Upload
cocibolca61
View
229
Download
7
Embed Size (px)
DESCRIPTION
MDM Portait Handbook
Citation preview
Mobile Device ManagementThe increase of BYOD in the enterprise has forced IT security teams to find new ways to secure corporate and personal data while allowing flexible user access. In this Tech Guide, learn vital information regarding the booming BYOD trend in the enterprise and how IT teams are looking to MDM solutions to control and protect corporate data on mobile devices. BY LISA PHIFER
Tech Guide
1 2 3 4EDITORS NOTE BYOD INCREASE
CALLS FOR ENTER-PRISE MOBILE DEVICE MANAGE-MENT SYSTEMS
MITIGATING BYOD RISKS WITH MOBILE DEVICE MANAGEMENT SYSTEMS
MDM 2.0: MEETING NEW MOBILITY MANAGEMENT NEEDS
VIRT
UAL
IZAT
ION
CLO
UD
APPL
ICAT
ION
DEV
ELO
PMEN
T
NET
WO
RKIN
G
STO
RAG
E AR
CHIT
ECTU
RE
DATA
CEN
TER
MAN
AGEM
ENT
BUSI
NES
S IN
TELL
IGEN
CE/A
PPLI
CATI
ON
S
DIS
ASTE
R RE
COVE
RY/C
OM
PLIA
NCE
SECU
RITY
2 MOBILE DEVICE MANAGEMENT
Home
Editors Note
BYOD Increase Calls For Enterprise Mobile Device Management
Systems
Mitigating BYOD Risks With Mobile Device
Management Systems
Mdm 2.0: Meeting New Mobility
Management Needs
OPENER3 lines is max title length.
Style title. Then use hard return to push last line of title to sit on
this baseline.
All pages: text begins on this baseline
OPENER1st text baseline begins here.
To change slug and # txt.
On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.
This will keep the slug text in front of the number
1EDITORS NOTEMDM Systems Take Hold as BYOD Booms
BYOD in the enterpriseisbooming,andITsecurityteamsaregrapplingto
control,monitorandprotectessentialcorporateinformationtransmitted
fromandstoredonmobiledevices.ITsecurityteamsneedtomaintainsecu-
rityandensurecompliancewhilestillallowingflexibleuseraccess.Sowhat
isanITsecurityteamtodo?
Inthistechnicalguide,wirelessexpert,LisaPhiferdiscusseshowthe
BYODtrendisleadingITteamstoinvestinanddeploymobiledeviceman-
agement(MDM)solutions.YoulllearnhowtodeterminewhetheranMDM
systemisrightforyourorganization,ifyourexistingsystemscanprovidethe
necessarysecuritycontrols,orifadditionaldevicemanagementfeaturesmay
berequired.OnceyouvedeterminedthatdeployinganMDMsystemisthe
rightchoiceforyourorganization,Phiferexplainshowtodeployandapply
MDMtoreducesecurityrisksbroughtonbyBYOD.Thisincludesenforc-
ingcomplianceandtestingtheMDMsystembeforefullydeployingitinyour
environment.
Lastly,PhiferexplorestheideaofMDM2.0securityandcontrolbeyond
smartphonesandtablets.Asmobilesecurityintheenterprisecontinuesto
expand,takingalookatthefuturecanhelpITsecurityteamsprepareforthe
nextwaveofMDM.PhiferdiscusseslettinggooftheideathatMDMisatool
formobiledevicelockdown,butinsteadameansforprovidingcustomizable
securityandcontrolbasedonausersneedsandpreferences.n
Rachel Shuster
Associate Managing Editor, TechTargets Security Media Group
3 MOBILE DEVICE MANAGEMENT
Home
Editors Note
BYOD Increase Calls For Enterprise Mobile Device Management
Systems
Mitigating BYOD Risks With Mobile Device
Management Systems
Mdm 2.0: Meeting New Mobility
Management Needs
OPENER3 lines is max title length.
Style title. Then use hard return to push last line of title to sit on
this baseline.
All pages: text begins on this baseline
OPENER1st text baseline begins here.
To change slug and # txt.
On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.
This will keep the slug text in front of the number
2MDM SYSTEMSBYOD Increase Calls for Enterprise Mobile Device Management Systems
Multi-platform mobile device managementsystemsaregainingafoot-
holdinenterprisesanxioustomeettheneedsoftodaysexpandingmobile
workforce.Whilenosilverbullet,MDMtechnologycangiveITcentralized,
scalablevisibilityandcontrolovertheunrulybring-your-owndevice(BYOD)
trend.
