Portait-Handbook-Mobile Device Management Hb Final

  • Published on
    10-Nov-2015

  • View
    226

  • Download
    7

Embed Size (px)

DESCRIPTION

MDM Portait Handbook

Transcript

  • Mobile Device ManagementThe increase of BYOD in the enterprise has forced IT security teams to find new ways to secure corporate and personal data while allowing flexible user access. In this Tech Guide, learn vital information regarding the booming BYOD trend in the enterprise and how IT teams are looking to MDM solutions to control and protect corporate data on mobile devices. BY LISA PHIFER

    Tech Guide

    1 2 3 4EDITORS NOTE BYOD INCREASE

    CALLS FOR ENTER-PRISE MOBILE DEVICE MANAGE-MENT SYSTEMS

    MITIGATING BYOD RISKS WITH MOBILE DEVICE MANAGEMENT SYSTEMS

    MDM 2.0: MEETING NEW MOBILITY MANAGEMENT NEEDS

    VIRT

    UAL

    IZAT

    ION

    CLO

    UD

    APPL

    ICAT

    ION

    DEV

    ELO

    PMEN

    T

    NET

    WO

    RKIN

    G

    STO

    RAG

    E AR

    CHIT

    ECTU

    RE

    DATA

    CEN

    TER

    MAN

    AGEM

    ENT

    BUSI

    NES

    S IN

    TELL

    IGEN

    CE/A

    PPLI

    CATI

    ON

    S

    DIS

    ASTE

    R RE

    COVE

    RY/C

    OM

    PLIA

    NCE

    SECU

    RITY

  • 2 MOBILE DEVICE MANAGEMENT

    Home

    Editors Note

    BYOD Increase Calls For Enterprise Mobile Device Management

    Systems

    Mitigating BYOD Risks With Mobile Device

    Management Systems

    Mdm 2.0: Meeting New Mobility

    Management Needs

    OPENER3 lines is max title length.

    Style title. Then use hard return to push last line of title to sit on

    this baseline.

    All pages: text begins on this baseline

    OPENER1st text baseline begins here.

    To change slug and # txt.

    On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.

    This will keep the slug text in front of the number

    1EDITORS NOTEMDM Systems Take Hold as BYOD Booms

    BYOD in the enterpriseisbooming,andITsecurityteamsaregrapplingto

    control,monitorandprotectessentialcorporateinformationtransmitted

    fromandstoredonmobiledevices.ITsecurityteamsneedtomaintainsecu-

    rityandensurecompliancewhilestillallowingflexibleuseraccess.Sowhat

    isanITsecurityteamtodo?

    Inthistechnicalguide,wirelessexpert,LisaPhiferdiscusseshowthe

    BYODtrendisleadingITteamstoinvestinanddeploymobiledeviceman-

    agement(MDM)solutions.YoulllearnhowtodeterminewhetheranMDM

    systemisrightforyourorganization,ifyourexistingsystemscanprovidethe

    necessarysecuritycontrols,orifadditionaldevicemanagementfeaturesmay

    berequired.OnceyouvedeterminedthatdeployinganMDMsystemisthe

    rightchoiceforyourorganization,Phiferexplainshowtodeployandapply

    MDMtoreducesecurityrisksbroughtonbyBYOD.Thisincludesenforc-

    ingcomplianceandtestingtheMDMsystembeforefullydeployingitinyour

    environment.

    Lastly,PhiferexplorestheideaofMDM2.0securityandcontrolbeyond

    smartphonesandtablets.Asmobilesecurityintheenterprisecontinuesto

    expand,takingalookatthefuturecanhelpITsecurityteamsprepareforthe

    nextwaveofMDM.PhiferdiscusseslettinggooftheideathatMDMisatool

    formobiledevicelockdown,butinsteadameansforprovidingcustomizable

    securityandcontrolbasedonausersneedsandpreferences.n

    Rachel Shuster

    Associate Managing Editor, TechTargets Security Media Group

  • 3 MOBILE DEVICE MANAGEMENT

    Home

    Editors Note

    BYOD Increase Calls For Enterprise Mobile Device Management

    Systems

    Mitigating BYOD Risks With Mobile Device

    Management Systems

    Mdm 2.0: Meeting New Mobility

    Management Needs

    OPENER3 lines is max title length.

    Style title. Then use hard return to push last line of title to sit on

    this baseline.

    All pages: text begins on this baseline

    OPENER1st text baseline begins here.

    To change slug and # txt.

    On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.

