Tag Archives: MDM

The Declaration of Mobile Independence and Data Bill of Rights

Originally published by Rob Patey on IBM Securityintelligence.

Mobile Security Freedom As I was celebrating the birth of America’s freedom this July Fourth, I sparked a firecracker for the fact that I was able to use my tablet to take a meeting in a place where the Fourth of July is just another day of the week.

 

I was offered a stay of execution from the team, but an hour of my time was a small sacrifice, especially since the entire event took place on my iPad and mobile phone from my back porch.

About one-and-a-half scores ago, I remember waving a sparkler at Newark Liberty International Airport as my father headed off to Sweden for a meeting on July 5. The tablet, smartphone and the manifest destiny of last-mile broadband reaching fruition allowed me to turn off Harry Chapin’s “Cats in the Cradle” and spend time with my family watching fireworks once the meeting was finished.

This affordability — having the right device for the job at a time when I need to use it and from wherever I please — wasn’t a freedom simply handed to me. Like any great leap forward in liberation, battles were fought and accords of acceptable use had to be established between employee and employer.

As I recount some of this ancient mobile history and the hallmarks of security, productivity and mobility that resulted from them, I know some of you are going through these trials and tribulations right now. May you avoid the missteps of the past and join all of us forefathers (and mothers) for the next data deluge on the shores of the Internet of Things (IoT).

Freedom Is Never Free, Especially in Mobility

Before anyone can truly decry independence, mobile or otherwise, an upheaval from the status quo is required. An assist from France bolstered America’s liberation, and a few years later, the Bastille was taken by bayonets — not baguettes.

Since the first smartphone could sync with Active Directory, the already beleaguered IT group from the BlackBerry bonanza of the early 21st century showed rightful resistance to employee presumptions on data access. Just because you can, doesn’t mean you should. The email policy was born, and business leaders furiously rubbed rabbit feet for luck in hopes this would be enough to keep employees secure and satisfied.

It didn’t work. And today it really doesn’t work, but we’ll get there in a minute.

Mobile device management (MDM) offered the treatise of device choice balanced with one-window control. MDM became especially vital in the famous battle of bring-your-own-device (BYOD). Without the device and OS agnosticism of MDM and mobile app management (MAM), we might all still be in a state of technological dissemination without user representation.

Freedom from the confines of the office was finally won with the understanding that privacy can be maintained without completely obfuscating the view of IT. Now, policy can be crafted with a preamble of independence for both sides of technology enablement:

When in the course of business events, it becomes necessary for the enterprise to act as one people to dissolve inefficiencies that have disconnected them from each other and corporate data, and respect the freedom of choice to work on the equipment deemed best by the workers actually producing the work.

We hold these truths of mobile productivity to be self-evident, that all devices are created equal, that they are to be enabled by IT with rights to the same data as laptops and desktops and, finally, that usability is held in equal balance with security.

Mobile Independence Is a Privilege Governed by Data Rights

As devices grew more powerful, more expensive and more diversified with tablets and wearables, the concept of BYOD became more palatable to IT. However, these new abilities required more granular ways to control the data flowing in. Transient workers requiring two mailboxes on one device turned to containers. File shares could also live separated from device-level controls along with secure Web browsers and a host of other features that fulfilled a manifest destiny of productivity even when in transit. Enterprise mobility management (EMM) is the current term to define this broadening of devices, data, apps and access to devices.

One mobility program of enabling and securing endpoints, under one management pane of glass, giving mobile liberty to all.

Like the expansion of the United States, now that the mobile device has open freedom across this broad landscape of enterprise data, the CSO (or any level of security really) is a quintessential player in ensuring an uninterrupted flow of information. Mobile threat management (MTM) is how security can reach this new land. With MTM as part of a larger EMM solution, securing in-house and third-party apps from malware, advance jailbreaking or rooting rules and opening the way for seamless single sign-on access to all facets of the device becomes a reality.

