Tag Archives: mobile security

The Declaration of Mobile Independence and Data Bill of Rights

Originally published by Rob Patey on IBM Securityintelligence.

Mobile Security Freedom As I was celebrating the birth of America’s freedom this July Fourth, I sparked a firecracker for the fact that I was able to use my tablet to take a meeting in a place where the Fourth of July is just another day of the week.

 

I was offered a stay of execution from the team, but an hour of my time was a small sacrifice, especially since the entire event took place on my iPad and mobile phone from my back porch.

About one-and-a-half scores ago, I remember waving a sparkler at Newark Liberty International Airport as my father headed off to Sweden for a meeting on July 5. The tablet, smartphone and the manifest destiny of last-mile broadband reaching fruition allowed me to turn off Harry Chapin’s “Cats in the Cradle” and spend time with my family watching fireworks once the meeting was finished.

This affordability — having the right device for the job at a time when I need to use it and from wherever I please — wasn’t a freedom simply handed to me. Like any great leap forward in liberation, battles were fought and accords of acceptable use had to be established between employee and employer.

As I recount some of this ancient mobile history and the hallmarks of security, productivity and mobility that resulted from them, I know some of you are going through these trials and tribulations right now. May you avoid the missteps of the past and join all of us forefathers (and mothers) for the next data deluge on the shores of the Internet of Things (IoT).

Freedom Is Never Free, Especially in Mobility

Before anyone can truly decry independence, mobile or otherwise, an upheaval from the status quo is required. An assist from France bolstered America’s liberation, and a few years later, the Bastille was taken by bayonets — not baguettes.

Since the first smartphone could sync with Active Directory, the already beleaguered IT group from the BlackBerry bonanza of the early 21st century showed rightful resistance to employee presumptions on data access. Just because you can, doesn’t mean you should. The email policy was born, and business leaders furiously rubbed rabbit feet for luck in hopes this would be enough to keep employees secure and satisfied.

It didn’t work. And today it really doesn’t work, but we’ll get there in a minute.

Mobile device management (MDM) offered the treatise of device choice balanced with one-window control. MDM became especially vital in the famous battle of bring-your-own-device (BYOD). Without the device and OS agnosticism of MDM and mobile app management (MAM), we might all still be in a state of technological dissemination without user representation.

Freedom from the confines of the office was finally won with the understanding that privacy can be maintained without completely obfuscating the view of IT. Now, policy can be crafted with a preamble of independence for both sides of technology enablement:

When in the course of business events, it becomes necessary for the enterprise to act as one people to dissolve inefficiencies that have disconnected them from each other and corporate data, and respect the freedom of choice to work on the equipment deemed best by the workers actually producing the work.

We hold these truths of mobile productivity to be self-evident, that all devices are created equal, that they are to be enabled by IT with rights to the same data as laptops and desktops and, finally, that usability is held in equal balance with security.

Mobile Independence Is a Privilege Governed by Data Rights

As devices grew more powerful, more expensive and more diversified with tablets and wearables, the concept of BYOD became more palatable to IT. However, these new abilities required more granular ways to control the data flowing in. Transient workers requiring two mailboxes on one device turned to containers. File shares could also live separated from device-level controls along with secure Web browsers and a host of other features that fulfilled a manifest destiny of productivity even when in transit. Enterprise mobility management (EMM) is the current term to define this broadening of devices, data, apps and access to devices.

One mobility program of enabling and securing endpoints, under one management pane of glass, giving mobile liberty to all.

Like the expansion of the United States, now that the mobile device has open freedom across this broad landscape of enterprise data, the CSO (or any level of security really) is a quintessential player in ensuring an uninterrupted flow of information. Mobile threat management (MTM) is how security can reach this new land. With MTM as part of a larger EMM solution, securing in-house and third-party apps from malware, advance jailbreaking or rooting rules and opening the way for seamless single sign-on access to all facets of the device becomes a reality.

