Secure and manage all your mobile ?· Secure and manage all your mobile devices Manage your mobile devices…

  • Published on

  • View

  • Download


  • Securely manage your data, devices, and applications

    Mobile Device Management

    ISBN: 978-0-470-69472-5Not for resale

    Find listings of all our books

    Choose from many different subject categories

    Browse our free articles

    Secure and manage all your mobile devices

    Manage your mobile devices and applications

    Secure your mobile data

    Unleash your mobile workforces potential

    Explanations in plain


    Get in, get out


    Icons and other

    navigational aids

    A dash of humour and fun

    With the compliments of Sybase iAnywh


    In order to do their job, your fi eld personnel need the right information at the right time, on reliable devices. And, of course, security is vital. This minibook makes it easy for IT administrators to successfully mobilise their organisation showing how to secure mobile data, manage devices and applications, and unleash the potential of the mobile workforce.

    Choose the right mobile deployment solution

    Sybase iAnywhere Limited Edition

  • By Mike Oliver, Sybase iAnywhere

    Mobile DeviceManagement



    01_694725 ffirs.4.qxp 3/28/08 2:48 PM Page i

  • Mobile Device Management For Dummies

    Published byJohn Wiley & Sons, LtdThe AtriumSouthern GateChichesterWest SussexPO19 8SQEngland

    E-mail (for orders and customer service enquires):

    Visit our Home Page on

    Copyright 2008 by John Wiley & Sons Ltd, Chichester, West Sussex, England

    All Rights Reserved. No part of this publication may be reproduced, stored in aretrieval system or transmitted in any form or by any means, electronic, mechani-cal, photocopying, recording, scanning or otherwise, except under the terms of theCopyright, Designs and Patents Act 1988 or under the terms of a licence issued bythe Copyright Licensing Agency Ltd, 90 Tottenham Court Road, London, W1T 4LP,UK, without the permission in writing of the Publisher. Requests to the Publisherfor permission should be addressed to the Permissions Department, John Wiley &Sons, Ltd, The Atrium, Southern Gate, Chichester, West Sussex, PO19 8SQ, England,or emailed to, or faxed to (44) 1243 770620.

    Trademarks: Wiley, the Wiley Publishing logo, For Dummies, the Dummies Manlogo, A Reference for the Rest of Us!, The Dummies Way, Dummies Daily, The Funand Easy Way, and related trade dress are trademarks or registeredtrademarks of John Wiley & Sons, Inc. and/or its affiliates in the United States andother countries, and may not be used without written permission. All other trade-marks are the property of their respective owners. Wiley Publishing, Inc., is notassociated with any product or vendor mentioned in this book.

    Sybase, iAnywhere, and Afaria are trademarks of Sybase, Inc or its subsidiaries. indicates registration in the United States of America. All other company andproduct names mentioned may be trademarks of the respective companies withwhich they are associated.


    Wiley also publishes its books in a variety of electronic formats. Some content thatappears in print may not be available in electronic books.

    ISBN: 978-0-470-69472-5

    Printed and bound in Great Britain by Page Bros, Norwich

    10 9 8 7 6 5 4 3 2 1

    01_694725 ffirs.4.qxp 3/28/08 2:48 PM Page ii

  • Contents at a GlanceIntroduction ............................................1

    About This Book.............................................................1Foolish Assumptions .....................................................2How to Use This Book ...................................................2Icons Used in This Book................................................3Where to Go from Here..................................................3

    Part I: Mobile Device Management: Why Bother? ...........................................5

    Considering the Challenges of Mobility ......................6Considering Why Enterprises Need

    Frontline Management ..............................................10Introducing Afaria, from Sybase iAnywhere ............11

    Part II: Managing Your Mobile Deviceswithout Sweat or Tears ..........................13

    Defining the Elements of a Great Management Solution ...............................................14

    Finding the Solution with Afaria, from SybaseiAnywhere ..................................................................21

    Part III: Under Lock and Key: Enforcing Security .................................23

    Safe as Houses: Considering Your Requirements ....24Stating the Requirements of Your

    Security Solution .......................................................25The Security Checklist ................................................28

    02_694725 ftoc.4.qxp 3/28/08 2:48 PM Page iii

  • Part IV: Looking to the Future ................33Integrating Mobile Deployment Components .........33MAGnificent Multichannel Access Gateways ..........34Keeping Up with a Changing World ...........................35Avoiding Viruses Like the Plague...............................35

    Part V: Top Ten Mobile Device Management Tips ..................................37


    02_694725 ftoc.4.qxp 3/28/08 2:48 PM Page iv

  • Introduction

    Welcome to Mobile Device Management ForDummies, your guide to the management andsecurity of mobile computing equipment such aslaptops and handheld devices.

    About This BookEvery day, more and more of your enterprise alongwith its data and transactions is moving to thefrontlines where you interact directly with yourcustomers. The frontlines present a key opportunity foryour business to gain a competitive advantage, byhaving the information and applications necessary totake decisive action when you need to. Technology isused at the frontlines in situations such as:

    A salesperson getting a customer to sign for thesamples just received using a handheld device.

