Urgent How to Need
Transcription
Urgent How to Need
TECH DOSSIER ENTERPRISE MOBILITY APPS: The Urgent Need for IMPROVED SECURITY and How to Get There As enterprises race to respond to the new mobile age, the management of smart devices, the apps that run on them, and the security of both have taken on new urgency. Mobile device management (MDM) by itself does not address a number of vital concerns, including best practices for their distribution. Especially important is incorporating equivalent, consistent, easily managed security into individual apps— built in-house or purchased—in a way that is separate from the development of the app’s code, a concept known as “app wrapping.” This paper examines current mobility market trends, provides an overview of MDM and app wrapping, and delves into issues and solutions related to mobile app security. 2 TECH DOSSIER | ENTERPRISE MOBILITY APPS MOBILITY DEMAND SOARS Just how fast is enterprise mobility growing? The numbers are staggering. In its September 2013 “Worldwide Quarterly Smart Connected Device Tracker,”1 IDC expected 1.4 billion smartphones to ship in 2015. It also predicted that tablet shipments would finally surpass total annual PC shipments by the end of 2015. Perhaps the best barometer for measuring the explosion of mobile apps is in the area of customer relationship management. In 2013, researcher Gartner Inc. predicted that “mobile CRM apps available for download on app stores will grow to over 1,200 by 2014 from 200 in 2012.” It also predicted that by 2016, “more than 50 percent of CRM software revenue will be delivered by SaaS.”2 One of the key benefits of SaaS and cloud services is greater mobility: Organizations can ensure their workers have access to vital applications regardless of location and device. That growth is driven, in part, by the need for businesses to stay in touch with employees, and employees with customers at all hours—and it’s occurring faster than many businesses can handle. While nearly two-thirds of employees are already using personal devices for work, both management of those devices and security for apps lag considerably. PricewaterhouseCoopers reports that just 43 percent of organizations have implemented formal mobility policies.3 IT professionals are fully aware that vastly broader mobile access creates new opportunities for breaching security. What was a novelty just a few years ago is now regarded as a serious danger. For many security professionals, mobile devices and apps are their top enterprise security concern. They require devices and apps to be better managed, users made more aware, and security applied to individual apps in a consistent manner. BENEFITS OF MOBILE APPS With the plunge in PC shipments hastening (down 10 percent globally for all of 20134 on top of a 3.5 percent decline in 2012,5 according to Gartner) and the meteoric rise in shipments of mobile devices, development of apps designed for smartphones and tablets is now the unquestioned center of attention. Whether developed in-house or acquired through third parties, mobile apps offer a cornucopia of advantages, both businessand IT-related. n For users, mobile apps are always just inches away, providing immediacy simply not available from a desktopor laptop-based browser experience. Employees can leverage this anywhere, anytime connectivity to enhance their personal productivity, instilling a greater sense of accomplishment, value, and pride in their work. n Custom apps intended for employee use can improve existing workflows to boost productivity, reduce reliance on paper-bound processes, and enhance morale. n Mobile apps are compact and easily modified and IDC expects 1.4 billion smartphones to ship in 2015. It also believes that tablet shipments will finally surpass total annual PC shipments by the end of 2015. distributed, allowing a quick response to changing market conditions. Designed with specific mobile operating systems in mind, the developer maintains total control over every nuance of the user interface and experience, very different from universal Web-based applications whose behavior or screen rendering can yield unfortunate results due to quirks in different mobile-based Web browsers. n Mobile apps can do what traditional server-based browser applications cannot. Fleet operators can use GPS to make sure drivers stay on their route schedules. Built-in cameras are used by videoconferencing apps and by roving insurance adjusters for taking—and immediately transmitting—photos of damaged vehicles. n Mobile apps portray a company as up-to-date, always available, and in tune with millions of people who rarely use a PC. An attractive, easy-to-use app can become something of an addiction, inducing customers to stay connected. A positive experience can boost sales and engender brand loyalty, and through positive social-media feedback attract new users. 