the Webinar, Fiberlink asked attendees what part of mobility management was most pressing for their district. App management was the clear winner taking 50% of the votes, while over-the-air configuration, digital detention, content control and secure browser shared the rest of the votes.

Educating (and Monitoring) the Educators

While much of the webinar and following Q&A focused on the needs of students, Frank and Tyler were quick to mention the ability to bring teachers and staff into the mobility management fold. Since MaaS360 policies can be customized into groups, the rules for adults on campus can be more flexible than the rules placed on students while ensuring their devices that are carrying sensitive student records can be located, blocked or even wiped in an adverse event.

Savvy school budget and IT leaders are rapidly learning that mobile is a first, not second screen experience, requiring the same controls and safety measures as more archaic endpoints like laptops and desktops.  Mobile device management, mobile app management and mobile content management are questions of when, not if.

Tactile Touchscreens at CES 14 Bludgeon BlackBerry’s Last Bastion of Hope

Say what you will about BlackBerry, but there was always one saving grace for their devices – a tactile keyboard. This one simple feature of user experience kept many in the enterprise tapping away gleefully on these “bricks with clicks” despite fallacies from apps to…well…everything else…when compared to iOS and Android devices.

Now, Tactus technology has taken all of the teeth out of BlackBerry’s bite with the invention of tactile screens for all of today’s smartphones and tablets.

tactus tactile touchscreenYou CAN Touch This

Here’s how it works: Tactus adds a small polymer layer to the Gorilla Glass on tablets and smartphones that when activated by the user adds fluid stretching the surface with micro-fluids above the device’s A to Zs. While keyboards will be the first and prevalent use for this technology, Tactus can also elevate the gaming experience by making joysticks slip free as well as A & B buttons for the more serious mobile gamers.

Oh the Places Tactile Screens Can Go

Tactus unveiled their uplifting mobile experience at the 2013 Consumer Electronics Show (CES) in beta form. CES 2014 shows the technology ready for wide market adoption.

Let’s take a minute though to speculate what Tactus might be showcasing at CES 2015 and beyond, especially when it comes to transcending beyond the basics of business or simple consumer wants.

Healthcare: Fiberlink Communications, an IBM Company, saw a record number of hospitals and other healthcare organizations sign-up for their mobile device management platform MaaS360 in 2013. Doctors and nurses are foregoing hospital provided computers on wheels (COWs) and traditional laptops for the easier to use (and carry) smartphones and tablets. This was especially prevalent in nursing staff where Bring Your Own Device (BYOD) isn’t a luxury, but a necessity considering many are transitory between facilities.

Currently, many of these devices are simply being used to access medical records. However, as I recently learned at my dermatologist, the App market is exploding for medical devices. My mole mapping has transformed from being written down in sentences to being visually displayed on a cartoon of my body. One tap at a time the doctor was able to place my most suspect moles on a virtual figure of my frame. With Tactus technology the weight and density of each malicious spot could be displayed in startling 3-D accuracy.

Move forward a few more years and we could see raised buttons on screens become the console for performing robotic assisted surgeries that today require a Pac-Man size joystick. While the patients might find it disconcerting, doctors will appreciate the world of 2020 when they can do emergency surgeries remotely from their tablet.

Financial & Legal: How many email signatures have you seen apologizing for typos because a message was sent from a mobile device? For the financial and legal markets, there are no excuses for the famed fat fingering of information. In the beginning of the smartphone craze, email security was the main reason these industries shunned the hysteria for touch screens. Once email encryption became the norm though, there was still a leeriness to move away from BlackBerry because the touch keyboard ensured accuracy. When you are in an industry where the terminology isn’t standard in spell check, one must rely on themselves to write the right words. With Tactus technology, tort won’t be as easily changed to tortoise.