    A police officer with a laptop in her vehicle, ableto access a database of criminal information whileon patrol.

    A field service engineer referring to a laptop thatprovides information on specific parts needed so that he can fix the customers problem the firsttime.

    A retail salesperson in a store checking stocklevels and processing transactions with ahandheld point-of-sale device.

    03_694725 intro.qxp 3/28/08 2:48 PM Page 1

  • A health worker having up-to-date patientinformation whether beside the bed in hospitalor visiting the patient in her home.

    This book gives you the lowdown on enterprise mobiledevice management and how Afaria, the marketleading solution, can help you.

    Foolish AssumptionsIn writing this book, weve made some assumptionsabout you. We assume that:

    Youre in business and enjoy the benefits of beingable to stay connected and informed while youreon the move.

    Youre an IT manager who needs to keep on top ofthe multiple devices out and about in the field.

    How to Use This BookMobile Device Management For Dummies is divided intofive concise and information-packed parts:

    Part I: Mobile Device Management: Why Bother?We explore the reasons to go mobile, the challengesyoull face, and the need for effective management.

    Part II: Managing Your Mobile Devices withoutSweat or Tears. We introduce the SybaseiAnywhere solutions, focusing on management.

    Part III: Under Lock and Key: Enforcing Security.We explain why securing your mobile data isabsolutely vital.


    03_694725 intro.qxp 3/28/08 2:48 PM Page 2

  • Part IV: Looking to the Future. Some crystal-ball gazing into the technologies you need toprepare for.

    Part V: Top Ten Mobile Device Management Tips.A small but perfectly formed chapter of tips forboth the mobile user and systems administrator.

    You can dip in and out of this book as you like, or readit from cover to cover it shouldnt take you long!

    Icons Used in This BookTo make it even easier to navigate to the most usefulinformation, these icons highlight key text:

    The target draws your attention to time- ormoney-saving advice.

    The knotted string highlights importantinformation to bear in mind.

    The Dummies man indicates real-lifeanecdotes to illustrate a point.

    Where to Go from HereAs with all For Dummies books, you dont have to readthis one from cover to cover if you dont want to. Usethe headings to guide you to the information you need.If you require any more information, you can contact usat


    03_694725 intro.qxp 3/28/08 2:48 PM Page 3

  • 4

    03_694725 intro.qxp 3/28/08 2:48 PM Page 4

  • Part I

    Mobile Device Management:Why Bother?

    In This Part Considering security, visibility, and control

    Addressing the challenges of mobile device management

    Did you know that up to 70 per cent of enterprisedata exists in various frontline settings, fromlaptops to handheld devices, to shop and remote officeenvironments? Thats quite a statistic!

    Your mobile staff might be employed for a variety of skills to treat patients, dig up roads, repairmalfunctioning equipment, or sell a product. Theyrerarely IT savvy and certainly not security experts. Yet more than 75 per cent of enterprises leaveresponsibility for security in the hands of the user literally.

    This part explores the challenges that mobility bringsand why you need management and security toaddress these challenges.

    04_694725 ch01.qxp 3/28/08 2:48 PM Page 5

  • Considering the Challenges of MobilityMobility brings numerous opportunities but alsochallenges. Table 1-1 compares the advantages ofnetworked computers with the challenges of mobiledevices that you need to overcome.

    Table 1-1 Comparing Networked Computers with Mobile Devices

    Networked Computers Mobile DevicesUnlimited bandwidth Bandwidth is limited

    Guaranteed, reliable connectivity Intermittent, unreliableconnectivity

    Local support for users No local technical support

    IT can easily get to systems IT may never see devices

    The same platforms used A variety of devices and platforms

    Physical building security Easily lost or stolen

    The following sections consider other challenges youneed to overcome when employing mobile devices.

    Security Mobile management and security are totally inter-dependent. An unsupported, unmanaged securesystem is invariably vulnerable the moment it leaves itscradle!


    04_694725 ch01.qxp 3/28/08 2:48 PM Page 6

  • Mobile security is the need to control user access andprotect your data on the device and storage, in transit,and if lost or stolen.

    Without the appropriate security, mobile devices areextremely vulnerable to security gaps. As a result, therisk of intrusion is high and security controls areinconsistent at best and often unenforceable. Whetherits hackers, viruses, corrupted data, or lost or stolendevices, theres plenty to be concerned about.

    Additionally, regulations regarding data privacy andencryption are becoming stricter and can even result infines for noncompliance. IT and security experts mustmanage and protect sensitive information and enforcecompliance centrally, rather than leaving the burden ofsecurity to the mobile device end-user.

    Security will always be an issue and the riskis even greater at the frontlines, on mobiledevices.

    User adoptionWe all do whatever makes it easier for us to do ourjobs. Your mobile workers are no different. Over theyears, your office-based systems will have been honedby adopting best practices, and youll face a challengein asking your staff to abandon what they know and arecomfortable with.