3 TECH DOSSIER | ENTERPRISE MOBILITY APPS and passwords of millions of customers in the clear, unencrypted. Computerworld reported that the information could be easily viewed by connecting the device to a PC. The problem was quickly fixed via an app update. In a separate January incident, hackers posted the usernames and phone numbers of 4.6 million users of a popular photo-sharing app. Incidents like these are avoidable with appropriate app security. While nearly two-thirds of employees are already using personal devices for work, management of those devices and security for apps lags considerably. Mobile apps also have great appeal for IT. Seen as cutting-edge technology that leverages the newest devices, they help portray IT as a proactive enabler of forward-looking solutions, rather than as a recalcitrant obstacle to conquering business needs. IT can transform itself from traditional service provider into the driving force behind mobile solutions that transform business. Aware of potential risks associated with mobile apps, the U.S. Federal Trade Commission in 2013 published a series of bestpractices recommendations, beginning with a strong reminder that even the most secure app is likely to run over insecure Wi-Fi® networks.7 Consequently, the FTC advises developers to encrypt usernames, passwords, and data; and ensure that back-end servers are secure, whether in the organization’s own data center or at a cloud service provider. The agency admonishes developers to identify who is ultimately responsible for app security and to understand applicable standards and regulations with regard to children’s, health, and financial data, citing several references—the Children’s Online Privacy Protection Act (COPPA); the Gramm-Leach-Bliley Act; the Health Insurance Portability and Accountability Act (HIPAA); and the Health Breach Notification Rule. Finally, the FTC warns IT to monitor app performance and keep software and security libraries up-to-date. DEVICE MANAGEMENT IS NOT ENOUGH SECURITY ISSUES The rapid move to Bring Your Own Device (BYOD) has left many enterprises struggling to provide adequate management and security. It’s no wonder: In a December 2013 forecast, IDC projected that by 2017, 328 million people will use their own smartphones at work, vastly more than 132 million in 2013. In 2012, the number was just 88 million.6 Those device owners are often reluctant to let their employers install security or device management software, though ultimately they may have little choice. Similarly, employers do not relish the thought of barring employees from using their favorite apps. Employee-installed apps—games, social media, photo sharing, file storage, personal finance, or retail-oriented— constitute a great unknown, raising the specter of data leakage, malware downloads, and compromised passwords. None are good for business and may lead to legal exposure and an otherwise avoidable public-relations disaster. Even the largest of enterprises have not been immune to selfinflicted breakdowns in mobile app security. In January 2014, the world’s largest chain of coffee emporiums acknowledged that its mobile app for iOS® stored usernames, email addresses, MDM, as its name suggests, is the foundation technology for administering mobile-device fleets. Key aspects of MDM include provisioning, asset tracking, configuration, policy compliance, remote wipe and reset, authentication, permissions, and diagnostics, but not software administration. Many organizations have adopted MDM to manage and secure mobile devices, whether those devices are company-owned and issued or the property of individual employees under a BYOD initiative. The move to BYOD vastly complicates matters. With BYOD, employees rely on their devices for personal and business purposes, often using the very same apps for both. The result is the inevitable intermingling of corporate and personal data. The need to keep personal and corporate assets distinct and secure is perhaps the most significant challenge facing the fastgrowing BYOD movement. MDM, because it manages the entire device, is not able to separate personal and corporate apps and data. Policies and settings, even if intended for business purposes only, are applied to the device as a whole, impacting personal usage. Leakage of data from the business side to the personal side is almost inevitable, though nearly always unintentional. The 4 classic example is an employee who receives a corporate email with confidential attachments that discuss business plans or finances. Wanting to review the files, the employee may save the attachment to a personal file repository such as Dropbox®, Evernote®, Google® Drive, or Microsoft® OneDrive (formerly SkyDrive), and open it in a document-editing app. APP WRAPPING Without a doubt, the security of mobile apps is imperative, leaving enterprises no choice but to implement a robust methodology for incorporating security in a comprehensive, consistent, yet flexible manner. However, it is the rare enterprise that has such expertise onboard. The need for an easy-to-use solution that secures individual apps and their