Urgent How to Need

Transcription

Urgent How to Need
TECH DOSSIER
ENTERPRISE MOBILITY APPS:
The Urgent
Need for
IMPROVED
SECURITY
and How to
Get There
As enterprises race to respond to the new
mobile age, the management of smart devices, the apps that run
on them, and the security of both have taken on new urgency. Mobile device
management (MDM) by itself does not address a number of vital concerns,
including best practices for their distribution. Especially important is incorporating equivalent, consistent, easily managed security into individual apps—
built in-house or purchased—in a way that is separate from the development
of the app’s code, a concept known as “app wrapping.”
This paper examines current mobility market trends, provides an overview
of MDM and app wrapping, and delves into issues and solutions related to
mobile app security.
2
TECH DOSSIER | ENTERPRISE MOBILITY APPS
MOBILITY DEMAND SOARS
Just how fast is enterprise mobility growing? The numbers
are staggering. In its September 2013 “Worldwide Quarterly
Smart Connected Device Tracker,”1 IDC expected 1.4 billion
smartphones to ship in 2015. It also predicted that tablet
shipments would finally surpass total annual PC shipments
by the end of 2015.
Perhaps the best barometer for measuring the explosion of
mobile apps is in the area of customer relationship management.
In 2013, researcher Gartner Inc. predicted that “mobile CRM apps
available for download on app stores will grow to over 1,200 by
2014 from 200 in 2012.” It also predicted that by 2016, “more than
50 percent of CRM software revenue will be delivered by SaaS.”2
One of the key benefits of SaaS and cloud services is greater
mobility: Organizations can ensure their workers have access to
vital applications regardless of location and device.
That growth is driven, in part, by the need for businesses to
stay in touch with employees, and employees with customers
at all hours—and it’s occurring faster than many businesses
can handle. While nearly two-thirds of employees are already
using personal devices for work, both management of those
devices and security for apps lag considerably. PricewaterhouseCoopers reports that just 43 percent of organizations
have implemented formal mobility policies.3
IT professionals are fully aware that vastly broader mobile access
creates new opportunities for breaching security. What was a
novelty just a few years ago is now regarded as a serious danger.
For many security professionals, mobile devices and apps are
their top enterprise security concern. They require devices and
apps to be better managed, users made more aware, and security applied to individual apps in a consistent manner.
BENEFITS OF MOBILE APPS
With the plunge in PC shipments hastening (down 10 percent
globally for all of 20134 on top of a 3.5 percent decline in 2012,5
according to Gartner) and the meteoric rise in shipments of
mobile devices, development of apps designed for smartphones
and tablets is now the unquestioned center of attention.
Whether developed in-house or acquired through third parties,
mobile apps offer a cornucopia of advantages, both businessand IT-related.
n For users, mobile apps are always just inches away,
providing immediacy simply not available from a desktopor laptop-based browser experience. Employees can
leverage this anywhere, anytime connectivity to enhance
their personal productivity, instilling a greater sense of
accomplishment, value, and pride in their work.
n Custom apps intended for employee use can improve
existing workflows to boost productivity, reduce reliance
on paper-bound processes, and enhance morale.
n Mobile apps are compact and easily modified and
IDC expects
1.4 billion
smartphones
to ship in 2015.
It also believes that
tablet shipments
will finally surpass
total annual PC
shipments by the
end of 2015.
distributed, allowing a quick response to changing market
conditions. Designed with specific mobile operating systems
in mind, the developer maintains total control over every
nuance of the user interface and experience, very different
from universal Web-based applications whose behavior or
screen rendering can yield unfortunate results due to quirks
in different mobile-based Web browsers.
n Mobile apps can do what traditional server-based
browser applications cannot. Fleet operators can use
GPS to make sure drivers stay on their route schedules.
Built-in cameras are used by videoconferencing apps and
by roving insurance adjusters for taking—and immediately
transmitting—photos of damaged vehicles.
n Mobile apps portray a company as up-to-date, always
available, and in tune with millions of people who rarely use
a PC. An attractive, easy-to-use app can become something
of an addiction, inducing customers to stay connected. A
positive experience can boost sales and engender brand
loyalty, and through positive social-media feedback attract
new users.