Retail: I’m stretching here a bit (pardon the pun), but I truly envision a tomorrow where the feel of these new tactile buttons will be able to be manipulated to finally bring bricks and clicks together in the virtual world. How many times have you loved an outfit online, only to have it arrive on your doorstep with a fabric that’s scratchier than Laura Ingalls Wilder wear. Wouldn’t it be a wonderful experience to actually feel the fabric before you add it to your cart?

Obviously we could extrapolate this technology to every industry if we just imagine: In education where phones could become a “Please Touch” museum on the go, or in manufacturing where again precision level joysticks could move human intervention on the assembly line to a lounge chair affair. Tactus is the advent technology we’ve wanted since the television entered our living rooms. For today the technology is a simple keyboard, with a little imagination though, Tactus has the potential to finally obliterate the virtual and physical divide.

Drawers Filled with Deactivated Devices Don’t Delete Data

By Rob Patey

As people unwrap their shiny new smartphones and tablets this holiday season, a majority of their archaic devices will be destined for drawers and donation bins. Before these relics head to the mobile mausoleum, are you ensuring they don’t carry company secrets to the grave with them?

device_trashWhat do you do with your old smartphones and tablets? If you’re like my wife and I, you probably slip the last generation into a discrete junk drawer in case your newest tech takes a nose dive. The devices that were already in the drawer from the last culling then make their way to a worthy charity. Since I’ve always been an IT marketer, I know the dangers of leaving data on a dead device, so I ensure factory settings are restored before administering last rites. My wife, an IT neophyte, never thinks to take this crucial step despite the fact her smartphone carries data ten times more sensitive and regulated than the marketing materials on my device. It’s not her fault and the research shows she is far from alone.

Ho, Ho, Oh No!

Black Friday and Cyber Monday were dominated by mobile tech purchases, and current estimates from the Consumers Electronic Association show that 50% of people plan to make smartphones and tablets part of their Holiday shopping sprees. Each of these gorgeous new gadgets will inevitably send last year’s iPhones, Androids and Windows to the death drawer…if you’re lucky. In a poll conducted by Harris Interactive on behalf of Fiberlink at the end of the last holiday season, 68%of respondents said data leak protection was the last thing on their minds before their devices met the following fates:

  • 58% of respondents kept the device
  • 16% had the data professionally wiped
  • 13% turned the device into the service provider (without wiping the data first)
  • 11% donated the device to threw it away in the trash
  • 5% had the device securely destroyed
  • 9% other

Let’s assume for a second that the “other” responses actually had data protection on their minds before decommissioning their devices. This still leaves a large percentage of BYODers paying forward corporate connectivity credentials to Wi-Fi, email and any other content that can be accessed via mobile (which these days means all content). And rest assured all those devices that were kept for now, will meet one of the other fates when it comes time for spring cleaning.

Hope for Post-Holidays

Fortunately, this reckless abandon with company data does not have to be the norm. Corrective measures though require one part diligence on the part of the IT department and one part education for employees. Fiberlink’s Chief Security Officer, David Lingenfelter offers the following advice:

  1.  Notify Your IT Department. Once you receive a new device and want to use it for your company’s BYOD program, send your IT department a note and let them know you will be swapping devices.
  2. Transfer Corporate Materials to Your New Device. Have your IT department quickly transfer all corporate materials from the old device to the new device through their mobile device management (MDM) platform. This generally involves enrolling in an MDM solution which pushes down corporate e-mail and Wi-Fi profiles, applications and corporate documents. If you don’t have an MDM solution, ask your IT department to assist with transferring data, although don’t be surprised if IT is no longer your best friend since this is a very time consuming process.
  3. Extract Personal Data from Your Device. Now that your corporate data has been transferred to the new device, remove and save all personal files. This can be accomplished with the native tools and back-up services of the operating system or the manufacture (e.g., Apple’s iCloud and Google Drive).
  4. Erase all Remaining Personal and Corporate Data. Fully decommission the old device by removing all personal and corporate data. Most devices have an option in the setting menu to perform a factory data reset which will wipe the data completely. This can also be accomplished remotely by an MDM platform. Note: In some tablets and smartphones, you should manually remove the storage card and use it in your new device or erase the data from it as well.