associated data on mobile devices has become clear, sometimes painfully so. With several aspects of security to consider and the depth of specialized expertise required to implement enterprise-class security at the individual mobile-app level, the most logical approach is to partially unfetter development staffs from this responsibility. While developers still need to write efficient, compact code that does not introduce vulnerabilities, an overarching mechanism for introducing app-level security in a manner that is consistent and repeatable is the ideal solution. TECH DOSSIER | ENTERPRISE MOBILITY APPS Through the Symantec Sealed Program, Symantec is empowering mobile app developers with the means to make their apps enterprise-ready so they comply with security requirements and can be managed centrally. Security features are added post-development, allowing granular, application-level policies to be enforced without source code modification or SDK integration. An app can be prevented from storing data locally and it can require the user to re-authenticate periodically. Settings fall into four main categories: authentication, on-device storage, data protection, and server polling. Authentication. Beyond requiring the device owner to enter a username and password to launch the app, wrapping can also force re-authentication at prespecified intervals during use or after idle periods. Apps can be instructed to destroy associated locally stored data and disable the app following an incorrect password lockout. Through InterApp Single SignOn, IT can create a secure mobile workspace where users can authenticate once and then access other wrapped apps installed on their device. The most advantageous way to accomplish this is through a concept known as “app wrapping,” a simple process that surrounds a mobile app with a management layer—without the need to touch a single line of the app’s own source code. Application wrapping lets developers focus on what they do best, building great apps and engaging user experiences. Wrapping, because it is a discrete process that occurs after app development is complete, ensures that security attributes, including authentication, data protection and sharing policies, and encryption and secured communication, are applied in a perfectly consistent manner from one app to the next. Once an app has been wrapped it can then be distributed to authorized users such as employees, partners, and contractors via an enterprise app store. Users can view only the apps they are allowed to use based upon their role. THE SYMANTEC SOLUTION Symantec, through its Symantec App Center, provides both in-house developers and third-party commercial developers with the ability to wrap mobile apps in a layer of security that offers numerous policy options and enables secure app distribution. App Center also offers secure productivity apps including email, calendar, contacts, and a secure browser. Mobile apps are seen as cuttingedge technology that leverages the newest devices, they help portray IT as a proactive enabler of forwardlooking solutions, rather than as a recalcitrant obstacle to conquering business needs. 5 TECH DOSSIER | ENTERPRISE MOBILITY APPS On-Device Storage. Apps can be allowed to store data locally or be prohibited from doing so. Encryption for local app-related files and data, such as those used for printing and uploading, can be enforced. Local data can be saved or purged when the app closes, and for Android™ devices, storage on an inserted memory device can be permitted or barred. Server Polling. To ensure that mobile app security and features are always current, it is vital that they periodically check in for updates. Server polling implements this safeguard by requiring the apps to connect to the server at predefined intervals. Apps that fail to communicate can be revoked and locally stored data optionally destroyed. Data Protection. With both BYOD and corporatemanaged devices, it is especially important to prevent data crossover from corporate apps to personal apps. Data protection policies can allow or prohibit interapp document sharing, including previewing, opening, copying, printing, or clipboard use. For those who “jail-break” their iOS™ or “root” their Android devices, the app can be disabled and local data destroyed. Symantec App Center also enables self-service distribution of apps to employees and other authorized users. Apps are easily revoked when employees leave the organization, once their devices are retired, or even if reported lost. Through the Symantec Sealed Program, Symantec is empowering mobile app developers with the means to make their app enterprise-ready so it complies with security requirements and can be managed centrally. CONCLUSION As the use of mobile devices and apps for business continues to soar, managing and securing corporate data and apps becomes more critical. MDM excels at hardware provisioning, asset tracking, and configuration, but it does not differentiate between personal and business apps and data, and lacks the granular, app-level security needed to prevent the misdirection or misuse of business data. Surrounding apps with a configurable layer of security through the process of app wrapping requires no changes to an app’s program code, ensures consistent security policies, needs no special expertise, and allows developers to focus on creating an engaging user experience. Through Symantec App Center, in-house and commercial developers can ensure the security of enterprise apps, prepare them for distribution through an enterprise app store, and maintain tight control over the use of corporate data. n For more information, visit go.symantec.com/mobile. 