An Ingram Micro White Paper
August 2013
BYOD:
Leveraging Technology
Solutions to Alleviate Security
and Privacy Concerns
Table of Contents
Introduction ... 3 The Benefits of BYOD ... 3 Data Points to Widespread Concern over BYOD Security and Privacy ... 3-4 Best Practices for Achieving BYOD Security and Privacy ... 4-5 Leveraging Technology to Prevent BYOD Security and Privacy Breaches .... 5-6 Why Partner with Ingram Micro? ... 6-8 Ingram Micro and BrightPoint ... 8
3
BYOD: Leveraging Technology Solutions to Alleviate Security and Privacy Concerns
Companies around the globe are increasingly implementing bring-your-own-device (BYOD) strategies to keep employees happy and productive, and while concerns over security and privacy remain top of mind, technology solutions from leading vendors can help mitigate riskIntroduction
Today, companies of all sizes are looking ways to leverage bring-your-own-device (BYOD) as part of their overall IT strategies. According to Gartner, “by 2017, half of employers will require their employeesto supply their own devices for work purposes.” Gartner, Inc. “Bring Your Own Device: The Facts and the Future”, David A. Willis, May 2013.
Yet, despite tremendous growth in BYOD, CIOs and IT decision-makers still grapple with the concept, often debating how or whether to implement it within their enterprises. And, while many organizations are gaining a better understanding of the benefits of BYOD, security and privacy concerns remain top of mind.
This whitepaper looks at key trends in BYOD and recent studies pointing to demand for technology solutions that address security and privacy concerns. The whitepaper also offers best practices for mitigating BYOD security and privacy concerns, and how to leverage technology solutions that support this effort, including mobile device management (MDM);; endpoint and device security and anti-malware;; authentication;; virtualization and cloud computing;; data loss prevention (DLP);; and, gateway and network solutions such as VPN access, wireless infrastructure, agentless antivirus and network access control.
The Benefits of BYOD
While the concept of BYOD first emerged nearly a decade ago, the term became more prominently used in 2011 when major technology vendors including Citrix and VMware started weighing in on its benefits, and developing solutions to address the needs of IT enterprises migrating to BYOD.
“Many IT organizations are just now starting to realize the many benefits afforded by BYOD such as increased mobility, and greater efficiency and productivity,” says Donald Lupejkis, Technical Account Manager, Ingram Micro’s Networking and Security Business Unit. “Likewise, employees taking advantage of BYOD are reporting increased job satisfaction due to their ability to use their own devices and mobile business applications to access their e-mail, calendar, contacts and more, while in the office, on the road, or when working remotely, which is driving its growing popularity among workers.”
In fact, a recent study by Cisco Systems found that 78 percent of white-collar employees in the United States use their own PC, smartphone or tablet for work purposes. Yet, despite the prevalence of BYOD in the workplace, Gartner reports that in a recent survey, 33 percent of all organizations currently have BYOD policies in place for mobile devices (“Three Crucial Security Hurdles to Overcome When Shifting From Enterprise-Owned Devices to BYOD,” Dionisio Zumerle, December 2012). As such, there is widespread concern over how to protect the security and privacy of both corporate and personal data, when BYOD practices are initiated.
Data Points to Widespread Concern over BYOD Security and Privacy
When it comes to protecting the security and privacy of their employee’s mobile devices, organizations are most concerned with data breach and loss. Recently, 160,000 members of the Information Security Community on LinkedIn participated in a survey, “BYOD & Mobile Security 2013,” which found that despite the benefits of BYOD, a majority of companies are concerned that it will lead to unauthorized access and loss of corporate data.
In its May 2013 report, “Bring Your Own Device: The Facts and the Future”, Gartner reported “The risks of data leakage on mobile platforms are particularly acute and are now a bigger problem than malware. Mobile devices are designed to share data in the cloud and have no general purpose file system for applications to share, increasing the potential for data to be easily duplicated between applications and moved between applications and the cloud.”
Best Practices for Achieving BYOD Security and Privacy
Historically, IT organizations have used encryption techniques to secure mobile devices, and mitigate the risks of data loss and privacy breaches. Today, there are many new technologies and solutions, ranging from mobile device management to gateway and network security, that are available to help IT organizations prevent security and privacy breaches associated with BYOD. Yet, the reality is that IT departments often become overwhelmed keeping up with the demands of their organization, as evidenced by the “BYOD & Mobile Security 2013,” survey on LinkedIn, in which respondents said that when it comes to BYOD and the use of one or more mobile devices by employees, the biggest threat to mobile security is the strain placed on IT resources to manage these devices.
