Solved

Mobile Devices Need Security

Posted on 2013-05-30
8
266 Views
Last Modified: 2014-05-08
We are needing to secure all of our mobile devices (a full variety of cell phones, ipads, tablets etc).  I know there is software available for this but am looking for recommendations rather than using Google.  I need to present some options to our Corp Operations Group.  Your suggestions are appreciated.
0
Comment
Question by:rosen55401
  • 3
  • 3
  • 2
8 Comments
 
LVL 38

Accepted Solution

by:
Rich Rumble earned 500 total points
ID: 39209798
Secure in what way? MobileIron is a good product, but if you're using blackberries then RIM has some great controls integrated already. RIM is now making control software for Apple products to, I've not seen it yet, but it might be good as well.
http://arstechnica.com/information-technology/2013/01/rim-tries-to-keep-its-business-customers-ahead-of-blackberry-10-launch/
No product works on all products, we've tried NAC (all the big names, forescout was the most comprehensive)
We've come to the conclusion that BYOD is not for us, cost's too much money to administer and maintain, and have banned all but a select few mobile devices. It's more policy than actual security measures, but it's working, better than NAC itself did.
-rich
0
 
LVL 62

Expert Comment

by:btan
ID: 39210028
Before securing mobile device, you need to consider how to maintain and centrally enforced it and i am looking at managed device instead of BYOD. If you do not even have a mobile infra backend at the moment, I dont really suggest a BYOD. So taking that out of context, minimally the security s/w will have to provide what NIST SP800-124 has shared as well - though NIST SP is in draft, it serves as good guidelines and personally I see it minimal baseline on the s/w candidates as well.

(section 4 has the safeguards - note it is more than just the s/w but also the policy etc)
http://csrc.nist.gov/publications/nistpubs/800-124/SP800-124.pdf

This bring in the MDM and MAM aspect - policing at device and application level. Note that the important asset for s/w protecting is really the organisation data. The threats to mobile device are just countless and growing.

I do also agree with richrumble on MobileIron which is one of the leader. There is actually gartner (link - it state the leaders) for MDM/MAM if you wanted to build stronger justification (not by popular demand). Note that there is no one size fit all provider but build up for MDM and then MAM (esp on org apps and apps store if any).

http://mspmentor.net/mobile-device-management/gartner-magic-quadrant-mobile-device-management-mdm

Also Goods Technology recently is certified by Australian DSD to protect iPAD and iPhones. In the specific phones, US DoD has certified iPhones and iPad running IOS 6.

http://www.cio.com.au/article/456071/dsd_signs_good_technology_secure_ios_devices/
http://www.geek.com/mobile/iphone-and-ipad-running-ios-6-officially-certified-by-u-s-department-of-defense-1555611/

Samsung does has its niche (Knox) likewise for latest BB10 (though there is past version already certified like BB7/BES5). But both has not really gain as much traction like latest Apple on govt security agencies wide acceptance (taken granted the first mover for user friendly edge against competitor which can be subjective also).

http://www.samsung.com/global/business/mobile/solution/security/samsung-knox
http://gizmodo.com/5991470/bb10-fails-the-uk-governments-high-security-testing

Fixmo is another preaching Mobile Risk Mgmt and added more for Samsung Knox and others too.
http://fixmo.com/fixmo-enables-samsung-knox-devices-within-usdod
http://fixmo.com/fixmo-government-compliant-apple-samsung-blackberry

If you are 451 member, you may check out their "Mobile device  disorder" listing of vendor landscape in the paper on the market space and provider's value proposition - can drill to those leader and use the govt guidelines as baseline.

https://451research.com/report-long?icid=2603

The next upcoming are really the trustzone stuff to fully virtualised and for a mobile TPM but that is beyond and we should wait and see first. VMware Horizon preached something close for mobile hypervisor and we should be looking at h/w assistance as well.
0
 

Author Comment

by:rosen55401
ID: 39210529
Thank you both for your input and suggestions.  Currently we have a BYOD policy and we have no way to protect our company data on that phone.  Or even worse no way to force the users to even have a password on their phones.  I'm looking for a software that can manage this.
0
 
LVL 62

Expert Comment

by:btan
ID: 39210667
MAM solution is then the approach to segregate the enterprise data from home user data. Some already mentioned above like Goods, MI and Citrix XenMobile. It will not be a straight easy simple apps to protect BYOD. user will not allow remote wipe or even geo fencing easily since the device is their personal asset so only way is target apps to be sandboxed and not access by other non enterprise apps.  Then again user is weakest link
0
Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

 
LVL 38

Expert Comment

by:Rich Rumble
ID: 39210729
What is your company data? What can they put on their phones? Customer list's, files, databases? How do their devices store this data? Have a look at Mobileiron's litnay of features and  maybe you can get an idea of what can and can't be secured.
http://www.mobileiron.com/en/solutions/byod

We found the cost prohibitive of all products and had to ban BYOD, please examine these questions: Does BYOD help solve any problem you actually have, or does it introduce more? For us, BYOD is more "bratty kid" behavior than it is necessary. "Cus I wanna" isn't a reason to allow access to your network for a mobile device if you can't secure the data.

We allow email access from mobile devices, and that is all. We don't allow sensitive data to be sent via email and we do have controls around that. From a security perspective, I can't justify mobile devices being needed, unless we are the ones issuing them, and they have the controls in place before being issued. When work and home are being mixed, it's too easy to forget the rules and what is important, users become complaisant. That has always been my experience.
-rich
0
 
LVL 62

Expert Comment

by:btan
ID: 39212472
Agree with richrumble - the question is why byod if the risk is much higher than managed approach, and if this is first time rollout management of mobile device is far more complex than it is ... note even then, no solution ensure compatibility with any phone or their next gen. Never be at the mercy of the least importance ...
0
 

Author Closing Comment

by:rosen55401
ID: 39886077
Ended up deploying MobileIron - was a relatively easy and smooth process.
0
 
LVL 38

Expert Comment

by:Rich Rumble
ID: 40051427
https://threatpost.com/legal-guidelines-say-apple-can-extract-data-from-locked-ios-devices/105966
Apple appears to have some back-door or physical means of bypassing controls. No details if MobileIron is immune, but if apple can do it, it won't be long before others probably can too.
-rich
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
cryptolocker in a desktop 3 75
VMWare Workspace ONE 10 100
Office 365 setup on Android phone 6 64
GPG4Win and loosing file metadata on encruption. How to preserve? 4 51
For Sennheiser, comfort, quality and security are high priority areas. This paper addresses the security of Bluetooth technology and the supplementary security that Sennheiser’s Contact Center and Office (CC&O) headsets provide.  
There are many Password Managers (PM) out there to choose from. PM's can help with your password habits and routines, but they should not be a crutch you rely on too heavily. I also have an article for company/enterprise PM's.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
A simple description of email encryption using a secure portal service. This is one of the choices offered by The Email Laundry for email encryption. The other choices are pdf encryption which creates an encrypted pdf of your email and any attachmen…

895 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now