1 IDC, September 11, 2013, “Worldwide Quarterly Smart Connected Device Tracker,” www.idc.com/getdoc.jsp?containerId=prUS24314413. 2 Gartner, April 11, 2013, “Gartner Says Number of Mobile CRM Apps Downloadable on App Stores to Grow to Over 1,200 by 2014,” www.gartner.com/newsroom/id/2421015. 3 PricewaterhouseCoopers, “Bring Your Own Device: Agility Through Consistent Delivery,” www.pwc.com/en_US/us/increasing-it-effectiveness/assets/ byod-1-25-2012.pdf. 4 Gartner, January 9, 2014, “Gartner Says Worldwide PC Shipments Declined 6.9 Percent in Fourth Quarter of 2013,” www.gartner.com/newsroom/id/2647517. 5 Gartner, January 14, 2013, “Gartner Says Declining Worldwide PC Shipments in Fourth Quarter of 2012 Signal Structural Shift of PC Market,” www.gartner.com/newsroom/id/2301715. 6 IDC, December 2013, “Worldwide Business Use Smartphone 2013–2017 Forecast Update,” www.idc.com/getdoc.jsp?containerId=244840. 7 Federal Trade Commission, Bureau of Consumer Protection Business Center, February 2013, www.business.ftc.gov/documents/bus83-mobileapp-developers-start-security. Product names are trademarks or registered trademarks of their respective owners. 6 TECH DOSSIER | ENTERPRISE MOBILITY APPS | ADDITIONAL READING ADDITIONAL READING The Science of App-wrapping By Carlos Montero-Luque CIO.in dynamic libraries and create a new app that behaves differently when started, or when a certain type of communication happens. The normal call made by an app to an API is now “front-ended” to look in a local dynamic library for instructions. This technique can be used to create advanced security processes, such as embedding an individual application’s communication with an endpoint in a VPN the company controls. This VPN is outside the control of the application, but does not affect how the application looks or functions on the device. This is far superior to the alternative taken by many MDM vendors, which use a device-level VPN that requires all communications from the device to access the corporate VPN. That approach slows performance to a crawl and negatively impacts that most delicate commodity, battery life. BYOD brings out the classic problem between control of corporate information and individual freedom. It kicks it up to a whole new level because the devices belong to the users, but at least some of the apps and information belong to the company and as such need protection and policy enforcement. One approach to this problem is mobile device management (MDM), but the problem with MDM is it requires managing a device that belongs to the user. What’s more, containerization at the device level compromises the user experience. A better approach is mobile application management (MAM), which can be applied, as the name implies, at the application level, wrapping corporate apps and data, but not wrapping Facebook or Roku. This approach provides a high level of administrative control while still offering a superior user experience for all mobile applications, both the wrapped and unwrapped, so to speak. So let’s explore, at a high level, how app wrapping works. The essential operation of app wrapping lies in setting up a dynamic library and adding to an existing binary that controls certain aspects of an application. For instance, at startup, you can change an app so that it requires authentication using a local passkey. Or you could intercept a communication so that it would be forced to use your company’s virtual private network (VPN) or prevent that communication from reaching a particular application that holds sensitive data, such as QuickBooks. The end result is the policies set by an administrator become a set of dynamic libraries, which are implemented on top of the application’s native binary. On iOS, for example, using XCode, the developer can take an iPhone Application Archive (.ipa) file, add the App wrapping can also apply a passkey to the clipboard of the device to intercept cut-and-paste activities. Clipboard contents will be encrypted or turned into illegible garbage if cut and paste is attempted when it’s not allowed by the app. The purpose of this intervention is to prevent an employee (or someone who should not have the device) from copying information from a restricted application onto the device clipboard, where it could be made available to other apps on the