    Introducing new systems for frontline workers alwayscarries a risk that unless they see the benefits forthemselves and buy in to the systems, users willrevert to their previous ways of working.


    04_694725 ch01.qxp 3/28/08 2:48 PM Page 7

  • You need to ensure that electronic applications areintuitive and easier to use than the paper systems theyreplace. Ensure devices wont fail just when yourworkers need them most.

    Engage your mobile workers early, train andlisten to them, and theyll make thedeployment a success!

    Central visibility for ITCentral IT needs to see activity levels and usermethodology in order to anticipate issues andcontinuously improve the system.

    Being able to see whats actually going on at thefrontlines is critical to success. Your IT folk need toknow what activities are happening, and why, in orderto make better decisions.

    If your workers arent utilising the systems youvedeployed in the way you expected, you need to knowwhy.

    ControlRather than trying to accommodate disparate systemsand processes, you need to drive the project centrallyto keep control.

    You want to have mobile deployments linked foreffective data sharing so your frontline workers havethe information they need, when they need it, and sothat the information they gather is automaticallyprocessed to everyone who requires it.


    04_694725 ch01.qxp 3/28/08 2:48 PM Page 8

  • Each disparate system brings its own challenges. Youmight have a variety of devices with different userneeds, connecting over significantly varying bandwidth,and theyre often beyond direct, onsite IT support.

    Having a management solution that gives youcontrol over multiple devices and platforms,multiple user groups, and multiple processesis critical.


    Food for thoughtIf youre not convinced about the benefits of mobile devicemanagement, here are some stats to chew over:

    Industry analysts rate mobile workforce enablement andsecurity among the top enterprise IT priorities.

    Its estimated that over 300,000 mobile devices are lost orstolen in the US. In the UK, its been reported that over 100devices a month are lost at Heathrow Airport alone.

    Effectively mobilising existing paper-based systems almostalways delivers significant business benefits. Numerousorganisations have achieved improved conversion ofprospects into active customers by as much as 15 per cent.

    Effective device management can also bring communica-tions costs under control, sometimes delivering as muchas 60 per cent savings.

    04_694725 ch01.qxp 3/28/08 2:48 PM Page 9

  • Business processes need to be consistently applied,and as requirements change executive leadershipneeds to be able to consistently drive changes toprocesses, actions, and behaviours.

    Considering Why EnterprisesNeed Frontline ManagementYou may have already started venturing down themobility path and have deployed devices and anapplication for a team within your organisation.However, without effective management, devicereliability varies, applications arent supported as wellas those in the office, communication costs fluctuate,and security threats are significantly increased.

    Effective mobile device management gives you securecontrol over your mobile data, devices, and applications,while giving your frontline workers the freedom toperform the job they were hired for, not struggle withtechnology.

    Mobile workers are imperative to anorganisations success. Laptops and handhelddevices that support workers at the frontlinesare proliferating throughout corporations. Witha mobile workforce comes the widespreaddistribution of sensitive, proprietary, andsometimes downright top-secret data outsidethe secure walls of HQ. Its critical for thesuccess of a mobile deployment to putmeasures in place to control and protectmobile assets. By implementing a solution that


    04_694725 ch01.qxp 3/28/08 2:48 PM Page 10

  • proactively manages and secures mobile data,devices, and applications, mobile projects canimprove efficiency, customer service, and ultimately profitability.

    The need for mobile systems management is growing fast!

    Introducing Afaria, from Sybase iAnywhere Afaria helps organisations succeed by delivering theright data to your mobile workers in the right place, atthe right time. It gives IT the broadest cross-platformcontrol and gives mobile workers the freedom to dotheir jobs rather than battle with baffling technology.

    Afaria supports mobile workers, wherever they are, by:

    Maximising customer-facing time by minimisingconnection time, and delivering the rightinformation at the right time, on a dependabledevice.

    Supporting the mobile workers devices andapplications as if they were in the office.

    Afaria supports enterprise IT by:

    Delivering control over all mobile devices, data,and applications from a single console interface.

    Keeping the security responsibility away fromyour end-users and within your control.

    Automating business processes.


    04_694725 ch01.qxp 3/28/08 2:48 PM Page 11

  • Sybase iAnywhere has the market-leading productsthat deliver the functionality enterprises demand.Afaria has been the acknowledged market-leadingmobile device management (MDM) solution ever sincethe markets been measured! And, as Afaria is part ofthe Information Anywhere Suite, Sybase iAnywhere canhelp you easily add on email, collaboration, or extendother applications as your mobility needs grow. InParts II and III we look at how Afaria securely managesdevices, data, and applications at the frontlines ofbusinesses.


    04_694725 ch01.qxp 3/28/08 2:48 PM Page 12

  • Part II

    Managing Your MobileDevices without Sweat

    or Tears

    In This Part Thinking about what makes a great MDM solution

    Seeing how Afaria fits the bill

    Maintaining the reliability and security of data anddevices at the frontlines can be very challenging.These environments are diverse, complex, and oftenbeyond direct, onsite IT control. IT must be able toproactively manage all the devices, applications, data,and communications critical to the success of mobileworkers.