InarecentstudybyPonemonInstitute,mostorganizationsagreedthat
mobiledevicescreatedbusinessriskbutwereimportanttoachievingbusi-
nessobjectives.However,just39%haddeployedsecuritycontrolsneeded
toaddressthatrisk;fewerthanhalfofthosecouldenforcemobilesecurity
policies.
Unfortunately,thislaxgovernancehasalreadyresultedinnon-compli-
anceanddatabreaches.InPonemonssurvey,59%saidemployeesdisen-
gagedfundamentalmeasuressuchaspasswords;another12%wereunsure.
Itshould,therefore,comeasnosurprisethathalfofthoseorganizationshad
experiencedmobiledatalossduringthepastyear.
Giventherashofemployee-ownedsmartphonesandtabletsnowfinding
theirwayintotheworkplace,ITsimplymustfindawaytomanagemobile
applicationandsystemaccesswhilekeepingcorporatedatasecure.Fortu-
nately,anewcropofmulti-platformMDMproductsandservicesstandready
tohelpITachievetheseobjectivesandmitigateBYODrisks.However,or-
ganizationsneedtounderstandthebenefits,nuancesandlimitationsofthis
emergingtechnologybeforetakingtheplunge.
THE RISE OF MULTI-PLATFORM MDM
Mobiledevicemanagementsystemsarenotarecentphenomenon.
4 MOBILE DEVICE MANAGEMENT
Home
Editors Note
BYOD Increase Calls For Enterprise Mobile Device Management
Systems
Mitigating BYOD Risks With Mobile Device
Management Systems
Mdm 2.0: Meeting New Mobility
Management Needs
OPENER3 lines is max title length.
Style title. Then use hard return to push last line of title to sit on
this baseline.
All pages: text begins on this baseline
OPENER1st text baseline begins here.
To change slug and # txt.
On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.
This will keep the slug text in front of the number
2MDM SYSTEMSEnterpriseshavelongmanagedcompany-issuedBlackBerrysandWindows
MobilesviaBlackBerryEnterpriseServer(BES)andMicrosoftExchangeAc-
tiveSync(EAS).ButyesterdaysnarrowlyfocusedMDMscouldnothandle
theconsumersmartphonesandtabletsthatfloodedtheworkplacefollow-
ingApplesiPhonereleasein2007.Ashandsetprocurementrapidlyshifted
fromemployertoemployee,drivenbybudgetcutsandworkforcedemands,
ITgroupswereleftscramblingformoreextensibletools.
Initially,IThadlittlechoicebuttoreduceiPhoneriskbyapplyingEAS
policiestopreventcorporateemailaccessbynon-passcodedphonesand
remotelywipethosethatwerelost.Butthesebasicmeasuresfellshortof
governanceneeds.Certainly,theydidnotsatisfycompliancemandatesto
encryptdataatrest,norcouldtheydeliverproofofcontinuousenforce-
mentormeetaccesstrackingandauditrequirements.AlthoughEASsup-
portinnewerdevicescontinuestoexpand,thismessaging-centricapproach
isplaguedbyinconsistencyandcannotmeetbroadermobilitymanagement
requirements.
Byearly2010,iPhoneshadbeenjoinedbyiPadsandAndroids,fueling
growthofthemulti-platformMDMmarket.Nichemulti-platformMDMs
previouslyusedbycellularcompaniesandhighlymobileverticalssuchas
retailquicklyexpandedtoembraceiOS4,followedbyAndroid2.2.Today,
multi-platformMDMsareviablealternativestoBESorEAS,givingenter-
prisesasinglepaneofglassthroughwhichtomonitorandmanageanin-
creasinglydiversearrayofcorporateandbring-your-ownphonesandtablets.
MDM BREADTH AND DEPTH
UnlikeBES,whichusesaproprietaryapproachtomanageonlyRIMdevices
runningtheBlackBerryOS,multi-platformMDMsarethird-partyprod-
uctsthatuseopenAPIstotapthenativeinterfacesandcapabilitiesoffered
bymanydifferentdevices.Today,itiscommonforMDMstomanageApple
devicesrunningiOS4+,Samsung/Motorola/HTC/LGdevicesrunningAn-
droid2.2+,andanarrayofhandheldandembeddeddevicesrunningWinCE
andWindowsMobile.LimitedMDMsupportcanalsobefoundforWindows
5 MOBILE DEVICE MANAGEMENT
Home
Editors Note
BYOD Increase Calls For Enterprise Mobile Device Management
Systems
Mitigating BYOD Risks With Mobile Device
Management Systems
Mdm 2.0: Meeting New Mobility
Management Needs
OPENER3 lines is max title length.
