Portait-Handbook-Mobile Device Management Hb Final

  • Published on
    10-Nov-2015

  • View
    225

  • Download
    7

DESCRIPTION

MDM Portait Handbook

Transcript

Mobile Device ManagementThe increase of BYOD in the enterprise has forced IT security teams to find new ways to secure corporate and personal data while allowing flexible user access. In this Tech Guide, learn vital information regarding the booming BYOD trend in the enterprise and how IT teams are looking to MDM solutions to control and protect corporate data on mobile devices. BY LISA PHIFERTech Guide1 2 3 4EDITORS NOTE BYOD INCREASE CALLS FOR ENTER-PRISE MOBILE DEVICE MANAGE-MENT SYSTEMSMITIGATING BYOD RISKS WITH MOBILE DEVICE MANAGEMENT SYSTEMS MDM 2.0: MEETING NEW MOBILITY MANAGEMENT NEEDSVIRTUALIZATIONCLOUDAPPLICATION DEVELOPMENTNETWORKINGSTORAGE ARCHITECTURE DATA CENTER MANAGEMENTBUSINESS INTELLIGENCE/APPLICATIONSDISASTER RECOVERY/COMPLIANCESECURITY2 MOBILE DEVICE MANAGEMENTHomeEditors NoteBYOD Increase Calls For Enterprise Mobile Device Management SystemsMitigating BYOD Risks With Mobile Device Management SystemsMdm 2.0: Meeting New Mobility Management NeedsOPENER3 lines is max title length.Style title. Then use hard return to push last line of title to sit on this baseline.All pages: text begins on this baselineOPENER1st text baseline begins here.To change slug and # txt.On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.This will keep the slug text in front of the number1EDITORS NOTEMDM Systems Take Hold as BYOD BoomsBYOD in the enterpriseisbooming,andITsecurityteamsaregrapplingtocontrol,monitorandprotectessentialcorporateinformationtransmittedfromandstoredonmobiledevices.ITsecurityteamsneedtomaintainsecu-rityandensurecompliancewhilestillallowingflexibleuseraccess.SowhatisanITsecurityteamtodo?Inthistechnicalguide,wirelessexpert,LisaPhiferdiscusseshowtheBYODtrendisleadingITteamstoinvestinanddeploymobiledeviceman-agement(MDM)solutions.YoulllearnhowtodeterminewhetheranMDMsystemisrightforyourorganization,ifyourexistingsystemscanprovidethenecessarysecuritycontrols,orifadditionaldevicemanagementfeaturesmayberequired.OnceyouvedeterminedthatdeployinganMDMsystemistherightchoiceforyourorganization,PhiferexplainshowtodeployandapplyMDMtoreducesecurityrisksbroughtonbyBYOD.Thisincludesenforc-ingcomplianceandtestingtheMDMsystembeforefullydeployingitinyourenvironment.Lastly,PhiferexplorestheideaofMDM2.0securityandcontrolbeyondsmartphonesandtablets.Asmobilesecurityintheenterprisecontinuestoexpand,takingalookatthefuturecanhelpITsecurityteamsprepareforthenextwaveofMDM.PhiferdiscusseslettinggooftheideathatMDMisatoolformobiledevicelockdown,butinsteadameansforprovidingcustomizablesecurityandcontrolbasedonausersneedsandpreferences.nRachel ShusterAssociate Managing Editor, TechTargets Security Media Group3 MOBILE DEVICE MANAGEMENTHomeEditors NoteBYOD Increase Calls For Enterprise Mobile Device Management SystemsMitigating BYOD Risks With Mobile Device Management SystemsMdm 2.0: Meeting New Mobility Management NeedsOPENER3 lines is max title length.Style title. Then use hard return to push last line of title to sit on this baseline.All pages: text begins on this baselineOPENER1st text baseline begins here.To change slug and # txt.On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.This will keep the slug text in front of the number2MDM SYSTEMSBYOD Increase Calls for Enterprise Mobile Device Management SystemsMulti-platform mobile device