    Organisations need to take a centralised approach tomanagement and security, providing IT with the controland visibility they need, while empowering mobileworkers to be successful with the information andapplications they need to do their jobs.

    This part explains exactly what to look for in a mobiledevice management solution.

    05_694725 ch02.qxp 3/28/08 2:49 PM Page 13

  • Defining the Elements of aGreat Management SolutionIts time to think carefully about the components of areally effective management solution. This sectionexplores the elements you need that Afaria provides.

    Naturally, you need mobile data and device security,but this subject is so important that Part III isdedicated to it.

    Cross-platform device supportA good mobile device management solution supports a wide variety of client types such as Symbian,Blackberry, Windows Mobile, Palm, and Windows XP from a single web-based console. Your initialdeployment may just be for a team of engineers allusing the same tablet PCs, but you also need to plan for the future deployment of executive PDAs andsmartphones, maybe some older Palm devices in thewarehouse, or the sales teams laptops. Plan now forevery platform you have in your enterprise today andfor the new platforms continually emerging!

    Configuration managementCentral control of mobile devices enablesadministrators to maintain a wide range of softwareand hardware settings including device identification,network settings, connection profiles, regional settings,and alerts. The settings are continually checked againstcentrally defined configurations and reset whenevernecessary.


    05_694725 ch02.qxp 3/28/08 2:49 PM Page 14

  • Device monitoringEffective mobile device management enables the user towork offline, instead of being constantly reliant on aconnection to HQ. A high-quality device managementsolution reacts to changes in the state of a device monitoring memory, files, folders, and registry settingsfor changes and can trigger processes such as backingup a device when the battery level drops or launching aparticular application when a user signs on.

    Monitoring also tracks application installationand usage policies through logging andreporting capabilities and can track whenconfidential files on mobile devices are writtento external cards or sent to other devices.


    Protecting the insurersA market-leading insurance provider needed to protect sen-sitive customer financial and medical information residing onthe computers owned by 3,500 independent agents. SybaseiAnywheres laptop hard disk encryption, software distribution,device management, and stolen device lockdown dramaticallyimproved the ability to implement, monitor, and enforce strin-gent data security policies. The companys reputation as anindustry leader in information security was enhanced and cus-tomer service improved by having the most up-to-date infor-mation on agents laptops.

    05_694725 ch02.qxp 3/28/08 2:49 PM Page 15

  • License controlA valuable component of a mobile device managementsolution is tracking how software licenses are deployedand used. Automatically generated reports includeinformation about the last time an application wasaccessed.

    Software distributionApplications can be electronically distributed, installed,and maintained and all without the end-usersknowledge or involvement. Central administrationcontrols software installations, including versionmanagement, rollback, and criteria checking.

    Inventory and asset controlAdministrators can perform comprehensive inventoryscans of hardware and software, automaticallyreceiving alerts of changes. A prime example is helpdesk personnel quickly capturing the state of a deviceto hasten the fixing of any problems.

    Remote controlLaptop or handheld device systems are remotelycontrolled to diagnose and correct faults, enablingmobile workers to focus on their jobs, not their ITsystems.

    Connection managementA strong MDM solution uses an intelligent architecturedesign that optimises the ability to make the appropriatedecisions about which tools to use when managing afrontline deployment. Additionally, connectionmanagement functions are fully deployable over-the-air,


    05_694725 ch02.qxp 3/28/08 2:49 PM Page 16

  • eliminating the need for remote devices to be manuallyconfigured by IT.

    Scheduling and prioritisationComprehensive scheduling enables work to becompleted at the most efficient times, andprioritisation of different tasks ensures quickcompletion of the most important activities. Systemadministrators control the content, timing, parameters,and method of communication.

    Bandwidth optimisationComprehensive bandwidth management supportsapplications across all network types. On-the-fly datacompression, restarting connections at the point ofinterruption, file segmentation, and file-level and byte-level differencing minimise data volume for both largeand small transfers.


    Getting the medical database fit and wellA leading medical database management organisation neededa solution to better manage data retransmitted by businessservices. With Sybase iAnywhere technology, its staff canupdate software and remotely diagnose laptop computers out in the field, eliminating the time-consuming method ofphysically shipping computers back to headquarters to beupdated or repaired. This significantly reduces time spent onback-office tasks and improves productivity.

    05_694725 ch02.qxp 3/28/08 2:49 PM Page 17

  • Dynamic Bandwidth Throttling releases bandwidth toother applications when activity levels increase andthen reclaims it when they grow idle. Combining theability to dynamically react to throughput conditions,dynamically change throttling schemes, and dynamicallyconfigure and monitor these schemes provides you witha powerful means to reduce costs and minimise yourend-user pain. Clever stuff.