While seemingly simple, remember that corporations have more than one employee. If 74% of the company arrives on January 1st with requests for new device enablement, IT will need to shelve any other projects on their radar for the next few weeks. With mobile device management in play the identification of new devices is automatic as are the requests to enroll, enable and distribute content and apps. As the capabilities of mobile devices grow, the need for data vigilance grows exponentially faster.

Can IT COPE with BYOD? Apparently Not! [Infographic]

Can IT COPE with BYOD? Apparently Not!

By Rob Patey 

In our acronym-happy world, Corporate Owned Personally Enabled (COPE) is simply a new way of saying  “mobility as it has always been.” Basically, the company owns the employee’s phone and decides exactly what is and is not permitted on the device. From apps to encryption, IT makes the majority of the rules. While some personal freedom exists for the employee, the limitations are greater than the liberties.

Bring Your Own Device (BYOD) is the upstart concept that gained notoriety when tablets hit the scene, smartphones got smarter with connectivity to corporate resources like email and Wi-Fi, and data plans became infinitely more affordable. While many companies showed boons in productivity from BYOD, security concerns and support of multiple mobile operating systems caused much consternation for IT.

Mobile Device Management became the great mediator in this debate. With MDM, IT finally had the ability to identify the devices connecting to resources and then apply policy rules to rein in any rogues on the network. Technically speaking, with MDM in their arsenal, IT could apply controls on email and apps to BYOD devices as easily as they could to devices they procured for employees. But that’s technically speaking. Persnickety little things like freewill and the mantra of “not on my device” has apparently left many BYOD devices far more open than their COPE counterparts – and now we have the data to prove it.

BYOD Freedom

Fiberlink recently pulled data on their security policies to see whether BYOD devices were being held to the same security standards as corporate owned hardware. As you can see from the chart below, BYOD workers retain far more personal liberties with their devices.

Again, while it’s technically possible to impose the same rules for all devices, many organizations still respect their employees’ ability to make sound choices with their own devices. Now, with personal liberty kudos out of the way, we can ask whether IT is making the right choice in this regard.

Security and control are issues that must be examined industry by industry and company by company. While certain tenets like email encryption should be applied across the board, other facets of mobility like apps, YouTube access and cloud file sharing get a bit stickier. In highly regulated industries like finance, healthcare and government, access to applications like Dropbox should be a concern on any device. However, for an SMB working on a lean IT budget, Dropbox becomes a must-have to keep the business growing and information flowing amongst employees. Likewise, with YouTube and other apps, restricting marketing access is a serious impediment to employees’ jobs as they look for inspiration to create campaigns. Folks in finance though, could probably live without access to a million silly cat videos.

As the data shows, COPE is still a more secure option, but that’s a cultural choice versus a technological imperative. At the end of the day, you need to decide what is right for your business and your employees’ well-being and productivity. Whether you choose a more stringent or more lax approach is up to you. Just know that MDM solutions are available to accommodate the security and control you need along whichever path you choose.

COPE-BYOD Infographic

 

Embrace a Zombie for a Healthy Marketing Jack

What to do when your list is exhausted and Halloween is approaching – embrace the Holiday for registrations that go through the roof. Concept and copy by moi. Execution by my very good design friends.

Zombie-Header-Eloqua

They shuffle mindlessly through the halls; satiating an unquenchable thirst for bandwidth off the corporate WiFi and gurgling a unison mantra for eeeeeemail and aaapps. They are your employees and they have been infected by the alluring glow of their smartphones and tablets .

The only thing standing between enterprise data security and the BYOD apocalypse is you – the IT Hero. And here are your weapons of survival!

MaaS360 Productions Proudly Presents
The BYOD Survival Zone

Starring 

BYOD_meaty_resources

MARVEL at meaty resources and templates field tested against the most gruesome of BYOD attacks!!!!

BYOD_bloody_good_reads

BASK in the bloody blogs boasting beat downs of BYOD infractions!!!!

