Solved

Mobile Devices Need Security

Posted on 2013-05-30
8
264 Views
Last Modified: 2014-05-08
We are needing to secure all of our mobile devices (a full variety of cell phones, ipads, tablets etc).  I know there is software available for this but am looking for recommendations rather than using Google.  I need to present some options to our Corp Operations Group.  Your suggestions are appreciated.
0
Comment
Question by:rosen55401
  • 3
  • 3
  • 2
8 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
Comment Utility
Secure in what way? MobileIron is a good product, but if you're using blackberries then RIM has some great controls integrated already. RIM is now making control software for Apple products to, I've not seen it yet, but it might be good as well.
http://arstechnica.com/information-technology/2013/01/rim-tries-to-keep-its-business-customers-ahead-of-blackberry-10-launch/
No product works on all products, we've tried NAC (all the big names, forescout was the most comprehensive)
We've come to the conclusion that BYOD is not for us, cost's too much money to administer and maintain, and have banned all but a select few mobile devices. It's more policy than actual security measures, but it's working, better than NAC itself did.
-rich
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
Before securing mobile device, you need to consider how to maintain and centrally enforced it and i am looking at managed device instead of BYOD. If you do not even have a mobile infra backend at the moment, I dont really suggest a BYOD. So taking that out of context, minimally the security s/w will have to provide what NIST SP800-124 has shared as well - though NIST SP is in draft, it serves as good guidelines and personally I see it minimal baseline on the s/w candidates as well.

(section 4 has the safeguards - note it is more than just the s/w but also the policy etc)
http://csrc.nist.gov/publications/nistpubs/800-124/SP800-124.pdf

This bring in the MDM and MAM aspect - policing at device and application level. Note that the important asset for s/w protecting is really the organisation data. The threats to mobile device are just countless and growing.

I do also agree with richrumble on MobileIron which is one of the leader. There is actually gartner (link - it state the leaders) for MDM/MAM if you wanted to build stronger justification (not by popular demand). Note that there is no one size fit all provider but build up for MDM and then MAM (esp on org apps and apps store if any).

http://mspmentor.net/mobile-device-management/gartner-magic-quadrant-mobile-device-management-mdm

Also Goods Technology recently is certified by Australian DSD to protect iPAD and iPhones. In the specific phones, US DoD has certified iPhones and iPad running IOS 6.

http://www.cio.com.au/article/456071/dsd_signs_good_technology_secure_ios_devices/
http://www.geek.com/mobile/iphone-and-ipad-running-ios-6-officially-certified-by-u-s-department-of-defense-1555611/

Samsung does has its niche (Knox) likewise for latest BB10 (though there is past version already certified like BB7/BES5). But both has not really gain as much traction like latest Apple on govt security agencies wide acceptance (taken granted the first mover for user friendly edge against competitor which can be subjective also).

http://www.samsung.com/global/business/mobile/solution/security/samsung-knox
http://gizmodo.com/5991470/bb10-fails-the-uk-governments-high-security-testing

Fixmo is another preaching Mobile Risk Mgmt and added more for Samsung Knox and others too.
http://fixmo.com/fixmo-enables-samsung-knox-devices-within-usdod
http://fixmo.com/fixmo-government-compliant-apple-samsung-blackberry

If you are 451 member, you may check out their "Mobile device  disorder" listing of vendor landscape in the paper on the market space and provider's value proposition - can drill to those leader and use the govt guidelines as baseline.

https://451research.com/report-long?icid=2603

The next upcoming are really the trustzone stuff to fully virtualised and for a mobile TPM but that is beyond and we should wait and see first. VMware Horizon preached something close for mobile hypervisor and we should be looking at h/w assistance as well.
0
 

Author Comment

by:rosen55401
Comment Utility
Thank you both for your input and suggestions.  Currently we have a BYOD policy and we have no way to protect our company data on that phone.  Or even worse no way to force the users to even have a password on their phones.  I'm looking for a software that can manage this.
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
MAM solution is then the approach to segregate the enterprise data from home user data. Some already mentioned above like Goods, MI and Citrix XenMobile. It will not be a straight easy simple apps to protect BYOD. user will not allow remote wipe or even geo fencing easily since the device is their personal asset so only way is target apps to be sandboxed and not access by other non enterprise apps.  Then again user is weakest link
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 38

Expert Comment

by:Rich Rumble
Comment Utility
What is your company data? What can they put on their phones? Customer list's, files, databases? How do their devices store this data? Have a look at Mobileiron's litnay of features and  maybe you can get an idea of what can and can't be secured.
http://www.mobileiron.com/en/solutions/byod

We found the cost prohibitive of all products and had to ban BYOD, please examine these questions: Does BYOD help solve any problem you actually have, or does it introduce more? For us, BYOD is more "bratty kid" behavior than it is necessary. "Cus I wanna" isn't a reason to allow access to your network for a mobile device if you can't secure the data.

We allow email access from mobile devices, and that is all. We don't allow sensitive data to be sent via email and we do have controls around that. From a security perspective, I can't justify mobile devices being needed, unless we are the ones issuing them, and they have the controls in place before being issued. When work and home are being mixed, it's too easy to forget the rules and what is important, users become complaisant. That has always been my experience.
-rich
0
 
LVL 61

Expert Comment

by:btan
Comment Utility
Agree with richrumble - the question is why byod if the risk is much higher than managed approach, and if this is first time rollout management of mobile device is far more complex than it is ... note even then, no solution ensure compatibility with any phone or their next gen. Never be at the mercy of the least importance ...
0
 

Author Closing Comment

by:rosen55401
Comment Utility
Ended up deploying MobileIron - was a relatively easy and smooth process.
0
 
LVL 38

Expert Comment

by:Rich Rumble
Comment Utility
https://threatpost.com/legal-guidelines-say-apple-can-extract-data-from-locked-ios-devices/105966
Apple appears to have some back-door or physical means of bypassing controls. No details if MobileIron is immune, but if apple can do it, it won't be long before others probably can too.
-rich
0

Featured Post

6 Surprising Benefits of Threat Intelligence

All sorts of threat intelligence is available on the web. Intelligence you can learn from, and use to anticipate and prepare for future attacks.

Join & Write a Comment

The case of the missing phone talks about the way a small electronic gadget (the mobile phone) has penetrated into our lives and has made us addicted to it.
As a financial services provider, your business is impacted by two of the strictest federal regulations on record: the Sarbanes-Oxley Act and the Gramm-Leach-Bliley Act. Correctly implementing faxing into your organization to provide secure, real-ti…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now