3
TECH DOSSIER | ENTERPRISE MOBILITY APPS
and passwords of millions of customers in the clear, unencrypted. Computerworld reported that the information could be
easily viewed by connecting the device to a PC. The problem
was quickly fixed via an app update. In a separate January
incident, hackers posted the usernames and phone numbers of
4.6 million users of a popular photo-sharing app. Incidents like
these are avoidable with appropriate app security.
While nearly two-thirds of employees
are already using personal
devices for work, management
of those devices and security for
apps lags considerably.
Mobile apps also have great appeal for IT. Seen as cutting-edge
technology that leverages the newest devices, they help portray
IT as a proactive enabler of forward-looking solutions, rather than
as a recalcitrant obstacle to conquering business needs. IT can
transform itself from traditional service provider into the driving
force behind mobile solutions that transform business.
Aware of potential risks associated with mobile apps, the U.S.
Federal Trade Commission in 2013 published a series of bestpractices recommendations, beginning with a strong reminder
that even the most secure app is likely to run over insecure
Wi-Fi® networks.7 Consequently, the FTC advises developers
to encrypt usernames, passwords, and data; and ensure that
back-end servers are secure, whether in the organization’s
own data center or at a cloud service provider. The agency
admonishes developers to identify who is ultimately responsible for app security and to understand applicable standards
and regulations with regard to children’s, health, and financial
data, citing several references—the Children’s Online Privacy
Protection Act (COPPA); the Gramm-Leach-Bliley Act; the
Health Insurance Portability and Accountability Act (HIPAA);
and the Health Breach Notification Rule. Finally, the FTC warns
IT to monitor app performance and keep software and security libraries up-to-date.
DEVICE MANAGEMENT IS NOT ENOUGH
SECURITY ISSUES
The rapid move to Bring Your Own Device (BYOD) has left many
enterprises struggling to provide adequate management and
security. It’s no wonder: In a December 2013 forecast, IDC
projected that by 2017, 328 million people will use their own
smartphones at work, vastly more than 132 million in 2013. In
2012, the number was just 88 million.6
Those device owners are often reluctant to let their employers
install security or device management software, though ultimately they may have little choice. Similarly, employers do not
relish the thought of barring employees from using their favorite
apps. Employee-installed apps—games, social media, photo
sharing, file storage, personal finance, or retail-oriented—
constitute a great unknown, raising the specter of data leakage,
malware downloads, and compromised passwords. None are
good for business and may lead to legal exposure and an otherwise avoidable public-relations disaster.
Even the largest of enterprises have not been immune to selfinflicted breakdowns in mobile app security. In January 2014,
the world’s largest chain of coffee emporiums acknowledged
that its mobile app for iOS® stored usernames, email addresses,
MDM, as its name suggests, is the foundation technology for
administering mobile-device fleets. Key aspects of MDM include
provisioning, asset tracking, configuration, policy compliance,
remote wipe and reset, authentication, permissions, and diagnostics, but not software administration. Many organizations
have adopted MDM to manage and secure mobile devices,
whether those devices are company-owned and issued or the
property of individual employees under a BYOD initiative.
The move to BYOD vastly complicates matters. With BYOD,
employees rely on their devices for personal and business
purposes, often using the very same apps for both. The result
is the inevitable intermingling of corporate and personal data.
The need to keep personal and corporate assets distinct and
secure is perhaps the most significant challenge facing the fastgrowing BYOD movement.
MDM, because it manages the entire device, is not able to
separate personal and corporate apps and data. Policies and
settings, even if intended for business purposes only, are
applied to the device as a whole, impacting personal usage.
Leakage of data from the business side to the personal side
is almost inevitable, though nearly always unintentional. The
4
classic example is an employee who receives a corporate email
with confidential attachments that discuss business plans or
finances. Wanting to review the files, the employee may save
the attachment to a personal file repository such as Dropbox®,
Evernote®, Google® Drive, or Microsoft® OneDrive (formerly
SkyDrive), and open it in a document-editing app.
APP WRAPPING
Without a doubt, the security of mobile apps is imperative,
leaving enterprises no choice but to implement a robust methodology for incorporating security in a comprehensive, consistent, yet flexible manner. However, it is the rare enterprise that
has such expertise onboard. The need for an easy-to-use solution that secures individual apps and their associated data on
mobile devices has become clear, sometimes painfully so.