The Mobile Bill of Rights

Historically, the Fourth of July isn’t about the Bill of Rights, but I beg a bit of patriotic poetic liberty to hopefully offer the foundation for your mobile liberation:

  1. Free speech, text, mail, files and access on any mobile device or endpoint, if and only if employees respect corporate data on those devices being managed through some form of endpoint and mobile security.
  2. The right to bear BYOD, without abstention from IT: When a personal device is compromised, IT will still act to triage the security of data on that device. Likewise, when apps or access to internal networks are needed, IT shall enable those services to ensure expedience in delivery and integrity of data delivery.
  3. No employee shall willingly quarter malicious material on devices. If workers want to root or jailbreak to experiment with a cool new app or some OS-level optimization, the device is unable to accept corporate data until it is back in compliance.
  4. Device privacy shall be respected by IT. Yes, MDM and security tools give IT a look at device activity, but IT is not reading emails, texts or other personal material. I always balk at this EMM because if IT wanted, they could have been reading our emails for years now — but they don’t. With MDM, they can’t, and still this wild conspiracy permeates the cube farm.
  5. Mobile security is not a witch-hunt or an indictment on how employees spend their free time in the wide world of apps. Personal information remains off the table in mobile freedom.
  6. In light of a breach, theft or toddler who will only be calmed down by tapping away on your tablet, employees should expect a speedy lock, block, selective wipe or reset of the device to keep data safe.
  7. There is one set of rules governing acceptable mobile use and data delivery. A recent study titled “Why Is App Security Escaping Development?” showed 40 percent of in-house-developed apps are leaving the enterprise without the most basic security. This is an effort to stay competitive and meet the harsh deadlines necessitated by our new global economy. It will also prove foolhardy as black hats become more aware of these sieves in the corporate data structure.
  8. Excessive bailing on enrollment in mobile security programs shall not be coddled by IT. Yes, mobile security apps take up space on a phone or tablet. But not only is it worth it for the enterprise, it’s vital.
  9. IT enablement is just beginning and shows no signs of ending. If anything, it’s growing larger. Employees have simply gained new freedoms with device selection; the true business enablement of this world is squarely on the shoulders of IT and security teams.
  10. Mobile device and data access requires us all to think a little more wisely. Departments, work groups and individual workers should not seek out IT for every little issue with a phone glitch or tablet phantom turn-off. At a certain point, we all need to understand what is business and what is personal on our home screens. IT should not be charged with helping employees access their July Fourth barbecue pictures, just as an employee should never be given a Wi-Fi password on a sticky note and told, “Good luck.”

 

Dr. Sleuth EastHammer Explains Dating Apps, Mobile Security, Grumpy Cat Profiling

Dating apps can be as dirty as the real tricks of dating, but they tell us more about people than a silly Sharepoint portal. How can dating app info be leveraged for awesome IT efficiency? Dr. Sleuth EastHammer has the answer…ish.

Students Twitter “#H8MDM StooPid MaaS360”: Educators Smirk in Sadistic Joy

Philadelphia PA – September 24 2014 – As students return for the fall semester with their iPads and Androids in tow, they’re noticing a very different mobile experience as they cross into the geofenced mobile safe zone now surrounding their school or university. 

Student Saddened by MDMThis location based force field offered by MaaS360 mobile protection ensures that when students want to use school resources for WiFi, App downloads and receiving lesson plans from teachers, they are doing so through the guided security of Mobile Device and Data Management.

And boy, are these kids pissed.

Twitter was rife with a flurry of putrid teen spirit as students found that within school systems, MaaS360 was now acting as a gatekeeper between twitter frittering away their days. However, once the school day was over and the security policies were lifted, #H8MDM began to trend with: 

‏‪@2plus2equalscarrot 5h
Maas360 is so stoopid, no more #minecraft in history

‪@MagikMaster765 2d
#H8MDM H8MaaS360 H8PARENTS FOR SELLING OUT MY PHONE

While we did not get a direct quote from MagikMaster765, his outrage against his parents is most likely indicative of the countless notices sent by schools before requesting an MDM enrollment, and the constant chiding from parents who read these notices and then tried desperately to communicate with a creature whose brain is still clearly in the very early stages of development.

