Tag Archives: Enterprise Mobility Management

The Declaration of Mobile Independence and Data Bill of Rights

Originally published by Rob Patey on IBM Securityintelligence.

Mobile Security Freedom As I was celebrating the birth of America’s freedom this July Fourth, I sparked a firecracker for the fact that I was able to use my tablet to take a meeting in a place where the Fourth of July is just another day of the week.

 

I was offered a stay of execution from the team, but an hour of my time was a small sacrifice, especially since the entire event took place on my iPad and mobile phone from my back porch.

About one-and-a-half scores ago, I remember waving a sparkler at Newark Liberty International Airport as my father headed off to Sweden for a meeting on July 5. The tablet, smartphone and the manifest destiny of last-mile broadband reaching fruition allowed me to turn off Harry Chapin’s “Cats in the Cradle” and spend time with my family watching fireworks once the meeting was finished.

This affordability — having the right device for the job at a time when I need to use it and from wherever I please — wasn’t a freedom simply handed to me. Like any great leap forward in liberation, battles were fought and accords of acceptable use had to be established between employee and employer.

As I recount some of this ancient mobile history and the hallmarks of security, productivity and mobility that resulted from them, I know some of you are going through these trials and tribulations right now. May you avoid the missteps of the past and join all of us forefathers (and mothers) for the next data deluge on the shores of the Internet of Things (IoT).

Freedom Is Never Free, Especially in Mobility

Before anyone can truly decry independence, mobile or otherwise, an upheaval from the status quo is required. An assist from France bolstered America’s liberation, and a few years later, the Bastille was taken by bayonets — not baguettes.

Since the first smartphone could sync with Active Directory, the already beleaguered IT group from the BlackBerry bonanza of the early 21st century showed rightful resistance to employee presumptions on data access. Just because you can, doesn’t mean you should. The email policy was born, and business leaders furiously rubbed rabbit feet for luck in hopes this would be enough to keep employees secure and satisfied.

It didn’t work. And today it really doesn’t work, but we’ll get there in a minute.

Mobile device management (MDM) offered the treatise of device choice balanced with one-window control. MDM became especially vital in the famous battle of bring-your-own-device (BYOD). Without the device and OS agnosticism of MDM and mobile app management (MAM), we might all still be in a state of technological dissemination without user representation.

Freedom from the confines of the office was finally won with the understanding that privacy can be maintained without completely obfuscating the view of IT. Now, policy can be crafted with a preamble of independence for both sides of technology enablement:

When in the course of business events, it becomes necessary for the enterprise to act as one people to dissolve inefficiencies that have disconnected them from each other and corporate data, and respect the freedom of choice to work on the equipment deemed best by the workers actually producing the work.

We hold these truths of mobile productivity to be self-evident, that all devices are created equal, that they are to be enabled by IT with rights to the same data as laptops and desktops and, finally, that usability is held in equal balance with security.

Mobile Independence Is a Privilege Governed by Data Rights

As devices grew more powerful, more expensive and more diversified with tablets and wearables, the concept of BYOD became more palatable to IT. However, these new abilities required more granular ways to control the data flowing in. Transient workers requiring two mailboxes on one device turned to containers. File shares could also live separated from device-level controls along with secure Web browsers and a host of other features that fulfilled a manifest destiny of productivity even when in transit. Enterprise mobility management (EMM) is the current term to define this broadening of devices, data, apps and access to devices.

One mobility program of enabling and securing endpoints, under one management pane of glass, giving mobile liberty to all.

Like the expansion of the United States, now that the mobile device has open freedom across this broad landscape of enterprise data, the CSO (or any level of security really) is a quintessential player in ensuring an uninterrupted flow of information. Mobile threat management (MTM) is how security can reach this new land. With MTM as part of a larger EMM solution, securing in-house and third-party apps from malware, advance jailbreaking or rooting rules and opening the way for seamless single sign-on access to all facets of the device becomes a reality.

The Mobile Bill of Rights

Historically, the Fourth of July isn’t about the Bill of Rights, but I beg a bit of patriotic poetic liberty to hopefully offer the foundation for your mobile liberation:

  1. Free speech, text, mail, files and access on any mobile device or endpoint, if and only if employees respect corporate data on those devices being managed through some form of endpoint and mobile security.
  2. The right to bear BYOD, without abstention from IT: When a personal device is compromised, IT will still act to triage the security of data on that device. Likewise, when apps or access to internal networks are needed, IT shall enable those services to ensure expedience in delivery and integrity of data delivery.
  3. No employee shall willingly quarter malicious material on devices. If workers want to root or jailbreak to experiment with a cool new app or some OS-level optimization, the device is unable to accept corporate data until it is back in compliance.
  4. Device privacy shall be respected by IT. Yes, MDM and security tools give IT a look at device activity, but IT is not reading emails, texts or other personal material. I always balk at this EMM because if IT wanted, they could have been reading our emails for years now — but they don’t. With MDM, they can’t, and still this wild conspiracy permeates the cube farm.
  5. Mobile security is not a witch-hunt or an indictment on how employees spend their free time in the wide world of apps. Personal information remains off the table in mobile freedom.
  6. In light of a breach, theft or toddler who will only be calmed down by tapping away on your tablet, employees should expect a speedy lock, block, selective wipe or reset of the device to keep data safe.
  7. There is one set of rules governing acceptable mobile use and data delivery. A recent study titled “Why Is App Security Escaping Development?” showed 40 percent of in-house-developed apps are leaving the enterprise without the most basic security. This is an effort to stay competitive and meet the harsh deadlines necessitated by our new global economy. It will also prove foolhardy as black hats become more aware of these sieves in the corporate data structure.
  8. Excessive bailing on enrollment in mobile security programs shall not be coddled by IT. Yes, mobile security apps take up space on a phone or tablet. But not only is it worth it for the enterprise, it’s vital.
  9. IT enablement is just beginning and shows no signs of ending. If anything, it’s growing larger. Employees have simply gained new freedoms with device selection; the true business enablement of this world is squarely on the shoulders of IT and security teams.
  10. Mobile device and data access requires us all to think a little more wisely. Departments, work groups and individual workers should not seek out IT for every little issue with a phone glitch or tablet phantom turn-off. At a certain point, we all need to understand what is business and what is personal on our home screens. IT should not be charged with helping employees access their July Fourth barbecue pictures, just as an employee should never be given a Wi-Fi password on a sticky note and told, “Good luck.”

 

Philly Phorum ’14 Panel: Mobility as an Engagement Enabler

philly Phorum '14 keynoteOn April 10, digital strategists gathered at the World Café Live in historic Philadelphia, Pennsylvania, to explore the next wave of customer engagement using emerging digital technologies.

Fiberlink, an IBM company, was honored to host the first panel, “Mobility as an Engagement Enabler.” During this hour-long discussion, digital strategists from four diverse industry sectors shared their current mobile strategies and plans for future prosperity with mobile personalization driven by big data.

Moderator Joseph N. DiStefano, Business Reporter for the Philadelphia Inquirer, kicked off the panel by discussing his years watching mobility evolve from a second to first-screen experience. Joe then introduced

  • Scott Snyder Ph.D. – President and Chief Strategy Officer, Mobiquity
  • Michael Kinzly – Director of Business Solutions, WaWa
  • Joe Portale – Chief Technologist, Mobility Solutions, Lockheed Martin
  • Roy Rosin – Chief Innovation Officer, Penn Medicine

If You Build It, They Won’t Necessarily Come (or stay long)

The panel started with a serious and sobering fact: 70% of apps are deleted after sixty days. The chief culprits of this massive “app”bandonment are lack of clear long-term benefit to the consumer and failure to embrace emerging technologies. One new software update to a mobile OS can turn today’s darling into tomorrow’s frustrating and glitchy mess.

Snyder of Mobiquity delivered another revelation—the building of an actual app is only 20-30% of the work. Meaning, most organizations are still only at the beginning of their mobility journey. The next leg of this adventure will involve true personalization of apps powered by disparate systems feeding in a multitude of data sources.

The Convergence of BIG Data on Mobile

So, just how are these digital pioneers tethering BIG data and mobile?

WaWa: This all-in-one convenience store for everything from gas to grilled chicken salads has aggregated mountains of data from its customer purchases over the years, but only in the aggregate sense. Since the company prides itself on the consumer coming first, they have respected buyer privacy by never tracking purchases at the individual level. In the age of personalization though, there comes a time when consumers must share some information about themselves for a finely tailored shopping experience. To that end, WaWa is currently developing an app that will let customers choose whether the want to share their favorite items back with the organization.

Lockheed Martin: A company known on first blush for aeronautics, Lockheed actually serves a multitude of markets with mobility on their minds. Portale shared a scenario of battlefield logistics, where data and devices can become the Patton of the new millennium providing real-time field positions of troops and enemy combatants.

Penn MedicineThe focus of apps and mobility in medicine is being forged on two fronts. On one side, healthcare providers like Penn are using apps as community builders amongst patients to share their thoughts on treatment practices, connect with other patients, and offer a direct conduit to caregivers. Moving into the bleeding edge and integrating big data, technologies from companies like Proteus Data Health are enabling smart pills that give off signals to smarter devices so dosages and frequency are all meticulously monitored.

Protecting Privacy and Securing Endpoints

The conversation concluded with some words of caution regarding privacy and protecting data leaks.