The Mobile Bill of Rights

Historically, the Fourth of July isn’t about the Bill of Rights, but I beg a bit of patriotic poetic liberty to hopefully offer the foundation for your mobile liberation:

  1. Free speech, text, mail, files and access on any mobile device or endpoint, if and only if employees respect corporate data on those devices being managed through some form of endpoint and mobile security.
  2. The right to bear BYOD, without abstention from IT: When a personal device is compromised, IT will still act to triage the security of data on that device. Likewise, when apps or access to internal networks are needed, IT shall enable those services to ensure expedience in delivery and integrity of data delivery.
  3. No employee shall willingly quarter malicious material on devices. If workers want to root or jailbreak to experiment with a cool new app or some OS-level optimization, the device is unable to accept corporate data until it is back in compliance.
  4. Device privacy shall be respected by IT. Yes, MDM and security tools give IT a look at device activity, but IT is not reading emails, texts or other personal material. I always balk at this EMM because if IT wanted, they could have been reading our emails for years now — but they don’t. With MDM, they can’t, and still this wild conspiracy permeates the cube farm.
  5. Mobile security is not a witch-hunt or an indictment on how employees spend their free time in the wide world of apps. Personal information remains off the table in mobile freedom.
  6. In light of a breach, theft or toddler who will only be calmed down by tapping away on your tablet, employees should expect a speedy lock, block, selective wipe or reset of the device to keep data safe.
  7. There is one set of rules governing acceptable mobile use and data delivery. A recent study titled “Why Is App Security Escaping Development?” showed 40 percent of in-house-developed apps are leaving the enterprise without the most basic security. This is an effort to stay competitive and meet the harsh deadlines necessitated by our new global economy. It will also prove foolhardy as black hats become more aware of these sieves in the corporate data structure.
  8. Excessive bailing on enrollment in mobile security programs shall not be coddled by IT. Yes, mobile security apps take up space on a phone or tablet. But not only is it worth it for the enterprise, it’s vital.
  9. IT enablement is just beginning and shows no signs of ending. If anything, it’s growing larger. Employees have simply gained new freedoms with device selection; the true business enablement of this world is squarely on the shoulders of IT and security teams.
  10. Mobile device and data access requires us all to think a little more wisely. Departments, work groups and individual workers should not seek out IT for every little issue with a phone glitch or tablet phantom turn-off. At a certain point, we all need to understand what is business and what is personal on our home screens. IT should not be charged with helping employees access their July Fourth barbecue pictures, just as an employee should never be given a Wi-Fi password on a sticky note and told, “Good luck.”

 

Avengers of Mobile Security…Uhhh…ARRRGRAGATE!!!!

A little business blog homage I conjured this week. The words are mine, the pictures are the work of my bosom buddy in the graphics group (name upon request).

AVENGERS OF MOBILE SECURITY

  • When dastardly devices of mobility carelessly connect to WiFi!
  • When miscreant malware moles its way into network systems, lying in wait for a surreptitious subterranean attack!
  • When corporate documents are uploaded unknowingly to open file share sites by daft digital denizens!
  • When access to work productivity apps is assaulted by pitiful user experience and security sink holes!

CALL IN THE AVENGERS OF ENTERPRISE MOBILITY MANAGEMENT AND SECURITY AND EFFICIENCY AND TRANSPARENCY AND ANY “ENCY” YOU NEED TO TRUST SMARTPHONES AND TABLETS

Together, they harness IT best practices for data and device security, on a cloud more scalable and secure than Asgard (Note: encryption is used in many cases of mobile security versus Rainbow Bridges).

Tune-in true believers, MARVEL as the mobile avengers:

Hulk mobile security avengerSMASH Hulking Headaches of Mobile Deployment

Launching tablets and smartphones good. Giving access to wifi, email, files, apps with no agree to mobile security bad. No encryption means data not safe. No management of what connects to who and where bad. EMM must not be slow, not expensive, and not burden to IT with cloud architecture.