Kids Outraged by Mobile Security, Educators Hopeful to Start Living Past Age 46 

Mike Cumstein, IT Administrator at Dan Quayle Junior High, had this to say about the first two tweets, “Did you know I was once suspended for wearing a Pac-Man watch to school. We’re telling the kids, they simply need to focus on school apps and you know…school, while in school. Our WiFi is not here to build your library of Arina Bieber mashups.” “On the other tweet, we started preparing for MaaS360 to handle our mobile security and app/content distribution at the end of last school year. We communicated then what we were doing in emails and message boards and continued to communicate right up until the day the kids received the text-message requesting enrollment. Here’s the thing that really makes me laugh though, they all accepted without having any clue what they were saying yes to. These kids jump into apps faster than our parents jumped into fishbowls to get a set of keys after eating fondue.”

More Mobile Security Features, More Twitter H8 from Students

shutterstock_151848722Mobile security on campuses, in businesses and any industry has evolved from pure mobile device management to encompass the entire mobile ecosystem. Features to protect and work on sensitive data has transcended this category to Enterprise Mobility Management with pure device controls for IT like block, lock and wipe becoming merely one facet of the bigger mobile enablement picture.

As other schools across the United States released deeper mobile controls with MaaS360, students responded with an almost righteous indignation towards violations of their rights. We asked Cumstein to provide a balanced IT perspective to separate truth from mere petulance.

‪@CauseImAppy 12 d
Cant chk FB in soc. MaaS360 says NO! #H8MDM

Cumstein’s Take: “Correct, MaaS360 can block apps by location with geofencing or even by time of day. Teachers noticed uploads of themselves on FB when they were in compromising positions, so we turned it off as well.”

‏‪@ClashOfCan 12 d
WTF MaaS360? Stop my camera from working? What I do to you?

Cumstein’s Take: “You need a camera for certain classes, others not so much. With MaaS360 security policies anyone can set up that kind of contextual security response.”

‪@2YearsTillGoldGrill 12d
WUSSUP w/ this (redacted)? Teaches sendin (redacted) homework to iPhone????

Cumstein’s Take: “Oh ya, content distribution and editing. We really want this one, but our teachers aren’t there yet from a lesson plan standpoint. But with Secure Content distribution all homework can be delivered, edited and then submitted by class, groups or student. Very cool stuff. What school district was it? Is that close to here?”

While the tweets continue, it has become eminently clear that once again children are incapable of fully understanding the world or any issues beyond their myopic scope of view. Fortunately MaaS360 is in place to at least govern mobile behavior until these future leaders and ultimate harbingers of our doom develop some level of self-actualization and empathy.

“The preceding press release is fictitious(ish). Real students have tweeted hatred for MDM, and I reflected those sentiments. No one endorses or approves this post except the part of my soul that received a cathartic release from expressing the sentiments of real people in real language without CorpSpeak.” 

Mobility Management 101: Talking Tech to Teachers & Staff

As schools and universities across the globe trade their textbooks for tablets and slide rules for smartphones, the IT staff of these institutions must rise to the challenge of protecting and managing these new endpoints of burgeoning knowledge.

To aid in this vital endeavor, Fiberlink, an IBM company, hosted a 1-hour Webinar to help translate common mobility management terms into staff and teacher speak . According to webinar hosts Frank Gentile and Tyler Hoy, education mobility specialists with Fiberlink, the toughest challenge facing IT in education is evangelizing the virtues of mobile device management, mobile app management and mobile content management to budget approvers and teachers within the school district.

Unlike other industries, educational organizations often rely on bootstrap resources to manage smartphones and tablets. There are even scenarios where there are no IT resources within a district, leaving teachers with the burden of managing a technology landscape that is still misunderstood even within the most erudite IT circles.