device. Most mobile devices have some form of native encryption, but app wrapping can significantly raise the protection bar by providing certified encryption on the Federal Information Processing Standard (FIPS) 140-2. When corporate data is at rest on the device, app wrapping can protect it using FIPS 140-2 Level I Suite B encryption libraries, the same level used by the U.S. Department of Defense Logistics Agency. It is decrypted only when the correct passcode is entered. Therefore, if an unauthorized party acquires the phone, they won’t be able to read data even if they succeed in downloading it. When a user “jailbreaks” an iOS or “roots” an Android device, they essentially remove all operating-system level protections against fraudulent or malicious use. Effective app wrapping technology, at a server level, must be able to detect whether a device has been jailbroken or rooted, then trigger a mechanism that prevents all enterprise-installed apps from running. Read the full article 7 TECH DOSSIER | ENTERPRISE MOBILITY APPS | ADDITIONAL READING ADDITIONAL READING Mobile Apps Require a CIO Mind Shift It’s time to get started on smartphone apps that will make employees more productive and customers more loyal, say Forrester Research analysts Josh Bernoff and Ted Schadler. By Ted Schadler, Josh Bernoff CIO.com Mobile isn’t a trend. It’s a new state of mind. Employees and customers no longer look things up, they just expect them to be there on their mobile device. You’d better not disappoint them. Consider what happens when a person gets a smartphone. They request the weather, restaurant ratings or the current state of their company’s sales pipeline. In a Pavlovian way, each request reinforces the idea that everything they need is on that device. This creates the mobile mind shift: the expectation that any desired information or service is available, on any device, in context, in a person’s moment of need. Satisfy that expectation and you gain loyalty and productivity. Fail, and they’ll switch to a better app from some startup. The mobile mind shift isn’t universal yet. Among consumers, about one in five online adults in the U.S. has made the mental shift. People 25 to 34 are more advanced than those who are older. Affluent people have shifted faster. Overall, the shift is happening rapidly and globally. CIOs and their companies must make their own mobile mind shift. Your customer-facing groups besiege you with requests for mobile utility, even as employees demand mobile access to every system. But your information systems are not up to the task. They are systems of record, built to securely hold, process and deliver information and transactions to computers and the Web. In the mobile world, systems of record disappear into the background while customers and employees interact with new systems of engagement that deliver information and service much faster and in the physical and mental context they expect. How can you prepare? Build a center of excellence to guide the technology, strategy and execution of all mobile projects, whether focused on customers or employees. Create a team, as GE and Citigroup have, that uses dedicated executives, funding and staffing to build expertise and make decisions quickly. Begin the massive but essential task of redesigning your systems for rapid mobile access. Your customers’ loyalty, your employees’ productivity and your job depend on your success here. So you’d better get started. Josh Bernoff is SVP for idea development and Ted Schadler is a VP and principal analyst serving CIOs at Forrester Research. 8 TECH DOSSIER | ENTERPRISE MOBILITY APPS | ADDITIONAL READING ADDITIONAL READING 5 Reasons to Build an Enterprise Mobile App Store IT departments can keep employees from using malware-infested mobile apps by creating an internal store of company-approved apps. The store can also collect feedback from users about their preferences. By Lauren Brousell CIO.com You can keep employees from using malware-infested mobile apps by creating an enterprise store of company-approved apps. Here five reasons to set up your own app store. 1. They improve quality control. One way to make sure employees don’t download bogus apps is to create an enterprise app store where they can get company-approved apps. Twentyfive percent of enterprises will have an app store by 2017, Gartner predicts, in part due to this greater degree of control. Michele Pelino, an analyst at Forrester Research, says app stores ensure that the correct versions of apps or content are being used. “If you don’t have some way of controlling that, you have people using different versions or apps that you don’t want them to get access to,” she says. 2. You can gather user feedback. With a corporate app store, IT has greater visibility into user habits than with a consumer app store. IT can monitor user behavior or measure productivity and create recommendation engines to suggest relevant apps to try out. It’s a two-way street: Employees can use the store’s feedback section to show likes, dislikes and preferences. 