Hammer Away at Content on the Fly

thor mobile security avenger Ye lightening strikes of innovation rarely happen in the confines of darkened office halls. Nay, innovation will striketh over hill, mountain, or in shower. Giveth easy and secure content management to all of your kingdoms and business units. Mobile content management can oversee all sharing permissions, while imbuing security features down to the document level (including “cut & paste” trickery to move data into other apps).

Armor-Up in the Cloud

iron man mobile security avenger Adding new devices, operating systems, functionality, access controls and transaction level security requires new suits of armor for IT to deflect against system slowdowns and complete work stoppage (when content can’t be accessed on devices of choice). There are many suits to choose from in mobile protection today; from a separate workspace for transitory employees in healthcare, full device management for a clean-sweep of all (or some) data, to microscopic ant-size locks on apps, transaction and data on the fly.

Smart money says to use a common heads up display with one Enterprise Mobility Management centrifuge for every piece of functionality you need as you infuse more mobile into business operations. Sitting on a cloud frame also means powering-up in minutes, as opposed to the wait for a hellicarrier full of equipment to deploy.

Shield Against Bad Apps & Malware

capt america mobile security avenger Mobile threat management is the newest shield slung directly at mobile malware’s underbelly. Alerts activate proactive security policies to keep bad data quarantined and the device off the network. Next level defense is happening now with SDK’s for in-house app development security, brining in developers to join the data captains of CISOs and IT enablement.

For those just joining the fray with a low arsenal of devices to support, mobile app management and a corporate app store are good training grounds in a controlled mobile state.

Slip into Intranets and Content Repositories Faster

black widow mobile security avenger No one wants to mash their way into the data they need for business, especially not when access to SharePoint, file shares and intranets can be made native in feel and function regardless of manufacturer or operating system.

With mobile gateways and secure web browsing, seamless moves can be made into almost any system where your employees find what they need quickly, quietly and with graceful ease.

Ready to become a mobile avenger? Visit our TOWER OF POWERFUL RESOURCES ready to arm you with videos, white papers, webinars and a free trial to empower your mobile security.

Dr. Sleuth EastHammer Explains Dating Apps, Mobile Security, Grumpy Cat Profiling

Dating apps can be as dirty as the real tricks of dating, but they tell us more about people than a silly Sharepoint portal. How can dating app info be leveraged for awesome IT efficiency? Dr. Sleuth EastHammer has the answer…ish.

Students Twitter “#H8MDM StooPid MaaS360”: Educators Smirk in Sadistic Joy

Philadelphia PA – September 24 2014 – As students return for the fall semester with their iPads and Androids in tow, they’re noticing a very different mobile experience as they cross into the geofenced mobile safe zone now surrounding their school or university. 

Student Saddened by MDMThis location based force field offered by MaaS360 mobile protection ensures that when students want to use school resources for WiFi, App downloads and receiving lesson plans from teachers, they are doing so through the guided security of Mobile Device and Data Management.

And boy, are these kids pissed.

Twitter was rife with a flurry of putrid teen spirit as students found that within school systems, MaaS360 was now acting as a gatekeeper between twitter frittering away their days. However, once the school day was over and the security policies were lifted, #H8MDM began to trend with: 

‏‪@2plus2equalscarrot 5h
Maas360 is so stoopid, no more #minecraft in history

‪@MagikMaster765 2d
#H8MDM H8MaaS360 H8PARENTS FOR SELLING OUT MY PHONE

While we did not get a direct quote from MagikMaster765, his outrage against his parents is most likely indicative of the countless notices sent by schools before requesting an MDM enrollment, and the constant chiding from parents who read these notices and then tried desperately to communicate with a creature whose brain is still clearly in the very early stages of development.