    Software and inventory managementA leading mobile device management solution providesvisibility into frontline devices so IT know exactly whatdevices are deployed, where theyre located, and what software is installed. This provides IT with theability to better manage and control future softwaredeployments.


    Protecting corporate securityWith more than 25,000 mobile workers, a leading global finan-cial services company wanted to enforce corporate securityand perform inventory control on thousands of newly deployedhandheld devices. It turned to Sybase iAnywhere technologyto secure information when devices are lost or stolen, provideproactive technical support by contacting users with solutionsto potential problems, and increase productivity becauseemployees are always connected. A spokesperson said: Evenwhen a device was out of coverage, the Sybase iAnywheresoftware gave us the audit trail to ensure that the device waspassword protected.

    05_694725 ch02.qxp 3/28/08 2:49 PM Page 18

  • Application supportSignificant management capabilities can be added tothird-party or custom applications such as initialdeployment, updating, and continual over-the-airmaintenance. This functionality can even be fullyintegrated into your application via published APIs.

    Document and content distributionA good mobile device management solution goesbeyond device management and gives IT the ability tocontrol applications and data too. Document files aresecurely delivered to frontline workers using a forcedor subscription model. Document owners have controlover content and can easily add, delete, and update


    Speeding up fast foodA fast food chain of 1,300 restaurants needed to improve itsremote PC management capabilities, specifically sending andreceiving large files over the course of several transmissions,with the ability to re-start a file transmission without the entirefile having to be re-sent. It wanted specific stores to connectat specified times, silent software installations, inventory monitoring, and security patches applied throughout its estate.Using Sybase iAnywhere software, the chain improved bi-directional communication both scheduled and ad hoc significantly improving patch management, and simplifying ITinfrastructure. Transmission of daily reports has been reducedfrom 45 minutes to seconds, leaving store operators now ableto focus more time on running their restaurants!

    05_694725 ch02.qxp 3/28/08 2:49 PM Page 19

  • content so that out-of-date documents in the field areautomatically replaced.

    File-based information can be updated from any sourceand format, including HTML, database files, documents,and other electronic content. Technologies such asbyte-level differencing, which means replacing or updating a segment of a file (rather than the entire file),can deliver significant savings.

    Process automationImportant tasks can be personalised and automated tomake them faster and easier for the IT administratorand user.

    Wizard-driven point-and-click scripting allows infinitelycustomisable activities on server or client systems,automating tasks and removing onerous responsibilityfrom mobile workers. These processes can be scheduledor initiated manually, or they can be triggered by themonitoring of a third-party application.

    Scripting delivers numerous possibilities: file transfers,hard disk checks and changes, configuration changes,and even IF/THEN logic processes for complextasking.

    System management extensionsWithin the confines of HQ, systems management is arelatively routine task. However, this task becomescomplicated with remote devices because thesedevices arent always connected to the network. A top-notch mobile device management system simplifiesthese routine management tasks by enabling regularmonitoring of devices to ensure compliance withcorporate policies.


    05_694725 ch02.qxp 3/28/08 2:49 PM Page 20

  • Support for Microsoft SMS and otherLAN systems management toolsA comprehensive MDM solution is Microsoft .Net-basedand you can integrate it with LAN-based systemsmanagement tools (such as Microsoft SMS) to expandthe range of devices that can be managed from theconsole. You can use it to manage all the latestWindows platforms, as well as extend management ofother existing mobile operating systems including RIM,Palm, Symbian, and Windows handheld devices.

    Finding the Solution withAfaria, from Sybase iAnywhereYou know the challenges and requirements of a reallyeffective mobile device management solution, and thegreat news is that Afaria meets every one of theseunique challenges of frontline environments. Afariaprovides comprehensive management capabilities to


    Saving time and moneyA large broadband communications company with over 3,500field service representatives increased mobile worker and ITproductivity, reduced repair time, and reaped about $500,000 inannual savings much attributable to automated device man-agement and application updates through Sybase iAnywheretechnology.

    05_694725 ch02.qxp 3/28/08 2:49 PM Page 21

  • proactively manage and secure all the devices, applications, data, and communications critical tofrontline success, regardless of the bandwidth youhave available.

    Afaria is an enterprise-grade, highly scalable solutionwith a central web-based console that enables IT tocontrol a host of key functions from a standardbrowser. And as Afaria is part of the InformationAnywhere Suite, you can easily add other keyfunctionality as your mobility needs evolve.

    With Afarias ability to tie into enterprise directories,these functions provide everything necessary toextend your organisations management and securitycapabilities to any device, in any location.


    Counting the savingsA leading provider of cleaning services found that manuallymoving large business-critical IT files to remote devices wascostly. It deployed Sybase iAnywhere mobile device manage-ment technology to manage its mobile devices and the flow ofdata. Staff time spent updating software decreased by 93 percent, travel reduced by 80 per cent, and shipping costsdropped by 100 per cent!

