Solved

Mobile Devices Need Security

Posted on 2013-05-30
8
278 Views
Last Modified: 2014-05-08
We are needing to secure all of our mobile devices (a full variety of cell phones, ipads, tablets etc).  I know there is software available for this but am looking for recommendations rather than using Google.  I need to present some options to our Corp Operations Group.  Your suggestions are appreciated.
0
Comment
Question by:rosen55401
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
8 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 39209798
Secure in what way? MobileIron is a good product, but if you're using blackberries then RIM has some great controls integrated already. RIM is now making control software for Apple products to, I've not seen it yet, but it might be good as well.
http://arstechnica.com/information-technology/2013/01/rim-tries-to-keep-its-business-customers-ahead-of-blackberry-10-launch/
No product works on all products, we've tried NAC (all the big names, forescout was the most comprehensive)
We've come to the conclusion that BYOD is not for us, cost's too much money to administer and maintain, and have banned all but a select few mobile devices. It's more policy than actual security measures, but it's working, better than NAC itself did.
-rich
0
 
LVL 64

Expert Comment

by:btan
ID: 39210028
Before securing mobile device, you need to consider how to maintain and centrally enforced it and i am looking at managed device instead of BYOD. If you do not even have a mobile infra backend at the moment, I dont really suggest a BYOD. So taking that out of context, minimally the security s/w will have to provide what NIST SP800-124 has shared as well - though NIST SP is in draft, it serves as good guidelines and personally I see it minimal baseline on the s/w candidates as well.

(section 4 has the safeguards - note it is more than just the s/w but also the policy etc)
http://csrc.nist.gov/publications/nistpubs/800-124/SP800-124.pdf

This bring in the MDM and MAM aspect - policing at device and application level. Note that the important asset for s/w protecting is really the organisation data. The threats to mobile device are just countless and growing.

I do also agree with richrumble on MobileIron which is one of the leader. There is actually gartner (link - it state the leaders) for MDM/MAM if you wanted to build stronger justification (not by popular demand). Note that there is no one size fit all provider but build up for MDM and then MAM (esp on org apps and apps store if any).

http://mspmentor.net/mobile-device-management/gartner-magic-quadrant-mobile-device-management-mdm

Also Goods Technology recently is certified by Australian DSD to protect iPAD and iPhones. In the specific phones, US DoD has certified iPhones and iPad running IOS 6.

http://www.cio.com.au/article/456071/dsd_signs_good_technology_secure_ios_devices/
http://www.geek.com/mobile/iphone-and-ipad-running-ios-6-officially-certified-by-u-s-department-of-defense-1555611/

Samsung does has its niche (Knox) likewise for latest BB10 (though there is past version already certified like BB7/BES5). But both has not really gain as much traction like latest Apple on govt security agencies wide acceptance (taken granted the first mover for user friendly edge against competitor which can be subjective also).

http://www.samsung.com/global/business/mobile/solution/security/samsung-knox
http://gizmodo.com/5991470/bb10-fails-the-uk-governments-high-security-testing

Fixmo is another preaching Mobile Risk Mgmt and added more for Samsung Knox and others too.
http://fixmo.com/fixmo-enables-samsung-knox-devices-within-usdod
http://fixmo.com/fixmo-government-compliant-apple-samsung-blackberry

If you are 451 member, you may check out their "Mobile device  disorder" listing of vendor landscape in the paper on the market space and provider's value proposition - can drill to those leader and use the govt guidelines as baseline.

https://451research.com/report-long?icid=2603

The next upcoming are really the trustzone stuff to fully virtualised and for a mobile TPM but that is beyond and we should wait and see first. VMware Horizon preached something close for mobile hypervisor and we should be looking at h/w assistance as well.
0
 

Author Comment

by:rosen55401
ID: 39210529
Thank you both for your input and suggestions.  Currently we have a BYOD policy and we have no way to protect our company data on that phone.  Or even worse no way to force the users to even have a password on their phones.  I'm looking for a software that can manage this.
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 64

Expert Comment

by:btan
ID: 39210667
MAM solution is then the approach to segregate the enterprise data from home user data. Some already mentioned above like Goods, MI and Citrix XenMobile. It will not be a straight easy simple apps to protect BYOD. user will not allow remote wipe or even geo fencing easily since the device is their personal asset so only way is target apps to be sandboxed and not access by other non enterprise apps.  Then again user is weakest link
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39210729
What is your company data? What can they put on their phones? Customer list's, files, databases? How do their devices store this data? Have a look at Mobileiron's litnay of features and  maybe you can get an idea of what can and can't be secured.
http://www.mobileiron.com/en/solutions/byod

We found the cost prohibitive of all products and had to ban BYOD, please examine these questions: Does BYOD help solve any problem you actually have, or does it introduce more? For us, BYOD is more "bratty kid" behavior than it is necessary. "Cus I wanna" isn't a reason to allow access to your network for a mobile device if you can't secure the data.

We allow email access from mobile devices, and that is all. We don't allow sensitive data to be sent via email and we do have controls around that. From a security perspective, I can't justify mobile devices being needed, unless we are the ones issuing them, and they have the controls in place before being issued. When work and home are being mixed, it's too easy to forget the rules and what is important, users become complaisant. That has always been my experience.
-rich
0
 
LVL 64

Expert Comment

by:btan
ID: 39212472
Agree with richrumble - the question is why byod if the risk is much higher than managed approach, and if this is first time rollout management of mobile device is far more complex than it is ... note even then, no solution ensure compatibility with any phone or their next gen. Never be at the mercy of the least importance ...
0
 

Author Closing Comment

by:rosen55401
ID: 39886077
Ended up deploying MobileIron - was a relatively easy and smooth process.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 40051427
https://threatpost.com/legal-guidelines-say-apple-can-extract-data-from-locked-ios-devices/105966
Apple appears to have some back-door or physical means of bypassing controls. No details if MobileIron is immune, but if apple can do it, it won't be long before others probably can too.
-rich
0

Featured Post

Ready to get started with anonymous questions?

It's easy! Check out this step-by-step guide for asking an anonymous question on Experts Exchange.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

How to take pictures with depth using iOS 10
Businesses who process credit card payments have to adhere to PCI Compliance standards. Here’s why that’s important.
The Email Laundry PDF encryption service allows companies to send confidential encrypted  emails to anybody. The PDF document can also contain attachments that are embedded in the encrypted PDF. The password is randomly generated by The Email Laundr…
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question