Kids Outraged by Mobile Security, Educators Hopeful to Start Living Past Age 46 

Mike Cumstein, IT Administrator at Dan Quayle Junior High, had this to say about the first two tweets, “Did you know I was once suspended for wearing a Pac-Man watch to school. We’re telling the kids, they simply need to focus on school apps and you know…school, while in school. Our WiFi is not here to build your library of Arina Bieber mashups.” “On the other tweet, we started preparing for MaaS360 to handle our mobile security and app/content distribution at the end of last school year. We communicated then what we were doing in emails and message boards and continued to communicate right up until the day the kids received the text-message requesting enrollment. Here’s the thing that really makes me laugh though, they all accepted without having any clue what they were saying yes to. These kids jump into apps faster than our parents jumped into fishbowls to get a set of keys after eating fondue.”

More Mobile Security Features, More Twitter H8 from Students

shutterstock_151848722Mobile security on campuses, in businesses and any industry has evolved from pure mobile device management to encompass the entire mobile ecosystem. Features to protect and work on sensitive data has transcended this category to Enterprise Mobility Management with pure device controls for IT like block, lock and wipe becoming merely one facet of the bigger mobile enablement picture.

As other schools across the United States released deeper mobile controls with MaaS360, students responded with an almost righteous indignation towards violations of their rights. We asked Cumstein to provide a balanced IT perspective to separate truth from mere petulance.

‪@CauseImAppy 12 d
Cant chk FB in soc. MaaS360 says NO! #H8MDM

Cumstein’s Take: “Correct, MaaS360 can block apps by location with geofencing or even by time of day. Teachers noticed uploads of themselves on FB when they were in compromising positions, so we turned it off as well.”

‏‪@ClashOfCan 12 d
WTF MaaS360? Stop my camera from working? What I do to you?

Cumstein’s Take: “You need a camera for certain classes, others not so much. With MaaS360 security policies anyone can set up that kind of contextual security response.”

‪@2YearsTillGoldGrill 12d
WUSSUP w/ this (redacted)? Teaches sendin (redacted) homework to iPhone????

Cumstein’s Take: “Oh ya, content distribution and editing. We really want this one, but our teachers aren’t there yet from a lesson plan standpoint. But with Secure Content distribution all homework can be delivered, edited and then submitted by class, groups or student. Very cool stuff. What school district was it? Is that close to here?”

While the tweets continue, it has become eminently clear that once again children are incapable of fully understanding the world or any issues beyond their myopic scope of view. Fortunately MaaS360 is in place to at least govern mobile behavior until these future leaders and ultimate harbingers of our doom develop some level of self-actualization and empathy.

“The preceding press release is fictitious(ish). Real students have tweeted hatred for MDM, and I reflected those sentiments. No one endorses or approves this post except the part of my soul that received a cathartic release from expressing the sentiments of real people in real language without CorpSpeak.” 

Don’t Get Thrown Under the Omnibus: 5 Healthcare BYOD Considerations

sad-doctorIn 1996, when the Health Insurance Portability & Accountability Act (HIPAA) was enacted, most medical records had yet to make the transition from analog to digital.

Now, almost twenty years later, manila folders are lumbering towards the La Brea Tar Pits, while digital medical information is now consumed on devices as stationary as desk-tops to untethered smartphones and tablets. With this turn in technology comes a greater need to enforce HIPAA compliance – enter Omnibus.

Omnibus Fines Could Cripple a Medical System

The efficiencies offered by instant access to data at patient bedsides are numerous. The data dangers however, especially in light of Omnibus’ tenets of increased accountability and increased fines, rightfully make IT wary of this open accessibility especially when Bring Your Own Device (BYOD) is factored into the equation.

