SlideShare ist ein Scribd-Unternehmen logo
1 von 22
Downloaden Sie, um offline zu lesen
MOBILE DEVICE MANAGEMENT –
DEPLOYMENT, RISK MITIGATION
& SOLUTIONS
From
Mobile Device Management
Confidential  Network Intelligence (India) Pvt. Ltd. Page 2 of 22
NOTICE
This document contains information which is the intellectual property of Network Intelligence. This
document is received in confidence and its contents cannot be disclosed or copied without the prior
written consent of Network Intelligence.
Nothing in this document constitutes a guaranty, warranty, or license, expressed or implied.
Network Intelligence disclaims all liability for all such guaranties, warranties, and licenses, including
but not limited to: Fitness for a particular purpose; merchantability; non infringement of intellectual
property or other rights of any third party or of Network Intelligence; indemnity; and all others. The
reader is advised that third parties can have intellectual property rights that can be relevant to this
document and the technologies discussed herein, and is advised to seek the advice of competent
legal counsel, without obligation of Network Intelligence.
Network Intelligence retains the right to make changes to this document at any time without notice.
Network Intelligence makes no warranty for the use of this document and assumes no responsibility
for any errors that can appear in the document nor does it make a commitment to update the
information contained herein.
Copyright
Copyright. Network Intelligence (India) Pvt. Ltd. All rights reserved.
NII Consulting, AuditPro, Firesec, NX27K is a registered trademark of Network Intelligence India Pvt.
Ltd.
Trademarks
Other product and corporate names may be trademarks of other companies and are used only for
explanation and to the owners' benefit, without intent to infringe.
NII CONTACT DETAILS
Network Intelligence India Pvt. Ltd.
204 Ecospace, Old Nagardas Road, Near Andheri Subway, Andheri (E),
Mumbai 400 069, India
Tel: +91-22-2839-2628
+91-22-4005-2628
Fax: +91-22-2837-5454
Email: info@niiconsulting.com
Mobile Device Management
Confidential  Network Intelligence (India) Pvt. Ltd. Page 3 of 22
Contents
1. Introduction .............................................................................................................................. 5
2. Typical Design of MDM solution................................................................................................. 7
3. Understanding BYOD and MDM................................................................................................. 8
a. Bring Your Own Device (BYOD) policy and MDM in an enterprise........................................... 8
b. Are BYOD and MDM same things? ......................................................................................... 8
c. If I have a BYOD policy at my company, is MDM deployment necessary? ............................... 8
d. Okay, so how do I effectively communicate mobile security policy to employees? ................. 8
4. Adopting "Personal-liable approach" for Mobile Devices ......................................................... 10
a. Benefits in adopting "Personal-liable approach" for personal mobile devices....................... 10
b. Security costs incurred for adopting personal-liable approach ............................................. 10
c. Questions to ask before opting for Personal-liable approach for MDM ................................ 11
5. Selecting an optimal MDM delivery methodology.................................................................... 12
a. Premise-based..................................................................................................................... 12
b. Software as a Service (SaaS)................................................................................................. 12
c. Managed Services................................................................................................................ 12
6. Designing BYOD policy before deploying MDM ........................................................................ 13
a. Do your Homework.............................................................................................................. 13
b. Identify user needs .............................................................................................................. 13
c. Enacting a End-User License Agreement (EULA) corporate policy......................................... 14
d. Addressing the privacy concerns .......................................................................................... 14
e. HR and Legal concerns ......................................................................................................... 14
f. Training Users and Helpdesk Support................................................................................... 14
g. Addressing Authentication issues......................................................................................... 15
h. Defining Mobile Device Security Rules ................................................................................. 15
7. MDM Deployment................................................................................................................... 16
a. Policy................................................................................................................................... 16
b. Risk Management................................................................................................................ 16
c. Configuration Management................................................................................................. 16
d. Software Distribution........................................................................................................... 16
e. Procurement issues.............................................................................................................. 16
f. Device policy compliance and enforcement ......................................................................... 16
g. Enterprise Activation / De-Activation ................................................................................... 17
h. Enterprise Asset Disposition................................................................................................. 17
i. User Activity Logging............................................................................................................ 17
Mobile Device Management
Confidential  Network Intelligence (India) Pvt. Ltd. Page 4 of 22
j. Security Settings .................................................................................................................. 17
8. Challenges during MDM implementation................................................................................. 18
a. Hidden costs and corporate governance issues .................................................................... 18
b. Employee unawareness about information security while using mobile endpoints............... 18
9. Picking the right MDM vendor ................................................................................................. 19
10. MDM vendors...................................................................................................................... 20
a. Popular MDM Vendor List.................................................................................................... 20
b. Salient Features of some of the leading MDM vendors ........................................................ 20
11. How we can help your organization?.................................................................................... 21
a. Strong support of Solutions Team ........................................................................................ 21
b. Security Awareness Trainings............................................................................................... 21
c. Social Engineering Exercises................................................................................................. 21
12. References........................................................................................................................... 22
Mobile Device Management
Confidential  Network Intelligence (India) Pvt. Ltd. Page 5 of 22
1.INTRODUCTION
The explosive growth in the popularity of mobile devices and growth in their powerful
features has led to a sharp rise in the usage of smartphones, tablets and mobile POS
devices in the corporate world. Apart from the mobility advantage, these devices have
become more efficient to offer better business growth and increased networking
advantage to bring better employee productivity at the workplace. As the market for
these devices continues to develop at an exponential rate, concerns about the safety of
the sensitive corporate data present on mobile device, in transit or at rest also grow
proportionately as the tracking the data, relying on its integrity becomes increasingly
challenging. Further enforcing corporate governance, complying with local laws and
trans-border regulations also pose a serious challenge in this case. Hence a technical
method to secure, monitor, manage and supports mobile devices deployed across mobile
operators, service providers and enterprises is need of the hour which has led to the
development of Mobile Device Management(MDM).
What is Mobile Device Management (MDM)?[1]
Mobile Device Management (MDM) software secures monitors, manages and supports
mobile devices deployed across mobile operators, service providers and enterprises.
MDM functionality typically includes over-the-air distribution of applications, data and
configuration settings for all types of mobile devices, including mobile phones,
smartphones, tablets, mobile printers, mobile POS devices, etc. This applies to both
company-owned and employee-owned (BYOD) devices across the enterprise or mobile
devices owned by consumers.
By controlling and protecting the data and configuration settings for all mobile devices in
the network, MDM can reduce support costs and business risks. The intent of MDM is to
optimize the functionality and security of a mobile communications network while
minimizing cost and downtime.
What do you mean by "over-the-air"?
Over-the-air programming (OTA) capabilities are considered a main component of
mobile network operator and enterprise MDM software. These include the ability to
remotely configure a single mobile device; an entire fleet of mobile devices or any IT-
defined set of mobile devices; send software and OS updates; remotely lock and wipe a
device, remote troubleshooting and so on. OTA commands are sent as a binary SMS
message. MDM enables IT departments to manage many mobile devices used across the
enterprise.
What is Open Mobile Alliance (OMA)?
The Open Mobile Alliance (OMA) is a standards body which develops open standards for
the mobile phone industry. OMA Data Management specification is designed for
management of small mobile devices such as mobile phones, PDAs and palm top
computers. It supports the following typical uses:
 Provisioning – Configuration of the device (including first time use), enabling and
disabling features
 Configuration of Device – Allow changes to settings and parameters of the device
Mobile Device Management
Confidential  Network Intelligence (India) Pvt. Ltd. Page 6 of 22
 Software Upgrades – Provide for new software and/or bug fixes to be loaded on
the device, including applications and system software.
 Fault Management – Report errors from the device, query about status of device
Since OMA DM specification is aimed at mobile devices, it is designed with sensitivity to
the following:
 Small foot-print devices: where memory and storage space may be limited
 Constrained Bandwidth of communication: Such as in wireless connectivity
 Tight security: As the devices are vulnerable to virus attacks and the like;
 Authentication and challenges: Are made part of the specifications
Why the sudden demand for managing mobile devices?
The popularity in usage of personal smartphones and tablets has created a strong
demand to use personal devices at work. Employees feel more comfortable in using their
own personal devices for work and are willing to bear the cost of liability, maintenance
and upgrades. Employee morale boost and cost savings to the employer are the major
attractive factors to opt for the employee-liable approach to use their personal devices at
workplace. Also, the obvious networking advantages offered to C-level executives,
managers and top management directors for extending the business growth and
exploring profitable avenues while on the move presents a compelling case to use mobile
devices at workplace or during travel.
However, risks associated with these devices such as sensitive corporate data going into
wrong hands and dangers of facing litigation suits due to intentional/unintentional data
breach or data losses suffered due to lost/misplaced device makes a ready case for
managing the mobile devices. There are also legal and HR related issues that need to be
ironed out if there is a case of adopting “employee-liable ownership” approach for the
accountability of the devices.
An organization will still be responsible to maintain security for these mobile devices as
per the SOX, HIPAA etc. federal mandates, but since the devices are not owned by the
organization, securing the device and the data becomes a tricky issue here as
organization may or may not own the mobile device in question at the first place. Thus
enforcing accountability becomes tricky in such cases.
Using Mobile Device Management (MDM) solutions, organizations can partially own
these devices by enforcing corporate policies and procedures to them. Hence the
importance of investing in MDM solution makes sense in these situations.
Mobile Device Management
Confidential  Network Intelligence (India) Pvt. Ltd. Page 7 of 22
2.TYPICAL DESIGN OF MDM SOLUTION[1]
Typically solutions include a server component, which sends out the management
commands to the mobile devices, and a client component, which runs on the handset,
receives and implements the management commands. Optionally, vendor may provide
both the client and the server, in others client and server will come from different
sources.
Central remote management, using commands sent over the air, is the next step. An
administrator at the mobile operator, an enterprise IT data center or a handset OEM can
use an administrative console to update or configure any one handset, group or groups of
handsets. This provides scalability benefits particularly when the fleet of managed
devices is large in size.
Mobile Device Management
Confidential  Network Intelligence (India) Pvt. Ltd. Page 8 of 22
3.UNDERSTANDING BYOD AND MDM
a. Bring Your Own Device (BYOD) policy and MDM in an enterprise [1]
As Bring Your Own Device (BYOD) business policy is becoming more popular,
corporations can use MDM to allow employee-owned devices inside the corporate
firewall due to better device management capabilities. Employees also have more
freedom to choose the device that they like instead of being forced to use particular