managementsystemsaregainingafoot-holdinenterprisesanxioustomeettheneedsoftodaysexpandingmobileworkforce.Whilenosilverbullet,MDMtechnologycangiveITcentralized,scalablevisibilityandcontrolovertheunrulybring-your-owndevice(BYOD)trend.InarecentstudybyPonemonInstitute,mostorganizationsagreedthatmobiledevicescreatedbusinessriskbutwereimportanttoachievingbusi-nessobjectives.However,just39%haddeployedsecuritycontrolsneededtoaddressthatrisk;fewerthanhalfofthosecouldenforcemobilesecuritypolicies.Unfortunately,thislaxgovernancehasalreadyresultedinnon-compli-anceanddatabreaches.InPonemonssurvey,59%saidemployeesdisen-gagedfundamentalmeasuressuchaspasswords;another12%wereunsure.Itshould,therefore,comeasnosurprisethathalfofthoseorganizationshadexperiencedmobiledatalossduringthepastyear.Giventherashofemployee-ownedsmartphonesandtabletsnowfindingtheirwayintotheworkplace,ITsimplymustfindawaytomanagemobileapplicationandsystemaccesswhilekeepingcorporatedatasecure.Fortu-nately,anewcropofmulti-platformMDMproductsandservicesstandreadytohelpITachievetheseobjectivesandmitigateBYODrisks.However,or-ganizationsneedtounderstandthebenefits,nuancesandlimitationsofthisemergingtechnologybeforetakingtheplunge.THE RISE OF MULTI-PLATFORM MDMMobiledevicemanagementsystemsarenotarecentphenomenon.4 MOBILE DEVICE MANAGEMENTHomeEditors NoteBYOD Increase Calls For Enterprise Mobile Device Management SystemsMitigating BYOD Risks With Mobile Device Management SystemsMdm 2.0: Meeting New Mobility Management NeedsOPENER3 lines is max title length.Style title. Then use hard return to push last line of title to sit on this baseline.All pages: text begins on this baselineOPENER1st text baseline begins here.To change slug and # txt.On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.This will keep the slug text in front of the number2MDM SYSTEMSEnterpriseshavelongmanagedcompany-issuedBlackBerrysandWindowsMobilesviaBlackBerryEnterpriseServer(BES)andMicrosoftExchangeAc-tiveSync(EAS).ButyesterdaysnarrowlyfocusedMDMscouldnothandletheconsumersmartphonesandtabletsthatfloodedtheworkplacefollow-ingApplesiPhonereleasein2007.Ashandsetprocurementrapidlyshiftedfromemployertoemployee,drivenbybudgetcutsandworkforcedemands,ITgroupswereleftscramblingformoreextensibletools.Initially,IThadlittlechoicebuttoreduceiPhoneriskbyapplyingEASpoliciestopreventcorporateemailaccessbynon-passcodedphonesandremotelywipethosethatwerelost.Butthesebasicmeasuresfellshortofgovernanceneeds.Certainly,theydidnotsatisfycompliancemandatestoencryptdataatrest,norcouldtheydeliverproofofcontinuousenforce-mentormeetaccesstrackingandauditrequirements.AlthoughEASsup-portinnewerdevicescontinuestoexpand,thismessaging-centricapproachisplaguedbyinconsistencyandcannotmeetbroadermobilitymanagementrequirements.Byearly2010,iPhoneshadbeenjoinedbyiPadsandAndroids,fuelinggrowthofthemulti-platformMDMmarket.Nichemulti-platformMDMspreviouslyusedbycellularcompaniesandhighlymobileverticalssuchasretailquicklyexpandedtoembraceiOS4,followedbyAndroid2.2.Today,multi-platformMDMsareviablealternativestoBESorEAS,givingenter-prisesasinglepaneofglassthroughwhichtomonitorandmanageanin-creasinglydiversearrayofcorporateandbring-your-ownphonesandtablets.MDM BREADTH AND DEPTHUnlikeBES,whichusesaproprietaryapproachtomanageonlyRIMdevicesrunningtheBlackBerryOS,multi-platformMDMsarethird-partyprod-uctsthatuseopenAPIstotapthenativeinterfacesandcapabilitiesofferedbymanydifferentdevices.Today,itiscommonforMDMstomanageAppledevicesrunningiOS4+,Samsung/Motorola/HTC/LGdevicesrunningAn-droid2.2+,andanarrayofhandheldandembeddeddevicesrunningWinCEandWindowsMobile.LimitedMDMsupportcanalsobefoundforWindows5 MOBILE DEVICE MANAGEMENTHomeEditors NoteBYOD Increase Calls For Enterprise Mobile Device Management SystemsMitigating BYOD Risks With Mobile Device Management SystemsMdm 2.0: Meeting New Mobility Management NeedsOPENER3 lines is max title length.Style title. Then use hard return to push last line of title to sit on this baseline.All pages: text begins on this baselineOPENER1st text baseline begins here.To change slug and # txt.On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.This will keep the slug text in front of the number2MDM SYSTEMSPhoneandWebOSdevices.However,thedegreeofmonitoringandcontroldeliveredforeachmanageddevicevariesbymake/modelandOSversion.Forexample,MDMscanusuallyenforcedevice-levelaccesscontrolsoniOSandAndroiddevices.OniOS,ITmayrequirealphanumericpasscodeswithminimumlengthandspecialcharactersandlimitpasscodeage,reuse,idletime,orfailedentryattempts.OnAndroid3+,ITcanenforceallofthis,plusrequireupper/lowercaseletters,digits,andsymbols.EveryMDMthatsupportsiOSandAndroidexhibitsthisdifferencebecauseitreflectsnativeOScapabilities.However,theextenttowhicheachMDMtriestohidesuchdifferencesunderunifiedconsoleswithaconsistentlookandfeelvarieswidely.Inothercases,mobiledeviceman-agementsystemscandolittletomaskunderlyingdiversity.Forexample,ITcanuseanyMDMonthemarkettore-questafull-devicewipe.BecauseallAppleiPhonesandiPadsnowsupportfull-deviceencryption,remotewipeeasilyrendersdatainaccessible.How-ever,wipingmostAndroidphonessim-plyresetsthemtofactorydefault,leavingcleartextbehindonremovablestorage.MDMscannoteliminatethisnativeshortcomingdoingsofallstodevicemanufacturers.ButMDMscanprovidetoolstocentrallyinvokere-motewipe,confirmarequestedwipehasbeencompleted,reportonallwipeddevices(includingownershipandlastknownlocation),andclearlydescribetheconsequencesforeachwipeddevice.ThisiswhereMDMdepthcomesintoplay.SomeMDMssticktomanag-inghardware,softwareandpolicies.OtherMDMspileonvalue-addedse-curitymeasures.Forexample,someMDMscreatetheirownauthenticated,encrypteddatacontainersonmanageddevices.Anyenterprisedatastoredinthosecontainerscanbereliablywiped,evenonphonesandtabletsthatdonotsupportnativefull-deviceencryption.Moreover,thisapproachletsOn iOS, IT may require alphanumeric passcodes with mini-mum length and special characters and limit passcode age, reuse, idle time, or failed entry attempts.6 MOBILE DEVICE MANAGEMENTHomeEditors NoteBYOD Increase Calls For Enterprise Mobile Device Management SystemsMitigating BYOD Risks With Mobile Device Management SystemsMdm 2.0: Meeting New Mobility Management NeedsOPENER3 lines is max title length.Style title. Then use hard return to push last line of title to sit on this baseline.All pages: text begins on this baselineOPENER1st text baseline begins here.To change slug and # txt.On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.This will keep the slug text in front of the number2MDM SYSTEMSITwipedataconsistentlyacrossallMDM-supportedplatforms.However,MDMsthatincludethesevalue-addstendtohavemoredevice-specificde-pendenciesandlimitationsthanMDMsthatfocusonmanagement.LIFECYCLE MANAGEMENTEnterprisesflockingtomulti-platformMDMtechnologytogainITvisibilityandcontroloverpersonallyowneddevicesmayfindithardtodirectlycom-pareproducts.Heritageplaysarole:SomeMDMshistoricallyfocusedonmobileexpensemanagement,othersstartedwithmobileapplicationman-agementandstillothersspecializedinmobilesecurity.YetmostoftheseMDMsdeliverfoundationalcapabilitiessuchasinventoryandpolicyman-agementthatcausethemtoappearsuperficiallysimilar.Drillingbeyondfunctionalcomparisoncanalsorevealsignificantdifferencesinautomation,usability,scalabilityandintegration.OnewaytoreduceconfusionistoprefaceMDMproductselectionwithaninventoryofbusinessmobilityneedsandusecases.WhenIDCsurveyedbusinessesabouttheirabilitytosup-portconsumerdevicesinthework-place,fouroutoffiverespondentsidentifiedpolicycomplianceanddatasecurity/accessastopconcerns.However,nearlythesamepercentagecitedensuringITsupportandresourceavailability,readyingmobileapplicationsandsettingemployeesupwithmultipledevicesasmajorissues.Inotherwords,choosinganMDMbasedonitsabilitytomeetsecurityneedsalonemaybeshortsighted.Instead,beginwithlifecyclemanagement.Eveniftheemployerdoesnotownanemployeesmobiledevice,itownsthebusinessdataandapplicationsstoredonthatdevice.Startbyestablishingaprocessfortrackingandmanag-ingthoseassetsthrougheachdeviceslifetime.Enterprises