    05_694725 ch02.qxp 3/28/08 2:49 PM Page 22

  • Part III

    Under Lock and Key: Enforcing Security

    In This Part Thinking about your security needs

    Reading case studies

    Laptops, handheld devices, and other mobiledevices are, by their very nature, easy to lose andrarely within the grasp of your IT department. Theyreusually loaded with sensitive customer information,the risk of intrusion is high, and security controls areoften inconsistent or non-existent. Mobile devicesrepresent one of the most challenging battlegrounds in your campaign against data loss and theft.

    You employ your mobile workers for a variety of skills to sell, fix, treat things, and so on. Theyre not alwayscomfortable with IT and certainly not security experts.Yet, more than 75 per cent of enterprises leaveresponsibility for security in the hands of the user.

    This part delves into the security issues and, moreimportantly, the solutions you need to consider.

    06_694725 ch03.qxp 3/28/08 2:49 PM Page 23

  • Safe as Houses: ConsideringYour RequirementsWhen thinking about security, remember that securityis three-pronged and includes:

    Availability: Systems work promptly and serviceisnt denied to authorised users.

    Integrity: Data isnt changed in an unauthorisedmanner and the system itself isnt manipulated.

    Confidentiality: Information isnt disclosed tounauthorised individuals during storage,processing, or in transit.

    Consider the relevance of the following list whendeveloping the policies for your organisation:

    Protection for small, easily lost devices carryingsensitive information, rarely under the directcontrol of IT tech support.

    Centralised control from a single console over allyour devices and user groups whatever thedevice type, platform, or location.

    Security policies that meet legislative regulations.

    Reliable user authentication to control access tothe device and subsequently your corporate datastore.

    Protection for the data during transit and whenits stored on the device whatever the platformor device type.


    06_694725 ch03.qxp 3/28/08 2:49 PM Page 24

  • The ability to protect the device even if you cantcommunicate with it, utilising data fading or kill-pill functionality.

    Future-proof solutions for new platforms andemerging threats.

    Stating the Requirements ofYour Security SolutionAn effective mobile security solution, like Afaria,combines security and systems managementfunctionality from a single console. IT can transparentlymanage security requirements centrally, whilesupporting the application and device as if the mobileworker were attached to the office LAN. All necessarytasks can occur during a single connection.

    Seek a security solution that delivers the followingfunctionality.

    Password protectionPassword protection is the first step toward securingdata on mobile devices. You need a solution that offersthe ability to centrally define, control, and enforce end-user password policies.

    Its handy for central IT to be able to remotelyretrieve the password if your mobile workerforgets it. But if its an unauthorised attack,you need power-on password enforcement,requiring a user to enter a password each timethe device is turned on. If your pre-determinedthreshold of failed attempts is breached,


    06_694725 ch03.qxp 3/28/08 2:49 PM Page 25

  • device lock-down policies automatically resetthe device or delete specified or encrypteddata.

    On-device data encryption Data on devices and removable storage must beencrypted and decrypted with minimal userinconvenience. In the case of a lost or stolen device,data is protected through strong encryption and otherdevice disabling policies. Through the managementconsole, you can select what data to encrypt and when.You can also encrypt removable storage media, such ascompact flash cards and SD cards. Full-disk encryptionprotects the hard drives of laptops and tablet PCs,where the entire hard disk is encrypted, not just the


    May the force be strong! A police force needed a single solution that would send up-to-date information wirelessly through the network to laptops fitted within its patrol cars. It chose Sybase iAnywherebecause it had so many features above and beyond what otherproviders offered: document management, hardware man-agement, software management, and a script-writing feature.The wireless solution automatically starts working every timea patrol car enters the coverage area updating informationand software in 30 to 60 seconds, marking and restarting theupdate if the car leaves the coverage area before the down-load is complete. HQ is able to send out large files to the carsincluding wanted posters, missing persons information, crimestatistics and is able to update those files automatically.

    06_694725 ch03.qxp 3/28/08 2:49 PM Page 26

  • user data. This is a more secure approach and doesntrequire the user to make judgements about what filesto encrypt.

    Data-fadingData-fading is the capability for an IT administrator toautomatically lock, wipe, or reset a device that hasntcommunicated with the corporate email or managementserver after a predetermined number of days, in case adevice is lost or stolen. Similar protection can beinitiated by sending a kill-pill to the device: a messagepinged to the device by the system administrator thatimmediately initiates data deletion or device reset.

    Over-the-air data encryption Over-the-air encryption ensures data is protectedbetween the device and data centre. This also helpsensure that you comply with any enforced security legislation.


    Following the five-point plan to securityRemember the five key elements of enterprise mobile security:

    Set and centrally enforce your policies

    Authenticate the user

    Protect the data during transit and when its stored on thedevice

    Secure your data if the device is lost or stolen

    Dont rely on your mobile workers for security!

    06_694725 ch03.qxp 3/28/08 2:49 PM Page 27

  • Patch management Patches are automatically downloaded and deployedappropriately on an individual or group basis. Usuallydetailed logs and reports are kept to show the currentpatch levels and the protection levels employed.