With several aspects of security to consider and the depth of
specialized expertise required to implement enterprise-class
security at the individual mobile-app level, the most logical
approach is to partially unfetter development staffs from this
responsibility. While developers still need to write efficient,
compact code that does not introduce vulnerabilities, an
overarching mechanism for introducing app-level security in a
manner that is consistent and repeatable is the ideal solution.
TECH DOSSIER | ENTERPRISE MOBILITY APPS
Through the Symantec Sealed Program, Symantec is empowering mobile app developers with the means to make their apps
enterprise-ready so they comply with security requirements
and can be managed centrally.
Security features are added post-development, allowing granular,
application-level policies to be enforced without source code
modification or SDK integration. An app can be prevented from
storing data locally and it can require the user to re-authenticate
periodically. Settings fall into four main categories: authentication, on-device storage, data protection, and server polling.
Authentication. Beyond requiring the device
owner to enter a username and password
to launch the app, wrapping can also force
re-authentication at prespecified intervals during
use or after idle periods. Apps can be instructed to destroy
associated locally stored data and disable the app following
an incorrect password lockout. Through InterApp Single SignOn, IT can create a secure mobile workspace where users
can authenticate once and then access other wrapped apps
installed on their device.
The most advantageous way to accomplish this is through
a concept known as “app wrapping,” a simple process that
surrounds a mobile app with a management layer—without
the need to touch a single line of the app’s own source code.
Application wrapping lets developers focus on what they do
best, building great apps and engaging user experiences.
Wrapping, because it is a discrete process that occurs after
app development is complete, ensures that security attributes,
including authentication, data protection and sharing policies,
and encryption and secured communication, are applied in a
perfectly consistent manner from one app to the next.
Once an app has been wrapped it can then be distributed to
authorized users such as employees, partners, and contractors
via an enterprise app store. Users can view only the apps they
are allowed to use based upon their role.
THE SYMANTEC SOLUTION
Symantec, through its Symantec App Center, provides both
in-house developers and third-party commercial developers
with the ability to wrap mobile apps in a layer of security
that offers numerous policy options and enables secure app
distribution. App Center also offers secure productivity apps
including email, calendar, contacts, and a secure browser.
Mobile apps are seen as cuttingedge technology that leverages the
newest devices, they help portray IT
as a proactive enabler of forwardlooking solutions, rather than as
a recalcitrant obstacle to conquering
business needs.
5
TECH DOSSIER | ENTERPRISE MOBILITY APPS
On-Device Storage. Apps can be allowed to
store data locally or be prohibited from doing so.
Encryption for local app-related files and data,
such as those used for printing and uploading,
can be enforced. Local data can be saved or purged when the
app closes, and for Android™ devices, storage on an inserted
memory device can be permitted or barred.
Server Polling. To ensure that mobile app
security and features are always current, it is vital
that they periodically check in for updates. Server
polling implements this safeguard by requiring the
apps to connect to the server at predefined intervals. Apps that
fail to communicate can be revoked and locally stored data
optionally destroyed.
Data Protection. With both BYOD and corporatemanaged devices, it is especially important to
prevent data crossover from corporate apps to
personal apps. Data protection policies can allow
or prohibit interapp document sharing, including previewing,
opening, copying, printing, or clipboard use. For those who
“jail-break” their iOS™ or “root” their Android devices, the app
can be disabled and local data destroyed.
Symantec App Center also enables self-service distribution of
apps to employees and other authorized users. Apps are easily
revoked when employees leave the organization, once their
devices are retired, or even if reported lost.
Through the Symantec Sealed
Program, Symantec is empowering
mobile app developers with
the means to make their app
enterprise-ready so it complies
with security requirements and can
be managed centrally.
CONCLUSION
As the use of mobile devices and apps for business continues
to soar, managing and securing corporate data and apps
becomes more critical. MDM excels at hardware provisioning,
asset tracking, and configuration, but it does not differentiate
between personal and business apps and data, and lacks the
granular, app-level security needed to prevent the misdirection
or misuse of business data. Surrounding apps with a configurable layer of security through the process of app wrapping
requires no changes to an app’s program code, ensures consistent security policies, needs no special expertise, and allows
developers to focus on creating an engaging user experience.