flocking to multiplatform MDM technology to gain IT visibility and control over personally owned devices may find it hard to directly compare products.7 MOBILE DEVICE MANAGEMENTHomeEditors NoteBYOD Increase Calls For Enterprise Mobile Device Management SystemsMitigating BYOD Risks With Mobile Device Management SystemsMdm 2.0: Meeting New Mobility Management NeedsOPENER3 lines is max title length.Style title. Then use hard return to push last line of title to sit on this baseline.All pages: text begins on this baselineOPENER1st text baseline begins here.To change slug and # txt.On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.This will keep the slug text in front of the number2MDM SYSTEMSDoingsocreatesanessentialfoundationfornotjustsecuritymanage-ment,butexpensetracking,userassistance,applicationanddatadeploymentandmore.MDMscanenablelifecyclemanagementbyautomatingdeviceen-rollment,monitoringandde-enrollment,independentofownership.MostMDMssupportIT-initiatedenrollment;somealsoofferuser-initiateden-rollment.Eitherway,usersfollowlinkstoaself-helpenrollmentportalwheretheyarepromptedtoentercredentials.Behindthescenes,theMDMtypicallyauthenticatestheuserandcom-paresuseranddevicetoIT-definedpolicies.Ifthisuserispermittedtoen-rollthisdevice,basedonmake/model,OS,ownershipandgroupmembership,accessmaybeauthorized.MDMsmaydisplayanacceptableusepolicyandissueadevicecertificatebeforecontinuingontoprovisionthedeviceover-the-air,applyingdevicesettings,securitypoliciesandapplications.Byautomatingenrollment,ITcandeliverscalablesupportformanyper-sonallyowneddeviceswhileplacingwelldefinedlimitsonacceptableuse.Devicesthatpassmustercanbeoutfittedforsafeproductivebusinessuse,leavingITwell-positionedtocontinuallymonitoractivityandenforcesecu-ritypolicycompliance.Ifanenrolleddeviceshouldbelostorstolenorbe-comenon-compliant,ITcanuseMDMtoremotelyfind,lockorwipeit.Inaddition,MDMmaybeusedtoinvoketemporarystop-lossactionssuchasremovingsettingsthatpermitcorporateemail,VPNorapplicationaccess.Eventually,whentheemployeeleavesthecompanyorthedeviceisreplaced,MDMcaneasilyde-enrollitwhilewipingcorporateassets.ManyMDMscannowdifferentiatebetweenfull-deviceandenterprisewipe,lettingITdecom-missionanemployeesdevicewithoutharmingpersonaldata.n8 MOBILE DEVICE MANAGEMENTHomeEditors NoteBYOD Increase Calls For Enterprise Mobile Device Management SystemsMitigating BYOD Risks With Mobile Device Management SystemsMdm 2.0: Meeting New Mobility Management NeedsOPENER3 lines is max title length.Style title. Then use hard return to push last line of title to sit on this baseline.All pages: text begins on this baselineOPENER1st text baseline begins here.To change slug and # txt.On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.This will keep the slug text in front of the number3DEPLOYING MDMMitigating BYOD Risks With Mobile Device Management SystemsOnce enterprises understand