Style title. Then use hard return to push last line of title to sit on
this baseline.
All pages: text begins on this baseline
OPENER1st text baseline begins here.
To change slug and # txt.
On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.
This will keep the slug text in front of the number
2MDM SYSTEMSPhoneandWebOSdevices.However,thedegreeofmonitoringandcontrol
deliveredforeachmanageddevicevariesbymake/modelandOSversion.
Forexample,MDMscanusuallyenforcedevice-levelaccesscontrolson
iOSandAndroiddevices.OniOS,ITmayrequirealphanumericpasscodes
withminimumlengthandspecialcharactersandlimitpasscodeage,reuse,
idletime,orfailedentryattempts.OnAndroid3+,ITcanenforceallofthis,
plusrequireupper/lowercaseletters,digits,andsymbols.EveryMDMthat
supportsiOSandAndroidexhibitsthisdifferencebecauseitreflectsnative
OScapabilities.However,theextenttowhicheachMDMtriestohidesuch
differencesunderunifiedconsoleswith
aconsistentlookandfeelvarieswidely.
Inothercases,mobiledeviceman-
agementsystemscandolittletomask
underlyingdiversity.Forexample,IT
canuseanyMDMonthemarkettore-
questafull-devicewipe.Becauseall
AppleiPhonesandiPadsnowsupport
full-deviceencryption,remotewipe
easilyrendersdatainaccessible.How-
ever,wipingmostAndroidphonessim-
plyresetsthemtofactorydefault,leavingcleartextbehindonremovable
storage.MDMscannoteliminatethisnativeshortcomingdoingsofallsto
devicemanufacturers.ButMDMscanprovidetoolstocentrallyinvokere-
motewipe,confirmarequestedwipehasbeencompleted,reportonallwiped
devices(includingownershipandlastknownlocation),andclearlydescribe
theconsequencesforeachwipeddevice.
ThisiswhereMDMdepthcomesintoplay.SomeMDMssticktomanag-
inghardware,softwareandpolicies.OtherMDMspileonvalue-addedse-
curitymeasures.Forexample,someMDMscreatetheirownauthenticated,
encrypteddatacontainersonmanageddevices.Anyenterprisedatastored
inthosecontainerscanbereliablywiped,evenonphonesandtabletsthat
donotsupportnativefull-deviceencryption.Moreover,thisapproachlets
On iOS, IT may require alphanumeric passcodes with mini-mum length and special characters and limit passcode age, reuse, idle time, or failed entry attempts.
6 MOBILE DEVICE MANAGEMENT
Home
Editors Note
BYOD Increase Calls For Enterprise Mobile Device Management
Systems
Mitigating BYOD Risks With Mobile Device
Management Systems
Mdm 2.0: Meeting New Mobility
Management Needs
OPENER3 lines is max title length.
Style title. Then use hard return to push last line of title to sit on
this baseline.
All pages: text begins on this baseline
OPENER1st text baseline begins here.
To change slug and # txt.
On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.
This will keep the slug text in front of the number
2MDM SYSTEMSITwipedataconsistentlyacrossallMDM-supportedplatforms.However,
MDMsthatincludethesevalue-addstendtohavemoredevice-specificde-
pendenciesandlimitationsthanMDMsthatfocusonmanagement.
LIFECYCLE MANAGEMENT
Enterprisesflockingtomulti-platformMDMtechnologytogainITvisibility
andcontroloverpersonallyowneddevicesmayfindithardtodirectlycom-
pareproducts.Heritageplaysarole:SomeMDMshistoricallyfocusedon
mobileexpensemanagement,othersstartedwithmobileapplicationman-
agementandstillothersspecializedinmobilesecurity.Yetmostofthese
MDMsdeliverfoundationalcapabilitiessuchasinventoryandpolicyman-
agementthatcausethemtoappear
superficiallysimilar.Drillingbeyond
functionalcomparisoncanalsoreveal
significantdifferencesinautomation,
usability,scalabilityandintegration.