brands by the IT department. Using MDM, IT departments can also manage the employee
devices over-the-air with minimal intervention in their schedules.
b. Are BYOD and MDM same things?[2]
No. BYOD (Bring your own device) is a business policy of allow employees to use their
own devices for carrying out business related work by granting access to company
resources backed by proper authentication controls. BYOD represents a policy of offering
mobility to a very broad range of organization resources typically delivered either by
robust mobile policy, or managed via implementation of MDM, DaaS (Desktop as a
Service) etc.
MDM can be thought as a subset of BYOD, which is designed to securely manage mobile
device endpoints by enforcing corporate policies over-the-air to the employees’ mobile
devices.
c. If I have a BYOD policy at my company, is MDM deployment
necessary?
If you have designed and implemented robust BYOD policy properly across your
organization then you have to evaluate your options carefully before going for MDM
solution. If the primary aim to adopt BYOD was to get rid of device ownership only, it will
not make sense to invest in MDM (esp. if your company is small or medium sized).
However, if your aim is to prevent sensitive data leakage and enforce device security
settings for employees as they access sensitive corporate resources, or if your business is
rapidly scaling up, it definitely makes sense to implement MDM. Keep in mind that a
proper mobile security policy has to be there in any case to protect vital corporate
information.
MDM helps to reduce costs and improve productivity in longer run when implemented
correctly for the organization. If implemented improperly on loosely defined security
policy, it becomes expensive to maintain and achieves little to safeguard sensitive
corporate information. Hence, proper care and precautions are needed to develop robust
mobile security policy before opting for MDM solution.
d. Okay, so how do I effectively communicate mobile security policy to
employees?[12]
Effective Communication means making the employees understand the policy as easily as
possible. Make it simple and direct while keeping it short, sweet and to the point. If you
can get employees to be aware of the security elements in your environment, they will be
Mobile Device Management
Confidential  Network Intelligence (India) Pvt. Ltd. Page 9 of 22
the ones who will spot things report it immediately assuming they know what to spot and
know who to report it to. Make them aware of BYOD security policy first, not MDM.
Help your employees understand what is at risk. It comprises not just theft, loss or the
exposure of information or device, but other risks, which they face while they are mobile.
Make them aware of the risks involved in the types of environments that they encounter
while being mobile and how they should address them.
Mobile Device Management
Confidential  Network Intelligence (India) Pvt. Ltd. Page 10 of 22
4.ADOPTING "PERSONAL-LIABLE APPROACH" FOR MOBILE
DEVICES[3]
a. Benefits in adopting "Personal-liable approach" for personal mobile
devices
Many organizations may offer their employees a fixed monthly stipend to help offset their
monthly voice and data bill. This approach results in predictable mobile expenses for the
corporation, and employees become responsible for the costs of their mobile devices and
data plans. Hence, expenses related to mobility-related asset management such as
acquisition, maintenance, processing of payment for carrier invoices and disposal of
devices can be heavily reduced or eliminated.
The organization may also position itself as flexible employer and may be able to recruit
and retain tech-savvy workers, who typically have a strong attachment to a favourite
mobility platform. Productivity can be increased as employees have more options when
working out of the office. Additionally, organizations may be able to secure reduced
monthly costs for service and premiere-level support from the carriers for their
employees.
It is generally observed that employees take better care of their personal belongings as
they are more attached to their devices because of the ownership they assume over them.
b. Security costs incurred for adopting personal-liable approach
While the personal-liable model offers benefits for both employees and employers,
addressing the important issues of security and governance become more complicated
and expensive. When sensitive corporate information is stored on a corporate-owned
device, the organization can implement and enforce strict controls on the operating
system and other features of the device, such as Wi-Fi and Bluetooth to prevent
unauthorized use of that sensitive information. But this is not the case in personal-liable
approach as the device owned by the employee is not a corporate asset but may carry
sensitive corporate data.
Security measures are required to mitigate the risks associated with employees installing
applications from app stores. These untrusted applications may expose corporate data or
infect other devices in the organization’s network. Also, the company might experience
additional expenses to support multiple mobility platforms.
Support costs may increase as more, and higher-skilled, help desk personnel are
required. Similarly, application development costs may increase. Organizations must
implement an employee agreement to address topics that include acceptable use of
personal devices and corporate access to the employee’s device. The financial
arrangements relating to stipends or reimbursement of actual expenses should also be
included in this employee agreement. Corporate counsel should carefully weigh any
record-keeping requirements for SMS text messages or call logs made from mobile
devices and evaluate potential legal consequences of capturing this information from
employee-owned devices.
Mobile Device Management
Confidential  Network Intelligence (India) Pvt. Ltd. Page 11 of 22
Finally, employees may discover unexpected expenses associated with using their
personal device for work. While their current voice and data plans may be sufficient for
personal use, usage may expand dramatically when used for work calls and applications.
The cost increase may be sharp; especially for employees who travel internationally,
where roaming charges are make the costs very expensive. If the organization
reimburses for actual costs, an employee may find that they spend several hours a month
separating their personal costs prior to submitting the bill for reimbursement.
c. Questions to ask before opting for Personal-liable approach for
MDM
 Are there any specific concerns that would preclude the use of employee-owned
devices?
 Is the organization willing to implement additional security controls to allow a
broader range of devices?
 Is the corporation willing to accept a short-term increase in risk to allow newer
platforms access to data while the device’s management and security tools
mature?
 How will the organization respond to inappropriate material on a personally-
owned device? Who decides what is inappropriate?
 Under what conditions the organization could examine the personal property of
an employee?
 What are the laws in your jurisdiction? Do laws differ whether the employee uses
the device for their own convenience?
 If the risks associated with personal-liable approach are too high, is there a subset
of employees with a lower overall risk profile that might qualify for personally-
owned devices?
Mobile Device Management
Confidential  Network Intelligence (India) Pvt. Ltd. Page 12 of 22
5.SELECTING OPTIMAL MDM DELIVERY METHODOLOGY[9]
Three MDM Delivery mechanisms are available which you can choose depending on your
staff expertise and investment you are willing to make for deploying MDM in your
organization.
a. Premise-based
If you want to maintain a high degree of control and also have reliable IT skills and
resources, then would likely select a premise-based solution. This is ideal if you prefer to
directly control the system’s security and administration. A premised-based MDM
solution requires a larger up-front investment.
b. Software as a Service (SaaS)
If you don’t want to maintain servers at your site(s) but still want the management and
administration to be in your hands, then you should consider an on-demand offering.
Customers can negate or minimize the up-front cost and instead pay a monthly or annual
fee for the system.
c. Managed Services
If your IT department is over-extended or lacks required expertise, you can consider
managed services offering. This option allows you to turn the management function over
to experts who handle it for you. This proactive management service provides support
without draining internal resources and still provides regular status reports so that you
are aware of specific items like roll-outs, software/hardware updates and
asset/inventory control.
Consider each method carefully. Enquire the vendor to look for one that can support all of
the deployment options to best serve you now and into the future.
Mobile Device Management
Confidential  Network Intelligence (India) Pvt. Ltd. Page 13 of 22
6.DESIGNING BYOD POLICY BEFORE DEPLOYING MDM[5]
A successful MDM implementation cannot be completed without proper planning of
BYOD business policy and procedures. While BYOD policies establish a common ground
of communication between the employer and the employee and defines the boundaries of
data ownership present of the personal mobile devices, MDM offer the employer and
organization a peace of mind if any unwanted incident is reported. The security of the
data can be then be managed via remote wipe, encryption, self wipe etc.
a. Do your Homework
 Work with Legal and HR dept. to define personal device policy aligning with
organization information policy
 Use Social Media to engage the dialogue with employees to get a feel of their work
style and support needs
 Develop new authentication methods and device management policies that help
safeguard corporate information and intellectual property.
 Provide employee trainings for information security and IT Service Desk
personnel about personal device policy.
By applying safeguards to protect information and intellectual property, employees can
select the tools that suit their personal work styles and facilitate their job duties. This
improves their productivity and job satisfaction.
Identify minimum security specifications such as,
 Make Two- factor authentication mandatory to push e-mail
 Secure Storage using encryption
 Security policy setting and restrictions
 Secure informational transmittal
 Remote Wipe capability
 Ability to check viruses from server side
 Patch management and enforcement software for rules
 IDS capabilities on server side of connection
b. Identify user needs
Construct blog/online poll or questionnaire to find out the needs of the user. Take user
feedback on questions such as such as:
 Why do you want to use your own device(s) for work?
 What would you give up to use your device for work?
 What does your personal device do to help you work?
 Would you increase security habits for more device freedom?
By analyzing the responses with close collaboration with HR and Legal Team, you can
make informed decisions about going forward for forming the policy on usage of mobile
devices.
Mobile Device Management
Confidential  Network Intelligence (India) Pvt. Ltd. Page 14 of 22
c. Enacting a End-User License Agreement (EULA) corporate policy
The EULA provides the employees very clear instructions of what they can or can't do
with a device. Stress has to be placed for managing and protecting the corporate data
stored on the device. Also, emphasis has to be placed not to share the un-locked device
with non-corporate user including friends or family etc. If any company's data resides on
their devices, they should be backed up to company owned device by default. Types of
devices allowed such as tablets, smartphones etc. must be stated clearly in policy. The
EULA policy must be generic enough to cover all the allowed devices sufficiently.
EULA must be reviewed preferably each quarter to ensure as the technology and user
demand change, legal protection provided by the policy remains up to date. Users must
re-sign the updated EULA when they move to new technology. Finally, it should be made
clear that employees who refuse to sign EULA can't use personal devices to access
corporate information.
d. Addressing the privacy concerns
For addressing the privacy concerns, policy must clearly define the following terms:
 Corporate-own data: Business Data or intellectual property owned by company.
 Employee-owned data: Data owned by employee, such as task list, notes, family
photos.
 Personal data: Data controlled by privacy legislation such as medical records,
home address.
In cases where there is a cross-over between personal and corporate-owned data such as
calendar records, the policy should state clearly that during investigation, the confiscated
device's personal data may be viewed during forensic analysis.
e. HR and Legal concerns
HR policy must state clearly under what circumstances the employees will be subjected
to be compensated outside their working hours. Time sheets must adequately reflect
those activities. Legal policy must state that in case of legal hold or eDiscovery, the
employee must immediately surrender his/her device on request after which all files may
be copied and relevant ones may be used to pursue legal matter. Employees who are
subjected to legal hold might have certain restrictions for device usage and should obey
to continue work under those restrictions.
f. Training Users and Helpdesk Support
Stating the policy is the easy part. The hard part is to train users about what policy means
and how to protect information on their devices as the BYOD trend and MDM
implementation is relatively young and not well understood by users. Users must be
made aware of the risks/penalties that will result if sensitive corporate information is
leaked out by accident/intention. Sharing the device with family and friends should be
discouraged and employees must be made aware of the risks that might emerge in advent
of such behaviour. Violation of these rules must attract appropriate disciplinary controls
Mobile Device Management
Confidential  Network Intelligence (India) Pvt. Ltd. Page 15 of 22
as defined by the policy. It is crucial for employees to understand that the helpdesk is to
be contacted first in case of lost/stolen device. Once the incident is reported, helpdesk
can quickly issue a data wipe on device over carrier wave. Many employees in a wave of
panic might inform carrier service about the device lost/stolen first. In such cases, data
wipe can't be issued as the carrier service has already been shut down on request of
employee. Any charges incurred such as fraudulent calls etc may be reimbursed by
company later.
Apart from employees, helpdesk and support staff must undergo mandatory training to
reduce any chances of miscommunication for any query raised by the employees. Care