3. They can impress the business execs. Managing the complex ecosystem of apps created by lines of business is a huge challenge for IT, but enterprise app stores are a step toward simplifying that, says Rohit Sharma, head of the mobility practice at Virtusa, an IT consultancy. He says IT can prove its value to business executives by using an app store to manage the apps for bring-your-own-device programs and eventually for distributing desktop software, too. “The message [IT] is sending to the internal audience is that they care about it,” he says. 4. They give the tech staff a break. A survey by Partnerpedia, a mobile-app-management company, found that 86 percent of enterprises want a self-service model where employees download apps themselves, thus freeing the IT staff for other tasks. The concept of an app store is well understood by employees who have used a public app store, Pelino says. IT can also automate the procurement of software licenses from app stores, according to Gartner, and push out updates. 5. They’re more secure than public app stores. According to Forrester, 60 percent of firms in North America and Europe are supporting personally owned devices, which makes security tougher to manage. With an enterprise app store, IT can prohibit the use of certain apps, such as file-sharing services that tend to spread malware. If users complain when they can’t use preferred apps on their devices, IT can set up a passageway to consumer app stores. Then if the desired app is accessed through the corporate app store, IT can still control its use. Lauren Brousell is a staff writer for CIO magazine. 9 TECH DOSSIER | ENTERPRISE MOBILITY APPS | ADDITIONAL READING ADDITIONAL READING The tricky balancing act of mobile security Your workers’ smartphones could be the weakest link in your security plan. Here’s how to protect the devices and secure the data. By Mary K. Pratt Computerworld The march toward mobility at Scotiabank is pretty typical: first laptops to enable alternative work arrangements for employees, now smartphones and tablets to give workers anywhere access to information. The Toronto-based bank, with 83,000 employees worldwide, deployed company-owned BlackBerries several years ago to personnel who require them to do their jobs more effectively, and has since asked select staffers and IT support people to pilot other smartphone brands as well. The approach to securing those mobile devices is typical, too. The bank uses BlackBerry Enterprise Service mobile device management (MDM) software. It also requires employees to sign statements saying that they agree to let IT erase data from devices that are lost or stolen, and to take control of devices if there’s a legal investigation, says Greg Thompson, vice president of enterprise security services and deputy chief information security officer at Scotiabank. But as both the demand for mobility and the bring-your-own-device (BYOD) trend grow, so does the need for more advanced mobile security policies, procedures and technologies, says Thompson, who is a member of the board of the International Information Systems Security Certification Consortium, or ISC2, a nonprofit IT security professional organization. The challenge, as Thompson and others see it, is allowing workers access to the information they need when they need it without compromising the data or the IT infrastructure. On its face, that’s not much different from what IT departments have been doing for decades, first with desktops and then with laptops. But mobile throws new wrenches into the works, because IT is now supporting several different types of devices that can access data through various channels from anywhere in the world. At the same time, threats are on the rise, and they’re growing more sophisticated. Hackers are increasingly targeting mobile devices as the weak link, introducing malicious code through downloaded apps and launching targeted attacks to access propriety data. To be sure, there is no plug-and-play defense mechanism to counteract such threats, and IT leaders want more protection. “We have to think about securing the mobile workforce as opposed to securing mobile devices,” Thompson says. That’s a tall order that many are struggling to fill. A Multitentacled Problem In a recent survey of 790 IT professionals conducted in the U.S., Canada, the U.K., Germany and Japan, 93% of the respondents said that mobile devices connect to their corporate networks. Some 67% said that they already allow personal devices to connect to corporate networks, and nearly all — 96% of those respondents — said the number of personal devices connecting to corporate networks is growing. The survey was conducted by Dimensional Research and sponsored by IT security vendor Check Point Software Technologies. The respondents were IT professionals who had responsibility for securing enterprise systems; they included executives, managers and hands-on workers from companies