Onewaytoreduceconfusionisto
prefaceMDMproductselectionwith
aninventoryofbusinessmobilityneeds
andusecases.WhenIDCsurveyed
businessesabouttheirabilitytosup-
portconsumerdevicesinthework-
place,fouroutoffiverespondentsidentifiedpolicycomplianceanddata
security/accessastopconcerns.However,nearlythesamepercentagecited
ensuringITsupportandresourceavailability,readyingmobileapplications
andsettingemployeesupwithmultipledevicesasmajorissues.Inother
words,choosinganMDMbasedonitsabilitytomeetsecurityneedsalone
maybeshortsighted.
Instead,beginwithlifecyclemanagement.Eveniftheemployerdoesnot
ownanemployeesmobiledevice,itownsthebusinessdataandapplications
storedonthatdevice.Startbyestablishingaprocessfortrackingandmanag-
ingthoseassetsthrougheachdeviceslifetime.
Enterprises flocking to multiplatform MDM technology to gain IT visibility and control over personally owned devices may find it hard to directly compare products.
7 MOBILE DEVICE MANAGEMENT
Home
Editors Note
BYOD Increase Calls For Enterprise Mobile Device Management
Systems
Mitigating BYOD Risks With Mobile Device
Management Systems
Mdm 2.0: Meeting New Mobility
Management Needs
OPENER3 lines is max title length.
Style title. Then use hard return to push last line of title to sit on
this baseline.
All pages: text begins on this baseline
OPENER1st text baseline begins here.
To change slug and # txt.
On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.
This will keep the slug text in front of the number
2MDM SYSTEMSDoingsocreatesanessentialfoundationfornotjustsecuritymanage-
ment,butexpensetracking,userassistance,applicationanddatadeployment
andmore.MDMscanenablelifecyclemanagementbyautomatingdeviceen-
rollment,monitoringandde-enrollment,independentofownership.Most
MDMssupportIT-initiatedenrollment;somealsoofferuser-initiateden-
rollment.Eitherway,usersfollowlinkstoaself-helpenrollmentportalwhere
theyarepromptedtoentercredentials.
Behindthescenes,theMDMtypicallyauthenticatestheuserandcom-
paresuseranddevicetoIT-definedpolicies.Ifthisuserispermittedtoen-
rollthisdevice,basedonmake/model,OS,ownershipandgroupmembership,
accessmaybeauthorized.MDMsmaydisplayanacceptableusepolicyand
issueadevicecertificatebeforecontinuingontoprovisionthedeviceover-
the-air,applyingdevicesettings,securitypoliciesandapplications.
Byautomatingenrollment,ITcandeliverscalablesupportformanyper-
sonallyowneddeviceswhileplacingwelldefinedlimitsonacceptableuse.
Devicesthatpassmustercanbeoutfittedforsafeproductivebusinessuse,
leavingITwell-positionedtocontinuallymonitoractivityandenforcesecu-
ritypolicycompliance.Ifanenrolleddeviceshouldbelostorstolenorbe-
comenon-compliant,ITcanuseMDMtoremotelyfind,lockorwipeit.
Inaddition,MDMmaybeusedtoinvoketemporarystop-lossactionssuch
asremovingsettingsthatpermitcorporateemail,VPNorapplicationaccess.
Eventually,whentheemployeeleavesthecompanyorthedeviceisreplaced,
MDMcaneasilyde-enrollitwhilewipingcorporateassets.ManyMDMscan
nowdifferentiatebetweenfull-deviceandenterprisewipe,lettingITdecom-
missionanemployeesdevicewithoutharmingpersonaldata.n
8 MOBILE DEVICE MANAGEMENT
Home
Editors Note
BYOD Increase Calls For Enterprise Mobile Device Management
Systems
Mitigating BYOD Risks With Mobile Device
Management Systems
Mdm 2.0: Meeting New Mobility
Management Needs
OPENER3 lines is max title length.
Style title. Then use hard return to push last line of title to sit on
this baseline.
All pages: text begins on this baseline
OPENER1st text baseline begins here.
To change slug and # txt.
On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.
This will keep the slug text in front of the number
3DEPLOYING MDMMitigating BYOD Risks With Mobile Device Management Systems
Once enterprises understand thebenefitsandlimitationsofmobilede-
vicemanagement(MDM)technologyandbegindeployinganMDMsolution,
ITcannowdeploy,auditandenforceappropriatesecuritycontrols.
