• No results found

Technical Note. ForeScout MDM Data Security

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Technical Note. ForeScout MDM Data Security"

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

Technical Note

(2)

ForeScout MDM Data Security

Technical Note

Technical Note

ForeScout MDM Data Security

Contents

Introduction . . . .3

Data Security Requirements for BYOD . . . .3

ForeScout MDM Data Security Capabilities . . . .4

About ForeScout . . . .5

(3)

ForeScout MDM Data Security

Technical Note

Introduction

Mobile devices such as smartphones and tablets have entered the workplace en masse, quickly becoming essential tools for employees . These devices increase workforce productivity, improve sales enablement, and facilitate faster decision making by managers and executives . However, they also necessitate additional investments in IT infrastructure and management software, as well as the development of policies and procedures to effectively manage and secure them .

. . . .

ForeScout MDM Data Security

Any discussion of enterprise mobility invariably leads to talk of BYOD (bring your own device) programs and policies . BYOD programs allow employees, business partners and others to use personally selected and purchased devices to execute enterprise applications and access corporate data . According to Forrester, 48% of employees chose their smartphones without regard for IT support . A Gartner survey of CIOs expects 38% of all mobile devices used within the enterprise will be employee owned by 2014 .

While employees are overwhelmingly in favor of using personal devices in the workplace, IT managers have a tough time reconciling the confirmed security risks with anticipated productivity gains . In many cases, line of business (LOB) executives are breaking the tie and deciding that the business case presented by workforce mobility is simply too attractive to overlook .

This has forced IT managers to rethink the way they approach enterprise mobility . IT operations and IT security teams can no longer dictate which devices they will support, and have lost veto power over personally owned devices . They are being asked to embrace BYOD programs while ensuring personal devices do not compromise enterprise security or cause data leakage .

Data Security Requirements for BYOD

While mobile device management (MDM) software is important for managing the physical devices themselves, protection of corporate information on these devices cannot be neglected . Securing the information on mobile devices requires stricter controls than simply protecting the devices themselves . One of the more promising strategies for protecting information on mobile devices is segmentation and containerization of information and applications used for work and play . Containerization is a set of mechanisms that enforce separation between corporate and personal footprints on a device . It can be used to create encrypted folders and isolated containers (or sandboxes) to house sensitive information and corporate apps . For example, by placing a corporate email app in one of these security sandboxes, the program remains isolated and insulated against any actions taking place on unregulated portions of the device . IT managers can tailor custom policies for groups of users and/or devices for access to corporate data and apps .

Data security and segmentation controls offer smooth support for BYOD programs because employees retain device control and application choice outside corporate sandboxes . This ensures better security without compromising user experience, and embraces consumerization without ForeScout MDM provides on the go

employees with important corporate information at their fingertips — from broad distribution of company wide information to targeted information for specific stakeholders .

•Distribute quarterly sales and financial

documents to the Board of Directors and executive stakeholders .

•Update product and marketing

materials om real-time for sales teams so they don’t need to scramble to find the latest datasheet or competitive information .

Share company wide information such as training materials, emergency information and HR policies .

(4)

ForeScout MDM Data Security

Technical Note

ForeScout MDM Data Security Capabilities

ForeScout MDM™, powered by MaaS360, allows organizations to securely share and manage sensitive corporate information on mobile devices by tracking and managing personal and business footprints through a variety of mechanisms:

1. Corporate email configuration, management, and selective wipe: ForeScout MDM can

provision the corporate email account on devices and then selectively wipe corporate email and attachments on a device while leaving personal email, data, and photos untouched . ForeScout MDM email controls also allow organizations to restrict business emails and attachments from being emailed via personal email accounts . This keeps personal and business email data separate and eliminates a common data leakage issue, while providing a cost effective way for businesses to carefully manage corporate information in email .

2. Secure Document Container: ForeScout MDM can distribute and manage corporate

documents on mobile devices and stores them in an encrypted business container, separate from personal documents . Policies can be applied to either allow or restrict document sharing . Restricting sharing means corporate documents cannot be moved to other applications, emailed, or have screen captures performed on them . Any distributed document can also be centrally removed from the device, either individually or in bulk .

3. Mobile Application Management: ForeScout MDM provides an easy to use, on-device

enterprise app catalog with full operational and security lifecycle management of apps across mobile device platforms . This allows organizations to separate business apps from personal apps with the ability to remove any business application and its associated data individually or as part of a selective or full remote wipe .

