Mobile Device
Management-
What to Know, What to Do
Michael F. Finneran
Mobile Policy Development
What you really need is a mobility plan- possibly different
plans for company-owned and user-owned devices.
The “Mobility Policy” is simply where we write down the
rules, roles, and responsibilities
2
Mobility Policy
Mobility Policy
Lifecycle Management
Selection, Purchasing and Procurement Provisioning/Enrollment Awareness) User Acceptance Provisioning/Enrollment Set-up Delivery Training (Security Awareness) User Acceptance Ongoing Management Ongoing Management Security Maintenance Applications Maintenance Expense Management Help Desk End End-of-Life Secure wipe Recycle/Release Replacement 3
Mobile Device Management (MDM)
Can be a major element in
both managing and securing mobile assets
Pioneered by BlackBerry with
the BES, now expanding to all platforms with BYOD
Capabilities vary with the
mobile operating system
SaaS and premises options
available, $10 to $85 per device per year
4
MDM Status
BlackBerry versus the “Rest of the World”
BES now supporting iOS and Android devices on BES 10 (formerly
“Fusion”)
There are still BlackBerry fans out there either by choice or
“compulsion” (e.g. government and financial services)
Currently about 39% of organizations have MDM systems, but many more plan to acquire them
Fragmented Market:
Gartner found over 100 MDM vendors
Microsoft’s Exchange Active Sync (EAS) and IBM’s Lotus Notes Traveler provide push email, password enforcement, password strength, and remote wipe- “What else do you need?”
5
MDM Functions
Asset Management: View devices, carriers, IMEI’s, phone
numbers, installed apps, usage information, etc
On-boarding/Cancellation: Methods used to add new
devices to the system (on-boarding), self-service capabilities, interface to directories (AD, LDAP),
termination procedures, check user abilities to override
Software Management: Internal app store, manage
updates, white-/black-lists, jailbreak/rooting detection, anti-malware
Configuration Management: Centralized configuration of
settings and registry entries, certificates, Wi-Fi profiles, etc. typically done by policy groupings
6
MDM Functions
Security Management: Enforce power-on-password,
password strength, idle timeout, onboard encryption
(including SDI card), remote locking, geolocation for lost devices, “sandboxing” for corporate data, and ability to wipe of all or part of the data stored on the device
Performance & Diagnostics: Memory, battery, and
network information along with reporting and alert capabilities
Back-up & Restore Device: In the event of major
malfunction
Expense Management: Monitor and alert for heavy usage
(e.g. streaming video while traveling overseas)
7
Applications Security
App Distribution: Public, In-house, Secure
Whitelist/Blacklist/Mandatory
Jailbreak/Rooted Device Detection
Pushing Updates
Anti-malware
8
Mobile Malware Threats
9 Source: McAfee Threats Report- Third Quarter 2013
Malware Threats
10 Source: McAfee Threats Report- Third Quarter 2013
Active Sync/Notes Traveler Option
Microsoft’s Exchange Active Sync (EAS) and IBM’s
Lotus Notes Traveler can provide “the basics”
Password enforcement Password strength
Remote wipe- Total!
Information Week Survey on Mobile Security
35% of EAS users relying on it for password policy
enforcement and remote wipe capability
23% have a separate MDM system
11
MDM Plans and Installations
12 Does your organization have or plan to acquire a mobile device management system?
www.dbrnassociates.com | © 2013, dBrn Associates, Inc.
Source: InformationWeek 2013 Mobile Security Survey of business technology professionals, April 2013 Base: 352 respondents who had knowledge of their organization's MDM plans
Yes, we have an MDM system, 39% Yes; within the next 12 months, 19% Yes; within the next 24 months, 17% No, 25%
Devices Supported with MDM
13
Source: InformationWeek 2013 Mobile Security Survey of business technology professionals, April 2013 Base: 262 respondents currently, or planning to use, a mobile device management system
Which of the following mobile platforms are, or will be, supported by your MDM system?
www.dbrnassociates.com | © 2013, dBrn Associates, Inc.
88% 80% 53% 39% 32% 27% 7% Apple iOS
Gartner’s Magic Quadrant for MDM
14 Changes from 2011
Mobile OS Variables
15
Not All Mobile O/S’s Are Equal
Need on device encryption and the ability to
manage them remotely
On Device Encryption:
BlackBerry: All models iOS 3.0 and up Android 3.0 (Tablets Only) and 4.0 and up Windows Phone 8 and up
16
BlackBerry
Pioneer in enterprise mobility (and still has 76 million
users worldwide)
Strong loyalty in government and financial services
Benefit of controlling both the mobile O/S and the
MDM solution (i.e. BES):
BlackBerry Balance: Best integrated dual persona capability
Still marketing the MVS FMC solution
Some interest in BES 10 as a multi-platform MDM
solution
17
Samsung SAFE/Knox
Samsung has set up a separate marketing group
specifically to target enterprise customers
SAFE
TM(Samsung for Enterprise)
o Virtual Private Network (VPN) connectivity o On-Device Encryption
o MDM Partners:
o MobileIronTM, SAP, SOTI® MobiControl; AirWatch and Cisco in
process
Samsung Knox
TMo
Dual Persona- Secure Container
o
App Management
o
On Device Encryption, VPN, DLP
18
www.dbrnassociates.com | © 2013, dBrn Associates, Inc.
Apple
While Android has passed them in the overall
market (3-to-1 worldwide), still the most popular
choice in the enterprise
There are now more company-provided iPhones
than BlackBerrys- Android is in third
While clearly not enterprise focused, quietly added
on-device encryption and MDM access in iOS 3.0
Few developments in 2012- the “Apple Mystique”
may be fading
19
Windows Phone
Decent product- needs to gain some traction
Latest version, Widows Phone 8, has on device
encryption and MDM hooks
Tough market to crack, but also hard to hold a lead-
Palm to BlackBerry to iPhone to Android in 12-years!
20
Mobile Device
Management-
What to Know, What to Do
Michael F. Finneran