“Even with limited resources, the myriad of new technologies can help enterprises quickly and efficiently secure the personally
-owned mobile devices of their users,” continues Lupejkis. “However, I would caution them to not rely on technology alone to prevent security and privacy breaches, and instead look at the problem holistically by employing a few simple ‘best practices,’ to help further mitigate concerns over BYOD deployment.”
Some “best practices” include:
Identify the risks and costs of putting BYOD into place. Ask how BYOD may save the company time or money? Will there be added expenses due to the need for infrastructure or technology to support BYOD? Will those costs outweigh the proposed savings? What about security and privacy? How would a data loss or breach effect the company’s reputation or bottom line? Ask employees and the organization’s management team if BYOD is something that the company needs or desires? Will BYOD improve employee productivity or enhance morale? Will it make it easier for employees to do their jobs?
Ask employees what type of mobile devices they currently own for personal use? Are they using smart phones, tablets or mobile computers? The type of device will determine the approach that should be used to protect both security and privacy. Evaluate which applications will be acceptable, and comply with the organization’s risk profile. With the understanding that not every employee’s needs will be satisfied, IT organizations should determine which applications they will have access to on their mobile devices, and what types of data they will be able to access via these applications.
Determine whether any of the employees are already accessing company information from their personal mobile devices to make their jobs easier. If this is the case, look at how much access the employees currently have, and what would happen if any of these devices were compromised. How much with it cost the company to rectify the situation? How would it impact the organization’s reputation? It is advisable to create “ad-hoc” policy until a more formal policy can be put into place.
Develop a BYOD policy to ensure that employees are using their devices and applications in compliance with the standards that have been set by the organization. Collaborate with the organization’s Chief Security Officer (CSO), CEO, legal and communications teams to ensure that the entire organization is aware of the BYOD policy and its requirements.
5
Additionally, consider developing a BYOD privacy policy to ensure that employees fully understand to the extent of which the organization will have access to their personal mobile devices.
Once an IT organization has its BYOD policies in place, it should also:
Evaluate the tools that are already available on the mobile devices or the applications that are used by your organization to help secure these devices. Some operating systems provide the capability to remotely disable features such as Wi-Fi and Bluetooth, or wipe lost or stolen devices.
Consider putting MDM tools into place that support the remote set-up of firewall connectivity, push security updates and custom applications to mobile devices used by the organization’s employees, and remotely monitor devices that have access to the organization’s networks.
Require employees to secure their mobile devices with strong passwords to protect the security and privacy of the device, in the event that a device is lost or stolen.
Isolate the applications that employees need for work, and prevent them from accessing the organization’s networks via non
-approved applications. This will help to prevent the proliferation of malware and viruses across the enterprise. Additionally, require all employees to have anti-malware software installed on their mobile devices.
Provide the IT administrator with mandatory access to all mobile devices. This will help to quickly prevent or mitigate damage from any malware related events.
Leveraging Technology to Prevent BYOD Security and Privacy Breaches
As mentioned previously, there are a number of technology solutions available today to support IT organizations in mitigating the threat of BYOD security and privacy breaches.
Some of the most common ones include endpoint solutions such as mobile device management (MDM);; endpoint and device security and anti-malware;; authentication;; virtualization and cloud computing;; data loss prevention (DLP);; and, gateway and network solutions such as VPN access, wireless infrastructure, agentless antivirus and network access control.
Mobile Device Management (MDM): With MDM software, organizations are able to secure, monitor, manage and support mobile devices deployed across mobile operators, service providers and enterprises. By controlling and protecting the data and configuration settings for all mobile devices that are accessing an organization’s network, MDM can reduce support costs and business risks.
Endpoint and device security and anti-malware: Traditionally thought of as a means for protecting the desktop, organizations can leverage endpoint security and anti-malware to provide mobile data and applications. These flexible control technologies protect against viruses, spyware, Trojans, worms, bots and a wide range of other threats.
Authentication: Software that uses passwords, digital certificates or public key infrastructure can help organizations secure mobile devices and ensure that the user is authorized to be accessing the device or its data.