    The Security Checklist Consider the following security measures in this handychecklist when youre planning a mobile securitydeployment:

    Secure the device:

    Enforce strong power-on password protectionthat users cant bypass or turn off.


    Helping an electricity provider shine brighterAn electricity provider needed a solution to manage its field-force asset inspection team. Previously, this field collectionwas completed in different regions using either paper orknowledge-based systems. Going mobile, utilising SybaseiAnywhere technology, enables distribution of work orders toinspectors in the field to capture and synchronise the assetinformation back to head office, automates previously manualprocesses, and provides secure data transfer between headoffice and field inspectors. More importantly, it increases flex-ibility for the field inspection team, giving them GPS locationinformation for each asset and a full maintenance history attheir fingertips!

    06_694725 ch03.qxp 3/28/08 2:49 PM Page 28

  • Remotely lock devices that are lost or stolen.

    Proactively wipe data from devices when youneed to.

    Reprovision devices in the field (automaticallyconfiguring devices for new usage, or building anew device with the configuration, applications,data, and security policies of a lost device itreplaces).

    Encrypt sensitive data stored on mobile devices.

    Manage, distribute, and install security patchestransparently via an administrator.

    Regularly back up key data from mobiledevices to the corporate network.

    Inform users about the importance of and themeans of protecting their information.

    Guard against malicious code:

    Distribute and install antivirus updates and software patches immediately and transparently.

    Prepare to tackle future threats such as theincrease in viruses that target handhelddevices.

    Monitor and enforce system and applicationsettings each time a device connects to the LAN, keeping track of whos accessed information.

    Block unprotected devices from accessingcorporate systems such as email.


    06_694725 ch03.qxp 3/28/08 2:49 PM Page 29

  • Retrieve client-scan log files to analyse whosaccessing data and applications on thefrontlines.

    Secure connections to corporate networks:

    Authenticate users and devices during eachconnection to the corporate network.

    Encrypt data to ensure safe transfer over thenetwork.

    Automate an inspection that verifiescompliance with security standards forantivirus software, patch levels, and personalfirewall settings before allowing a connection.

    Block network-based intrusion:

    Distribute, install, and maintain personalfirewalls transparently via an administrator.

    Enforce software settings.

    Monitor intrusion attempts at everyconnection from the frontlines and blockunauthorised access or unprotected devices.

    Use exception reporting and alerts via anadministrator to identify and correct networkweak points to limit intrusion.

    Centralise control of policies and corporatedirectories:

    Implement centrally managed security policiescomplete with established written policies.

    Audit security policies and ensure that theyreenforced by consistent reporting.


    06_694725 ch03.qxp 3/28/08 2:49 PM Page 30

  • 31

    The PDA prescriptionA leading hospital delivering care to nearly 700,000 patientsevery year deployed handheld devices to much of its medicalstaff. They selected Sybase iAnywhere technology to ensurethat the most accurate information and applications are avail-able to their users. The data transfer process is so easy andquick that the users can stay up-to-date all the time. Their ITdepartment uses the technology to know who has whichdevice, which software is licensed to each device, and howmuch memory remains. One of the great benefits of these features is that the IT department can keep track of inventoryand can diagnose and treat IT problems. By examining logs via a web browser, helpdesk personnel can proactively troubleshoot a variety of problems.

    06_694725 ch03.qxp 3/28/08 2:49 PM Page 31

  • 32

    06_694725 ch03.qxp 3/28/08 2:49 PM Page 32

  • Part IV

    Looking to the Future

    In This Part Seeking multiple components from a single vendor

    Guarding against handheld virus attacks

    Especially in the mobile space, technology changesfaster than you can deploy! In this part we peerinto the crystal ball at what youre likely to need toconsider in the near future.

    Integrating Mobile DeploymentComponents As mobility becomes adopted more strategically in the future, organisations will seek to have more components from a single vendor. Having integratedcomponents such as management + security; security+ email; email + messaging; application + messaging +management reduces the risk of technological conflicts, not to mention the challenge of working withmultiple contracts and multiple vendors when you justwant your system to work.

    07_694725 ch04.qxp 3/28/08 2:49 PM Page 33

  • Afaria, from Sybase iAnywhere, is part of theInformation Anywhere Suite, a secure, scalable mobiledevice platform that addresses these converging ITrequirements. By combining mobile email,collaboration, device management, enterprise-to-edgesecurity, and back-office application extension, theInformation Anywhere Suite enables your organisationto empower employees to do their work anywhere, atany time, on any device.

    MAGnificent MultichannelAccess Gateways Currently, mobile deployments consist of a mix ofmobile solutions from multiple vendors each withseparate software stacks for data transport. This leadsto direct conflicts with network connections, as well asbattery drain, complexities with testing, higher supportcosts, and an inability to effectively secure or manageyour systems.

    IT staff are moving towards combining the currentlyclashing data transport communications within a singleaccess gateway called a multichannel access gateway(MAG).