Omnibus Red Flags for IT Include: 

  • Strengthening the privacy and security protection for individuals’ personal health information (PHI).
  • Modifying the Breach Notification Rule for Unsecured Protected Health Information, putting in place more objective standards for assessing a health care provider’s liability following a data breach.
  • Increasing penalties for noncompliance based on the level of negligence, with a maximum penalty of $1.5 million per violation.
  • Strengthening the privacy and security protection for individuals’ personal health information (PHI)
  • Holding HIPAA business associates to the same standards for protecting PHI as covered entities, including subcontractors of business associates, in the compliance sense.

Naturally there’s much more inside Omnibus’ voluminous 563 page legislation, but these points alone should give IT administrators pause for concern where mobility is concerned.

Imagine if you will Dr. Mal Practice, an avid Twitter user. What happens when the good Doctor means to Twitpic a shot of his kids and instead shares the picture of a patient’s rash? That’s an Omnibus violation.

What about when the good Doctor leaves his iPad at the lunch table with no lock and no passcode? A multi-million dollar violation bill when we remember that each small piece of data shared is its own separate infraction.

The disaster scenarios go on and on. However, protection measures can be summed up in a much tidier fashion.

Omnibus Necessitates IT Visibility & Management

A combination of policy and technology are the bedrocks for Omnibus compliance. Use these five simple steps to start discussions in your organization.

Policy Making: No mobility strategy, regardless of industry, will be effective without customized and well-informed policy and enforcement structures. Healthcare providers should first make an exhaustive list of all support, security, compliance, productivity and monitoring processes that will need to be covered, and then establish a firm set of rules.

Multi-Device & OS Support: No two devices are managed the same…withoutmobile device management (MDM) that is. Android’s fragmentation and Apples’ recent iOS7 release mean BYOD devices could run a wide gamut of manufacturers and operating systems. With MDM, Healthcare IT can manage all device types and operating systems from one common console. Also, operating systems can be enforced with MDM policies to stop updates until IT is sure the OS will integrate with corporate systems and custom apps.

Passcode Enforcement: This one seems simple enough, but many organizations are still deploying soft passcodes or none at all. Data from Fiberlink shows Healthcare is ahead of other industries, but there is still a long way to go. With mobile device management, IT can enforce passcode length and complexity on any device in the ecosystem.

App & Content Management: You can’t have a mobility discussion without exploring the apps and content being accessed by doctors, nurses and staff. With MDM, mobile application management (MAM) and content management, IT can facilitate the distribution of apps and content to ensure only the right individuals or groups receive access to what they need.

Separation of Work and Play: Many healthcare organizations are seeing the need for a hard line to be drawn between work and personal data on mobile devices. Dual-Personal or containers keep information for work separate from the consumer based information sieves that live on most tablets and smartphones. Containers can also be used to control how users interact with data, blocking functions like cut & paste gives an extra measure of protection against patient information making its way on to the internet and personal emails.

How have you prepared for Omnibus? Share your best-practices in the comments section.

How MDM Makes IT Mobility’s Super Man

superman-squareFaster than a speeding bullet, mobile devices have infiltrated ITs fortress of technology procurement solitude. Unlike most villains to IT, this is one with a noble pursuit. Users aren’t trying to overthrow ITs sovereignty as part of some nefarious scheme, they are merely trying to get more work done with the technology they are most comfortable with. Bring Your Own Device (BYOD) offers untold potential for organizations, and IT can serve this new nirvana of productivity assuming they bring the right super powers to the battle.

Here’s a short list of the super powers mobile device management (MDM) grants IT.

X-Ray Vision: Visibility is step one. After all, you can’t protect or manage that which you can’t see. With MDM you get x-ray level granularity into the devices connecting to email servers, Wi-Fi and other corporate resources. You can also see how many mobile devices have been jailbroken or rooted to avoid unwanted infiltration of malware. Apps can be easily identified in no time as well from their own command console. Last, but certainly not least, with MDM devices can be found no matter where in the world they were left behind.

Super Speed to Save the Day: With Over-the-Air enrollment, wiping, policy pushes and App and content distribution IT can enable the mobility needs of end-users in nanoseconds instead of hours.