Virtualization and Cloud Computing: Virtualization and cloud technologies support organizations in connecting their devices using BYOD. By storing data “in the cloud,” also known as virtual data centers, organizations can provide their employees with to access to data from virtually anywhere, using an Internet connection. Furthermore, when users access data via virtual desktops housed on their mobile devices, the data never actually leaves the data center, increasing security and preventing data loss or breach.
Data loss prevention (DLP): DLP technologies are used to prevent the loss and breach of customer information, personal employee information, and important company data.
Gateway and Network Solutions: VPN access, wireless infrastructure, agentless antivirus and network access control solutions that are installed on mobile devices such as smartphones and tablets can provide security protocols that control the type and degree to which these devices are given access to enterprise resources, which can help to prevent data loss and breach.
Why Partner with Ingram Micro?
“One of the key benefits of working with Ingram Micro is our ability to leverage our vendor partnerships to present multi-vendor solutions,” continues Lupejkis. “In our experience, we have found that there is no ‘one size fits all’ BYOD solution, and no single vendor can address each and every one of the unique requirements presented by organizations looking to integrated BYOD into their overall IT strategies.”
Through its partnerships with leading technology vendors including Cisco;; Dell™ SonicWALL™;; D-Link;; Fortinet;; Juniper Networks;; Kaspersky Labs, McAfee, Trend Micro, WatchGuard and Websense®, Ingram Micro enables its IT reseller and solution provider partners to assist their CIO and IT decision-makers clients in navigating through the complexities of BYOD, and addressing the security and privacy concerns that keep them up at night.
Cisco
Cisco security innovations provide highly secure firewall, web, and email services while helping to enable mobility and teleworking. Ingram Micro’s portfolio of Cisco security solutions includes Adaptive Security Appliance (ASA);; Intrusion Prevention Systems (IPS);; Virtual Security Gateway (VSG);; IronPort Data Loss Prevention;; Meraki Cloud Managed Solution;; Network Admission Control (NAC);; and, Access Control Server (ACS).
Dell SonicWall
Dell SonicWALL security solutions enable organizations of all sizes to secure their network, systems, users and data with a deep level of protection that won't compromise network performance. Ingram Micro resellers and solution providers can leverage SuperMassive™ and TX firewall series;; NSA series network security applications;; SRA VPN SSL appliances;; ESA series e-mail security appliances;; GMS series analyzer and scrutinizer software;; and, SonicPoint secure wireless access points (WAPs).
D-Link
D-Link offers unified wireless networking solutions that enable small and medium-sized businesses to create highly mobile, highly
productive work environments at a low total cost of ownership. D-Link’s DWC-1000 Unified Wireless Controller, for example, is
designed to help organizations manage and coordinate multiple access points (APs), which are becoming increasing common with the proliferation of BYOD. The DWC-1000 is a cost-effective mobility solution for small to medium-scale environments.
7
Its auto-managed AP discovery and single point management allow customers to acquire an enterprise class system without the burden of executing massive and complex configurations. With a robust and comprehensive security detection system, the DWC
-1000 also enables managed APs to block potential attacks from unauthorized users and devices, especially for wireless environments.
Fortinet
Fortinet’s UTM and next generation firewall network security appliances provide a powerful blend of Application Control, IPS, Antivirus, Botnet and DDoS protection, Web Filtering and Messaging Security, along with centralized network security management and reporting solutions. Ingram Micro offers FortiGate series firewalls;; FortiAnalyzer logging, analyzing and reporting solutions;; FortiWeb Web application and XML firewalls;; FortiToken two-factor authentication solutions;; FortiAP enterprise class wireless access points (WAP);; FortiMail e-mail security;; FortiManager centralized security management;; FortiScan vulnerability management;; FortiClient endpoint security management;; and, FortiAuthenticator user identity management appliances.
Juniper Networks
Offering a broad product portfolio that spans routing, switching, security, application acceleration, identity policy and control, and management, Juniper Networks provides its customers with unmatched performance, greater choice, and true flexibility, while reducing overall total cost of ownership. Juniper Networks products and solutions include SRX Services Gateways;; SSG VPN
security platforms;; IDP Intrusion Detection and Prevention Appliances;; MAG Series Junos Pulse Gateways for policy-driven security enforcement;; Mykonos Web Security;; vGW Virtual Gateway security solutions;; STRM Series Security Threat Response Manager;; and, Trapeze WLA, WLC and WLM wireless LAN access controllers.