Privacy has been an online concern since the first cookie was placed during a browsing session. Unfortunately, though the volumes of data being collected have increased over the years, privacy practices have remained fairly static. According to Snyder, privacy policies will need to be more fluid in our mobile future. A trust relationship will have to be built over time with users willing to relinquish more information as providers show true value to end users for the use of this precious information.

The security of mobile data is another crucial concern. For years the conversation around protecting mobility has been relegated to IT control of devices. As wearable and even consumable data collection points become the norm, we will need to think beyond device protection and even app safeguarding. The answer is a complete enterprise mobility management strategy that considers device end points, apps and data as one ecosystem that can all be monitored, managed and secured.

Android Acceptance Accelerates in Enterprise BYOD [STATS]

IT departments have had a love/hate affair with Android since the first time the Google’s Green Guy raised his antennae: they loved the devices for themselves, while loathing the idea of end-users having access to such and open and flexible mobile OS.

In the early days of mobility, this fear of Android was a good survival instinct for these warriors of the firewall frontline. No forced email encryption…an App store rife with nefarious blackhats trying to capture data…and more fragmentation than a jigsaw puzzle when it comes to device type and OS version were all strong signs for IT to beware.

Android-enterprise-KingToday, management tools for mobility have assuaged those initial techie trepidations to make Android smartphones and tablets a viable entrée for enterprise palpability that can sit right beside Apple’s iOS. Recently, Fiberlink, an IBM company, scoured the millions of devices currently being managed by their Enterprise Mobility Management solution, MaaS360, to see just how Android is enabling enterprise mobile productivity.

Smartphones Smolder Tablets

When looking at all Android usage across MaaS360’s platform, smartphones trump tablets 84% to a paltry 16%. This stat isn’t really rife with surprise since email is the original killer app and since leaving behind the dark days of 2.0 the OS has become infinitely more secure.

However, IT still needs to be wary. Even though the Android OS lives in a 4.0 world, many users have yet to leave behind their elder operating systems for fear of change (and updating a slew of apps and other logins). This requires IT to use some form of Mobile Device Management to get these OS laggards up to current standards using policy controls for security and mobility management sanity.

 Samsung: Android’s Enterprise Savior

Device diversity has always been a hallmark of the Android OS. It’s this wide stratum between high-end and more affordable manufacturers that has made Android the clear consumer choice across the globe.

Currently the Android device leaders in the enterprise consist of:

Top 5 Android Manufacturers Managed by MaaS360 MDM

The top 5 make up 90% of all Android devices in the enterprise, and include:

  • Samsung: 56%
  • Motorola: 22%
  • HTC: 8%
  • LG: 2%
  • Asus: 2%
  • Other: 10% (Amazon, Huawei, Sony, CASIO, Pegatron)

While a short list, it’s broad enough that IT seriously needs to take a minute when considering BYOD programs allowing Android devices. Despite sharing the same “engine” each of these devices are very different under the hood. To make an impact in the market, all of these devices share their own unique features and custom baked apps that IT must decide either to allow or block until work is over. From the useful Samsung SAFE feature to less than useful bloatware beleaguering other devices, all features must be part of an enterprise mobility planning conversation.

The diversification of Android is only going to continue if the rumor’s flying out of Mobile World Congress 2014 hold any credence. With the Nokia X Window’s skinned device Android device representing the low end of the market and Samsung’s possibly waterproof, iris scanning S5 feature bonanza at the high end, the Android management challenge for IT will only increase in 2014. Fortunately, Mobile Device management solutions have also evolved in line with devices, experiencing their own evolution from simple device watchdog programs to fully enabled Enterprise Mobility Management protecting devices, apps and content.

BYOD Still Risky Business for Enterprises

Mobile connectivity and Bring Your Own Device (BYOD) continue to grow at an explosive rate for the modern company. Sadly though, much of this connectivity is happening outside the view of IT and the security office.

Survey Says

risky-busines-smallestIn a recent survey sponsored by Harris Interactive and Fiberlink, over 2,000 working US adults were asked if they use their personal smartphones and tablets for work activities. Not surprising was that 51% said yes. What was surprising and frankly disconcerting for IT and their information security cohorts, is that many of these workers are treating company data as recklessly as they would a soccer schedule or recipes.

For example, among employees who use mobile devices for work (either their own or employer-issued), the survey showed:

  • 25 percent have opened/saved a work attachment file into a third-party app (e.g., QuickOffice, Dropbox, Evernote).
  • 20 percent admit to having cut/pasted work-related email or attachments from company email to their personal email accounts.
  • 18 percent say they’ve accessed websites that are blocked by their company’s IT policy.

These numbers become even more startling when the survey also revealed that less than one-half of 1% of users has any level of corporate security installed on their devices.

The chances of a malicious attack are slim (for now), but accidents happen every day on devices as we evolve from using our thumbs over our index fingers. One wrong swipe and an employee has now shared sensitive financial data on Facebook or pinned schematics on Pinterest.