must be taken they don't accidently invalidate EULA policy by supplying incorrect
answers. Here, extensive mock drills must be conducted after every policy review or
revision to minimize such incidents from taking place. FAQ's manuals must be made
available online to everyone for ready reference.
g. Addressing Authentication issues
For better security, two-factor authentication is used for accessing the corporate
information. But since the device is unknown in this case, challenge lies how to achieve it.
For this, a random text message is sent to predefined phone number. Thus, the text
message sent by server is "must-know" factor and phone number is the "must-have"
factor which enables 2-factor authentication.
h. Defining Mobile Device Security Rules[12]
A device used for accessing corporate data must have the following pre-requisites
 The device user must have signed company's EULA policy.
 It must have personal identification number (PIN)
 It has to support a code lock
 It has to have an auto lockout feature
 It has to support encryption
 It has to support remote wipe.
Further, Security Policies must be enforced via MDM such as:
 User-defined lock code of minimum length as defined in policy.
 Auto-Lockout period set as per policy
 Issuing Data Wipe if user reports the device to be stolen
 Automated Data Wipe issued (for corporate-data only or both) after “x” no of
incorrect tries to open lock-screen.
 All corporate data is encrypted with a strong key
Mobile Device Management
Confidential  Network Intelligence (India) Pvt. Ltd. Page 16 of 22
7.MDM DEPLOYMENT[8]
Essential components of MDM to consider during deployment phase are:
a. Policy
A well defined policy provides management direction and support for IT and information
security and is the foundation for solid framework implementation.
b. Risk Management
Periodic assessment of risk should be done. For high risk cases, additional controls may
be implemented to reduce risk to an acceptable level. Similarly for low or non-existent
risks, minimal controls may suffice.
c. Configuration Management
This involves automatic configuration of device settings like password policy, email, Wi-
Fi, VPN. This aids in elimination of user errors and minimizes vulnerabilities caused by
misconfiguration. This also includes configuration lockdown as per user's role based
permissions to enforce corporate IT mobility policies.
d. Software Distribution
This includes over-the-air updates/patches for OSs, applications, synchronization, fixes
etc. Backup and restore operations become vital in situations of device crash and
replacement in case of any intentional/unintentional wipe-out. When aligned with
corporate mobile policies, it is ensured that only trusted mobile applications are
distributed. Together with Configuration management, software distribution enables
white-listing/black-listing of applications on mobile devices. For maximum efficiency, it
is recommended to test the mobile applications separately to check for their
trustworthiness before distributing them over-the-air via MDM.
e. Procurement issues
It is important to coordinate with the HR and Legal teams to define certain terms and
conditions in policy and employee agreements. Liability for all parties must be clearly
defined in these agreements. This should include private usage of corporate services,
expense compensations, employee privacy policy, shared responsibilities for device and
content security, misuse, secure wipe of device including personal data in case of device
lost/theft etc.
f. Device policy compliance and enforcement
This is involved in device supply, control and tracking. Asset based inventory assessment
are critical prerequisites for policy enforcement to comply with corporate/regulatory
mandates around policies, jail-broken/rooted device detection, encryption, privacy based
separation of corporate content vs. personal content etc. It is also concerned about the
alerts and notifications for asset reporting about devices, users and apps. Overall, it
provides an effective governing control over mobile end point devices which can be
easily tested against ISMS standards such as ISO 27001 making it easier for audit
activities also.
Mobile Device Management
Confidential  Network Intelligence (India) Pvt. Ltd. Page 17 of 22
g. Enterprise Activation / De-Activation
Proper implementation of this functionality to connect mobile devices to enterprise
network reduces the administrative burden of provisioning and re-provisioning at IT-
department. Details exchanged with the server typically include OS, Device Identifier,
IMEI number etc. After activation, some configuration settings might be changed such as
enable encryption, password settings, application restrictions etc.
h. Enterprise Asset Disposition
This involves removal of physical devices by de-commission; releasing to BYOD owner in
case of device exchange, upgrade or permanent de-commissioning. Follow-up procedures
include notifying inventory management, generating user receipt and accepting user
acknowledgement etc. If decommissioning is permanent, secure wipe of corporate data
must be done and it should be handed over to employee along with his private data
untouched.
i. User Activity Logging
Logging must be done carefully in accordance of various privacy laws, rules and
regulations of the country in which company operates its business. Professional legal
counsel must be approached before defining the policies governing the user activity
logging.
j. Security Settings
These can be categorized to user security and data security. Data security consists of
wiping corporate data/personal data in case of device lost/theft. They also extend to role
based user permissions enforced via MDM solutions. User security consists of
encryption, authentication on enterprise portal login; lock code and selective wipe in case
remote wipe is issued. Selective wipe leaves personal data as it is and only erases
corporate data residing in mobile device. It also covers certificate based authentication.
Mobile Device Management
Confidential  Network Intelligence (India) Pvt. Ltd. Page 18 of 22
8.CHALLENGES DURING MDM IMPLEMENTATION[6]
a. Hidden costs and corporate governance issues
Enterprises typically see the MDM implementation as a measure to save costs and
manage mobile endpoints effectively in this process. Often MDM is seen as a
complementary practice exercise in tandem with BYOD policy. But the reality is that if
your BYOD business policy is not properly defined or effectively enforced, having a MDM
solution will be patchy at its best and grow cost prohibitive at its worst.
Also, mobile OSs are natively run in sandboxed environment and hence unless
rooted/jail-broken will pose great difficulty to enforce corporate policies. But as mobile
OS system themselves evolve over time, many MDM like features will be provided
natively by them.
Corporate governance becomes complex as mobile endpoints are added in asset
inventory which may or may not be owned by the enterprise. If your mobile device policy
or BYOD policy is not properly defined, MDM may report false positives or large no of
false negatives if not properly implemented. This will lower down employee morale and
cause confusion and mayhem at workplace. Cost escalation might be the direct
consequence of bad implementation on MDM solution.
b. Employee unawareness about information security while using
mobile endpoints
Employees may freely share their devices with their co-workers, family members or
friends, which can increase the chances of accidental data breaches of corporate
information. Identity theft may result in extreme cases and if some unwanted or
intentional damage is caused by that, the blame squarely rests on employee and he might
have to suffer the consequences such as job dismissal in case of fraud done by "his
(enemy) friend". Using social engineering, competitors can fool the employee into
revealing the details by handling over his mobile device for "few minutes" gathering
valuable information for corporate espionage.
To counteract these threats and associated risk, information security awareness
programs and trainings must be conducted on mandatory attendance basis to equip
employees to counter such attacks.
Mobile Device Management
Confidential  Network Intelligence (India) Pvt. Ltd. Page 19 of 22
9.PICKING THE RIGHT MDM VENDOR[4]
Observing closely, security features such as remote wipe, encryption, enforce password
requirement are pretty standard and are provided by almost all the vendors. So, look at
the other areas where you could address your business needs better.
Key factors to consider while shopping for MDM solution:
 Deployments: Assess how efficiently the MDM agent can be deployed on a new
device. Deploying new phones isn't a one-time job; it's never-ending.
 White-list and blacklist filters: You'll have apps that every employee must install
some that are banned and some apps that you insist are updated to at least a
certain version.
 Custom Appstore: Is there a feature offered by MDM vendor for installing custom,
unapproved apps and setting up a company app store experience?
 Application Security: Does the MDM vendor offer built-in support for malicious
application scanning?
 Browser security: Filtered Mobile Web browsing can lower the risk of attack on a
device. Is the MDM provider implementing this level of security?
 Encryption levels: Do you have to encrypt the entire device, or the MDM provider
lets you encrypt company specific or selected files and folders?
 Data wiping: Is there is a support for Selective wipe which erases only corporate
data in case a remote wipe is issued?
 Auto-provisioning of devices: Is there any option for Automatic device
provisioning?
 Architecture: Examine the vendor's approach to MDM solution such as sandbox,
virtualization or integrated approach. This is important in understanding the
vendor's technology and your future road map planning.
 Location capabilities and network access restrictions: Do you want to let
employees use their device's camera for personal use but not at the office? Look
whether the MDM solution supports such policies. How robust are the policies?
 Inventory management: Is it easy to search, custom filter and modify individual
mobile endpoints for hundreds of managed mobile devices? What are the filtering
capabilities provided?
 Reports: Is there built-in reporting for new devices provisioned, apps out of
compliance and devices that haven't checked in for a day or a week?
Mobile Device Management
Confidential  Network Intelligence (India) Pvt. Ltd. Page 20 of 22
10. MDM VENDORS
a. Popular MDM Vendor List
 MobileIron
 AirWatch
 Zenprise
 Good Technology
 FiberLink
 BoxTone
b. Salient Features of some of the leading MDM vendors[11]
MobileIron:
 Healthy mix of partnership relations with distribution channels and OEMs such as
AT&T, Vodafone, Apple, Google, Microsoft, RIM, Cisco HP and IBM
 Demonstrates life cycle management, including usage monitoring, cost control,
application deployment and version control.
 Offers strong support for corporate and personal devices.
 Strong reporting and dashboard capabilities.
 Supports text messaging archiving for devices connected to corporate email
AirWatch:
 Has a strong security focus, with enterprise integration services that encrypt
traffic between enterprise's servers and its cloud system.
 Offers Web-based as well as agent-based enrolment.
 Strong capability to profile, with detailed and easy-to-use policy settings.
 Has strong administrative interface which is easy to use and manage.
 Easily scalable and can support large numbers of users across multiple areas.
Zenprise:
 Zenprise Mobile DLP provides innovative secure container solutions to operate
local mobile devices, as well as to be accessed in the cloud.
 Application-blacklisting technique works across Apple iOS and Google Android
devices.
 Offers its own secure Web gateway and can also integrate with Blue Coat Systems
and Palo Alto Networks.
Good Technology:
 Large installed base in regulated sectors, such as financial services, government,
defense, public sector, healthcare and professional services.
 Good Technology has the strongest implementation of containerization,
 Have strong security capabilities, including FIPS 140-2 crypto libraries, end-to-
end 192-bit encryption, multiple-factor authentication and multiple certifications.
Mobile Device Management
Confidential  Network Intelligence (India) Pvt. Ltd. Page 21 of 22
11. HOW WE CAN HELP YOUR ORGANIZATION?
a. Strong support of Solutions Team
NII has been working in close association with leading MDM solution products. Our
solution team is well trained and qualified to handle any support related queries you may
have.
Currently we have actively associated our MDM partnership with MobileIron. Our team
consists of certified MobileIron experts who understand each and every module of the
solution and have extensive hands on experience.
b. Security Awareness Trainings
We conduct numerous security trainings for our clients and help them to understand the
risks faced by carrying corporate data on their mobile devices. We put forward the
precautions and industry best practices they need to follow for securing the sensitive
information.
c. Social Engineering Exercises
We also conduct live sessions on social engineering exercises which demonstrate by
practical examples how even a reasonably well informed person about security can be
easily tipped off by cleverly crafted social engineering attacks. Having knowledge of these
kind of attacks makes sure your corporate data is secure in hands of your employees.
Mobile Device Management
Confidential  Network Intelligence (India) Pvt. Ltd. Page 22 of 22
12. REFERENCES
1. http://en.wikipedia.org/wiki/Mobile_device_management
2. http://en.wikipedia.org/wiki/Bring_your_own_device
3. http://www.secureworks.com/resources/whitepapers-shortcut/74568
4. http://www.informationweek.com/global-cio/interviews/byod-why-mobile-
device-management-isnt-e/240142450
5. http://www.intel.in/content/dam/www/public/us/en/documents/best-
practices/enabling-employee-owned-smart-phones-in-the-enterprise.pdf
6. http://software.intel.com/sites/billboard/sites/default/files/Maintaining_Info_Se
curity_Allowing_Personal_Hand_Held_Devices_Enterprise.pdf
7. https://downloads.cloudsecurityalliance.org/initiatives/mobile/Mobile_Guidance
_v1.pdf
8. https://downloads.cloudsecurityalliance.org/initiatives/mobile/Mobile_Device_M
anagement_Key_Components.pdf
9. http://www.wavelink.com/whitepapers/avalanche-delivery-whitepaper.pdf
10. http://i.dell.com/sites/content/business/solutions/whitepapers/en/Documents/
unlocking-power-mobile-device-management.pdf
11. https://dell.symantec.com/system/files/Magic_Quadrant_for_Mobile_Device_Man
agement_Software.pdf
12. http://searchsecurity.techtarget.com/news/2240148521/BYOD-security-policy-
not-MDM-at-heart-of-smartphone-security
13. http://boxtone.com/white-paper-lp/enterprise-iphone-ipad-ciso-security-wp-
web.aspx
14. http://info.desktone.com/whitepaper-byod-implications-for-it-virtual-
desktops.html