To find out just how many schools are currently contemplating mobility, the Webinar opened with a simple poll to determine the audience’s timeframe for mobile enablement. 40% of attendees were already in a pilot program for implementing mobile devices. Another 40% had plans to initiate a pilot program before the close of this school year, while the final 20% were ready to launch a program before the end of the current calendar year.

Mobile Policies Prevent “Running in the Halls”

School is as much about learning societal rules as it is about facts and formulas. With the proliferation of mobile communication and productivity applications, students would be wise to learn the mobile rules of conduct they will be expected to follow when they enter the workforce. Policies within a mobility management platform are those first lines of defense, just as a hall monitor stops kids from pushing and shoving their way to class.

According to the second Webinar poll, over 50% of attendees were not enforcing basic policy protection (like passcodes) or remediation for lost or stolen devices (like blocking or wiping a device).  To take the severity of the situation another step, policies also quickly enable access to WiFi, apps and school content. Some participants said they were relying on Apple Configurator to meet some of these needs, but the need to physically tether devices to a management console leaves little to no room for scalability. Also, this approach only addresses one OS, Apple. In a world where Android dominates the consumer market and schools look to cut costs by relying on Bring Your Own Device Programs, the Configurator model breaks down rapidly.

With mobility management solutions like MaaS360, all devices are enrolled into the system and configured over the air. This means with the push of one button, IT (or a teacher) can easily push a notification to students via SMS or email. Once a student hits “accept”(or whatever custom End-user Licence Agreement, or EULA, the school wishes to enforce), the device is enrolled and policies are enforced.

Now, not only are devices connected to network resources, but also the administrator now has a clear view of the school’s digital footprint. Device types, installed apps, OS types and versions are all easily accessible from the front-page watchlist. If a student tries to jailbreak or root the device, policies spring into action to place the mobile rapscallion in digital detention until they are back in compliance. Digital detention can also be used when passcode entries reach their limit or for devices not on the latest and greatest operating system version (or to keep devices on older OS versions until all the bugs are worked out in the latest and greatest).

Learning: There’s an App for That!

school-lockersIn actuality there are thousands of apps that can harness the power of young minds and further foster the teacher student relationship in the digital age. However, IT has struggled with the best way to distribute the apps they want on phones and control time wasters like Flappy Bird or Candy Crush.

Enter Mobile App Management. With this tool in place IT can blacklist (ban) or whitelist (allow) both public and custom developed apps. Another popular control model is Kiosk mode, while often used in retail environments for point of sale or inventory lookup, this mode can be customized to turn school owned devices into running just the apps set by IT.

Mobile Container: The School’s Cleanest Locker

For enterprising schools that want to reap the cost savings of Bring Your Own Device, a mobile container would be the wisest choice for true security.

The container acts as a partition keeping school email, documents, apps and even web browsing in a separate passcode protected space. Even school-owned devices can benefit from these controls especially from the perspectives of web access and content distribution. A safe internet playground is not only the norm these days for students at home it also allows schools to meet Child Internet Protection Act (CIPA) requirements with robust filters based on categories or specific URL blocking.

Also of security note: within the containerized document sharing environment schools can abandon free cloud collaboration tools like Dropbox and Google Docs for a private cloud alternative. This low-cost, but infinitely more secure, alternative facilitates permission controls, sharing and even editing of the most popular file types being used today.

For the final poll of the Webinar, Fiberlink asked attendees what part of mobility management was most pressing for their district. App management was the clear winner taking 50% of the votes, while over-the-air configuration, digital detention, content control and secure browser shared the rest of the votes.

Educating (and Monitoring) the Educators

While much of the webinar and following Q&A focused on the needs of students, Frank and Tyler were quick to mention the ability to bring teachers and staff into the mobility management fold. Since MaaS360 policies can be customized into groups, the rules for adults on campus can be more flexible than the rules placed on students while ensuring their devices that are carrying sensitive student records can be located, blocked or even wiped in an adverse event.

Savvy school budget and IT leaders are rapidly learning that mobile is a first, not second screen experience, requiring the same controls and safety measures as more archaic endpoints like laptops and desktops.  Mobile device management, mobile app management and mobile content management are questions of when, not if.