Kaspersky Lab
In 1999, Kaspersky Lab was the first company to introduce integrated antivirus software for workstations, file servers and application servers running on Linux/FreeBSD operating systems. Kaspersky Endpoint Security for Business is a platform that
delivers a broad array of tools and technologies to enable companies to see, control and protect all endpoint devices. It combines its technologies and tools into four tiers, each of which adds its own layer of protection against cyber-threats. The first level, Core, contains award-winning anti-malware technologies. Next come the Select and Advanced tiers, offering modern endpoint control and encryption. Finally, Total level security provides the best protection for each area of the network – web, mail and collaboration servers alike. At every level the Kaspersky Security Network provides powerful cloud-assisted protection to every
component, and Kaspersky Security Center tools help IT specialists to manage the whole company’s IT defenses from a single console.
McAfee
Offering proactive and proven security solutions and services, McAfee leverages an innovative approach to hardware-enhanced security, and a unique Global Threat Intelligence network to help business keep their systems, networks and mobile devices safe. Through Ingram Micro’s partnership with McAfee, resellers and solution providers can leverage McAfee’s suite of endpoint security solutions for desktops and mobile devices;; DLP data loss prevention solutions;; E-Mail and Web Security Appliances;;
Sidewinder Firewall Enterprise solutions;; MOVE Antivirus;; Network Security Manager;; ePO ePolicy Orchestrator;; Security Information and Event Management;; and, Mobile Device Management/Mobile Device Security solutions.
Trend Micro
Trend Micro develops Internet content security and threat management solutions that make the world safe for businesses and consumers to exchange digital information. Its products and solutions include threat detection and prevention, powered by Smart Protection Network cloud security infrastructure to rapidly and accurately collect and identify new threats;; data protection that combines data loss prevention, device control, encryption and key management with contextual awareness secures data across physical, virtual and cloud environments;; and, infrastructure support that secures data as it moves between platforms or cloud vendors, regardless of access device, enables customers to take full advantage of improvements in IT infrastructures.
WatchGuard
WatchGuard builds affordable, all-in-one network and content security solutions to provide defense in depth for corporate content, networks and the businesses they power. WatchGuard's award-winning Extensible Threat Management (XTM and XTMv) network security solutions combine firewall, VPN, and security services to protect networks from spam, viruses, malware, and
intrusions. The new Extensible Content Security (XCS and XCSv) appliances offer content security across email and web combined with data loss prevention for complete content protection. Available as physical appliances and as virtual editions,
WatchGuard extensible solutions scale to offer right-sized security for small businesses up to enterprises with 10,000+ employees.
Websense
Websense’s TRITON® comprehensive security solutions unify web security, email security, mobile security and data loss prevention (DLP) at the lowest total cost of ownership. Tens of thousands of enterprises rely on Websense TRITON security intelligence to stop advanced persistent threats, targeted attacks and evolving malware. Websense prevents data breaches, intellectual property theft and enforces security compliance and best practices.
Ingram Micro and BrightPoint
In October 2012, to better support its customers in meeting the opportunities and challenges presented by BYOD, Ingram Micro acquired BrightPoint. Through this acquisition, Ingram Micro reseller and solution provider partners now have access to the industry’s widest converged technology and mobility product portfolio. Rebranded as Ingram Micro Mobility, BrightPoint is now the largest global player in the mobility distribution and mobility supply chain industry, providing Ingram Micro partners with access to the broadest portfolio of mobility and converged technology products and the most comprehensive suite of device lifecycle services. With this increased access, partners will continue to be empowered to reach new channels, broaden service offerings and optimize your supply chain.
For more information on BYOD IT security solutions from Ingram Micro, visit www.ingrammicro.com/itsecurity or contact Don Lupejkis at (716) 633-3600 x66314 or Donald.Lupejkis@IngramMicro.com.
© 2013 Ingram Micro Inc. All rights reserved. Ingram Micro and the Ingram Micro logo are trademarks used under license by Ingram Micro Inc. All other trademarks are the property of their respective companies. Products available while supplies last. Prices subject to change without notice. 2/13 MH2013.1500