thebenefitsandlimitationsofmobilede-vicemanagement(MDM)technologyandbegindeployinganMDMsolution,ITcannowdeploy,auditandenforceappropriatesecuritycontrols.Typically,ITcanuseMDMtoremotelyconfigurenativedevicesettingstoreflectsecuritypolicies,including:requiringaPINorpassword;enablingauto-lockandauto-wipefeatures;encryptingdataatrestonthedevice,re-movablemediaorinthecloud;protectingdata-in-motionoveremail,VPNorWi-Fi;andselectivelydisablinghardwareandOSfeaturessuchasinte-gratedcameras.Whenproperlyconfigured,thesenativesettingsdelivermost(butnotall)mobilesecuritybestpracticesforpersonalsmartphonesandtablets.Aspreviouslynoted,supportedpoliciesdovarybydevicemake/modelandOS.However,mobiledevicemanagementsystemsgenerallytrytomaximizeITaccesstonativesettings.Forexample,anyMDMthatsupportsiOSdevicemanagementletsITseteveryApple-supportedConfigurationProfileattri-bute.MDM-configuredcontrolsforAndroidaremorevariedbecausethede-vicesthemselvesaremorediverse.Notably,manufacturerssuchasSamsungandMotorolahaveextendednativeAPIswithproprietaryattributestogiveITgreatervisibility,controlandflexibility.Ultimately,mobilesecuritymanagementrequirescarefulanalysisofnativedeviceandOSfeaturesneededtoimplementpoliciesandconfirmationthatanyMDMunderconsiderationcandelivervisibilityandcontroloverthosefeatures.Wherenativecapabilitiesareinsufficient,MDMscanalsohelpbydeploying,configuringandenforcingthird-partysecuritymeasures.Forexample,healthcareorganizationsoftenuseMDMtocentrallydeploy9 MOBILE DEVICE MANAGEMENTHomeEditors NoteBYOD Increase Calls For Enterprise Mobile Device Management SystemsMitigating BYOD Risks With Mobile Device Management SystemsMdm 2.0: Meeting New Mobility Management NeedsOPENER3 lines is max title length.Style title. Then use hard return to push last line of title to sit on this baseline.All pages: text begins on this baselineOPENER1st text baseline begins here.To change slug and # txt.On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.This will keep the slug text in front of the number3DEPLOYING MDMtwo-factorauthentication,VPNclientsandvirtualdesktopapplications.En-terprisesconcernedaboutmobilemalwarecanuseMDMtopushsandboxedbrowsersandantimalware.ToanMDM,thesearesimplyapplicationsthatmustbeinstalledandmaintained.Forthisreason,organizationsfocusedonMDMtoenablesecurityshouldalsoevaluateeachproductsapplicationmanagementcapabilities.ENFORCING COMPLIANCE WITH MDM TECHNOLOGYForsmallmobileworkforces,ITcouldenrolldevicesonebyone,manuallyinstallingrequiredsecurityandbusinessapplications,butthatdoesnotscalenordoesitenablecontinuousmonitoringandenforcement.ThisiswhereMDMtechnologycanyieldreturnoninvestmentthroughlogging,auditingandcomplianceenforcement.Mobiledevicemanagementsystemscancapitalizeontheirover-the-airaccesstoenrolledsmartphonesandtablets.Evenifdevicesneverreturntotheoffice,MDMscanpollthemtoverifysettingsanddetecteventssuchasPINdisablementorblacklistedapplicationinstallation.SomemobiledevicesandsettingscanbemonitoredfromafarusingnothingmorethannativeAPIsnotablyAppleiPadsandiPhones.DeeperthanEASinsightonotherdevices(e.g.,Android,WindowsMobile)usuallyrequiresinstallingadevice-residentMDMagent.Today,MDMvendorspublishtheiragentsattheGoogleAndroidMar-ketortheAppleAppStorewhereuserscanfreelydownloadthem.Uponin-stallation,agentsconnecttoacorporateMDMserverthatmaybeinstalledon-premises,hostedbyamanagedserviceprovider,oroperatedasacloudservice.Thereafter,MDMagentscanserveasITseyesandears,loggingac-tivities,reportingonevents,andcarryingoutMDMrequeststhatgobeyondnativecapabilities.Forexample,ithasbecomecommonforMDMagentstoofferjailbreakorrootdetection.Jailbreakingorrootingposebusinessrisksbecausetheyren-dertheunderlyingOSunreliableandraiseconcernsaboutdeviceintegrity.JailbrokenAppledevicesarevulnerabletomobilemalwaredownloadedfrom10 MOBILE DEVICE MANAGEMENTHomeEditors NoteBYOD Increase Calls For Enterprise Mobile Device Management SystemsMitigating BYOD Risks With Mobile Device Management SystemsMdm 2.0: Meeting New Mobility Management NeedsOPENER3 lines is max title length.Style title. Then use hard return to push last line of title to sit on this baseline.All pages: text begins on this baselineOPENER1st text baseline begins here.To change slug and # txt.On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.This will keep the slug text in front of the number3DEPLOYING MDMnon-Applewebsites.RootedAndroiddevicesareevenmorevulnerablebe-causeapplicationscanaccessnormallyprivilegedfeatures.Byimmediatelydetectingsuchactivity,MDMagentscannotifyadminis-tratorsandusers.ITcaneveninstallenforcementpoliciesthatautomaticallytakeactionssuchasdisablingemailorVPNaccessorremovingenterpriseapplicationsorevenwipinganoffendingdevice.AlthoughavailableactionsarelimitedbythemobileOS,theycanstillgoalongwaytowardsreducingbusinessriskandencouragingvoluntarycompliance.TEST-DRIVE MDM SYSTEMS BEFORE BUYINGLikeanyothertechnologydesignedtoassistITwithsecurityenforcement,MDMisameanstoanend.OrganizationsshouldnotexpectMDMstomagi-callykeepamobileworkforcesecureanymorethanafirewallcanbeexpectedtokeepacorporatenetworksafe.MDMsrequirecarefulselection,basedonabilitytomeetbusinessneeds,implementdesiredpolicies,integratewithexistinginfrastructureandsupportworkflows.ThoseworkflowsandrelatedITprocessesshouldnotbeleftasapost-de-ploymentexercise.Diversitywithinthemulti-platformMDMmarketbe-comesmostapparentwhenorganizationsbegintouseproductstomanagereal-worlddevices.Forbestresults,pilotafewMDMproductsbyattemptingtoassertandenforceanacceptableusepolicyonvariousdevicesofimpor-tancetoyourworkforce.n1 1 MOBILE DEVICE MANAGEMENTHomeEditors NoteBYOD Increase Calls For Enterprise Mobile Device Management SystemsMitigating BYOD Risks With Mobile Device Management SystemsMdm 2.0: Meeting New Mobility Management NeedsOPENER3 lines is max title length.Style title. Then use hard return to push last line of title to sit on this baseline.All pages: text begins on this baselineOPENER1st text baseline begins here.To change slug and # txt.On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.This will keep the slug text in front of the number4MDM 2.0MDM 2.0: Meeting New Mobility Management NeedsWhile security teams aregettingagriponsmartphonesandtabletsthroughbasicmobiledevicemanagement(MDM),enterprisemobilityre-quirementscontinuetoevolve.Toaddresstheseadvancedneeds,betterin-tegratedandmoregranularMDMtoolsareemerging.Letslookatsomeoftheseinnovationsandhowtoputthemtowork.MDMproductsinitiallyfocusedondeviceinventoryandprovisioningbuthaveexpandedtoaddressabroaderrangeofneeds,fromsecuritycontrolstoexpensemanagement.However,BYODisnowdrivinginterestinmoregranu-lartoolstomanagenotonlyentiredevices,butalsotheindividualbusinessassetscarriedonthem,specifically,applicationsandcontent.TodaysMDMproductsoftenincludeapplicationmanagementfunctions,rangingfromsoftwareinventoryandwhitelist/blacklistcontrolstoapplica-tioninstallation,configuration,updateanddisablement/removal.Onein-novationcalledappwrappingbeefsupenterpriseappstomeetsecurityrequirements.FiberlinkCommunicationsCorp.sMaaS360SecureProduc-tivitySuitecanunpackIT-uploadedapps;insertcannedsecurityfunctions(suchasauthenticationordataleakprevention);andrepackthemfordeploy-mentontomanageddevices.Thiscanhelpemployersdeliverconsistentlysecuredappswithoutrelyingonlyonhighlyvariablenativedeviceandappcapabilities.Anothertrendisdecouplingsecurelymanageddatafromfull-blowndevicemanagement.AirWatchsMobileContentManagementproductcombinesbasicdeviceenrollmentandcompliancewithdata-centricfunctions,includ-ingasecurecontainerinwhichtoplaceenterprisedataandtoolsthatITcanusetodeploy,updateanddeletedata.WhenaBYODisenrolled,ITcan12 MOBILE DEVICE MANAGEMENTHomeEditors NoteBYOD Increase Calls For Enterprise Mobile Device Management SystemsMitigating BYOD Risks With Mobile Device Management SystemsMdm 2.0: Meeting New Mobility Management Needs4OPENER3 lines is max title length.Style title. Then use hard return to push last line of title to sit on this