Tactile Touchscreens at CES 14 Bludgeon BlackBerry’s Last Bastion of Hope

Say what you will about BlackBerry, but there was always one saving grace for their devices – a tactile keyboard. This one simple feature of user experience kept many in the enterprise tapping away gleefully on these “bricks with clicks” despite fallacies from apps to…well…everything else…when compared to iOS and Android devices.

Now, Tactus technology has taken all of the teeth out of BlackBerry’s bite with the invention of tactile screens for all of today’s smartphones and tablets.

tactus tactile touchscreenYou CAN Touch This

Here’s how it works: Tactus adds a small polymer layer to the Gorilla Glass on tablets and smartphones that when activated by the user adds fluid stretching the surface with micro-fluids above the device’s A to Zs. While keyboards will be the first and prevalent use for this technology, Tactus can also elevate the gaming experience by making joysticks slip free as well as A & B buttons for the more serious mobile gamers.

Oh the Places Tactile Screens Can Go

Tactus unveiled their uplifting mobile experience at the 2013 Consumer Electronics Show (CES) in beta form. CES 2014 shows the technology ready for wide market adoption.

Let’s take a minute though to speculate what Tactus might be showcasing at CES 2015 and beyond, especially when it comes to transcending beyond the basics of business or simple consumer wants.

Healthcare: Fiberlink Communications, an IBM Company, saw a record number of hospitals and other healthcare organizations sign-up for their mobile device management platform MaaS360 in 2013. Doctors and nurses are foregoing hospital provided computers on wheels (COWs) and traditional laptops for the easier to use (and carry) smartphones and tablets. This was especially prevalent in nursing staff where Bring Your Own Device (BYOD) isn’t a luxury, but a necessity considering many are transitory between facilities.

Currently, many of these devices are simply being used to access medical records. However, as I recently learned at my dermatologist, the App market is exploding for medical devices. My mole mapping has transformed from being written down in sentences to being visually displayed on a cartoon of my body. One tap at a time the doctor was able to place my most suspect moles on a virtual figure of my frame. With Tactus technology the weight and density of each malicious spot could be displayed in startling 3-D accuracy.

Move forward a few more years and we could see raised buttons on screens become the console for performing robotic assisted surgeries that today require a Pac-Man size joystick. While the patients might find it disconcerting, doctors will appreciate the world of 2020 when they can do emergency surgeries remotely from their tablet.

Financial & Legal: How many email signatures have you seen apologizing for typos because a message was sent from a mobile device? For the financial and legal markets, there are no excuses for the famed fat fingering of information. In the beginning of the smartphone craze, email security was the main reason these industries shunned the hysteria for touch screens. Once email encryption became the norm though, there was still a leeriness to move away from BlackBerry because the touch keyboard ensured accuracy. When you are in an industry where the terminology isn’t standard in spell check, one must rely on themselves to write the right words. With Tactus technology, tort won’t be as easily changed to tortoise.

Retail: I’m stretching here a bit (pardon the pun), but I truly envision a tomorrow where the feel of these new tactile buttons will be able to be manipulated to finally bring bricks and clicks together in the virtual world. How many times have you loved an outfit online, only to have it arrive on your doorstep with a fabric that’s scratchier than Laura Ingalls Wilder wear. Wouldn’t it be a wonderful experience to actually feel the fabric before you add it to your cart?

Obviously we could extrapolate this technology to every industry if we just imagine: In education where phones could become a “Please Touch” museum on the go, or in manufacturing where again precision level joysticks could move human intervention on the assembly line to a lounge chair affair. Tactus is the advent technology we’ve wanted since the television entered our living rooms. For today the technology is a simple keyboard, with a little imagination though, Tactus has the potential to finally obliterate the virtual and physical divide.

Mobile Device Management Advertising – DONE REAL!!!!

Here’s a banner ad I conjured espousing the TRUTH about IT’s constant struggle to manage and secure smartphones and tablets in the enterprise.