Weitere ähnliche Inhalte

Was ist angesagt?

Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan David J Rosenthal
 
Enterprise Mobility Suite-Microsoft Intune
Enterprise Mobility Suite-Microsoft IntuneEnterprise Mobility Suite-Microsoft Intune
Enterprise Mobility Suite-Microsoft IntuneLai Yoong Seng
 
Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0Eryk Budi Pratama
 
DLP Executive Overview
DLP Executive OverviewDLP Executive Overview
DLP Executive OverviewKim Jensen
 
Working with MS Endpoint Manager
Working with MS Endpoint ManagerWorking with MS Endpoint Manager
Working with MS Endpoint ManagerGeorge Grammatikos
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness SnapComms
 
ERP In Telecom Industry
ERP In Telecom IndustryERP In Telecom Industry
ERP In Telecom IndustryAftab Ahmed
 
Microsoft Enterprise Mobility Suite Presented by Atidan
Microsoft Enterprise Mobility Suite Presented by AtidanMicrosoft Enterprise Mobility Suite Presented by Atidan
Microsoft Enterprise Mobility Suite Presented by AtidanDavid J Rosenthal
 
Data Security
Data SecurityData Security
Data SecurityAkNirojan
 
Cyber Security
Cyber SecurityCyber Security
Cyber SecurityBryCunal
 
Security on Cloud Computing
Security on Cloud Computing Security on Cloud Computing
Security on Cloud Computing Reza Pahlava
 
Developing an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessDeveloping an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessForgeRock
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security RoadmapElliott Franklin
 
Introduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for BusinesssIntroduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for BusinesssAndrew Wong
 
Enterprise Mobility+Security Overview
Enterprise Mobility+Security Overview Enterprise Mobility+Security Overview
Enterprise Mobility+Security Overview Chris Genazzio
 

Was ist angesagt? (20)

Modern Devices Management
Modern Devices ManagementModern Devices Management
Modern Devices Management
 
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
Microsoft Intune - Empowering Enterprise Mobility - Presented by Atidan
 
Building Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access ManagementBuilding Your Roadmap Sucessful Identity And Access Management
Building Your Roadmap Sucessful Identity And Access Management
 
Enterprise Mobility Suite-Microsoft Intune
Enterprise Mobility Suite-Microsoft IntuneEnterprise Mobility Suite-Microsoft Intune
Enterprise Mobility Suite-Microsoft Intune
 
Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0Cybersecurity Skills in Industry 4.0
Cybersecurity Skills in Industry 4.0
 
DLP Executive Overview
DLP Executive OverviewDLP Executive Overview
DLP Executive Overview
 
Working with MS Endpoint Manager
Working with MS Endpoint ManagerWorking with MS Endpoint Manager
Working with MS Endpoint Manager
 
Information Security Awareness
Information Security Awareness Information Security Awareness
Information Security Awareness
 
Data Protection Presentation
Data Protection PresentationData Protection Presentation
Data Protection Presentation
 
ERP In Telecom Industry
ERP In Telecom IndustryERP In Telecom Industry
ERP In Telecom Industry
 
Microsoft Enterprise Mobility Suite Presented by Atidan
Microsoft Enterprise Mobility Suite Presented by AtidanMicrosoft Enterprise Mobility Suite Presented by Atidan
Microsoft Enterprise Mobility Suite Presented by Atidan
 
Data Security
Data SecurityData Security
Data Security
 
Cyber Security
Cyber SecurityCyber Security
Cyber Security
 
Security on Cloud Computing
Security on Cloud Computing Security on Cloud Computing
Security on Cloud Computing
 
Developing an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your BusinessDeveloping an IAM Roadmap that Fits Your Business
Developing an IAM Roadmap that Fits Your Business
 
Building an effective Information Security Roadmap
Building an effective Information Security RoadmapBuilding an effective Information Security Roadmap
Building an effective Information Security Roadmap
 
Introduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for BusinesssIntroduction to Kaspersky Endpoint Security for Businesss
Introduction to Kaspersky Endpoint Security for Businesss
 
Windows intune
Windows intuneWindows intune
Windows intune
 
Enterprise Mobility+Security Overview
Enterprise Mobility+Security Overview Enterprise Mobility+Security Overview
Enterprise Mobility+Security Overview
 
Mobile Security
Mobile SecurityMobile Security
Mobile Security
 

Andere mochten auch

AirWatch Solution Overview
AirWatch Solution OverviewAirWatch Solution Overview
AirWatch Solution OverviewProyet Kft
 
Preparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own DevicePreparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own DeviceWaterstons Ltd
 
Mobile Device Management for Dummies
Mobile Device Management for DummiesMobile Device Management for Dummies
Mobile Device Management for DummiesSybase Türkiye
 
Mobile dbms
Mobile dbmsMobile dbms
Mobile dbmsTech_MX
 
Master Data Management
Master Data ManagementMaster Data Management
Master Data ManagementSung Kuan
 
Wireless charging of mobile PPT.
Wireless charging of mobile PPT.Wireless charging of mobile PPT.
Wireless charging of mobile PPT.Krishna Teja
 
Mobile Device Management and Mobile Security Strategy - a presentation by Rap...
Mobile Device Management and Mobile Security Strategy - a presentation by Rap...Mobile Device Management and Mobile Security Strategy - a presentation by Rap...
Mobile Device Management and Mobile Security Strategy - a presentation by Rap...RapidValue
 
Presentation.Ppt
Presentation.PptPresentation.Ppt
Presentation.PptJakeVarner
 
How do elections affect the economy
How do elections affect the economyHow do elections affect the economy
How do elections affect the economyNabarun Paul
 
Technologies that will disappear in next 5 years
Technologies that will disappear in next 5 yearsTechnologies that will disappear in next 5 years
Technologies that will disappear in next 5 yearsShrey Kapoor
 
The Business of Social Media
The Business of Social Media The Business of Social Media
The Business of Social Media Dave Kerpen
 
The hottest analysis tools for startups
The hottest analysis tools for startupsThe hottest analysis tools for startups
The hottest analysis tools for startupsLiane Siebenhaar
 
10 Steps of Project Management in Digital Agencies
10 Steps of Project Management in Digital Agencies 10 Steps of Project Management in Digital Agencies
10 Steps of Project Management in Digital Agencies Alemsah Ozturk
 
Lost in Cultural Translation
Lost in Cultural TranslationLost in Cultural Translation
Lost in Cultural TranslationVanessa Vela
 

Andere mochten auch (18)

MDM - airwatch
MDM - airwatchMDM - airwatch
MDM - airwatch
 
AirWatch Solution Overview
AirWatch Solution OverviewAirWatch Solution Overview
AirWatch Solution Overview
 
Preparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own DevicePreparing for Mobile Device Management & Bring your Own Device
Preparing for Mobile Device Management & Bring your Own Device
 
Mobile Device Management for Dummies
Mobile Device Management for DummiesMobile Device Management for Dummies
Mobile Device Management for Dummies
 
Mobile dbms
Mobile dbmsMobile dbms
Mobile dbms
 
Master Data Management
Master Data ManagementMaster Data Management
Master Data Management
 
Wireless charging of mobile PPT.
Wireless charging of mobile PPT.Wireless charging of mobile PPT.
Wireless charging of mobile PPT.
 
Mobile Device Management and Mobile Security Strategy - a presentation by Rap...
Mobile Device Management and Mobile Security Strategy - a presentation by Rap...Mobile Device Management and Mobile Security Strategy - a presentation by Rap...
Mobile Device Management and Mobile Security Strategy - a presentation by Rap...
 
Airwatch od VMware
Airwatch od VMwareAirwatch od VMware
Airwatch od VMware
 
Google Cloud Print
Google Cloud PrintGoogle Cloud Print
Google Cloud Print
 
Presentation.Ppt
Presentation.PptPresentation.Ppt
Presentation.Ppt
 
How do elections affect the economy
How do elections affect the economyHow do elections affect the economy
How do elections affect the economy
 
Technologies that will disappear in next 5 years
Technologies that will disappear in next 5 yearsTechnologies that will disappear in next 5 years
Technologies that will disappear in next 5 years
 
The Business of Social Media
The Business of Social Media The Business of Social Media
The Business of Social Media
 
The hottest analysis tools for startups
The hottest analysis tools for startupsThe hottest analysis tools for startups
The hottest analysis tools for startups
 
10 Steps of Project Management in Digital Agencies
10 Steps of Project Management in Digital Agencies 10 Steps of Project Management in Digital Agencies
10 Steps of Project Management in Digital Agencies
 
Lost in Cultural Translation
Lost in Cultural TranslationLost in Cultural Translation
Lost in Cultural Translation
 
Flyer
FlyerFlyer
Flyer
 

Ähnlich wie Mobile Device Management (MDM)

Enabling People Centric Processes - a Microsoft IT Preview Guide
Enabling People Centric Processes  - a Microsoft IT Preview GuideEnabling People Centric Processes  - a Microsoft IT Preview Guide
Enabling People Centric Processes - a Microsoft IT Preview GuideDavid J Rosenthal
 
BlackBerry Midlet Developer Guide
BlackBerry Midlet Developer GuideBlackBerry Midlet Developer Guide
BlackBerry Midlet Developer Guideguestb507214
 
Bring your own device guidance
Bring your own device guidanceBring your own device guidance
Bring your own device guidanceGary Chambers
 
The VMware Mobile Secure Workplace
The VMware Mobile Secure WorkplaceThe VMware Mobile Secure Workplace
The VMware Mobile Secure WorkplaceVMware
 