Through Symantec App Center, in-house and commercial developers can ensure the security of enterprise apps, prepare them
for distribution through an enterprise app store, and maintain
tight control over the use of corporate data. n
For more information, visit go.symantec.com/mobile.
1
IDC, September 11, 2013, “Worldwide Quarterly Smart Connected Device Tracker,”
www.idc.com/getdoc.jsp?containerId=prUS24314413.
2
Gartner, April 11, 2013, “Gartner Says Number of Mobile CRM Apps
Downloadable on App Stores to Grow to Over 1,200 by 2014,”
www.gartner.com/newsroom/id/2421015.
3
PricewaterhouseCoopers, “Bring Your Own Device: Agility Through Consistent
Delivery,” www.pwc.com/en_US/us/increasing-it-effectiveness/assets/
byod-1-25-2012.pdf.
4
Gartner, January 9, 2014, “Gartner Says Worldwide PC Shipments Declined 6.9
Percent in Fourth Quarter of 2013,” www.gartner.com/newsroom/id/2647517.
5
Gartner, January 14, 2013, “Gartner Says Declining Worldwide PC Shipments
in Fourth Quarter of 2012 Signal Structural Shift of PC Market,”
www.gartner.com/newsroom/id/2301715.
6
IDC, December 2013, “Worldwide Business Use Smartphone 2013–2017
Forecast Update,” www.idc.com/getdoc.jsp?containerId=244840.
7
Federal Trade Commission, Bureau of Consumer Protection Business
Center, February 2013, www.business.ftc.gov/documents/bus83-mobileapp-developers-start-security.
Product names are trademarks or registered trademarks of their
respective owners.
6
TECH DOSSIER | ENTERPRISE MOBILITY APPS | ADDITIONAL READING
ADDITIONAL READING
The Science of App-wrapping
By Carlos Montero-Luque
CIO.in
dynamic libraries and create a new app that behaves differently
when started, or when a certain type of communication happens.
The normal call made by an app to an API is now “front-ended” to
look in a local dynamic library for instructions.
This technique can be used to create advanced security processes,
such as embedding an individual application’s communication with
an endpoint in a VPN the company controls. This VPN is outside the
control of the application, but does not affect how the application
looks or functions on the device. This is far superior to the alternative taken by many MDM vendors, which use a device-level VPN
that requires all communications from the device to access the
corporate VPN. That approach slows performance to a crawl and
negatively impacts that most delicate commodity, battery life.
BYOD brings out the classic problem between control of corporate
information and individual freedom. It kicks it up to a whole new
level because the devices belong to the users, but at least some of
the apps and information belong to the company and as such need
protection and policy enforcement.
One approach to this problem is mobile device management
(MDM), but the problem with MDM is it requires managing a device
that belongs to the user. What’s more, containerization at the
device level compromises the user experience. A better approach
is mobile application management (MAM), which can be applied, as
the name implies, at the application level, wrapping corporate apps
and data, but not wrapping Facebook or Roku.
This approach provides a high level of administrative control while
still offering a superior user experience for all mobile applications,
both the wrapped and unwrapped, so to speak. So let’s explore, at
a high level, how app wrapping works.
The essential operation of app wrapping lies in setting up a
dynamic library and adding to an existing binary that controls
certain aspects of an application. For instance, at startup, you
can change an app so that it requires authentication using a local
passkey. Or you could intercept a communication so that it would
be forced to use your company’s virtual private network (VPN) or
prevent that communication from reaching a particular application
that holds sensitive data, such as QuickBooks.
The end result is the policies set by an administrator become a
set of dynamic libraries, which are implemented on top of the
application’s native binary. On iOS, for example, using XCode, the
developer can take an iPhone Application Archive (.ipa) file, add the
App wrapping can also apply a passkey to the clipboard of the
device to intercept cut-and-paste activities. Clipboard contents
will be encrypted or turned into illegible garbage if cut and paste
is attempted when it’s not allowed by the app. The purpose of this
intervention is to prevent an employee (or someone who should
not have the device) from copying information from a restricted
application onto the device clipboard, where it could be made
available to other apps on the device.
