Sunday, December 30, 2012

How does MDM, NAC based discovery/access control tools, & Containerization tools differ in managing enterprise security due to BYODs?

MDM or mobile device management solutions mainly focuses in the end device rather than the network and usually done by installing a client software on the device itself...........

On the other hand, Mobile Discovery & access control devices via NAC or network access control technology works mainly in the enterprise over the enterprise network. It can also detect all devices, types, kinds across all devices (cross-platform) irrespective of whether they are registered or not providing complete inventory of devices including OS, model, type etc. and all can be done without installing a client on the device...................

The third way of protecting data due to BYOD is the containerization of apps (app wrapping). Here the solution is around the data and the apps and not around the device per say. If you think holistically, there are four different types of apps, native apps which are supplied by the OS (say email client),...........................

Read more here…….

Manjunath M Gowda
CEO, i7 Networks - “Agentless BYOD Control

Monday, December 24, 2012

NAC: how does it work and how is it relevant to BYOD?

With the proliferation of BYOD (bring your own device), IT’s scope has been redefined and a new movement has taken place what is called the consumerization of the IT wherein 3rd party apps being used to access corporate resources and more & more consumers are making decisions on the apps and the device rather than the IT. Today IT’s primary concern is gearing towards security and integration of these apps and devices into company ecosystem.

IT needs to give a complete holistic approach for the network security due to the advent of BYOD onto enterprise network. Organization need to consider all parts of the BYOD ecosystem including following the device as well as following the information. IT needs to be sure that devices used by the employees meet company security policies and standards before connecting to the corporate network. IT should ensure the integrity and secure configuration of endpoint devices. IT should also secure the network by controlling access to resources based on pre-established corporate policies. Once the devices are taken care of, IT needs to look at apps. It needs to make sure that the apps being used over the corporate network are trusted, tested and internally vetted for security.

The integrity and secure configuration can be done via MDMs where in a client is installed on the device (privacy intrusion method) or a manual or a semi auto registration (laborious and need to be repeated and prone to error) or newer non-intrusion of privacy method which we call agentless method can also be used. 

Manjunath M Gowda
“Got BYOD? Get control…agentless”

Sunday, December 23, 2012

7 Tips to ensure security for allowing BYODs onto Enterprise network

BYOD security is still in its infancy and will consolidate over a period of time and until then one needs a multitude of security offerings to make sure the corporate IT infrastructure and the corporate data on the BYOD themselves are secure. While the security tools move towards maturation and standardization, one can still allow BYODs on the enterprise network to reap the rich benefits they bring along. Below are some of the tips which will ensure good security measures to allow BYOD to ply on the enterprise network.

Tip #1: Develop an acceptable use policy
Create an acceptable user policy addressing base-lining of devices to be allowed, rules on what can be accessed along with clear corporate expectations about corporate data on personally owned devices (BYODs). Have tools that ensure that base-lining is enforced and also that ensures tiered access to corporate data, servers and databases based on the device. Ensure again that no jail-broken or rooted devices are not allowed on the network and have tools that ensure that. Also address privacy issues of employees explaining how the solution being implemented will in no way track or log the employee online behavior or location during their non-office hours or when away from the office.

Tip #2: Educate users.


Manjunath M Gowda
“Got BYOD? Get control…agentless”

7 pain points to allow BYOD onto Enterprise network

Pain Point 1: as the name says, they are employee owned and all assumptions that IT made for company owned laptops falls flat. This means IT will have less control over the devices, their acceptable configuration, use & security

Pain Point 2: They are easily lost – they are small, light, very easy to use and your constant companion and you take it everywhere with you, be it to the cafĂ© be it to the pub, be it to any personal function or meetings or even to the mall. (a statistic says that 48% were lost during lunch or dinner at a mall)

Manjunath M Gowda
“Got BYOD? Get control…agentless”

Thursday, December 13, 2012

Why industry will move away from MDM way of securing BYODs and why privacy intrusion will be of much bigger concern than information security?

Before I say anything let’s see what people say it. Here are the results from the recent (2012) Harris survey to look at just that very issue. The survey revealed that employees are alarmed about employers’ ability to access and collect personally identifiable information through business-owned or employee-owned mobile devices.

The survey concluded that many employees are overwhelmingly concerned and would not want employers to have this access into their personal lives. The following provides a summary of what employees said about the issue:
  • 82% consider the ability to be “tracked” an invasion of their privacy
  • 76%  would not give their employer access to view what applications are installed on their personal device
  • 75% would not allow their employer to install an app on their personal phone which gives the company the ability to locate them during work and non-work hours
  • 82% are concerned to extremely concerned about their employers tracking websites they browse on personal devices during non-work time.
  • Only 15% are not at all concerned about employers tracking their location during non-work time
And this is what a US customer had to say:

“Privacy concerns are a major challenge for MDM and BYOD, as we found out at our hospital. We were looking to bring in a larger MDM system, but the doctors (who own the hospital) felt it was too intrusive since they all wanted to use their own devices, but didn’t want IT to have total control over them. Still, they wanted the ability to send HIPAA compliant patient info (mostly text messages) to admin and other doctors. We changed our strategy and started looking for individual apps to deal with the various security issues and the doctors didn’t feel it violated their ‘privacy’ which made it acceptable to them.”

If you look at today’s mobile device management solutions they have just replicated how the traditional IT used to work and that worked well. But there is a difference. Then IT owned the device and today they don’t own the device (BYOD). The rule is, “if you don’t own the device, you can’t dictate everything that is done on that device”. So enterprises have to deal with this whole issue of BYOD security with a new look.

Also with BYOD there is another new issue that needs to be addressed: privacy. Installing a client on a BYOD for monitoring should be a strict no-no considering all the privacy concerns it brings on. Whether the enterprise monitors them (devices) during their off-office hours or not is a separate issue but the concept of an employer provided monitoring client sitting on their device will definitely bother the privacy concerned employees which is north of 80%.

Not just privacy but you need to look into the legal aspect too. Lot of MDMs provides the ability to IT to track location coordinates of the device. In some countries there are privacy laws which prohibit doing this. Not just doing but having the ability to do so.

BYOD is bringing in a new era of consumerization of the IT. Devices belong to employees so does the apps which connects to the enterprise applications and servers and databases. What IT today should look into mainly is the security aspect of all. What IT should not do is never compromise the privacy of the employees and in my opinion will be much bigger (atleast the legal bills) issue than the information security. This is where the new holistic way of thinking is the need of the hour as far as security due to BYOD is concerned. I believe in this new thinking, one should follow the data and not the device. It is a hard problem but technology can come to help here and one should use it to make sure all features and controls are implemented such a way that we don’t need a client sitting on the BYOD (that is the easy way to go) and there is no intrusion in any way to the privacy of the employee especially in no way they are tracked be it location or be it heir cyber trail during their non-office hours.

That's why I think the industry will move away from MDM and toward agentless way of doing security with keeping employees privacy at utmost importance, which will help move the security focus from the device to the data and the applications--where it should belong in reality.

Manjunath M Gowda
“Got BYOD? Get control…agentless”