Exemplo de política BYOD
Exemplo de política BYODExemplo de política BYOD
Exemplo de política BYODFernando Palma
 
Internet usage policy(1)
Internet usage policy(1)Internet usage policy(1)
Internet usage policy(1)scobycakau
 
IoT - Insurance Industry Adoption
IoT - Insurance Industry Adoption IoT - Insurance Industry Adoption
IoT - Insurance Industry Adoption Ashwani Kumar
 
IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies Network Intelligence India
 
Go Green Medical Case Study
Go Green Medical Case StudyGo Green Medical Case Study
Go Green Medical Case StudyPamela Wright
 
Goode Intelligence: Next-Generation Authentication for the Mobile-Ready Enter...
Goode Intelligence: Next-Generation Authentication for the Mobile-Ready Enter...Goode Intelligence: Next-Generation Authentication for the Mobile-Ready Enter...
Goode Intelligence: Next-Generation Authentication for the Mobile-Ready Enter...EMC
 
Sandy DiFranco Portfolio
Sandy DiFranco PortfolioSandy DiFranco Portfolio
Sandy DiFranco PortfolioSandy DiFranco
 
Security Brokers, Inc.
Security Brokers, Inc.Security Brokers, Inc.
Security Brokers, Inc.Lisa Chambers
 
BYOD: Six Essentials for Success
BYOD: Six Essentials for SuccessBYOD: Six Essentials for Success
BYOD: Six Essentials for SuccessDMIMarketing
 
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterpriseMbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterpriseSelectedPresentations
 
VMware: The BYOD Opportunity
VMware: The BYOD OpportunityVMware: The BYOD Opportunity
VMware: The BYOD OpportunityVMware
 

Ähnlich wie Mobile Device Management (MDM) (20)

Information Rights Management (IRM)
Information Rights Management (IRM)Information Rights Management (IRM)
Information Rights Management (IRM)
 
Enabling People Centric Processes - a Microsoft IT Preview Guide
Enabling People Centric Processes  - a Microsoft IT Preview GuideEnabling People Centric Processes  - a Microsoft IT Preview Guide
Enabling People Centric Processes - a Microsoft IT Preview Guide
 
BlackBerry Midlet Developer Guide
BlackBerry Midlet Developer GuideBlackBerry Midlet Developer Guide
BlackBerry Midlet Developer Guide
 
Bring your own device guidance
Bring your own device guidanceBring your own device guidance
Bring your own device guidance
 
Cyber law final
Cyber law finalCyber law final
Cyber law final
 
The VMware Mobile Secure Workplace
The VMware Mobile Secure WorkplaceThe VMware Mobile Secure Workplace
The VMware Mobile Secure Workplace
 
Exemplo de política BYOD
Exemplo de política BYODExemplo de política BYOD
Exemplo de política BYOD
 
Internet usage policy(1)
Internet usage policy(1)Internet usage policy(1)
Internet usage policy(1)
 
Advaiya enterprise mobility whitepaper
Advaiya enterprise mobility whitepaperAdvaiya enterprise mobility whitepaper
Advaiya enterprise mobility whitepaper
 
IoT - Insurance Industry Adoption
IoT - Insurance Industry Adoption IoT - Insurance Industry Adoption
IoT - Insurance Industry Adoption
 
IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies IT Act 2000 Penalties, Offences with case studies
IT Act 2000 Penalties, Offences with case studies
 
Go Green Medical Case Study
Go Green Medical Case StudyGo Green Medical Case Study
Go Green Medical Case Study
 
Goode Intelligence: Next-Generation Authentication for the Mobile-Ready Enter...
Goode Intelligence: Next-Generation Authentication for the Mobile-Ready Enter...Goode Intelligence: Next-Generation Authentication for the Mobile-Ready Enter...
Goode Intelligence: Next-Generation Authentication for the Mobile-Ready Enter...
 
Sandy DiFranco Portfolio
Sandy DiFranco PortfolioSandy DiFranco Portfolio
Sandy DiFranco Portfolio
 
Leveraging byod
Leveraging byodLeveraging byod
Leveraging byod
 
Security Brokers, Inc.
Security Brokers, Inc.Security Brokers, Inc.
Security Brokers, Inc.
 
BYOD: Six Essentials for Success
BYOD: Six Essentials for SuccessBYOD: Six Essentials for Success
BYOD: Six Essentials for Success
 
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterpriseMbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
Mbs t17 o'neil-mbs-t17 rsa-realizing-mobile-enterprise
 
What Is Irm
What Is IrmWhat Is Irm
What Is Irm
 
VMware: The BYOD Opportunity
VMware: The BYOD OpportunityVMware: The BYOD Opportunity
VMware: The BYOD Opportunity
 

Mehr von Network Intelligence India

ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationNetwork Intelligence India
 
Distributed Denial of Service (DDos) Testing Methodology
Distributed Denial of Service (DDos) Testing MethodologyDistributed Denial of Service (DDos) Testing Methodology
Distributed Denial of Service (DDos) Testing MethodologyNetwork Intelligence India
 

Mehr von Network Intelligence India (20)

Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0Vapt pci dss methodology ppt v1.0
Vapt pci dss methodology ppt v1.0
 
The Economics of Security
The Economics of SecurityThe Economics of Security
The Economics of Security
 
Web Application Security Strategy
Web Application Security Strategy Web Application Security Strategy
Web Application Security Strategy
 
ISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics ImplementationISO 27004- Information Security Metrics Implementation
ISO 27004- Information Security Metrics Implementation
 
National Cyber Security Policy 2013
National Cyber Security Policy 2013National Cyber Security Policy 2013
National Cyber Security Policy 2013
 
RBI Gopalakrishna Committee Report on IT
RBI Gopalakrishna Committee Report on ITRBI Gopalakrishna Committee Report on IT
RBI Gopalakrishna Committee Report on IT
 
PCI DSS for Penetration Testing
PCI DSS for Penetration TestingPCI DSS for Penetration Testing
PCI DSS for Penetration Testing
 
Understanding Governance
Understanding GovernanceUnderstanding Governance
Understanding Governance
 
Cyber Security in Civil Aviation
Cyber Security in Civil AviationCyber Security in Civil Aviation
Cyber Security in Civil Aviation
 
Spear Phishing Methodology
Spear Phishing MethodologySpear Phishing Methodology
Spear Phishing Methodology
 
Distributed Denial of Service (DDos) Testing Methodology
Distributed Denial of Service (DDos) Testing MethodologyDistributed Denial of Service (DDos) Testing Methodology
Distributed Denial of Service (DDos) Testing Methodology
 
Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)Data Leakage Prevention (DLP)
Data Leakage Prevention (DLP)
 
Advanced persistent threats(APT)
Advanced persistent threats(APT)Advanced persistent threats(APT)
Advanced persistent threats(APT)
 
XML Interfaces to the popular Nessus Scanner
XML Interfaces to the popular Nessus ScannerXML Interfaces to the popular Nessus Scanner
XML Interfaces to the popular Nessus Scanner
 
Cyber fraud in banks
Cyber fraud in banksCyber fraud in banks
Cyber fraud in banks
 
Advanced persistent threats
Advanced persistent threatsAdvanced persistent threats
Advanced persistent threats
 
Who will guard the guards
Who will guard the guardsWho will guard the guards
Who will guard the guards
 
Application security enterprise strategies
Application security enterprise strategiesApplication security enterprise strategies
Application security enterprise strategies
 
Scada assessment case study
Scada assessment case studyScada assessment case study
Scada assessment case study
 
Virtualization security audit
Virtualization security auditVirtualization security audit
Virtualization security audit
 

Kürzlich hochgeladen

Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfinfogdgmi
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioChristian Posta
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostMatt Ray
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXTarek Kalaji
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarPrecisely
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-pyJamie (Taka) Wang
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfDaniel Santiago Silva Capera
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaborationbruanjhuli
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesDavid Newbury
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdfPedro Manuel
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Adtran
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...DianaGray10
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024D Cloud Solutions
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPathCommunity
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.YounusS2
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsSeth Reyes
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfAijun Zhang
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Websitedgelyza
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemAsko Soukka
 

Kürzlich hochgeladen (20)

Videogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdfVideogame localization & technology_ how to enhance the power of translation.pdf
Videogame localization & technology_ how to enhance the power of translation.pdf
 
Comparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and IstioComparing Sidecar-less Service Mesh from Cilium and Istio
Comparing Sidecar-less Service Mesh from Cilium and Istio
 
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCostKubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
KubeConEU24-Monitoring Kubernetes and Cloud Spend with OpenCost
 
VoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBXVoIP Service and Marketing using Odoo and Asterisk PBX
VoIP Service and Marketing using Odoo and Asterisk PBX
 
AI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity WebinarAI You Can Trust - Ensuring Success with Data Integrity Webinar
AI You Can Trust - Ensuring Success with Data Integrity Webinar
 
20230202 - Introduction to tis-py
20230202 - Introduction to tis-py20230202 - Introduction to tis-py
20230202 - Introduction to tis-py
 
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdfIaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
IaC & GitOps in a Nutshell - a FridayInANuthshell Episode.pdf
 
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online CollaborationCOMPUTER 10: Lesson 7 - File Storage and Online Collaboration
COMPUTER 10: Lesson 7 - File Storage and Online Collaboration
 
Linked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond OntologiesLinked Data in Production: Moving Beyond Ontologies
Linked Data in Production: Moving Beyond Ontologies
 
Nanopower In Semiconductor Industry.pdf
Nanopower  In Semiconductor Industry.pdfNanopower  In Semiconductor Industry.pdf
Nanopower In Semiconductor Industry.pdf
 
Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™Meet the new FSP 3000 M-Flex800™
Meet the new FSP 3000 M-Flex800™
 
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
Connector Corner: Extending LLM automation use cases with UiPath GenAI connec...
 
Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024Artificial Intelligence & SEO Trends for 2024
Artificial Intelligence & SEO Trends for 2024
 
UiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation DevelopersUiPath Community: AI for UiPath Automation Developers
UiPath Community: AI for UiPath Automation Developers
 
Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.Basic Building Blocks of Internet of Things.
Basic Building Blocks of Internet of Things.
 