    Make sure that your mobile management andsecurity solution is capable of communicatingwithin your multichannel access gateway.


    07_694725 ch04.qxp 3/28/08 2:49 PM Page 34

  • Keeping Up with a Changing WorldNew devices and even new platforms constantly challenge corporate IT. As soon you try to standardiseon a device or platform, its out of date, or your staffdemand support for their own shiny gadgets!

    The line between personal and work devices isbecoming increasingly indistinct. Theres a mix ofenterprise operating systems and devices, with nosingle clear winner. And suddenly an emerging class of consumer devices will make their way into theenterprise.

    You need to select a vendor whos committed tosupporting the entire mixed device needs of yourcompany not just a sub-set.

    Avoiding Viruses Like the PlagueViruses are predominantly the curse of the laptop anddesktop world, but handheld virus attacks arebecoming increasingly prevalent since the first PDAvirus was reported way back in 2004. As the devicesbecome more popular, expect threats to your businessto increase too! Choose a management and securitysolution that counters this risk.


    07_694725 ch04.qxp 3/28/08 2:49 PM Page 35

  • 36

    Hotting things up for the fire brigadeOne of the largest fire brigades in Europe selected SybaseiAnywhere to provide its mobile systems management solu-tion to update and distribute risk information and buildingplans to over 150 fire appliances. The solution ensures all fireappliances are equipped with an up-to-date plan of all majorrisk buildings in their locality, to facilitate a fast and efficientemergency service, as well as to satisfy regulatory legisla-tion. Probably the most important feature of the deployment isthat it ensures data is standardised throughout the force sothat if an emergency is large enough for more than one sta-tion to be involved, attending appliances are working from thesame information.

    07_694725 ch04.qxp 3/28/08 2:49 PM Page 36

  • Part V

    Top Ten Mobile DeviceManagement Tips

    This part is small but packs a punch! Here are ourtop tips for both the systems administrator and themobile worker.

    For the corporate systems administrator:

    Centrally enforce security policies on mobiledevices. Dont leave it up to the end-user to turnon password software, encrypt data, or keep anti-virus software up-to-date.

    Implement a back-up system to protect corporatedata. Dont expect mobile workers to back uptheir own systems regularly. The back-up systemneeds to work even over slow dial-up connectionsand be completely unobtrusive to the user.

    Utilise software that enables remote configurationof all your mobile systems. You can then maintainbrowser and security settings centrally.

    Keep an up-to-date hardware and softwareinventory along with a back-up of all users data.Doing so helps you get the user up and runningfaster if the worst does happen.

    08_694725 ch05.qxp 3/28/08 2:49 PM Page 37

  • Provide your mobile workers with top levels ofsupport. Your mobile workers need that support theyre on their own and theyre generatingrevenue for the business.

    For the mobile worker:

    Push your IT people to provide an automaticback-up system for your data. This relieves youof the burden of remembering to back up yoursystem every day.

    Change your passwords regularly. Dont use ones that others could easily guess such as yourspouses, childs, or pets name.

    Be wary about where you browse on theInternet. Set your security settings to maximumwithin your web browser. Some unscrupulouswebsites could be spying on you and your data.

    Be careful about who you open emails from.Dont open a message from someone whose nameyou dont recognise, particularly if it has anattachment.

    Dont abuse the system by loading software thatcould impact its use for your job. Remember thatthe system is a tool to help you work efficiently.


    08_694725 ch05.qxp 3/28/08 2:49 PM Page 38

  • A Reference for the Rest of Us!TM

    978-0-470-51648-5 978-0-470-51259-3

    978-0-7645-7028-5 978-0-470-01838-5



    978-0-470-17469-2 978-0-470-14927-0 978-0-470-17474-6

    Available wherever books are sold




    09_694725 badvert01.qxp 3/28/08 2:49 PM Page 39

  • Manage. Secure. Unleash!

    Manage your devices and applications

    Secure your data

    Unleash your mobile potential!

    Messaging Management Security Application Enablement

    When it comes to mobile device deployments you need to remember just three things:

    10_694725 badvert02.qxp 3/28/08 2:49 PM Page 40

  • Securely manage your data, devices, and applications

    Mobile Device Management

    ISBN: 978-0-470-69472-5Not for resale

    Find listings of all our books

    Choose from many different subject categories

    Browse our free articles

    Secure and manage all your mobile devices

    Manage your mobile devices and applications

    Secure your mobile data

    Unleash your mobile workforces potential

    Explanations in plain


    Get in, get out


    Icons and other

    navigational aids

    A dash of humour and fun

    With the compliments of Sybase iAnywh


    In order to do their job, your fi eld personnel need the right information at the right time, on reliable devices. And, of course, security is vital. This minibook makes it easy for IT administrators to successfully mobilise their organisation showing how to secure mobile data, manage devices and applications, and unleash the potential of the mobile workforce.

    Choose the right mobile deployment solution

    Sybase iAnywhere Limited Edition


View more >