Most mobile devices have some form of native encryption, but
app wrapping can significantly raise the protection bar by providing
certified encryption on the Federal Information Processing Standard (FIPS) 140-2. When corporate data is at rest on the device,
app wrapping can protect it using FIPS 140-2 Level I Suite B
encryption libraries, the same level used by the U.S. Department
of Defense Logistics Agency. It is decrypted only when the correct
passcode is entered. Therefore, if an unauthorized party acquires
the phone, they won’t be able to read data even if they succeed in
downloading it.
When a user “jailbreaks” an iOS or “roots” an Android device, they
essentially remove all operating-system level protections against
fraudulent or malicious use. Effective app wrapping technology, at
a server level, must be able to detect whether a device has been
jailbroken or rooted, then trigger a mechanism that prevents all
enterprise-installed apps from running.
Read the full article
7
TECH DOSSIER | ENTERPRISE MOBILITY APPS | ADDITIONAL READING
ADDITIONAL READING
Mobile Apps Require a CIO Mind Shift
It’s time to get started on smartphone apps that will make employees
more productive and customers more loyal, say Forrester Research analysts
Josh Bernoff and Ted Schadler.
By Ted Schadler, Josh Bernoff
CIO.com
Mobile isn’t a trend. It’s a new state of mind. Employees and
customers no longer look things up, they just expect them to be
there on their mobile device. You’d better not disappoint them.
Consider what happens when a person gets a smartphone. They
request the weather, restaurant ratings or the current state of their
company’s sales pipeline. In a Pavlovian way, each request reinforces the idea that everything they need is on that device.
This creates the mobile mind shift: the expectation that any desired
information or service is available, on any device, in context, in a
person’s moment of need. Satisfy that expectation and you gain
loyalty and productivity. Fail, and they’ll switch to a better app from
some startup.
The mobile mind shift isn’t universal yet. Among consumers, about
one in five online adults in the U.S. has made the mental shift.
People 25 to 34 are more advanced than those who are older.
Affluent people have shifted faster. Overall, the shift is happening
rapidly and globally.
CIOs and their companies must make their own mobile mind
shift. Your customer-facing groups besiege you with requests for
mobile utility, even as employees demand mobile access to every
system. But your information systems are not up to the task. They
are systems of record, built to securely hold, process and deliver
information and transactions to computers and the Web.
In the mobile world, systems of record disappear into the background while customers and employees interact with new systems
of engagement that deliver information and service much faster
and in the physical and mental context they expect.
How can you prepare? Build a center of excellence to guide the
technology, strategy and execution of all mobile projects, whether
focused on customers or employees. Create a team, as GE and Citigroup have, that uses dedicated executives, funding and staffing to
build expertise and make decisions quickly. Begin the massive but
essential task of redesigning your systems for rapid mobile access.
Your customers’ loyalty, your employees’ productivity and your job
depend on your success here. So you’d better get started.
Josh Bernoff is SVP for idea development and Ted Schadler is a
VP and principal analyst serving CIOs at Forrester Research.
8
TECH DOSSIER | ENTERPRISE MOBILITY APPS | ADDITIONAL READING
ADDITIONAL READING
5 Reasons to Build an Enterprise Mobile
App Store
IT departments can keep employees from using malware-infested mobile apps
by creating an internal store of company-approved apps. The store can also collect
feedback from users about their preferences.
By Lauren Brousell
CIO.com
You can keep employees from using malware-infested mobile apps
by creating an enterprise store of company-approved apps. Here
five reasons to set up your own app store.
1. They improve quality control. One way to make sure
employees don’t download bogus apps is to create an enterprise
app store where they can get company-approved apps. Twentyfive percent of enterprises will have an app store by 2017, Gartner
predicts, in part due to this greater degree of control.
Michele Pelino, an analyst at Forrester Research, says app stores
ensure that the correct versions of apps or content are being used.
“If you don’t have some way of controlling that, you have people
using different versions or apps that you don’t want them to get
access to,” she says.