Typically,ITcanuseMDMtoremotelyconfigurenativedevicesettings
toreflectsecuritypolicies,including:requiringaPINorpassword;enabling
auto-lockandauto-wipefeatures;encryptingdataatrestonthedevice,re-
movablemediaorinthecloud;protectingdata-in-motionoveremail,VPN
orWi-Fi;andselectivelydisablinghardwareandOSfeaturessuchasinte-
gratedcameras.Whenproperlyconfigured,thesenativesettingsdelivermost
(butnotall)mobilesecuritybestpracticesforpersonalsmartphonesand
tablets.
Aspreviouslynoted,supportedpoliciesdovarybydevicemake/modeland
OS.However,mobiledevicemanagementsystemsgenerallytrytomaximize
ITaccesstonativesettings.Forexample,anyMDMthatsupportsiOSdevice
managementletsITseteveryApple-supportedConfigurationProfileattri-
bute.MDM-configuredcontrolsforAndroidaremorevariedbecausethede-
vicesthemselvesaremorediverse.Notably,manufacturerssuchasSamsung
andMotorolahaveextendednativeAPIswithproprietaryattributestogive
ITgreatervisibility,controlandflexibility.
Ultimately,mobilesecuritymanagementrequirescarefulanalysisofnative
deviceandOSfeaturesneededtoimplementpoliciesandconfirmationthat
anyMDMunderconsiderationcandelivervisibilityandcontroloverthose
features.Wherenativecapabilitiesareinsufficient,MDMscanalsohelpby
deploying,configuringandenforcingthird-partysecuritymeasures.
Forexample,healthcareorganizationsoftenuseMDMtocentrallydeploy
9 MOBILE DEVICE MANAGEMENT
Home
Editors Note
BYOD Increase Calls For Enterprise Mobile Device Management
Systems
Mitigating BYOD Risks With Mobile Device
Management Systems
Mdm 2.0: Meeting New Mobility
Management Needs
OPENER3 lines is max title length.
Style title. Then use hard return to push last line of title to sit on
this baseline.
All pages: text begins on this baseline
OPENER1st text baseline begins here.
To change slug and # txt.
On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.
This will keep the slug text in front of the number
3DEPLOYING MDMtwo-factorauthentication,VPNclientsandvirtualdesktopapplications.En-
terprisesconcernedaboutmobilemalwarecanuseMDMtopushsandboxed
browsersandantimalware.ToanMDM,thesearesimplyapplicationsthat
mustbeinstalledandmaintained.Forthisreason,organizationsfocused
onMDMtoenablesecurityshouldalsoevaluateeachproductsapplication
managementcapabilities.
ENFORCING COMPLIANCE WITH MDM TECHNOLOGY
Forsmallmobileworkforces,ITcouldenrolldevicesonebyone,manually
installingrequiredsecurityandbusinessapplications,butthatdoesnotscale
nordoesitenablecontinuousmonitoringandenforcement.Thisiswhere
MDMtechnologycanyieldreturnoninvestmentthroughlogging,auditing
andcomplianceenforcement.
Mobiledevicemanagementsystemscancapitalizeontheirover-the-air
accesstoenrolledsmartphonesandtablets.Evenifdevicesneverreturnto
theoffice,MDMscanpollthemtoverifysettingsanddetecteventssuchas
PINdisablementorblacklistedapplicationinstallation.Somemobiledevices
andsettingscanbemonitoredfromafarusingnothingmorethannative
APIsnotablyAppleiPadsandiPhones.DeeperthanEASinsightonother
devices(e.g.,Android,WindowsMobile)usuallyrequiresinstallingadevice-
residentMDMagent.
Today,MDMvendorspublishtheiragentsattheGoogleAndroidMar-
ketortheAppleAppStorewhereuserscanfreelydownloadthem.Uponin-
stallation,agentsconnecttoacorporateMDMserverthatmaybeinstalled
on-premises,hostedbyamanagedserviceprovider,oroperatedasacloud
service.Thereafter,MDMagentscanserveasITseyesandears,loggingac-
tivities,reportingonevents,andcarryingoutMDMrequeststhatgobeyond
nativecapabilities.
Forexample,ithasbecomecommonforMDMagentstoofferjailbreakor
rootdetection.Jailbreakingorrootingposebusinessrisksbecausetheyren-
dertheunderlyingOSunreliableandraiseconcernsaboutdeviceintegrity.
JailbrokenAppledevicesarevulnerabletomobilemalwaredownloadedfrom
10 MOBILE DEVICE MANAGEMENT
Home
Editors Note
BYOD Increase Calls For Enterprise Mobile Device Management
Systems
Mitigating BYOD Risks With Mobile Device
Management Systems
Mdm 2.0: Meeting New Mobility
Management Needs
OPENER3 lines is max title length.