    This will keep the slug text in front of the number

    2MDM SYSTEMSBYOD Increase Calls for Enterprise Mobile Device Management Systems

    Multi-platform mobile device managementsystemsaregainingafoot-

    holdinenterprisesanxioustomeettheneedsoftodaysexpandingmobile

    workforce.Whilenosilverbullet,MDMtechnologycangiveITcentralized,

    scalablevisibilityandcontrolovertheunrulybring-your-owndevice(BYOD)

    trend.

    InarecentstudybyPonemonInstitute,mostorganizationsagreedthat

    mobiledevicescreatedbusinessriskbutwereimportanttoachievingbusi-

    nessobjectives.However,just39%haddeployedsecuritycontrolsneeded

    toaddressthatrisk;fewerthanhalfofthosecouldenforcemobilesecurity

    policies.

    Unfortunately,thislaxgovernancehasalreadyresultedinnon-compli-

    anceanddatabreaches.InPonemonssurvey,59%saidemployeesdisen-

    gagedfundamentalmeasuressuchaspasswords;another12%wereunsure.

    Itshould,therefore,comeasnosurprisethathalfofthoseorganizationshad

    experiencedmobiledatalossduringthepastyear.

    Giventherashofemployee-ownedsmartphonesandtabletsnowfinding

    theirwayintotheworkplace,ITsimplymustfindawaytomanagemobile

    applicationandsystemaccesswhilekeepingcorporatedatasecure.Fortu-

    nately,anewcropofmulti-platformMDMproductsandservicesstandready

    tohelpITachievetheseobjectivesandmitigateBYODrisks.However,or-

    ganizationsneedtounderstandthebenefits,nuancesandlimitationsofthis

    emergingtechnologybeforetakingtheplunge.

    THE RISE OF MULTI-PLATFORM MDM

    Mobiledevicemanagementsystemsarenotarecentphenomenon.

  • 4 MOBILE DEVICE MANAGEMENT

    Home

    Editors Note

    BYOD Increase Calls For Enterprise Mobile Device Management

    Systems

    Mitigating BYOD Risks With Mobile Device

    Management Systems

    Mdm 2.0: Meeting New Mobility

    Management Needs

    OPENER3 lines is max title length.

    Style title. Then use hard return to push last line of title to sit on

    this baseline.

    All pages: text begins on this baseline

    OPENER1st text baseline begins here.

    To change slug and # txt.

    On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.

    This will keep the slug text in front of the number

    2MDM SYSTEMSEnterpriseshavelongmanagedcompany-issuedBlackBerrysandWindows

    MobilesviaBlackBerryEnterpriseServer(BES)andMicrosoftExchangeAc-

    tiveSync(EAS).ButyesterdaysnarrowlyfocusedMDMscouldnothandle

    theconsumersmartphonesandtabletsthatfloodedtheworkplacefollow-

    ingApplesiPhonereleasein2007.Ashandsetprocurementrapidlyshifted

    fromemployertoemployee,drivenbybudgetcutsandworkforcedemands,

    ITgroupswereleftscramblingformoreextensibletools.

    Initially,IThadlittlechoicebuttoreduceiPhoneriskbyapplyingEAS

    policiestopreventcorporateemailaccessbynon-passcodedphonesand

    remotelywipethosethatwerelost.Butthesebasicmeasuresfellshortof

    governanceneeds.Certainly,theydidnotsatisfycompliancemandatesto

    encryptdataatrest,norcouldtheydeliverproofofcontinuousenforce-

    mentormeetaccesstrackingandauditrequirements.AlthoughEASsup-

    portinnewerdevicescontinuestoexpand,thismessaging-centricapproach

    isplaguedbyinconsistencyandcannotmeetbroadermobilitymanagement

    requirements.

    Byearly2010,iPhoneshadbeenjoinedbyiPadsandAndroids,fueling

    growthofthemulti-platformMDMmarket.Nichemulti-platformMDMs

    previouslyusedbycellularcompaniesandhighlymobileverticalssuchas

    retailquicklyexpandedtoembraceiOS4,followedbyAndroid2.2.Today,

    multi-platformMDMsareviablealternativestoBESorEAS,givingenter-

    prisesasinglepaneofglassthroughwhichtomonitorandmanageanin-

    creasinglydiversearrayofcorporateandbring-your-ownphonesandtablets.

