Enterprise Mobile: Solving the ChallengesAisha Visram

Follow: @MobileGuroo

LinkedIn: www.linkedin.com/in/aishavisram

Email: aisha@mobileguroo.com

Three Key Take-Aways

• Mobile access transforms the way we think about work, And, its not going away.

• Unmanaged personal devices at work is the major cause of security risk

• There is no single, unicorn solution

Agenda

• The Mobile landscape: consumer vs. enterprise

• Creating a Mobility Program

• The challenges

• The role of EMM

• Final conclusions

The Mobile Landscape

Everyone has a Smartphone: 64% vs. 18% in 2009

Smartphones are already Replacing Desktop/Laptops

Millennials = Largest Generation in the Workforce this Year

What does that Mean?

87% - Smartphone never leaves their side

34% - Prefer to collaborate online than in person

45% -Use Personal Smartphones for work purposes

Enterprise Mobility

• IT spending for iPad® tablets - $16 billion in 2013

• 87% of global smartphone market is Android

• Average US employee carries 3 devices

• 70% of users doing work on personal devices, regardless of company policy

InformationWeek Jan 2014

Mobile Landscape

Remarkably, only 14% of companies have instituted a mobile device security policy.

Creating a Mobility Program

CIO Mandate

• Increase IT efficiency• Improve Employee Productivity• Help Customers Succeed

Measures of Success“ All employees accessing data they need to do their job from any mobile device.”

Mobility Program Objectives

• Mobilize processes for smartphones/tablets

• Ensuring corporate data is protected on any device

• Balancing usability and security: “secure-able”

• Making users happy and productive

What do employees/users want?

• Not to be a dinosaur! Employees are more productive on mobile devices they choose.

Measures of Success

What do employees/users want?

• Increasing productivity without interrupting usability

• Easy access to company data and documents

• Manage both corporate and personal data

• Ambient security - it runs in the background if it needs to

• Privacy is protected

Measures of Success

The Challenges

• BYOD

• Which Mobile Apps to allow?

• Mobile Security

• Do we need an Enterprise Mobile Management Solution?

• Others?

Measures of SuccessWhat you Don’t Know CAN Hurt You…

Ponemon Institute March 2013

Are we supposed to go BYOD?

62% of companies to allow BYOD by year’s end, more than 44% of organizations already allow BYOD.

Employee-owned smartphones and tablets used in the enterprise will exceed 1 billion by 2018 due to BYOD.

ComputerWorld, Aug 2013

Are we supposed to go BYOD?

65% of employees said:

- Nothing has been communicated about BYOD- No official policy guidelines - Employees are not allowed to use their own

devices at work

ComputerWorld, Aug 2013

Most Organizations underestimate Cloud App Usage by 90%

Top 20 Cloud Apps in Enterprise

Top apps used Globally - Messaging

An example - Slack

Risks to Enterprise

• Lost or stolen devices • Unauthorized access• Compromised device

• Malware

• Exposure of confidential information

Measures of SuccessMobility Security Incidents: Do the Benefits Outweigh the Risk?

21%• Perform data wipes

on personal devices when employees leave company

Ponemon Institute March 2013

Breaches are due to compromised credentials

Mobile Devices are Harvesting your Data

• Adware grew to 136% to 410,000 apps between 2013 to 2014, giving attackers access to personal information such as contacts

InformationWeek Jan 2014

Can you trust your apps?

AppThority, 2014

Mobile Malware

Mobile Malware

• 97% of mobile malware coming from third-party Android app stores in Asia and Middle East

• Apps carrying malware in Google Play Store is 0.1% (short shelf life if encountered)

Forbes, March 2014

The Role of EMM

Device Management BlueprintMeasures of Success

Privacy Protection

Security Management

Secure Configurations

Remote Wipe

Device Protection

App Management

Corp Integration

Device Management

Mobile Device Management• Ease of deployment: 1000’s of mobile devices can be

remotely provisioned with corporate data and managed

• Selective wipe: removing corporate data, leaving the personal data on the device

• Enforcing device passcode and hardware encryption

• Device posture: if device is jailbroken/rooted, unencrypted, doesn’t have min OS, IT can prevent device from connecting to corporate network

• Disallow Screen Capture/Roaming/iCloud

Mobile Device Management• Application Control: Requiring apps to be installed/removed, prevent app from being

backed up to iCloud/Google Cloud

• Securing email and attachments

– Protect email attachments: personal apps

– ActiveSync is not enough• Policies can be circumvented• Device posture is not detected and enforced

– Protect email attachments from being shared with personal applications

– Detect + block jailbreak/root devices– Cert-based authentication for email

Mobile Application Management

• Per App VPN: • Apps can be automatically configured to

connect to VPN when they are launched• Not exposing entire device to the

corporate network• Improves performance• Privacy

• “Open In”

Mobile Application Management

• Share data between: • Secure apps (Secure Secure)• Whitelist apps (Secure Secure & Managed)• With personal apps (Personal Secure)

Final Conclusions

• Figuring this out is critical to the success of your business

• Risk has to be balanced with usability

• Approach mobility as any other mission critical project – process, policy and accountability

QUESTIONS?

PARKING LOT

Are we supposed to go BYOD?

• Should you go BYOD? • IT Leaders (60%): BYOD does not deliver on higher

customer satisfaction• Assessing the cost/benefit• IT Leaders (62%): BYOD does not lower IT expenses• Lowers capital expenditure, but may increase support

costs• BYOD for corporate-issued devices• Improve access and re-evaluate restrictive security

policies

ComputerWorld, Aug 2013

What do we make of conflicting data?

Are we supposed to go BYOD?

1. Employees need to choose any mobile device/OS

2. Make sure access is easy for authorized users

My Top 11 for a Successful BYOD Program

Are we supposed to go BYOD?

3. Pay attention to mobile use cases and LOB

My Top 11 for a Successful BYOD Program

Are we supposed to go BYOD?

4. Communication plan. Be transparent with employees.

5. Manage data and not devices: • Mobile Application Management policies• Data and User classification• Isolate network• Detect and Contain• Unsecure networks and multi-auth

67% do not have policies in place that address sharing of corporate files in third-party cloud storage services.

Acronis, July 2013

My Top 11 for a Successful BYOD Program

Are we supposed to go BYOD?

6. Separate personal data from corporate data

7. Don’t forget the basics: password protection & encryption!

8. Lost/stolen device? Wipe corp data and block

My Top 11 for a Successful BYOD Program

Are we supposed to go BYOD?

6. Reduce corporate liability with private data

7. Involve stakeholders

8. Run a BYOD pilot!

My Top 11 for a Successful BYOD Program

Mobile Corp Data Leakage

• Identify which mobile apps put corporate data at risk vs. which apps are benign

• Risky app behaviours• Transferring Contacts• Cloud-based file storage • Uses microphone• Accesses IMEI/UDID• Single Sign on (social networking)• Location tracking

• Mobile malware and spyware

Saves password on device in clear text

Links to credit card for auto-load

App Reputation – Identifying the Bad Guys