Style title. Then use hard return to push last line of title to sit on
this baseline.
All pages: text begins on this baseline
OPENER1st text baseline begins here.
To change slug and # txt.
On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.
This will keep the slug text in front of the number
3DEPLOYING MDMnon-Applewebsites.RootedAndroiddevicesareevenmorevulnerablebe-
causeapplicationscanaccessnormallyprivilegedfeatures.
Byimmediatelydetectingsuchactivity,MDMagentscannotifyadminis-
tratorsandusers.ITcaneveninstallenforcementpoliciesthatautomatically
takeactionssuchasdisablingemailorVPNaccessorremovingenterprise
applicationsorevenwipinganoffendingdevice.Althoughavailableactions
arelimitedbythemobileOS,theycanstillgoalongwaytowardsreducing
businessriskandencouragingvoluntarycompliance.
TEST-DRIVE MDM SYSTEMS BEFORE BUYING
LikeanyothertechnologydesignedtoassistITwithsecurityenforcement,
MDMisameanstoanend.OrganizationsshouldnotexpectMDMstomagi-
callykeepamobileworkforcesecureanymorethanafirewallcanbeexpected
tokeepacorporatenetworksafe.MDMsrequirecarefulselection,basedon
abilitytomeetbusinessneeds,implementdesiredpolicies,integratewith
existinginfrastructureandsupportworkflows.
ThoseworkflowsandrelatedITprocessesshouldnotbeleftasapost-de-
ploymentexercise.Diversitywithinthemulti-platformMDMmarketbe-
comesmostapparentwhenorganizationsbegintouseproductstomanage
real-worlddevices.Forbestresults,pilotafewMDMproductsbyattempting
toassertandenforceanacceptableusepolicyonvariousdevicesofimpor-
tancetoyourworkforce.n
1 1 MOBILE DEVICE MANAGEMENT
Home
Editors Note
BYOD Increase Calls For Enterprise Mobile Device Management
Systems
Mitigating BYOD Risks With Mobile Device
Management Systems
Mdm 2.0: Meeting New Mobility
Management Needs
OPENER3 lines is max title length.
Style title. Then use hard return to push last line of title to sit on
this baseline.
All pages: text begins on this baseline
OPENER1st text baseline begins here.
To change slug and # txt.
On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.
This will keep the slug text in front of the number
4MDM 2.0MDM 2.0: Meeting New Mobility Management Needs
While security teams aregettingagriponsmartphonesandtablets
throughbasicmobiledevicemanagement(MDM),enterprisemobilityre-
quirementscontinuetoevolve.Toaddresstheseadvancedneeds,betterin-
tegratedandmoregranularMDMtoolsareemerging.Letslookatsomeof
theseinnovationsandhowtoputthemtowork.
MDMproductsinitiallyfocusedondeviceinventoryandprovisioningbut
haveexpandedtoaddressabroaderrangeofneeds,fromsecuritycontrolsto
expensemanagement.However,BYODisnowdrivinginterestinmoregranu-
lartoolstomanagenotonlyentiredevices,butalsotheindividualbusiness
assetscarriedonthem,specifically,applicationsandcontent.
TodaysMDMproductsoftenincludeapplicationmanagementfunctions,
rangingfromsoftwareinventoryandwhitelist/blacklistcontrolstoapplica-
tioninstallation,configuration,updateanddisablement/removal.Onein-
novationcalledappwrappingbeefsupenterpriseappstomeetsecurity
requirements.FiberlinkCommunicationsCorp.sMaaS360SecureProduc-
tivitySuitecanunpackIT-uploadedapps;insertcannedsecurityfunctions
(suchasauthenticationordataleakprevention);andrepackthemfordeploy-
mentontomanageddevices.Thiscanhelpemployersdeliverconsistently
securedappswithoutrelyingonlyonhighlyvariablenativedeviceandapp
capabilities.
Anothertrendisdecouplingsecurelymanageddatafromfull-blowndevice
management.AirWatchsMobileContentManagementproductcombines
basicdeviceenrollmentandcompliancewithdata-centricfunctions,includ-
ingasecurecontainerinwhichtoplaceenterprisedataandtoolsthatIT
canusetodeploy,updateanddeletedata.WhenaBYODisenrolled,ITcan
12 MOBILE DEVICE MANAGEMENT
Home
Editors Note
BYOD Increase Calls For Enterprise Mobile Device Management
Systems
Mitigating BYOD Risks With Mobile Device
Management Systems
Mdm 2.0: Meeting New Mobility
Management Needs
4OPENER
3 lines is max title length.Style title. Then use hard return to push last line of title to sit on
this baseline.