If you have a Ralph, you definitely need some mobile device management (#MDM) to keep him (and the company) safe. 

#MDM Mobile Device Management

iOS 7 – Helping Business Quit CrackBerry

While BlackBerry has been on a downward spiral since the first touch devices started to hit the market, events over the past few weeks seem to have taken the company that first inspired our love of all things mobile from on-the-ropes to down-for-the-count.

blackberry-death-smallThe first crushing blow came from the news of the “king of tiny keyboards” opening up the doors for sale: a 4.7 billion dollar cry for salvation from lackluster BB Z10 sales that was exacerbated by market fervor for Apple’s new darlings, the iPhones 5S and 5C.

Next came Gartner analyst Ken Dulaney’s ominous advice, “Gartner recommends that our [BlackBerry enterprise] clients take no more than six months to consider and implement alternatives to BlackBerry. We’re emphasizing that all clients should immediately ensure they have backup mobile data management plans and are at least testing alternative devices to BlackBerry.”

Despite the popularity of iOS and Android devices, BlackBerry has been a dominant force in security-conscious industries like finance and government. With BlackBerry’s tenuous future, can these or any industry afford to sit on their hands and wait for BES support to just go dark? Quite simply, no, they can’t. The productivity boons that come from smartphones and tablets have become a matter of course for getting things done whether part of a corporate owned program (COPE) or as part of a Bring Your Own Device (BYOD) program. So what’s the alternative to keep the wheels of mobile productivity moving while ensuring the same lock-tight security that was offered by BlackBerry?

iOS 7 & Mobile Device Management – Soothing the CrackBerry DTs

While the physical keyboard has gone the way of the dinosaur, the other benefits offered by the BlackBerry experience—like native OS security and isolation of corporate data—have taken exponential leaps forward with iOS 7 and Mobile Device Management (MDM) solutions.

The walled-garden of Apple apps and lack of fragmentation have made it the corporate go-to choice for mobility especially with the rise of BYOD, but BlackBerry was still a favorite for organizations that wanted that small extra level of security and control of corporate data.

Recently, Fiberlink held iOS 7 Webinars (Part 1 & Part 2) to introduce the enterprise-features available in the updated operating system. With these changes comes the extra assurance for IT, compliance, and legal that they will maintain the same levels of control and security they found in the days when BES reigned supreme.

A few business-ready features include: 

  • Open In Management: Control data leaks from corporate apps, documents and accounts with MDM right out of the box.
  • Per App VPN: Enable your managed apps to securely connect to corporate networks and information.
  • Volume Purchase Program (VPP): Save money by retaining full ownership and control over VPP licenses of apps and books when users no longer need them.
  • MDM enrollment Options: Includes a number of new commands, queries, and configuration options that make third-party MDM solutions even more powerful.
  • Enterprise Single Sign On (SSO): Enable authentication into corporate apps just once, making it easier for your users to be more efficient and productive.
  • Third-Party App Data Protection: Leverage encryption of app data automatically using the user’s passcode to create a strong and unique encryption key.

Further control can be found in the implementation of the right MDM solution—one that can support iOS and Android and handle your legacy BlackBerry devices until they are phased out. Some control features include:

  • Touch ID Control: Turn on/off fingerprint unlocking and report whether it is enabled on a device.
  • Silent App Install: Automatically install apps on supervised devices.
  • Report on Activation Lock: Know when Activation Lock in Find My iPhone is enabled (used as a theft deterrent) locking a device to the user’s Apple ID.
  • Personal Hot Spot Control: Turn on/off personal hot spot provided through a carrier and report whether it is enabled on a device.

The final piece of the security puzzle can be found in container solutions that provide a dual persona experience, like the MaaS360 Secure Productivity Suite. With these capabilities in place, all corporate emails, documents and apps with access to network resources are held within a “sandboxed” environment to control the movement of data and avoid leaks.

While BlackBerry devices may linger for a little while longer, business is run on planning. You need to know what tomorrow will bring so you can avoid any unnecessary downtime.