Computer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and HazardsComputer 10: Lesson 10 - Online Crimes and Hazards
Computer 10: Lesson 10 - Online Crimes and Hazards
 
20150722 - AGV
20150722 - AGV20150722 - AGV
20150722 - AGV
 
Machine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdfMachine Learning Model Validation (Aijun Zhang 2024).pdf
Machine Learning Model Validation (Aijun Zhang 2024).pdf
 
COMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a WebsiteCOMPUTER 10 Lesson 8 - Building a Website
COMPUTER 10 Lesson 8 - Building a Website
 
Bird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystemBird eye's view on Camunda open source ecosystem
Bird eye's view on Camunda open source ecosystem
 

Mobile Device Management (MDM)

  • 1. MOBILE DEVICE MANAGEMENT – DEPLOYMENT, RISK MITIGATION & SOLUTIONS From
  • 2. Mobile Device Management Confidential  Network Intelligence (India) Pvt. Ltd. Page 2 of 22 NOTICE This document contains information which is the intellectual property of Network Intelligence. This document is received in confidence and its contents cannot be disclosed or copied without the prior written consent of Network Intelligence. Nothing in this document constitutes a guaranty, warranty, or license, expressed or implied. Network Intelligence disclaims all liability for all such guaranties, warranties, and licenses, including but not limited to: Fitness for a particular purpose; merchantability; non infringement of intellectual property or other rights of any third party or of Network Intelligence; indemnity; and all others. The reader is advised that third parties can have intellectual property rights that can be relevant to this document and the technologies discussed herein, and is advised to seek the advice of competent legal counsel, without obligation of Network Intelligence. Network Intelligence retains the right to make changes to this document at any time without notice. Network Intelligence makes no warranty for the use of this document and assumes no responsibility for any errors that can appear in the document nor does it make a commitment to update the information contained herein. Copyright Copyright. Network Intelligence (India) Pvt. Ltd. All rights reserved. NII Consulting, AuditPro, Firesec, NX27K is a registered trademark of Network Intelligence India Pvt. Ltd. Trademarks Other product and corporate names may be trademarks of other companies and are used only for explanation and to the owners' benefit, without intent to infringe. NII CONTACT DETAILS Network Intelligence India Pvt. Ltd. 204 Ecospace, Old Nagardas Road, Near Andheri Subway, Andheri (E), Mumbai 400 069, India Tel: +91-22-2839-2628 +91-22-4005-2628 Fax: +91-22-2837-5454 Email: info@niiconsulting.com
  • 3. Mobile Device Management Confidential  Network Intelligence (India) Pvt. Ltd. Page 3 of 22 Contents 1. Introduction .............................................................................................................................. 5 2. Typical Design of MDM solution................................................................................................. 7 3. Understanding BYOD and MDM................................................................................................. 8 a. Bring Your Own Device (BYOD) policy and MDM in an enterprise........................................... 8 b. Are BYOD and MDM same things? ......................................................................................... 8 c. If I have a BYOD policy at my company, is MDM deployment necessary? ............................... 8 d. Okay, so how do I effectively communicate mobile security policy to employees? ................. 8 4. Adopting "Personal-liable approach" for Mobile Devices ......................................................... 10 a. Benefits in adopting "Personal-liable approach" for personal mobile devices....................... 10 b. Security costs incurred for adopting personal-liable approach ............................................. 10 c. Questions to ask before opting for Personal-liable approach for MDM ................................ 11 5. Selecting an optimal MDM delivery methodology.................................................................... 12 a. Premise-based..................................................................................................................... 12 b. Software as a Service (SaaS)................................................................................................. 12 c. Managed Services................................................................................................................ 12 6. Designing BYOD policy before deploying MDM ........................................................................ 13 a. Do your Homework.............................................................................................................. 13 b. Identify user needs .............................................................................................................. 13 c. Enacting a End-User License Agreement (EULA) corporate policy......................................... 14 d. Addressing the privacy concerns .......................................................................................... 14 e. HR and Legal concerns ......................................................................................................... 14 f. Training Users and Helpdesk Support................................................................................... 14 g. Addressing Authentication issues......................................................................................... 15 h. Defining Mobile Device Security Rules ................................................................................. 15 7. MDM Deployment................................................................................................................... 16 a. Policy................................................................................................................................... 16 b. Risk Management................................................................................................................ 16 c. Configuration Management................................................................................................. 16 d. Software Distribution........................................................................................................... 16 e. Procurement issues.............................................................................................................. 16 f. Device policy compliance and enforcement ......................................................................... 16 g. Enterprise Activation / De-Activation ................................................................................... 17 h. Enterprise Asset Disposition................................................................................................. 17 i. User Activity Logging............................................................................................................ 17
  • 4. Mobile Device Management Confidential  Network Intelligence (India) Pvt. Ltd. Page 4 of 22 j. Security Settings .................................................................................................................. 17 8. Challenges during MDM implementation................................................................................. 18 a. Hidden costs and corporate governance issues .................................................................... 18 b. Employee unawareness about information security while using mobile endpoints............... 18 9. Picking the right MDM vendor ................................................................................................. 19 10. MDM vendors...................................................................................................................... 20 a. Popular MDM Vendor List.................................................................................................... 20 b. Salient Features of some of the leading MDM vendors ........................................................ 20 11. How we can help your organization?.................................................................................... 21 a. Strong support of Solutions Team ........................................................................................ 21 b. Security Awareness Trainings............................................................................................... 21 c. Social Engineering Exercises................................................................................................. 21 12. References........................................................................................................................... 22
  • 5. Mobile Device Management Confidential  Network Intelligence (India) Pvt. Ltd. Page 5 of 22 1.INTRODUCTION The explosive growth in the popularity of mobile devices and growth in their powerful features has led to a sharp rise in the usage of smartphones, tablets and mobile POS devices in the corporate world. Apart from the mobility advantage, these devices have become more efficient to offer better business growth and increased networking advantage to bring better employee productivity at the workplace. As the market for these devices continues to develop at an exponential rate, concerns about the safety of the sensitive corporate data present on mobile device, in transit or at rest also grow proportionately as the tracking the data, relying on its integrity becomes increasingly challenging. Further enforcing corporate governance, complying with local laws and trans-border regulations also pose a serious challenge in this case. Hence a technical method to secure, monitor, manage and supports mobile devices deployed across mobile operators, service providers and enterprises is need of the hour which has led to the development of Mobile Device Management(MDM). What is Mobile Device Management (MDM)?[1] Mobile Device Management (MDM) software secures monitors, manages and supports mobile devices deployed across mobile operators, service providers and enterprises. MDM functionality typically includes over-the-air distribution of applications, data and configuration settings for all types of mobile devices, including mobile phones, smartphones, tablets, mobile printers, mobile POS devices, etc. This applies to both company-owned and employee-owned (BYOD) devices across the enterprise or mobile devices owned by consumers. By controlling and protecting the data and configuration settings for all mobile devices in the network, MDM can reduce support costs and business risks. The intent of MDM is to optimize the functionality and security of a mobile communications network while minimizing cost and downtime. What do you mean by "over-the-air"? Over-the-air programming (OTA) capabilities are considered a main component of mobile network operator and enterprise MDM software. These include the ability to remotely configure a single mobile device; an entire fleet of mobile devices or any IT- defined set of mobile devices; send software and OS updates; remotely lock and wipe a device, remote troubleshooting and so on. OTA commands are sent as a binary SMS message. MDM enables IT departments to manage many mobile devices used across the enterprise. What is Open Mobile Alliance (OMA)? The Open Mobile Alliance (OMA) is a standards body which develops open standards for the mobile phone industry. OMA Data Management specification is designed for management of small mobile devices such as mobile phones, PDAs and palm top computers. It supports the following typical uses:  Provisioning – Configuration of the device (including first time use), enabling and disabling features  Configuration of Device – Allow changes to settings and parameters of the device
  • 6. Mobile Device Management Confidential  Network Intelligence (India) Pvt. Ltd. Page 6 of 22  Software Upgrades – Provide for new software and/or bug fixes to be loaded on the device, including applications and system software.  Fault Management – Report errors from the device, query about status of device Since OMA DM specification is aimed at mobile devices, it is designed with sensitivity to the following:  Small foot-print devices: where memory and storage space may be limited  Constrained Bandwidth of communication: Such as in wireless connectivity  Tight security: As the devices are vulnerable to virus attacks and the like;  Authentication and challenges: Are made part of the specifications Why the sudden demand for managing mobile devices? The popularity in usage of personal smartphones and tablets has created a strong demand to use personal devices at work. Employees feel more comfortable in using their own personal devices for work and are willing to bear the cost of liability, maintenance and upgrades. Employee morale boost and cost savings to the employer are the major attractive factors to opt for the employee-liable approach to use their personal devices at workplace. Also, the obvious networking advantages offered to C-level executives, managers and top management directors for extending the business growth and exploring profitable avenues while on the move presents a compelling case to use mobile devices at workplace or during travel. However, risks associated with these devices such as sensitive corporate data going into wrong hands and dangers of facing litigation suits due to intentional/unintentional data breach or data losses suffered due to lost/misplaced device makes a ready case for managing the mobile devices. There are also legal and HR related issues that need to be ironed out if there is a case of adopting “employee-liable ownership” approach for the accountability of the devices. An organization will still be responsible to maintain security for these mobile devices as per the SOX, HIPAA etc. federal mandates, but since the devices are not owned by the organization, securing the device and the data becomes a tricky issue here as organization may or may not own the mobile device in question at the first place. Thus enforcing accountability becomes tricky in such cases. Using Mobile Device Management (MDM) solutions, organizations can partially own these devices by enforcing corporate policies and procedures to them. Hence the importance of investing in MDM solution makes sense in these situations.
  • 7. Mobile Device Management Confidential  Network Intelligence (India) Pvt. Ltd. Page 7 of 22 2.TYPICAL DESIGN OF MDM SOLUTION[1] Typically solutions include a server component, which sends out the management commands to the mobile devices, and a client component, which runs on the handset, receives and implements the management commands. Optionally, vendor may provide both the client and the server, in others client and server will come from different sources. Central remote management, using commands sent over the air, is the next step. An administrator at the mobile operator, an enterprise IT data center or a handset OEM can use an administrative console to update or configure any one handset, group or groups of handsets. This provides scalability benefits particularly when the fleet of managed devices is large in size.