All pages: text begins on this baseline
OPENER1st text baseline begins here.
MDM 2.0
To change slug and # txt.
On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.
This will keep the slug text in front of the number
auto-pushdocumentstoasecurestorageareathatissubjecttopoliciesthat
controlofflineviewing,cut/pasteandotherdocumentsecuritymanagement
activities.IfthatBYODlaterbecomesnon-compliant,ITcanremovethe
containeranditsdocumentswithoutneedingorhavingtheabilitytowipe
theentiredevice.
RESPECTING PERSONAL PRIVACY
MoregranularapplicationandcontentmanagementcapabilitiescanhelpIT
enablebroadermobilitywithlesseffectonpersonalprivacy.However,some
MDMproductsaremovingtooffermoregranularprivacyoptionstoaddress
bothemployeeandlegal/regulatory
concerns.
BlackBerryEnterpriseService10
includesBlackBerryBalance,amanage-
mentcapabilitythatcarvesoutseparate
secureWorkandPersonalspaces
onBlackBerry10devices.Thisdual
personaapproachoffersmorethana
securecontainer;itcreatesanIT-man-
aged,authenticated,encryptedWork
Spaceinwhichemployeescaninter-
actwithcorporateemail,secureWeb
browsingandotherbusinessapplications.Employeeshavethefreedomtoin-
stallanythingtheywantintheirownPersonalSpace,withoutbeingshackled
byITpolicies,orworryingaboutITsnoopingonprivateactivities.
AnotherwayinwhichMDMproductsaremovingtoenablepersonalfree-
dominconcertwithITcontrolisgeo-fencing.Thistechniquecombinesa
userscurrentlocationwithIT-definedpolicies.CitrixSystemsInc.sZe-
nMobileMDMproductcanenforceproxy-basedURLfiltersanddisablede-
vicecapabilities,suchascameraswhenusedinsideasecurefacility,but
automaticallyliftthoserestrictionswhenthatdevicemovesoutsidethe
fence.However,location-awarenesscanbeadouble-edgedsword;theres
Another way in which MDM products are moving to enable per-sonal free dom in con-cert with IT control is geo-fencing. This tech-nique combines a users current location with IT-defined policies.
13 MOBILE DEVICE MANAGEMENT
Home
Editors Note
BYOD Increase Calls For Enterprise Mobile Device Management
Systems
Mitigating BYOD Risks With Mobile Device
Management Systems
Mdm 2.0: Meeting New Mobility
Management Needs
4OPENER
3 lines is max title length.Style title. Then use hard return to push last line of title to sit on
this baseline.
All pages: text begins on this baseline
OPENER1st text baseline begins here.
MDM 2.0
To change slug and # txt.
On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.
This will keep the slug text in front of the number
adifferencebetweenusingcurrentlocationtomakepolicydecisionsand
trackinghistoricallocation.Thelattercanraiseprivacyconcernsandso
shouldbedoneonlywithcareand,ofcourse,consent.
LEVERAGING INTEGRATION
AsMDMproductsmature,theyarebecomingbetterintegratedwithexist-
ingenterpriseinfrastructure.Tighterintegrationcanfacilitatebusinessmo-
bility.Forexample,enterpriseSharePointresourcesorclouddataservices
madeavailabletomobileusersviaintegrationwithmanagedsecurecontain-
ers.Inaddition,MDMintegrationwithinfrastructurecanbehelpfulindeliv-
eringseamless,securemobileuserexperience.
EnterpriseidentitymanagementisahotareaofinnovationforMDM
products.MostMDMproductscanbeconfiguredtointerfacewithenterprise
directoriesmostoftenActiveDirectoryorLDAbindingenrolleddevices
toauthorizeduseridentitiesand,perhaps,theirgroupmemberships.Secure-
AuthCorp.sIdPisoneproductthattakesidentitymanagementintegration
furtherbyusingidentityandaccessmanagement(IAM)andsingle-sign-on
asamobilegatewayintotheenterprise.Forexample,ratherthangrantingac-
cesstomanagedmobiledevices,IdPgrantsmobileaccesstoenrolledusers,
basedonauthenticatedidentityandSSOtokens.