 BYOD_terror_tubes

TURN-ON the terror tubes of m-zombie demise!!!!

BYOD_stories_of_survival

CHASE down the chilling case studies chastising the unchaste of BYOD!!!!

iOS 7 – Helping Business Quit CrackBerry

While BlackBerry has been on a downward spiral since the first touch devices started to hit the market, events over the past few weeks seem to have taken the company that first inspired our love of all things mobile from on-the-ropes to down-for-the-count.

blackberry-death-smallThe first crushing blow came from the news of the “king of tiny keyboards” opening up the doors for sale: a 4.7 billion dollar cry for salvation from lackluster BB Z10 sales that was exacerbated by market fervor for Apple’s new darlings, the iPhones 5S and 5C.

Next came Gartner analyst Ken Dulaney’s ominous advice, “Gartner recommends that our [BlackBerry enterprise] clients take no more than six months to consider and implement alternatives to BlackBerry. We’re emphasizing that all clients should immediately ensure they have backup mobile data management plans and are at least testing alternative devices to BlackBerry.”

Despite the popularity of iOS and Android devices, BlackBerry has been a dominant force in security-conscious industries like finance and government. With BlackBerry’s tenuous future, can these or any industry afford to sit on their hands and wait for BES support to just go dark? Quite simply, no, they can’t. The productivity boons that come from smartphones and tablets have become a matter of course for getting things done whether part of a corporate owned program (COPE) or as part of a Bring Your Own Device (BYOD) program. So what’s the alternative to keep the wheels of mobile productivity moving while ensuring the same lock-tight security that was offered by BlackBerry?

iOS 7 & Mobile Device Management – Soothing the CrackBerry DTs

While the physical keyboard has gone the way of the dinosaur, the other benefits offered by the BlackBerry experience—like native OS security and isolation of corporate data—have taken exponential leaps forward with iOS 7 and Mobile Device Management (MDM) solutions.

The walled-garden of Apple apps and lack of fragmentation have made it the corporate go-to choice for mobility especially with the rise of BYOD, but BlackBerry was still a favorite for organizations that wanted that small extra level of security and control of corporate data.

Recently, Fiberlink held iOS 7 Webinars (Part 1 & Part 2) to introduce the enterprise-features available in the updated operating system. With these changes comes the extra assurance for IT, compliance, and legal that they will maintain the same levels of control and security they found in the days when BES reigned supreme.

A few business-ready features include: 

  • Open In Management: Control data leaks from corporate apps, documents and accounts with MDM right out of the box.
  • Per App VPN: Enable your managed apps to securely connect to corporate networks and information.
  • Volume Purchase Program (VPP): Save money by retaining full ownership and control over VPP licenses of apps and books when users no longer need them.
  • MDM enrollment Options: Includes a number of new commands, queries, and configuration options that make third-party MDM solutions even more powerful.
  • Enterprise Single Sign On (SSO): Enable authentication into corporate apps just once, making it easier for your users to be more efficient and productive.
  • Third-Party App Data Protection: Leverage encryption of app data automatically using the user’s passcode to create a strong and unique encryption key.

Further control can be found in the implementation of the right MDM solution—one that can support iOS and Android and handle your legacy BlackBerry devices until they are phased out. Some control features include:

  • Touch ID Control: Turn on/off fingerprint unlocking and report whether it is enabled on a device.
  • Silent App Install: Automatically install apps on supervised devices.
  • Report on Activation Lock: Know when Activation Lock in Find My iPhone is enabled (used as a theft deterrent) locking a device to the user’s Apple ID.
  • Personal Hot Spot Control: Turn on/off personal hot spot provided through a carrier and report whether it is enabled on a device.

The final piece of the security puzzle can be found in container solutions that provide a dual persona experience, like the MaaS360 Secure Productivity Suite. With these capabilities in place, all corporate emails, documents and apps with access to network resources are held within a “sandboxed” environment to control the movement of data and avoid leaks.