  • 8. Mobile Device Management Confidential  Network Intelligence (India) Pvt. Ltd. Page 8 of 22 3.UNDERSTANDING BYOD AND MDM a. Bring Your Own Device (BYOD) policy and MDM in an enterprise [1] As Bring Your Own Device (BYOD) business policy is becoming more popular, corporations can use MDM to allow employee-owned devices inside the corporate firewall due to better device management capabilities. Employees also have more freedom to choose the device that they like instead of being forced to use particular brands by the IT department. Using MDM, IT departments can also manage the employee devices over-the-air with minimal intervention in their schedules. b. Are BYOD and MDM same things?[2] No. BYOD (Bring your own device) is a business policy of allow employees to use their own devices for carrying out business related work by granting access to company resources backed by proper authentication controls. BYOD represents a policy of offering mobility to a very broad range of organization resources typically delivered either by robust mobile policy, or managed via implementation of MDM, DaaS (Desktop as a Service) etc. MDM can be thought as a subset of BYOD, which is designed to securely manage mobile device endpoints by enforcing corporate policies over-the-air to the employees’ mobile devices. c. If I have a BYOD policy at my company, is MDM deployment necessary? If you have designed and implemented robust BYOD policy properly across your organization then you have to evaluate your options carefully before going for MDM solution. If the primary aim to adopt BYOD was to get rid of device ownership only, it will not make sense to invest in MDM (esp. if your company is small or medium sized). However, if your aim is to prevent sensitive data leakage and enforce device security settings for employees as they access sensitive corporate resources, or if your business is rapidly scaling up, it definitely makes sense to implement MDM. Keep in mind that a proper mobile security policy has to be there in any case to protect vital corporate information. MDM helps to reduce costs and improve productivity in longer run when implemented correctly for the organization. If implemented improperly on loosely defined security policy, it becomes expensive to maintain and achieves little to safeguard sensitive corporate information. Hence, proper care and precautions are needed to develop robust mobile security policy before opting for MDM solution. d. Okay, so how do I effectively communicate mobile security policy to employees?[12] Effective Communication means making the employees understand the policy as easily as possible. Make it simple and direct while keeping it short, sweet and to the point. If you can get employees to be aware of the security elements in your environment, they will be
  • 9. Mobile Device Management Confidential  Network Intelligence (India) Pvt. Ltd. Page 9 of 22 the ones who will spot things report it immediately assuming they know what to spot and know who to report it to. Make them aware of BYOD security policy first, not MDM. Help your employees understand what is at risk. It comprises not just theft, loss or the exposure of information or device, but other risks, which they face while they are mobile. Make them aware of the risks involved in the types of environments that they encounter while being mobile and how they should address them.
  • 10. Mobile Device Management Confidential  Network Intelligence (India) Pvt. Ltd. Page 10 of 22 4.ADOPTING "PERSONAL-LIABLE APPROACH" FOR MOBILE DEVICES[3] a. Benefits in adopting "Personal-liable approach" for personal mobile devices Many organizations may offer their employees a fixed monthly stipend to help offset their monthly voice and data bill. This approach results in predictable mobile expenses for the corporation, and employees become responsible for the costs of their mobile devices and data plans. Hence, expenses related to mobility-related asset management such as acquisition, maintenance, processing of payment for carrier invoices and disposal of devices can be heavily reduced or eliminated. The organization may also position itself as flexible employer and may be able to recruit and retain tech-savvy workers, who typically have a strong attachment to a favourite mobility platform. Productivity can be increased as employees have more options when working out of the office. Additionally, organizations may be able to secure reduced monthly costs for service and premiere-level support from the carriers for their employees. It is generally observed that employees take better care of their personal belongings as they are more attached to their devices because of the ownership they assume over them. b. Security costs incurred for adopting personal-liable approach While the personal-liable model offers benefits for both employees and employers, addressing the important issues of security and governance become more complicated and expensive. When sensitive corporate information is stored on a corporate-owned device, the organization can implement and enforce strict controls on the operating system and other features of the device, such as Wi-Fi and Bluetooth to prevent unauthorized use of that sensitive information. But this is not the case in personal-liable approach as the device owned by the employee is not a corporate asset but may carry sensitive corporate data. Security measures are required to mitigate the risks associated with employees installing applications from app stores. These untrusted applications may expose corporate data or infect other devices in the organization’s network. Also, the company might experience additional expenses to support multiple mobility platforms. Support costs may increase as more, and higher-skilled, help desk personnel are required. Similarly, application development costs may increase. Organizations must implement an employee agreement to address topics that include acceptable use of personal devices and corporate access to the employee’s device. The financial arrangements relating to stipends or reimbursement of actual expenses should also be included in this employee agreement. Corporate counsel should carefully weigh any record-keeping requirements for SMS text messages or call logs made from mobile devices and evaluate potential legal consequences of capturing this information from employee-owned devices.
  • 11. Mobile Device Management Confidential  Network Intelligence (India) Pvt. Ltd. Page 11 of 22 Finally, employees may discover unexpected expenses associated with using their personal device for work. While their current voice and data plans may be sufficient for personal use, usage may expand dramatically when used for work calls and applications. The cost increase may be sharp; especially for employees who travel internationally, where roaming charges are make the costs very expensive. If the organization reimburses for actual costs, an employee may find that they spend several hours a month separating their personal costs prior to submitting the bill for reimbursement. c. Questions to ask before opting for Personal-liable approach for MDM  Are there any specific concerns that would preclude the use of employee-owned devices?  Is the organization willing to implement additional security controls to allow a broader range of devices?  Is the corporation willing to accept a short-term increase in risk to allow newer platforms access to data while the device’s management and security tools mature?  How will the organization respond to inappropriate material on a personally- owned device? Who decides what is inappropriate?  Under what conditions the organization could examine the personal property of an employee?  What are the laws in your jurisdiction? Do laws differ whether the employee uses the device for their own convenience?  If the risks associated with personal-liable approach are too high, is there a subset of employees with a lower overall risk profile that might qualify for personally- owned devices?
  • 12. Mobile Device Management Confidential  Network Intelligence (India) Pvt. Ltd. Page 12 of 22 5.SELECTING OPTIMAL MDM DELIVERY METHODOLOGY[9] Three MDM Delivery mechanisms are available which you can choose depending on your staff expertise and investment you are willing to make for deploying MDM in your organization. a. Premise-based If you want to maintain a high degree of control and also have reliable IT skills and resources, then would likely select a premise-based solution. This is ideal if you prefer to directly control the system’s security and administration. A premised-based MDM solution requires a larger up-front investment. b. Software as a Service (SaaS) If you don’t want to maintain servers at your site(s) but still want the management and administration to be in your hands, then you should consider an on-demand offering. Customers can negate or minimize the up-front cost and instead pay a monthly or annual fee for the system. c. Managed Services If your IT department is over-extended or lacks required expertise, you can consider managed services offering. This option allows you to turn the management function over to experts who handle it for you. This proactive management service provides support without draining internal resources and still provides regular status reports so that you are aware of specific items like roll-outs, software/hardware updates and asset/inventory control. Consider each method carefully. Enquire the vendor to look for one that can support all of the deployment options to best serve you now and into the future.
  • 13. Mobile Device Management Confidential  Network Intelligence (India) Pvt. Ltd. Page 13 of 22 6.DESIGNING BYOD POLICY BEFORE DEPLOYING MDM[5] A successful MDM implementation cannot be completed without proper planning of BYOD business policy and procedures. While BYOD policies establish a common ground of communication between the employer and the employee and defines the boundaries of data ownership present of the personal mobile devices, MDM offer the employer and organization a peace of mind if any unwanted incident is reported. The security of the data can be then be managed via remote wipe, encryption, self wipe etc. a. Do your Homework  Work with Legal and HR dept. to define personal device policy aligning with organization information policy  Use Social Media to engage the dialogue with employees to get a feel of their work style and support needs  Develop new authentication methods and device management policies that help safeguard corporate information and intellectual property.  Provide employee trainings for information security and IT Service Desk personnel about personal device policy. By applying safeguards to protect information and intellectual property, employees can select the tools that suit their personal work styles and facilitate their job duties. This improves their productivity and job satisfaction. Identify minimum security specifications such as,  Make Two- factor authentication mandatory to push e-mail  Secure Storage using encryption  Security policy setting and restrictions  Secure informational transmittal  Remote Wipe capability  Ability to check viruses from server side  Patch management and enforcement software for rules  IDS capabilities on server side of connection b. Identify user needs Construct blog/online poll or questionnaire to find out the needs of the user. Take user feedback on questions such as such as:  Why do you want to use your own device(s) for work?  What would you give up to use your device for work?  What does your personal device do to help you work?  Would you increase security habits for more device freedom? By analyzing the responses with close collaboration with HR and Legal Team, you can make informed decisions about going forward for forming the policy on usage of mobile devices.
  • 14. Mobile Device Management Confidential  Network Intelligence (India) Pvt. Ltd. Page 14 of 22 c. Enacting a End-User License Agreement (EULA) corporate policy The EULA provides the employees very clear instructions of what they can or can't do with a device. Stress has to be placed for managing and protecting the corporate data stored on the device. Also, emphasis has to be placed not to share the un-locked device with non-corporate user including friends or family etc. If any company's data resides on their devices, they should be backed up to company owned device by default. Types of devices allowed such as tablets, smartphones etc. must be stated clearly in policy. The EULA policy must be generic enough to cover all the allowed devices sufficiently. EULA must be reviewed preferably each quarter to ensure as the technology and user demand change, legal protection provided by the policy remains up to date. Users must re-sign the updated EULA when they move to new technology. Finally, it should be made clear that employees who refuse to sign EULA can't use personal devices to access corporate information. d. Addressing the privacy concerns For addressing the privacy concerns, policy must clearly define the following terms:  Corporate-own data: Business Data or intellectual property owned by company.  Employee-owned data: Data owned by employee, such as task list, notes, family photos.  Personal data: Data controlled by privacy legislation such as medical records, home address. In cases where there is a cross-over between personal and corporate-owned data such as calendar records, the policy should state clearly that during investigation, the confiscated device's personal data may be viewed during forensic analysis. e. HR and Legal concerns HR policy must state clearly under what circumstances the employees will be subjected to be compensated outside their working hours. Time sheets must adequately reflect those activities. Legal policy must state that in case of legal hold or eDiscovery, the employee must immediately surrender his/her device on request after which all files may be copied and relevant ones may be used to pursue legal matter. Employees who are subjected to legal hold might have certain restrictions for device usage and should obey to continue work under those restrictions. f. Training Users and Helpdesk Support Stating the policy is the easy part. The hard part is to train users about what policy means and how to protect information on their devices as the BYOD trend and MDM implementation is relatively young and not well understood by users. Users must be made aware of the risks/penalties that will result if sensitive corporate information is leaked out by accident/intention. Sharing the device with family and friends should be discouraged and employees must be made aware of the risks that might emerge in advent of such behaviour. Violation of these rules must attract appropriate disciplinary controls