baseline.All pages: text begins on this baselineOPENER1st text baseline begins here.MDM 2.0To change slug and # txt.On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.This will keep the slug text in front of the numberauto-pushdocumentstoasecurestorageareathatissubjecttopoliciesthatcontrolofflineviewing,cut/pasteandotherdocumentsecuritymanagementactivities.IfthatBYODlaterbecomesnon-compliant,ITcanremovethecontaineranditsdocumentswithoutneedingorhavingtheabilitytowipetheentiredevice.RESPECTING PERSONAL PRIVACYMoregranularapplicationandcontentmanagementcapabilitiescanhelpITenablebroadermobilitywithlesseffectonpersonalprivacy.However,someMDMproductsaremovingtooffermoregranularprivacyoptionstoaddressbothemployeeandlegal/regulatoryconcerns.BlackBerryEnterpriseService10includesBlackBerryBalance,amanage-mentcapabilitythatcarvesoutseparatesecureWorkandPersonalspacesonBlackBerry10devices.Thisdualpersonaapproachoffersmorethanasecurecontainer;itcreatesanIT-man-aged,authenticated,encryptedWorkSpaceinwhichemployeescaninter-actwithcorporateemail,secureWebbrowsingandotherbusinessapplications.Employeeshavethefreedomtoin-stallanythingtheywantintheirownPersonalSpace,withoutbeingshackledbyITpolicies,orworryingaboutITsnoopingonprivateactivities.AnotherwayinwhichMDMproductsaremovingtoenablepersonalfree-dominconcertwithITcontrolisgeo-fencing.ThistechniquecombinesauserscurrentlocationwithIT-definedpolicies.CitrixSystemsInc.sZe-nMobileMDMproductcanenforceproxy-basedURLfiltersanddisablede-vicecapabilities,suchascameraswhenusedinsideasecurefacility,butautomaticallyliftthoserestrictionswhenthatdevicemovesoutsidethefence.However,location-awarenesscanbeadouble-edgedsword;theresAnother way in which MDM products are moving to enable per-sonal free dom in con-cert with IT control is geo-fencing. This tech-nique combines a users current location with IT-defined policies.13 MOBILE DEVICE MANAGEMENTHomeEditors NoteBYOD Increase Calls For Enterprise Mobile Device Management SystemsMitigating BYOD Risks With Mobile Device Management SystemsMdm 2.0: Meeting New Mobility Management Needs4OPENER3 lines is max title length.Style title. Then use hard return to push last line of title to sit on this baseline.All pages: text begins on this baselineOPENER1st text baseline begins here.MDM 2.0To change slug and # txt.On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.This will keep the slug text in front of the numberadifferencebetweenusingcurrentlocationtomakepolicydecisionsandtrackinghistoricallocation.Thelattercanraiseprivacyconcernsandsoshouldbedoneonlywithcareand,ofcourse,consent.LEVERAGING INTEGRATIONAsMDMproductsmature,theyarebecomingbetterintegratedwithexist-ingenterpriseinfrastructure.Tighterintegrationcanfacilitatebusinessmo-bility.Forexample,enterpriseSharePointresourcesorclouddataservicesmadeavailabletomobileusersviaintegrationwithmanagedsecurecontain-ers.Inaddition,MDMintegrationwithinfrastructurecanbehelpfulindeliv-eringseamless,securemobileuserexperience.EnterpriseidentitymanagementisahotareaofinnovationforMDMproducts.MostMDMproductscanbeconfiguredtointerfacewithenterprisedirectoriesmostoftenActiveDirectoryorLDAbindingenrolleddevicestoauthorizeduseridentitiesand,perhaps,theirgroupmemberships.Secure-AuthCorp.sIdPisoneproductthattakesidentitymanagementintegrationfurtherbyusingidentityandaccessmanagement(IAM)andsingle-sign-onasamobilegatewayintotheenterprise.Forexample,ratherthangrantingac-cesstomanagedmobiledevices,IdPgrantsmobileaccesstoenrolledusers,basedonauthenticatedidentityandSSOtokens.TIGHTER