2. You can gather user feedback. With a corporate app store,
IT has greater visibility into user habits than with a consumer app
store. IT can monitor user behavior or measure productivity and
create recommendation engines to suggest relevant apps to try
out. It’s a two-way street: Employees can use the store’s feedback
section to show likes, dislikes and preferences.
3. They can impress the business execs. Managing the
complex ecosystem of apps created by lines of business is a
huge challenge for IT, but enterprise app stores are a step toward
simplifying that, says Rohit Sharma, head of the mobility practice at
Virtusa, an IT consultancy.
He says IT can prove its value to business executives by using an
app store to manage the apps for bring-your-own-device programs
and eventually for distributing desktop software, too. “The
message [IT] is sending to the internal audience is that they care
about it,” he says.
4. They give the tech staff a break. A survey by Partnerpedia, a
mobile-app-management company, found that 86 percent of enterprises want a self-service model where employees download apps
themselves, thus freeing the IT staff for other tasks. The concept
of an app store is well understood by employees who have used
a public app store, Pelino says. IT can also automate the procurement of software licenses from app stores, according to Gartner,
and push out updates.
5. They’re more secure than public app stores. According to
Forrester, 60 percent of firms in North America and Europe are
supporting personally owned devices, which makes security
tougher to manage.
With an enterprise app store, IT can prohibit the use of certain
apps, such as file-sharing services that tend to spread malware.
If users complain when they can’t use preferred apps on their
devices, IT can set up a passageway to consumer app stores. Then
if the desired app is accessed through the corporate app store, IT
can still control its use.
Lauren Brousell is a staff writer for CIO magazine.
9
TECH DOSSIER | ENTERPRISE MOBILITY APPS | ADDITIONAL READING
ADDITIONAL READING
The tricky balancing act of mobile security
Your workers’ smartphones could be the weakest link in your security plan.
Here’s how to protect the devices and secure the data.
By Mary K. Pratt
Computerworld
The march toward mobility at Scotiabank is pretty typical: first
laptops to enable alternative work arrangements for employees,
now smartphones and tablets to give workers anywhere access to
information.
The Toronto-based bank, with 83,000 employees worldwide,
deployed company-owned BlackBerries several years ago to
personnel who require them to do their jobs more effectively, and
has since asked select staffers and IT support people to pilot other
smartphone brands as well.
The approach to securing those mobile devices is typical, too. The
bank uses BlackBerry Enterprise Service mobile device management (MDM) software. It also requires employees to sign statements saying that they agree to let IT erase data from devices that
are lost or stolen, and to take control of devices if there’s a legal
investigation, says Greg Thompson, vice president of enterprise
security services and deputy chief information security officer at
Scotiabank.
But as both the demand for mobility and the bring-your-own-device
(BYOD) trend grow, so does the need for more advanced mobile
security policies, procedures and technologies, says Thompson,
who is a member of the board of the International Information
Systems Security Certification Consortium, or ISC2, a nonprofit IT
security professional organization.
The challenge, as Thompson and others see it, is allowing workers
access to the information they need when they need it without
compromising the data or the IT infrastructure.
On its face, that’s not much different from what IT departments
have been doing for decades, first with desktops and then with
laptops.
But mobile throws new wrenches into the works, because IT is now
supporting several different types of devices that can access data
through various channels from anywhere in the world.
At the same time, threats are on the rise, and they’re growing more
sophisticated. Hackers are increasingly targeting mobile devices
as the weak link, introducing malicious code through downloaded
apps and launching targeted attacks to access propriety data.
To be sure, there is no plug-and-play defense mechanism to counteract such threats, and IT leaders want more protection.
“We have to think about securing the mobile workforce as opposed
to securing mobile devices,” Thompson says.
That’s a tall order that many are struggling to fill.
A Multitentacled Problem
In a recent survey of 790 IT professionals conducted in the U.S.,
Canada, the U.K., Germany and Japan, 93% of the respondents said
that mobile devices connect to their corporate networks. Some
67% said that they already allow personal devices to connect to
corporate networks, and nearly all — 96% of those respondents
— said the number of personal devices connecting to corporate
networks is growing.
The survey was conducted by Dimensional Research and sponsored by IT security vendor Check Point Software Technologies.