of all sizes in a variety of industries. Quite telling is the fact that 63% of the respondents said they don’t manage corporate information on personal devices and 67% said securing corporate information is the greatest challenge around BYOD policies. Perhaps it’s not surprising then that 53% reported that there is sensitive customer information on mobile devices (up from 47% the previous year) and 94% indicated that lost or stolen customer information is a grave concern in a mobile security incident. Such findings don’t surprise Joe McCray, founder and CEO of Strategic Security, an IT security consultancy in Washington, and lead security instructor and course author for TrainACE, a provider of online and classroom-based IT training. Read the full article 10 TECH DOSSIER | ENTERPRISE MOBILITY APPS | ADDITIONAL READING ADDITIONAL READING How to choose the right enterprise mobility management tool Consider what’s ‘good enough’ for what you need right now — but don’t neglect the future. By Robert L. Mitchell Computerworld The rapid pace of innovation in mobile devices and software has made managing it all a moving target, but the proliferation of userowned devices at work means businesses cannot wait to beef up their support infrastructure. So how do you choose the right tool set, given all the activity? It’s not easy: Mobile device management (MDM) software vendors are adding new features every three to six months, on average. Also, as vendors have consolidated — most recently with this week’s announcement that VMware will acquire AirWatch — MDM tools have evolved into enterprise mobile management (EMM) suites, all-purpose Swiss Army knives that cover the gamut from device policy controls to application, content, network and service management. “2014 will be the battle of the big vendors. It is the year they will make a run at enterprises that want stability and scale,” says Maribel Lopez, principal at Lopez Research. As a result, it’s the year to review your EMM strategy — or to develop one if you haven’t already. If you have not done so yet, you’re not alone. According to a May 2013 Aberdeen Group survey of 320 IT organizations, 75% had a bring your own device (BYOD) program in place, but half of those were taking an “anything goes” approach to managing the mobile ecosystem — which is to say, little or no management at all. “That’s a big concern,” says Andrew Borg, who was research director at Aberdeen when the survey was completed. (Borg is now founder and principal of eC3 Consulting, his own practice.) As mobility morphs from a peripheral concern to a core IT service, it’s inevitable that more organizations will move toward the adoption of EMM software. Here are a few things to think about before making that purchase. Put your current needs front and center Finding the right EMM tool set depends not only on which one has the most features, but which has the feature sets that best meet your organization’s requirements. “There’s no single list of what’s important and what’s not. It’s all about your use case,” says Philippe Winthrop, global mobility evangelist at Computer Sciences Corp. “If you have zero interest in supporting one mobile platform then it doesn’t matter if the EMM has insane capabilities on that platform,” he says. So start with the business tasks you’re trying to support, figure out what tools and feature sets are required and drill down from there. For example, MDM policy controls are a baseline. But do you also need application or content management? Do you need to support BYOD as well as company-owned phones? Are you using corporate owned, personally enabled (COPE) phones? They are owned by the company and can be configured and managed just like a BYOD device, offering containerization or other technologies to segment personal apps and data away from the corporate apps and content. Do your employees travel to offices abroad? If so, a seemingly esoteric feature like geo-fencing — a feature that enables device management policy changes based on a phone’s GPS location — could be all-important to stay in compliance with each country’s privacy regulations. “Having an MDM that can change the policy of a device as it crosses from one country to another is one of those great features that organizations don’t know they need yet,” says Daniel Eckert, managing director in the advisory practice at PwC. It’s also important to understand whose devices you need to manage. Is it just employees, or do you need to include contractors, temporary workers, business partners or even customers? Then there are the types of devices you need to manage -- either now or in the next few years. Yes, most vendors support iOS and Android, but what about Windows Phone and the new Firefox OS? If you think those aren’t a factor, consider that back in 2009 no one would have anticipated the decline of BlackBerry, Symbian and WebOS — or that Nokia would adopt Windows Phone as its core strategy because of an acquisition, says Winthrop. Read the full article