4. Personal privacy settings: ForeScout MDM allows businesses to block the collection

of selected personal data — such as location and installed applications . This can be very important for some customers, especially in certain regions of the world where attitudes toward personal privacy are extremely strong . In some areas and industries, IT managers may not be allowed to track personal information (such as the user’s location and installed applications) even on corporate owned devices . ForeScout MDM facilitates such privacy controls .

Each of these data security controls can be applied on an individual, group, or full population of devices, allowing for highly segmented approaches to managing personal vs . business information for a variety of uses and user groups . For instance, hospitals use Secure Doc Sharing containerization technology to distribute sensitive medical information via mobile devices, ensuring that the documents remain securely encrypted within the ForeScout MDM doc container . All of the above functionality provides the ability to have integrated policies across email,

application, and document data management . For example, if a device is discovered to be lost or non-compliant (perhaps jailbroken), ForeScout MDM can automatically wipe all email and associated attachments, restrict or wipe any documents that are in the ForeScout MDM document container, and remove proprietary corporate applications that hold sensitive data — all based on a single automated rule predicated on a simple device attribute (jailbroken) identified in real time .

[MDM] platforms are expanding

deeper into enterprise mobile

software and documents

management support. Enterprises

should look not just at a vendor’s

MDM technology but also at how

well it can support enterprise

mobile needs.

Gartner, “Magic Quadrant for Mobile Device Management Software”, 17 May 2012, P. Redman, J. Girard & M. Basso

The containerization of individual

applications and files through

policy wrapping locks down

selected corporate content,

avoiding restrictions to the

user experience with native

applications.

(5)

ForeScout MDM Data Security

Technical Note

Technical Note

ForeScout MDM Data Security

. . . .

About ForeScout

ForeScout delivers pervasive network security by allowing organizations to continuously monitor and mitigate security exposures and cyber attacks . The company’s CounterACT appliance dynamically identifies and assesses all network users, endpoints and applications to provide complete visibility, intelligence and policy-based mitigation of security issues . ForeScout’s open ControlFabric™ technology allows a broad range of IT security products and management systems to share information and automate remediation actions . Because ForeScout’s solutions are easy to deploy, unobtrusive, flexible and scalable, they have been chosen by more than 1,500 enterprises and government agencies . Headquartered in Campbell, California, ForeScout offers its solutions through its network of authorized partners worldwide . Learn more at www.forescout.com.

. . . .

Conclusion

ForeScout MDM provides powerful capabilities that allow organizations to securely manage mobile devices as well as the information and applications on those devices . Using ForeScout MDM’s data security and privacy functions, IT managers can segment and manage corporate and personal

footprints on the same device . This empowers IT professionals and organizations to:

•Increase employee productivity through effective mobile device usage

•Improve user experience associated with mobile device use for corporate purposes •Deliver tailored mobile capabilities to different segments of the workforce

References

Download now ( PDF - 5 Page - 4.22 MB )

Related documents

DUBEX CUSTOMER MEETING

 Cannot support tier-1 MDM solutions Add MDM features to Mobile Security  MDM solution can push mobile security VPN profile to device  Leverage full. capabilities of tier-1

ForeScout MDM Enterprise

With an intuitive interface and easy to use workflows, ForeScout MDM Enterprise enables you to support the entire mobility lifecycle — from enrollment to configuration management,

The ForeScout Difference

Documents are distributed to the ForeScout MDM Enterprise Document Catalog on mobile devices, which is an encrypted document container that provides complete security, including

Embracing BYOD with MDM and NAC. Chris Isbrecht, Fiberlink Gil Friedrich, ForeScout

The BYOD Landscape 0% 10% 20% 30% 40% 50% 60% 70% 80% 90% 100% Having visibility into all devices used for work Securing corporate data on the device Potential employee privacy

Security and Compliance challenges in Mobile environment

– Policy & Security Management -- Manage password policies, device encryption, jailbreak and root detection. – Management Actions -- Selective wipe, full wipe, deny email

Cyber Security. John Leek Chief Strategist

Implement MDM Security Policies to address acceptable use, malware, encryption and right to wipe/destroy corporate data maintained on BYOD devices. Only compliant devices allowed

SysAid MDM User Guide for Android

 Wipe device: in the event that your mobile device is lost or stolen, your administrator can delete all data and restore the device to factory default settings.. SysAid MDM can

Daylite Server Admin Guide (Dec 09, 2011)

✴ Wipe: If a user lost their laptop and want to ensure that someone who finds it can't get to the live data by syncing the offline, then the administrator can wipe the