While BlackBerry devices may linger for a little while longer, business is run on planning. You need to know what tomorrow will bring so you can avoid any unnecessary downtime.

Don’t Get Thrown Under the Omnibus: 5 Healthcare BYOD Considerations

sad-doctorIn 1996, when the Health Insurance Portability & Accountability Act (HIPAA) was enacted, most medical records had yet to make the transition from analog to digital.

Now, almost twenty years later, manila folders are lumbering towards the La Brea Tar Pits, while digital medical information is now consumed on devices as stationary as desk-tops to untethered smartphones and tablets. With this turn in technology comes a greater need to enforce HIPAA compliance – enter Omnibus.

Omnibus Fines Could Cripple a Medical System

The efficiencies offered by instant access to data at patient bedsides are numerous. The data dangers however, especially in light of Omnibus’ tenets of increased accountability and increased fines, rightfully make IT wary of this open accessibility especially when Bring Your Own Device (BYOD) is factored into the equation.

Omnibus Red Flags for IT Include: 

  • Strengthening the privacy and security protection for individuals’ personal health information (PHI).
  • Modifying the Breach Notification Rule for Unsecured Protected Health Information, putting in place more objective standards for assessing a health care provider’s liability following a data breach.
  • Increasing penalties for noncompliance based on the level of negligence, with a maximum penalty of $1.5 million per violation.
  • Strengthening the privacy and security protection for individuals’ personal health information (PHI)
  • Holding HIPAA business associates to the same standards for protecting PHI as covered entities, including subcontractors of business associates, in the compliance sense.

Naturally there’s much more inside Omnibus’ voluminous 563 page legislation, but these points alone should give IT administrators pause for concern where mobility is concerned.

Imagine if you will Dr. Mal Practice, an avid Twitter user. What happens when the good Doctor means to Twitpic a shot of his kids and instead shares the picture of a patient’s rash? That’s an Omnibus violation.

What about when the good Doctor leaves his iPad at the lunch table with no lock and no passcode? A multi-million dollar violation bill when we remember that each small piece of data shared is its own separate infraction.

The disaster scenarios go on and on. However, protection measures can be summed up in a much tidier fashion.

Omnibus Necessitates IT Visibility & Management

A combination of policy and technology are the bedrocks for Omnibus compliance. Use these five simple steps to start discussions in your organization.

Policy Making: No mobility strategy, regardless of industry, will be effective without customized and well-informed policy and enforcement structures. Healthcare providers should first make an exhaustive list of all support, security, compliance, productivity and monitoring processes that will need to be covered, and then establish a firm set of rules.

Multi-Device & OS Support: No two devices are managed the same…withoutmobile device management (MDM) that is. Android’s fragmentation and Apples’ recent iOS7 release mean BYOD devices could run a wide gamut of manufacturers and operating systems. With MDM, Healthcare IT can manage all device types and operating systems from one common console. Also, operating systems can be enforced with MDM policies to stop updates until IT is sure the OS will integrate with corporate systems and custom apps.

Passcode Enforcement: This one seems simple enough, but many organizations are still deploying soft passcodes or none at all. Data from Fiberlink shows Healthcare is ahead of other industries, but there is still a long way to go. With mobile device management, IT can enforce passcode length and complexity on any device in the ecosystem.

App & Content Management: You can’t have a mobility discussion without exploring the apps and content being accessed by doctors, nurses and staff. With MDM, mobile application management (MAM) and content management, IT can facilitate the distribution of apps and content to ensure only the right individuals or groups receive access to what they need.

Separation of Work and Play: Many healthcare organizations are seeing the need for a hard line to be drawn between work and personal data on mobile devices. Dual-Personal or containers keep information for work separate from the consumer based information sieves that live on most tablets and smartphones. Containers can also be used to control how users interact with data, blocking functions like cut & paste gives an extra measure of protection against patient information making its way on to the internet and personal emails.

How have you prepared for Omnibus? Share your best-practices in the comments section.