TIGHTER INTEGRATION
MDMproductsarealsoachievingtighterintegrationwithenterpriseWLAN
infrastructure,ineffectusingthenetworkasaspringboardformoreauto-
mateddeviceenrollment.Networkscomposedofwirelessaccesspointsand
switchesfromAerohivecanbeconfiguredtodetectandfingerprintnewmo-
biledevices,automaticallyredirectingthemtoaJAMFSoftwareorAirWatch
MDMenrollmentportalforzero-touchprovisioning.Integratedapproaches,
suchasthese,makeiteasiertoexpandmobilitytomoreuserswhiledeter-
ringenterpriseaccessbyunknownandpotentiallyriskyBYODs.
Astheseexamplesshow,todaysMDMproductsarenolongermonolithic
systemsfocusedonbasicdevicemanagementandlittlemore.Infact,as
14 MOBILE DEVICE MANAGEMENT
Home
Editors Note
BYOD Increase Calls For Enterprise Mobile Device Management
Systems
Mitigating BYOD Risks With Mobile Device
Management Systems
Mdm 2.0: Meeting New Mobility
Management Needs
4OPENER
3 lines is max title length.Style title. Then use hard return to push last line of title to sit on
this baseline.
All pages: text begins on this baseline
OPENER1st text baseline begins here.
MDM 2.0
To change slug and # txt.
On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.
This will keep the slug text in front of the number
MDMproductsgrowmorecapableandsophisticated,manyarebeingdecou-
pledintoalacartecapabilities,whichallowITtomanageandsecuremobil-
itydifferentlyforeachbusinessunitorworkgroup.
Sodontbefooledbylabels;digdeeperintotheactualcapabilitiesoffered
byeachMDMproduct,lookingforinnovationsthatcanhelpyourorganiza-
tionexpandmobilitytodiverseusersandmanagetheirriskseffectively.The
sameMDMproductmaywellsupportenterpriseidentity-based,full-de-
vicemanagementforhigh-riskworkers;lighter-weightbutsecuredata-only
managementforknowledgeworkers;andsecurely-wrappedappmanagement
toenablenarrowaccessbyallothermobileworkers.
Inshort,avoidthinkingaboutMDMasatoolforold-schoolcorporatede-
vicelockdown.Developusecasesanddesiredsecuritypoliciesthatfocuson
managingandsecurityonlyat-riskcorporateassets,thenletthosepolicies
driveyoursearchforsuitableMDMproductsandcapabilitypackages.n
15 MOBILE DEVICE MANAGEMENT
Home
Editors Note
BYOD Increase Calls For Enterprise Mobile Device Management
Systems
Mitigating BYOD Risks With Mobile Device
Management Systems
Mdm 2.0: Meeting New Mobility
Management Needs
OPENER3 lines is max title length.
Style title. Then use hard return to push last line of title to sit on
this baseline.
All pages: text begins on this baseline
OPENER1st text baseline begins here.
To change slug and # txt.
On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.
This will keep the slug text in front of the number
ABOUTTHE
AUTHOR
LISA PHIFER ownsCoreCompetence,aconsultingfirmspecializinginbusinessuseofemergingnetworkandsecuritytechnology.Shehasbeeninvolvedinthedesign,implementationandevaluationofinternetworking,securityandman-agementproductsfor30years. ThisTechnicalGuideonMobile Device
Management isaSecurityMediaGroupe-publication.
Robert RichardsonEditorial Director
Eric ParizoSenior Site Editor
Kathleen RichardsFeatures Editor
Kara GattineSenior Managing Editor
Rachel ShusterAssociate Managing Editorr
Linda KouryDirector of Online Design
Neva ManiscalcoGraphic Designer
Doug OlenderVice President/Group [email protected]
TechTarget 275 Grove Street, Newton, MA 02466
www.techtarget.com
2013TechTargetInc.Nopartofthispublicationmaybetransmittedorreproducedinanyformorbyanymeanswithoutwrittenpermissionfromthepublisher.TechTargetreprintsareavailablethroughTheYGSGroup.
About TechTarget:TechTargetpublishesmediaforinformationtechnologyprofessionals.Morethan100focusedwebsitesenablequickaccesstoadeepstoreofnews,adviceandanalysisaboutthetech-nologies,productsandprocessescrucialtoyourjob.Ourliveandvirtualeventsgiveyoudirectaccesstoindependentexpertcommentaryandadvice.AtITKnowledgeExchange,oursocialcommunity,youcangetadviceandsharesolutionswithpeersandexperts.