The respondents were IT professionals who had responsibility for
securing enterprise systems; they included executives, managers
and hands-on workers from companies of all sizes in a variety of
industries.
Quite telling is the fact that 63% of the respondents said they don’t
manage corporate information on personal devices and 67% said
securing corporate information is the greatest challenge around
BYOD policies.
Perhaps it’s not surprising then that 53% reported that there is
sensitive customer information on mobile devices (up from 47%
the previous year) and 94% indicated that lost or stolen customer
information is a grave concern in a mobile security incident.
Such findings don’t surprise Joe McCray, founder and CEO of Strategic Security, an IT security consultancy in Washington, and lead
security instructor and course author for TrainACE, a provider of
online and classroom-based IT training.
Read the full article
10
TECH DOSSIER | ENTERPRISE MOBILITY APPS | ADDITIONAL READING
ADDITIONAL READING
How to choose the right enterprise
mobility management tool
Consider what’s ‘good enough’ for what you need right now —
but don’t neglect the future.
By Robert L. Mitchell
Computerworld
The rapid pace of innovation in mobile devices and software has
made managing it all a moving target, but the proliferation of userowned devices at work means businesses cannot wait to beef up
their support infrastructure.
So how do you choose the right tool set, given all the activity? It’s
not easy: Mobile device management (MDM) software vendors
are adding new features every three to six months, on average.
Also, as vendors have consolidated — most recently with this
week’s announcement that VMware will acquire AirWatch — MDM
tools have evolved into enterprise mobile management (EMM)
suites, all-purpose Swiss Army knives that cover the gamut from
device policy controls to application, content, network and service
management.
“2014 will be the battle of the big vendors. It is the year they will
make a run at enterprises that want stability and scale,” says
Maribel Lopez, principal at Lopez Research. As a result, it’s the
year to review your EMM strategy — or to develop one if you
haven’t already.
If you have not done so yet, you’re not alone. According to a May
2013 Aberdeen Group survey of 320 IT organizations, 75% had a
bring your own device (BYOD) program in place, but half of those
were taking an “anything goes” approach to managing the mobile
ecosystem — which is to say, little or no management at all. “That’s
a big concern,” says Andrew Borg, who was research director at
Aberdeen when the survey was completed. (Borg is now founder
and principal of eC3 Consulting, his own practice.)
As mobility morphs from a peripheral concern to a core IT service,
it’s inevitable that more organizations will move toward the adoption of EMM software. Here are a few things to think about before
making that purchase.
Put your current needs front and center
Finding the right EMM tool set depends not only on which one has
the most features, but which has the feature sets that best meet
your organization’s requirements.
“There’s no single list of what’s important and what’s not. It’s
all about your use case,” says Philippe Winthrop, global mobility
evangelist at Computer Sciences Corp. “If you have zero interest in
supporting one mobile platform then it doesn’t matter if the EMM
has insane capabilities on that platform,” he says. So start with the
business tasks you’re trying to support, figure out what tools and
feature sets are required and drill down from there.
For example, MDM policy controls are a baseline. But do you also
need application or content management? Do you need to support
BYOD as well as company-owned phones?
Are you using corporate owned, personally enabled (COPE)
phones? They are owned by the company and can be configured
and managed just like a BYOD device, offering containerization or
other technologies to segment personal apps and data away from
the corporate apps and content.
Do your employees travel to offices abroad? If so, a seemingly
esoteric feature like geo-fencing — a feature that enables device
management policy changes based on a phone’s GPS location —
could be all-important to stay in compliance with each country’s
privacy regulations. “Having an MDM that can change the policy of
a device as it crosses from one country to another is one of those
great features that organizations don’t know they need yet,” says
Daniel Eckert, managing director in the advisory practice at PwC.
It’s also important to understand whose devices you need to
manage. Is it just employees, or do you need to include contractors, temporary workers, business partners or even customers?
Then there are the types of devices you need to manage -- either
now or in the next few years. Yes, most vendors support iOS and
Android, but what about Windows Phone and the new Firefox OS?
If you think those aren’t a factor, consider that back in 2009 no one
would have anticipated the decline of BlackBerry, Symbian and
WebOS — or that Nokia would adopt Windows Phone as its core
strategy because of an acquisition, says Winthrop.
Read the full article