Light at the End of the Tunnel

To protect devices entering the workplace, solutions like Enterprise Mobility Management for device, app and content security can help IT gain tighter controls without sacrificing the true freedom of BYOD.

In addition Dual-Persona offerings, like MaaS360’s Secure Productivity Suite, keep all work and personal information separate. IT sets the security policies like passcode strength and sharing options like to “cut and paste, or not to cut and paste.” With these controls in place, all mobile data adheres to overarching corporate security policies and stringent regulatory concerns for industries like healthcare, financial and public sector.

“Hmmm, I don’t think my employees would go for that.” Not so fast, when asked in the survey over 61% said they were somewhat likely to support IT assistance with security as long as they could keep using their own device.

If you choose not to support smartphones and tablets, our survey clearly shows people will find a way to connect WiFi and email regardless. If you are supporting mobile device connectivity without enterprise mobility management, be ready for the inevitable, not probable, data leakage event.

Google Glass – Spare the Hate and Spoil the Promise

By Rob Patey

It’s human nature to fear the unknown. While a few brave pioneers will valiantly traverse unchartered waters, as a whole our species will pick up pitchforks versus embracing that which is new and different. Case in point; Google Glass. The wearers already have derogatory terms in place, Tumblr sites are already showcasing demographic disparities in its wearers, and everyone has written off this moonshot project before it has even hit the Launchpad. I’m offering a different answer. Even if Google Glass sputters before it gets out the door; let’s look at the elements of this baby before we toss it out with the bathwater.  

Google Glass  – Our new PC, Not Frankenstein

Google GlassWhen Google Glass started hitting the streets recently, the Internet responded as it often does. Fear, chiding and a slew of puns have already become some of the top searches for life’s little Heads-up-Display (HUD).  I won’t say Google Glass is perfect, but show me any pioneering technology that hits a homerun on the first pitch? It took a few Apollo flights to get to the moon. The PC didn’t make it to every desk until long after its inception, and despite the information sharing benefits of social media there is still a wide world of naysayers who simply find it a waste of time. Sure Google Glass has some problems in functionality and design, but that’s today. Instead of simply writing off this technology I would like to play an optimistic game of “what if” to imagine what Google Glass could be.

Data Hands Free, for Every Industry

No matter how slick the new iOS 7 interface looks or how gargantuan Samsung makes its next Android devices; there is still that persnickety problem of having to actually hold the device and avert your eye focus to look at the screen. This archaic way of getting information takes away a necessary appendage (possibly two depending on how small your hands are and how big your smartphone is) and can be a frustrating exercise in swipe sizing information so it can be seen clearly.

Yes, Google Glass has induced a few headaches, but it’s hard to deny that this perfect positioning of all life’s information will let you keep your hands free for say:

  • Healthcare: Imagine a world where a surgeon can keep their eye on the insides of the patient, but with a quick glance up get all vitals and any research needed to make things run smoother. I’m not condoning that anyone should multi-task during pivotal life moments, but the “dual-screen” approach to information gathering has already proven beneficial.
  • Manufacturing: Real-time information from Supply Chain Management systems have already replaced the human eye for inventory control and productivity efficiencies. With Google Glass though, a floor manager can keep their eyes on the actual floor and dashboards at the same time allowing for a perfect integration of real-time reaction to any data streaming in from information systems.
  • Education: Teachers have always wanted eyes in the back of their heads, but with Google Glass you omit the need to turn around. Currently teachers are using iPads and Android tablets to obliterate the need for a chalkboard with Educational Apps that deliver problems directly to students’ devices. In the Google Glass world the teacher won’t even have to look down to distribute the geometric equation or administer a poll about the Presidents. Answers will come back in real-time and will ensure full participation – even from the kids trying to hide in the back of the room.

IT – Google Glass’ First Frontier

All of this prognosticating will take time. Not a lot of time, but certainly a few years since Glass is still in its Beta infancy. Short term usage and rewards are here though, and they seem to come from the most likely of places – the lovers of all things Bleeding Edge, IT.

frank_S_google_glassFiberlink, the leader in cloud-based enterprise mobility management (EMM), announced that its MaaS360 platform supports the ability to monitor a mobile IT environment and perform administrative actions directly through Google Glass. The leader in Mobile Device, app and doc management even has a pair on site.

“Google Glass is a great example of how IT can adopt innovative technology to enhance the management and enablement of the mobile workplace,” said Frank Schloendorn, Google Glass test driver and director of Android ecosystem at Fiberlink. He continued, “The freedom to take action on the go and help someone at any time, all by looking through Google Glass, is an amazing experience. It’s just plain cool.”

Google Glass isn’t an immediate problem solver, but rather a window of pure evolutionary potential that further breaks the barriers in human and machine interactions.