INTEGRATIONMDMproductsarealsoachievingtighterintegrationwithenterpriseWLANinfrastructure,ineffectusingthenetworkasaspringboardformoreauto-mateddeviceenrollment.NetworkscomposedofwirelessaccesspointsandswitchesfromAerohivecanbeconfiguredtodetectandfingerprintnewmo-biledevices,automaticallyredirectingthemtoaJAMFSoftwareorAirWatchMDMenrollmentportalforzero-touchprovisioning.Integratedapproaches,suchasthese,makeiteasiertoexpandmobilitytomoreuserswhiledeter-ringenterpriseaccessbyunknownandpotentiallyriskyBYODs.Astheseexamplesshow,todaysMDMproductsarenolongermonolithicsystemsfocusedonbasicdevicemanagementandlittlemore.Infact,as14 MOBILE DEVICE MANAGEMENTHomeEditors NoteBYOD Increase Calls For Enterprise Mobile Device Management SystemsMitigating BYOD Risks With Mobile Device Management SystemsMdm 2.0: Meeting New Mobility Management Needs4OPENER3 lines is max title length.Style title. Then use hard return to push last line of title to sit on this baseline.All pages: text begins on this baselineOPENER1st text baseline begins here.MDM 2.0To change slug and # txt.On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.This will keep the slug text in front of the numberMDMproductsgrowmorecapableandsophisticated,manyarebeingdecou-pledintoalacartecapabilities,whichallowITtomanageandsecuremobil-itydifferentlyforeachbusinessunitorworkgroup.Sodontbefooledbylabels;digdeeperintotheactualcapabilitiesofferedbyeachMDMproduct,lookingforinnovationsthatcanhelpyourorganiza-tionexpandmobilitytodiverseusersandmanagetheirriskseffectively.ThesameMDMproductmaywellsupportenterpriseidentity-based,full-de-vicemanagementforhigh-riskworkers;lighter-weightbutsecuredata-onlymanagementforknowledgeworkers;andsecurely-wrappedappmanagementtoenablenarrowaccessbyallothermobileworkers.Inshort,avoidthinkingaboutMDMasatoolforold-schoolcorporatede-vicelockdown.Developusecasesanddesiredsecuritypoliciesthatfocusonmanagingandsecurityonlyat-riskcorporateassets,thenletthosepoliciesdriveyoursearchforsuitableMDMproductsandcapabilitypackages.n15 MOBILE DEVICE MANAGEMENTHomeEditors NoteBYOD Increase Calls For Enterprise Mobile Device Management SystemsMitigating BYOD Risks With Mobile Device Management SystemsMdm 2.0: Meeting New Mobility Management NeedsOPENER3 lines is max title length.Style title. Then use hard return to push last line of title to sit on this baseline.All pages: text begins on this baselineOPENER1st text baseline begins here.To change slug and # txt.On your page, in this order, deselect slug first, then move just outside of blue box to deselect the #.This will keep the slug text in front of the numberABOUTTHE AUTHORLISA PHIFER ownsCoreCompetence,aconsultingfirmspecializinginbusinessuseofemergingnetworkandsecuritytechnology.Shehasbeeninvolvedinthedesign,implementationandevaluationofinternetworking,securityandman-agementproductsfor30years. ThisTechnicalGuideonMobile Device Management isaSecurityMediaGroupe-publication.Robert RichardsonEditorial DirectorEric ParizoSenior Site EditorKathleen RichardsFeatures EditorKara GattineSenior Managing EditorRachel ShusterAssociate Managing EditorrLinda KouryDirector of Online DesignNeva ManiscalcoGraphic DesignerDoug OlenderVice President/Group Publisherdolender@techtarget.comTechTarget 275 Grove Street, Newton, MA 02466 www.techtarget.com2013TechTargetInc.Nopartofthispublicationmaybetransmittedorreproducedinanyformorbyanymeanswithoutwrittenpermissionfromthepublisher.TechTargetreprintsareavailablethroughTheYGSGroup.About TechTarget:TechTargetpublishesmediaforinformationtechnologyprofessionals.Morethan100focusedwebsitesenablequickaccesstoadeepstoreofnews,adviceandanalysisaboutthetech-nologies,productsandprocessescrucialtoyourjob.Ourliveandvirtualeventsgiveyoudirectaccesstoindependentexpertcommentaryandadvice.AtITKnowledgeExchange,oursocialcommunity,youcangetadviceandsharesolutionswithpeersandexperts.

Recommended

View more >