    MDM BREADTH AND DEPTH

    UnlikeBES,whichusesaproprietaryapproachtomanageonlyRIMdevices

    runningtheBlackBerryOS,multi-platformMDMsarethird-partyprod-

    uctsthatuseopenAPIstotapthenativeinterfacesandcapabilitiesoffered

    bymanydifferentdevices.Today,itiscommonforMDMstomanageApple

    devicesrunningiOS4+,Samsung/Motorola/HTC/LGdevicesrunningAn-

    droid2.2+,andanarrayofhandheldandembeddeddevicesrunningWinCE

    andWindowsMobile.LimitedMDMsupportcanalsobefoundforWindows

  • 5 MOBILE DEVICE MANAGEMENT

    Home

    Editors Note

    BYOD Increase Calls For Enterprise Mobile Device Management

    Systems

    Mitigating BYOD Risks With Mobile Device

    Management Systems

    Mdm 2.0: Meeting New Mobility

    Management Needs

    OPENER3 lines is max title length.

    Style title. Then use hard return to push last line of title to sit on

    this baseline.

    All pages: text begins on this baseline

    OPENER1st text baseline begins here.

    To change slug and # txt.

    On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.

    This will keep the slug text in front of the number

    2MDM SYSTEMSPhoneandWebOSdevices.However,thedegreeofmonitoringandcontrol

    deliveredforeachmanageddevicevariesbymake/modelandOSversion.

    Forexample,MDMscanusuallyenforcedevice-levelaccesscontrolson

    iOSandAndroiddevices.OniOS,ITmayrequirealphanumericpasscodes

    withminimumlengthandspecialcharactersandlimitpasscodeage,reuse,

    idletime,orfailedentryattempts.OnAndroid3+,ITcanenforceallofthis,

    plusrequireupper/lowercaseletters,digits,andsymbols.EveryMDMthat

    supportsiOSandAndroidexhibitsthisdifferencebecauseitreflectsnative

    OScapabilities.However,theextenttowhicheachMDMtriestohidesuch

    differencesunderunifiedconsoleswith

    aconsistentlookandfeelvarieswidely.

    Inothercases,mobiledeviceman-

    agementsystemscandolittletomask

    underlyingdiversity.Forexample,IT

    canuseanyMDMonthemarkettore-

    questafull-devicewipe.Becauseall

    AppleiPhonesandiPadsnowsupport

    full-deviceencryption,remotewipe

    easilyrendersdatainaccessible.How-

    ever,wipingmostAndroidphonessim-

    plyresetsthemtofactorydefault,leavingcleartextbehindonremovable

    storage.MDMscannoteliminatethisnativeshortcomingdoingsofallsto

    devicemanufacturers.ButMDMscanprovidetoolstocentrallyinvokere-

    motewipe,confirmarequestedwipehasbeencompleted,reportonallwiped

    devices(includingownershipandlastknownlocation),andclearlydescribe

    theconsequencesforeachwipeddevice.

    ThisiswhereMDMdepthcomesintoplay.SomeMDMssticktomanag-

    inghardware,softwareandpolicies.OtherMDMspileonvalue-addedse-

    curitymeasures.Forexample,someMDMscreatetheirownauthenticated,

    encrypteddatacontainersonmanageddevices.Anyenterprisedatastored

    inthosecontainerscanbereliablywiped,evenonphonesandtabletsthat

    donotsupportnativefull-deviceencryption.Moreover,thisapproachlets

    On iOS, IT may require alphanumeric passcodes with mini-mum length and special characters and limit passcode age, reuse, idle time, or failed entry attempts.

  • 6 MOBILE DEVICE MANAGEMENT

    Home

    Editors Note

    BYOD Increase Calls For Enterprise Mobile Device Management

    Systems

    Mitigating BYOD Risks With Mobile Device

    Management Systems

    Mdm 2.0: Meeting New Mobility

    Management Needs

    OPENER3 lines is max title length.

    Style title. Then use hard return to push last line of title to sit on

    this baseline.

    All pages: text begins on this baseline

    OPENER1st text baseline begins here.

    To change slug and # txt.

    On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.

    This will keep the slug text in front of the number

    2MDM SYSTEMSITwipedataconsistentlyacrossallMDM-supportedplatforms.However,

    MDMsthatincludethesevalue-addstendtohavemoredevice-specificde-

    pendenciesandlimitationsthanMDMsthatfocusonmanagement.

    LIFECYCLE MANAGEMENT

    Enterprisesflockingtomulti-platformMDMtechnologytogainITvisibility

    andcontroloverpersonallyowneddevicesmayfindithardtodirectlycom-

    pareproducts.Heritageplaysarole:SomeMDMshistoricallyfocusedon

    mobileexpensemanagement,othersstartedwithmobileapplicationman-

    agementandstillothersspecializedinmobilesecurity.Yetmostofthese

    MDMsdeliverfoundationalcapabilitiessuchasinventoryandpolicyman-

    agementthatcausethemtoappear

    superficiallysimilar.Drillingbeyond

    functionalcomparisoncanalsoreveal

    significantdifferencesinautomation,

    usability,scalabilityandintegration.