Super Strength for Super Security: The only way to stop the locomotive strength of mobility threats is to be armed with more powerful controls. Enforcing standardized passcodes for all devices and OS types is certainly step one, but with MDM you get policies to hold back other juggernauts of mobility issues like malicious apps, overages and device features like the camera.

Leap to the Top of Ivory Towers in a Single Bound: There’s still some C-Suite scrutiny when it comes to mobility. ROI is the word of the day when the board meets in their tower in the sky. With MDM in place you can use things like mobile expense management and other super reports to leap into the conversation of mobility’s costs, but also infinite benefits.

Support Secret Identities: We all have two lives, work and home. More and more mobile devices are becoming a reflection of this dual-persona. Email, apps and content we access on our devices change drastically when the clock strikes 5:00. Find an MDM that can offer a clear separation of these two lives so the company’s Vice-President doesn’t get a copy of the little league schedule and the little league doesn’t receive the latest financial forecasts.

FACEBOOK HOME – MOAN…MOAN ON THE RANGE FOR IT

FACEBOOK-HOMEHow many raging narcissists, chatty Cathy’s, social voyeurs, or simply millennials occupy seats at your organization? Start the headcount today, because they are about to change the course of Bring Your Own Device (BYOD) for IT.

By change the course, I actually mean to say, induce a new layer of frustration and security sieves for corporations trying to embrace mobility for efficiency.  Yesterday, each of these Android touting seekers of attention or looky loos at the life of others had their grandest mobile wishes answered with the announcement of Facebook Home.

Facebook Home Ate My Lock

What is Facebook Home? Basically, it’s all Facebook all the time on your tablets or smartphones. In theory it’s not that different from current “skins” added by manufacturers like Samsung and HTC for product differentiation, but that’s theory.

In actuality, Facebook Home permeates all facets of the device – from hardware to every other App you use, there’s Facebook Home. Great, if Facebook is the reason you bought a smartphone, but how is that justified from a work perspective? I’m in marketing, so Facebook does devour a portion of my daily activities, but certainly not enough to justify the need for my friend’s circular “chat heads” living at the top of my Twitter App or SalesForce. Nor is it enough time to warrant home screen access to Facebook services and most certainly not enough to justify the ability to share a picture of my lunchtime latte without having to unlock the device. Functionality faux pas be damned, this is what should truly terrify every security wonk that has purview over mobility.

Yes I Resent Facebook Home, So Should Every Company That Values Security

DOUG-HENNINGI could talk functionality frustrations all day. Yes, I resent any app that puts my home screen where all my apps live down a level, requiring more finger waggling than a Doug Henning magic show to gain access to the device’s most basic feature. It’s wonderful that for today the home will show the latest updates from my retired parents in N.C., but it will not be wonderful when that space is eventually displaying an ad for products.

Security and management though, is what makes this new Facebook nirvana the most terrifying. Want to know where your phone is? Simply call Facebook, they’ll know based off of your GPS. All check-ins with FourSquare will likewise shoot data back to Facebook so it can serve up ads for more pizza while you’re eating pizza. Oh, and did I mention that little part about being able to do activities without unlocking the tablet or phone?

Then there is the poor IT professional who already has enough headaches with Android fragmentation in a BYOD environment. Now you will not only have to worry about the varying buffet items like éclairs and jellybeans and all of their various point based permutations therein,  you now will have the extra layer of Facebook Home munching away on users data.

CHAT-HEADSThe simple answer to manage Facebook Home is mobile device management where IT can allow or disallow varying operating systems. In the past most users didn’t care if they were forced into a certain OS, heck most users have no idea which version of Android they are currently running. They’ll notice the loss of Facebook home though, and you can be sure a cacophony of whines will arise when IT won’t allow it.

But not allow you must. Sure IT needs to serve end-users, but never at the cost of compromising sensitive company data or enabling time wasters…like Facebook.