The connected enterprise needs mobile protection, so what now?
The benefits to business that the smartphone has brought are numerous. Since the first iPhone’s release in 2007, and perhaps more importantly, the launch of the App Store in 2008, people have carried with them highly powerful computers (with the added bonus of those computers being capable of making phone calls, too).
That portability and the always-on design of the technology mean that people began to be able to undertake their usual tasks on the move, at home, or on a daily commute.
Additionally, many organizations found that their employees’ performance could be improved by equipping them with either a smartphone or tablet. Instead of having to carry masses of reference manuals and notebooks, staff could just turn to their phone to consult for and record information.
Then, as the mobile networks’ data carrying capabilities improved, there was the possibility of real-time synchronization with other systems, so people could literally work ‘live’ with data held elsewhere.
The massive consumerization of technology in the form of the smartphone and its appearance in the workplace was at first regarded with some suspicion: bringing your own device into the workplace was not universally accepted, especially, it must be said, by territorial and/or security-conscious IT departments who felt the careful lock-down of networks was a priority.
However, very quickly, either by the sheer force of numbers of phones in staff back pockets, or whether the business benefits of having a connected workforce held sway, the reality became to accept and even embrace the tech.
A major balancing act in organizations today is between the positives that can be accrued by the business in having every staff member equipped with powerful technology, everywhere; and the security threats those devices pose.
The term ‘security’ is a broad church: it can refer to cybersecurity (preventing malware brought into the workplace), security in the traditional sense (law enforcers and security services being compromised by massively portable technology), or intellectual security (company secrets walking out the door).
Whether security breaches are malicious or accidental is not particularly relevant in these broad contexts, but they are a reality, and as cybersecurity experts are wont to say, it’s not if an incident takes place, it’s when it will. Organizations, therefore, are adopting a range of solutions specific to the needs of their verticals, to tie down some of those security issues.
- Divide the hardware
If resources permit, companies can issue smartphones to staff, specifically for work purposes. By careful use of enterprise mobility management systems (see 2, below) combined with appropriate ring-fencing of networks, staff can work with enterprise data safely. The ‘work phone’ would not be able to be used for ‘civilian’ purposes at all, or only in a very controlled way– such as calls and text-only SMS.
This solution is perhaps most suited to the higher levels of security requirements, up to defense, armed forces deployment or the intelligence agencies. Additional levels of protection from outside can be deployed by using so-called black phones, which use technologies like encryption at rest for locally-held data, encrypted communications and always-on VPN for data.
Staff may find using two phones (one for work, one for home life) cumbersome and irritating, but could be presented as the equipping of necessary work tools.
- Partition the software
Despite some no small technical difficulties due to the variance in mobile platforms (and versions thereof), solutions do exist whereby selections of applications and phone features can be ring-fenced by software. That means that inside a virtualized ‘work environment’ on the phone or tablet, only mandated apps may run. This type of facility may also extend to either a filtered version of the online app store (of whatever platform), or an app store that’s hosted by the controlling organization.
This type of solution is usually predicated on particular OS versions, so may not be suitable for older or more esoteric handsets. But when installed and maintained correctly, partitioning can be a way of ensuring that both business and personal mobile uses are kept separate.
Google’s Enterprise program is a high-profile attempt to bake into an OS the distinction between phones’ uses and is a positive step by a major OS supplier to respond to the BYOD issue. The devil is, as ever, in the detail, with only specific devices being suitable for the program. Staff keen to use their lowly Android KitKat budget phone may be disappointed.
In just a few cases, the use of handhelds can be limited by geographic area. This might be via the use of most units’ built-in GPS, or by the addition of hardware (like a barcode scanner, or software key dongle that plugs in the USB/Lightning port, or Apple Store-type beacons/RFID). In the case of phone-connected hardware, the peripheral is removed at the end of the working day, which automatically prevents certain pieces of software functioning properly.
A more complex solution using GPS can ensure that applications only work, or access is only granted, when the device is in a particular area. This high-end solution is particularly suited to military or law enforcement: once the device is offsite, access to systems and specific data is denied.
While such technology’s use may seem esoteric for deployment in office-based scenarios (the easiest scenario in which to manage endpoints), more jobs are using smartphones and tablets – often ruggedized – for highly specific, specialized purposes, like in the working lives of firefighters, first-responders and medical staff. It’s in these situations that IT officers need to think creatively as to how best to secure devices, with access in the field to potentially sensitive data.
Here at Tech Wire Asia, we’d like to consider two suppliers of mobile management technologies that have caught our attention in the last few months. The following are taking an extra step on from what might be termed ‘traditional’ enterprise mobility management systems.
How do you get the right devices into the hands of the right workers, and keep them running securely at peak efficiency? The SOTI ONE Platform is an innovative solution that reduces the cost, complexity and downtime of business mobility. It destroys functional silos and enables integrated solutions to secure and manage mobile devices and IoT endpoints.
SOTI MobiControl makes mobility management easy. Regardless of device or OS, SOTI ensures that companies have the solutions they need to support their mobile strategy: SOTI manages Android, iOS, Mac, Windows (CE, Mobile, Desktop, IOT and Modern) and Linux devices.
Companies are deploying mobile technology and IoT to empower their worker and improve customer engagement. SOTI is the go-to company for managing mobile devices: whether it’s the industry’s first helpdesk solution “purpose-built” to fix mobile device problems, or building apps through SOTI’s rapid app development solution, SOTI delivers a superior experience by enabling users to access one solution from another.
SOTI’s business intelligence solutions allow enterprises to aggregate and analyze data securely from mobile apps, devices, IoT endpoints and enterprise applications. Moreover, because IoT devices can communicate over different protocols, the SOTI ONE Platform removes stumbling blocks associated with bringing legacy or specialist IoT into the analytical and management fold.
To ensure that companies who see mobility as critical have the solutions they need to support their mobile strategy, the SOTI ONE Platform is designed to tackle today’s toughest mobility challenges.
To read more about SOTI’s unique offering, click here.
MobileIron Threat Defense protects your organization from data loss caused mobile-based attacks— a common vector hackers and those with malicious intent now focus on people, rather than networks. Both corporate and personal devices can be protected non-intrusively, with an un-installable (without correct privileges), lightweight protection system in software.
Known threats and zero-day exploits are made known to devices, and the software can remediate without the need for data connection. When reconnected, devices update the central solution, and any required updates pushed to all devices.
The MobileIron solution can create a single point of sign-on (using PIN/fingerprint/faceprint/password) for an array of corporate apps such as Dropbox for Business, Outlook, and various common document sharing and communications apps. The company’s own AppStore offers apps which are marked as able to work inside the secure enclosure provided by MobileIron.
The solution means personal activities cannot be confused with corporate by users, like logging onto personal DropBox accounts instead of the organization’s. Furthermore, only approved applications can be used to access critical services: unapproved Salesforce clients can be prevented, for instance.
MobileIron’s solution provides use statistics in real-time to administrators, so any issues that become of concern can be traced back to individual sources.
*Some of the companies featured on this editorial are commercial partners of Tech Wire Asia
- Rethink the hybrid cloud, and accelerate your aspirations, with NTT Communications
- Leading from the front: your people and your cybersecurity systems
- The importance of data protection and operational governance for enterprise
- Watson intelligence provides customer care, now and for the future
- Unlocking the true value of digital transformation across ANZ