    Onewaytoreduceconfusionisto

    prefaceMDMproductselectionwith

    aninventoryofbusinessmobilityneeds

    andusecases.WhenIDCsurveyed

    businessesabouttheirabilitytosup-

    portconsumerdevicesinthework-

    place,fouroutoffiverespondentsidentifiedpolicycomplianceanddata

    security/accessastopconcerns.However,nearlythesamepercentagecited

    ensuringITsupportandresourceavailability,readyingmobileapplications

    andsettingemployeesupwithmultipledevicesasmajorissues.Inother

    words,choosinganMDMbasedonitsabilitytomeetsecurityneedsalone

    maybeshortsighted.

    Instead,beginwithlifecyclemanagement.Eveniftheemployerdoesnot

    ownanemployeesmobiledevice,itownsthebusinessdataandapplications

    storedonthatdevice.Startbyestablishingaprocessfortrackingandmanag-

    ingthoseassetsthrougheachdeviceslifetime.

    Enterprises flocking to multiplatform MDM technology to gain IT visibility and control over personally owned devices may find it hard to directly compare products.

  • 7 MOBILE DEVICE MANAGEMENT

    Home

    Editors Note

    BYOD Increase Calls For Enterprise Mobile Device Management

    Systems

    Mitigating BYOD Risks With Mobile Device

    Management Systems

    Mdm 2.0: Meeting New Mobility

    Management Needs

    OPENER3 lines is max title length.

    Style title. Then use hard return to push last line of title to sit on

    this baseline.

    All pages: text begins on this baseline

    OPENER1st text baseline begins here.

    To change slug and # txt.

    On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.

    This will keep the slug text in front of the number

    2MDM SYSTEMSDoingsocreatesanessentialfoundationfornotjustsecuritymanage-

    ment,butexpensetracking,userassistance,applicationanddatadeployment

    andmore.MDMscanenablelifecyclemanagementbyautomatingdeviceen-

    rollment,monitoringandde-enrollment,independentofownership.Most

    MDMssupportIT-initiatedenrollment;somealsoofferuser-initiateden-

    rollment.Eitherway,usersfollowlinkstoaself-helpenrollmentportalwhere

    theyarepromptedtoentercredentials.

    Behindthescenes,theMDMtypicallyauthenticatestheuserandcom-

    paresuseranddevicetoIT-definedpolicies.Ifthisuserispermittedtoen-

    rollthisdevice,basedonmake/model,OS,ownershipandgroupmembership,

    accessmaybeauthorized.MDMsmaydisplayanacceptableusepolicyand

    issueadevicecertificatebeforecontinuingontoprovisionthedeviceover-

    the-air,applyingdevicesettings,securitypoliciesandapplications.

    Byautomatingenrollment,ITcandeliverscalablesupportformanyper-

    sonallyowneddeviceswhileplacingwelldefinedlimitsonacceptableuse.

    Devicesthatpassmustercanbeoutfittedforsafeproductivebusinessuse,

    leavingITwell-positionedtocontinuallymonitoractivityandenforcesecu-

    ritypolicycompliance.Ifanenrolleddeviceshouldbelostorstolenorbe-

    comenon-compliant,ITcanuseMDMtoremotelyfind,lockorwipeit.

    Inaddition,MDMmaybeusedtoinvoketemporarystop-lossactionssuch

    asremovingsettingsthatpermitcorporateemail,VPNorapplicationaccess.

    Eventually,whentheemployeeleavesthecompanyorthedeviceisreplaced,

    MDMcaneasilyde-enrollitwhilewipingcorporateassets.ManyMDMscan

    nowdifferentiatebetweenfull-deviceandenterprisewipe,lettingITdecom-

    missionanemployeesdevicewithoutharmingpersonaldata.n

  • 8 MOBILE DEVICE MANAGEMENT

    Home

    Editors Note

    BYOD Increase Calls For Enterprise Mobile Device Management

    Systems

    Mitigating BYOD Risks With Mobile Device

    Management Systems

    Mdm 2.0: Meeting New Mobility

    Management Needs

    OPENER3 lines is max title length.

    Style title. Then use hard return to push last line of title to sit on

    this baseline.

    All pages: text begins on this baseline

    OPENER1st text baseline begins here.

    To change slug and # txt.

    On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.

    This will keep the slug text in front of the number

    3DEPLOYING MDMMitigating BYOD Risks With Mobile Device Management Systems

    Once enterprises understand thebenefitsandlimitationsofmobilede-

    vicemanagement(MDM)technologyandbegin...

Recommended

View more >