  • 15. Mobile Device Management Confidential  Network Intelligence (India) Pvt. Ltd. Page 15 of 22 as defined by the policy. It is crucial for employees to understand that the helpdesk is to be contacted first in case of lost/stolen device. Once the incident is reported, helpdesk can quickly issue a data wipe on device over carrier wave. Many employees in a wave of panic might inform carrier service about the device lost/stolen first. In such cases, data wipe can't be issued as the carrier service has already been shut down on request of employee. Any charges incurred such as fraudulent calls etc may be reimbursed by company later. Apart from employees, helpdesk and support staff must undergo mandatory training to reduce any chances of miscommunication for any query raised by the employees. Care must be taken they don't accidently invalidate EULA policy by supplying incorrect answers. Here, extensive mock drills must be conducted after every policy review or revision to minimize such incidents from taking place. FAQ's manuals must be made available online to everyone for ready reference. g. Addressing Authentication issues For better security, two-factor authentication is used for accessing the corporate information. But since the device is unknown in this case, challenge lies how to achieve it. For this, a random text message is sent to predefined phone number. Thus, the text message sent by server is "must-know" factor and phone number is the "must-have" factor which enables 2-factor authentication. h. Defining Mobile Device Security Rules[12] A device used for accessing corporate data must have the following pre-requisites  The device user must have signed company's EULA policy.  It must have personal identification number (PIN)  It has to support a code lock  It has to have an auto lockout feature  It has to support encryption  It has to support remote wipe. Further, Security Policies must be enforced via MDM such as:  User-defined lock code of minimum length as defined in policy.  Auto-Lockout period set as per policy  Issuing Data Wipe if user reports the device to be stolen  Automated Data Wipe issued (for corporate-data only or both) after “x” no of incorrect tries to open lock-screen.  All corporate data is encrypted with a strong key
  • 16. Mobile Device Management Confidential  Network Intelligence (India) Pvt. Ltd. Page 16 of 22 7.MDM DEPLOYMENT[8] Essential components of MDM to consider during deployment phase are: a. Policy A well defined policy provides management direction and support for IT and information security and is the foundation for solid framework implementation. b. Risk Management Periodic assessment of risk should be done. For high risk cases, additional controls may be implemented to reduce risk to an acceptable level. Similarly for low or non-existent risks, minimal controls may suffice. c. Configuration Management This involves automatic configuration of device settings like password policy, email, Wi- Fi, VPN. This aids in elimination of user errors and minimizes vulnerabilities caused by misconfiguration. This also includes configuration lockdown as per user's role based permissions to enforce corporate IT mobility policies. d. Software Distribution This includes over-the-air updates/patches for OSs, applications, synchronization, fixes etc. Backup and restore operations become vital in situations of device crash and replacement in case of any intentional/unintentional wipe-out. When aligned with corporate mobile policies, it is ensured that only trusted mobile applications are distributed. Together with Configuration management, software distribution enables white-listing/black-listing of applications on mobile devices. For maximum efficiency, it is recommended to test the mobile applications separately to check for their trustworthiness before distributing them over-the-air via MDM. e. Procurement issues It is important to coordinate with the HR and Legal teams to define certain terms and conditions in policy and employee agreements. Liability for all parties must be clearly defined in these agreements. This should include private usage of corporate services, expense compensations, employee privacy policy, shared responsibilities for device and content security, misuse, secure wipe of device including personal data in case of device lost/theft etc. f. Device policy compliance and enforcement This is involved in device supply, control and tracking. Asset based inventory assessment are critical prerequisites for policy enforcement to comply with corporate/regulatory mandates around policies, jail-broken/rooted device detection, encryption, privacy based separation of corporate content vs. personal content etc. It is also concerned about the alerts and notifications for asset reporting about devices, users and apps. Overall, it provides an effective governing control over mobile end point devices which can be easily tested against ISMS standards such as ISO 27001 making it easier for audit activities also.
  • 17. Mobile Device Management Confidential  Network Intelligence (India) Pvt. Ltd. Page 17 of 22 g. Enterprise Activation / De-Activation Proper implementation of this functionality to connect mobile devices to enterprise network reduces the administrative burden of provisioning and re-provisioning at IT- department. Details exchanged with the server typically include OS, Device Identifier, IMEI number etc. After activation, some configuration settings might be changed such as enable encryption, password settings, application restrictions etc. h. Enterprise Asset Disposition This involves removal of physical devices by de-commission; releasing to BYOD owner in case of device exchange, upgrade or permanent de-commissioning. Follow-up procedures include notifying inventory management, generating user receipt and accepting user acknowledgement etc. If decommissioning is permanent, secure wipe of corporate data must be done and it should be handed over to employee along with his private data untouched. i. User Activity Logging Logging must be done carefully in accordance of various privacy laws, rules and regulations of the country in which company operates its business. Professional legal counsel must be approached before defining the policies governing the user activity logging. j. Security Settings These can be categorized to user security and data security. Data security consists of wiping corporate data/personal data in case of device lost/theft. They also extend to role based user permissions enforced via MDM solutions. User security consists of encryption, authentication on enterprise portal login; lock code and selective wipe in case remote wipe is issued. Selective wipe leaves personal data as it is and only erases corporate data residing in mobile device. It also covers certificate based authentication.
  • 18. Mobile Device Management Confidential  Network Intelligence (India) Pvt. Ltd. Page 18 of 22 8.CHALLENGES DURING MDM IMPLEMENTATION[6] a. Hidden costs and corporate governance issues Enterprises typically see the MDM implementation as a measure to save costs and manage mobile endpoints effectively in this process. Often MDM is seen as a complementary practice exercise in tandem with BYOD policy. But the reality is that if your BYOD business policy is not properly defined or effectively enforced, having a MDM solution will be patchy at its best and grow cost prohibitive at its worst. Also, mobile OSs are natively run in sandboxed environment and hence unless rooted/jail-broken will pose great difficulty to enforce corporate policies. But as mobile OS system themselves evolve over time, many MDM like features will be provided natively by them. Corporate governance becomes complex as mobile endpoints are added in asset inventory which may or may not be owned by the enterprise. If your mobile device policy or BYOD policy is not properly defined, MDM may report false positives or large no of false negatives if not properly implemented. This will lower down employee morale and cause confusion and mayhem at workplace. Cost escalation might be the direct consequence of bad implementation on MDM solution. b. Employee unawareness about information security while using mobile endpoints Employees may freely share their devices with their co-workers, family members or friends, which can increase the chances of accidental data breaches of corporate information. Identity theft may result in extreme cases and if some unwanted or intentional damage is caused by that, the blame squarely rests on employee and he might have to suffer the consequences such as job dismissal in case of fraud done by "his (enemy) friend". Using social engineering, competitors can fool the employee into revealing the details by handling over his mobile device for "few minutes" gathering valuable information for corporate espionage. To counteract these threats and associated risk, information security awareness programs and trainings must be conducted on mandatory attendance basis to equip employees to counter such attacks.
  • 19. Mobile Device Management Confidential  Network Intelligence (India) Pvt. Ltd. Page 19 of 22 9.PICKING THE RIGHT MDM VENDOR[4] Observing closely, security features such as remote wipe, encryption, enforce password requirement are pretty standard and are provided by almost all the vendors. So, look at the other areas where you could address your business needs better. Key factors to consider while shopping for MDM solution:  Deployments: Assess how efficiently the MDM agent can be deployed on a new device. Deploying new phones isn't a one-time job; it's never-ending.  White-list and blacklist filters: You'll have apps that every employee must install some that are banned and some apps that you insist are updated to at least a certain version.  Custom Appstore: Is there a feature offered by MDM vendor for installing custom, unapproved apps and setting up a company app store experience?  Application Security: Does the MDM vendor offer built-in support for malicious application scanning?  Browser security: Filtered Mobile Web browsing can lower the risk of attack on a device. Is the MDM provider implementing this level of security?  Encryption levels: Do you have to encrypt the entire device, or the MDM provider lets you encrypt company specific or selected files and folders?  Data wiping: Is there is a support for Selective wipe which erases only corporate data in case a remote wipe is issued?  Auto-provisioning of devices: Is there any option for Automatic device provisioning?  Architecture: Examine the vendor's approach to MDM solution such as sandbox, virtualization or integrated approach. This is important in understanding the vendor's technology and your future road map planning.  Location capabilities and network access restrictions: Do you want to let employees use their device's camera for personal use but not at the office? Look whether the MDM solution supports such policies. How robust are the policies?  Inventory management: Is it easy to search, custom filter and modify individual mobile endpoints for hundreds of managed mobile devices? What are the filtering capabilities provided?  Reports: Is there built-in reporting for new devices provisioned, apps out of compliance and devices that haven't checked in for a day or a week?
  • 20. Mobile Device Management Confidential  Network Intelligence (India) Pvt. Ltd. Page 20 of 22 10. MDM VENDORS a. Popular MDM Vendor List  MobileIron  AirWatch  Zenprise  Good Technology  FiberLink  BoxTone b. Salient Features of some of the leading MDM vendors[11] MobileIron:  Healthy mix of partnership relations with distribution channels and OEMs such as AT&T, Vodafone, Apple, Google, Microsoft, RIM, Cisco HP and IBM  Demonstrates life cycle management, including usage monitoring, cost control, application deployment and version control.  Offers strong support for corporate and personal devices.  Strong reporting and dashboard capabilities.  Supports text messaging archiving for devices connected to corporate email AirWatch:  Has a strong security focus, with enterprise integration services that encrypt traffic between enterprise's servers and its cloud system.  Offers Web-based as well as agent-based enrolment.  Strong capability to profile, with detailed and easy-to-use policy settings.  Has strong administrative interface which is easy to use and manage.  Easily scalable and can support large numbers of users across multiple areas. Zenprise:  Zenprise Mobile DLP provides innovative secure container solutions to operate local mobile devices, as well as to be accessed in the cloud.  Application-blacklisting technique works across Apple iOS and Google Android devices.  Offers its own secure Web gateway and can also integrate with Blue Coat Systems and Palo Alto Networks. Good Technology:  Large installed base in regulated sectors, such as financial services, government, defense, public sector, healthcare and professional services.  Good Technology has the strongest implementation of containerization,  Have strong security capabilities, including FIPS 140-2 crypto libraries, end-to- end 192-bit encryption, multiple-factor authentication and multiple certifications.
  • 21. Mobile Device Management Confidential  Network Intelligence (India) Pvt. Ltd. Page 21 of 22 11. HOW WE CAN HELP YOUR ORGANIZATION? a. Strong support of Solutions Team NII has been working in close association with leading MDM solution products. Our solution team is well trained and qualified to handle any support related queries you may have. Currently we have actively associated our MDM partnership with MobileIron. Our team consists of certified MobileIron experts who understand each and every module of the solution and have extensive hands on experience. b. Security Awareness Trainings We conduct numerous security trainings for our clients and help them to understand the risks faced by carrying corporate data on their mobile devices. We put forward the precautions and industry best practices they need to follow for securing the sensitive information. c. Social Engineering Exercises We also conduct live sessions on social engineering exercises which demonstrate by practical examples how even a reasonably well informed person about security can be easily tipped off by cleverly crafted social engineering attacks. Having knowledge of these kind of attacks makes sure your corporate data is secure in hands of your employees.
  • 22. Mobile Device Management Confidential  Network Intelligence (India) Pvt. Ltd. Page 22 of 22 12. REFERENCES 1. http://en.wikipedia.org/wiki/Mobile_device_management 2. http://en.wikipedia.org/wiki/Bring_your_own_device 3. http://www.secureworks.com/resources/whitepapers-shortcut/74568 4. http://www.informationweek.com/global-cio/interviews/byod-why-mobile- device-management-isnt-e/240142450 5. http://www.intel.in/content/dam/www/public/us/en/documents/best- practices/enabling-employee-owned-smart-phones-in-the-enterprise.pdf 6. http://software.intel.com/sites/billboard/sites/default/files/Maintaining_Info_Se curity_Allowing_Personal_Hand_Held_Devices_Enterprise.pdf 7. https://downloads.cloudsecurityalliance.org/initiatives/mobile/Mobile_Guidance _v1.pdf 8. https://downloads.cloudsecurityalliance.org/initiatives/mobile/Mobile_Device_M anagement_Key_Components.pdf 9. http://www.wavelink.com/whitepapers/avalanche-delivery-whitepaper.pdf 10. http://i.dell.com/sites/content/business/solutions/whitepapers/en/Documents/ unlocking-power-mobile-device-management.pdf 11. https://dell.symantec.com/system/files/Magic_Quadrant_for_Mobile_Device_Man agement_Software.pdf 12. http://searchsecurity.techtarget.com/news/2240148521/BYOD-security-policy- not-MDM-at-heart-of-smartphone-security 13. http://boxtone.com/white-paper-lp/enterprise-iphone-ipad-ciso-security-wp- web.aspx 14. http://info.desktone.com/whitepaper-byod-implications-for-it-virtual- desktops.html