Reduce Business Risk by Deploying EMM Solutions with Conditional Access Capabilities

Chicago

EMM solutions that deliver conditional access to desired services like email, storage and cloud services motivate BYOD users to enroll.

Let’s face it, your BYOD employees aren’t too thrilled about installing an EMM app, agent or container on their device. It feels like an intrusion on one of your most personal possessions and breeds mistrust. That said, the BYOD world is all about gives and gets. Unless your company enforces a corporate-liable policy and buys every employee a smartphone, a compromise must be made to ensure the security of corporate data. This is where the use of the carrot comes into play.

While the BYOD trend was initially about allowing employees to use their mobile devices for work, the trend has shifted. Now you encourage your employees to use their devices because it makes them more productive anywhere, anytime. Whether your company is just allowing or actually encouraging employees to use their devices for work, you have to overcome the “hassle factor” and suspicions of company spying that deters them from EMM enrollment.

First, your Mobile COE must perform exhaustive due diligence to select the most unobtrusive EMM package available with the fewest steps to install that still meets your company’s needs. Next, this system must prohibit access to the systems, apps and data employees want most until they enroll. Some packages even limit access via MAM functionality. Anyway, if you want email, you have to enroll. If you want to access SharePoint, you have to enroll. You get the idea. Gives and gets.

Reduce risk to your business by restricting corporate system access to only those devices enrolled in an EMM solution. What is your company doing to prevent unmanaged devices from accessing sensitive data?

Learn how to digitally transform your company in my newest book, “Mobile Strategies for Business: 50 Actionable Insights to Digitally Transform your Business.”

Book Cover

Click to purchase a copy of my book today and start transforming your business!

Sharing my knowledge and helping others never stops, so connect with me on my blog at http://robtiffany.com , follow me on Twitter at https://twitter.com/RobTiffany and on LinkedIn at https://www.linkedin.com/in/robtiffany

Reduce Risk to Your Business by Ensuring Your EMM Package can Block Malicious Apps

Omaha

To prevent malicious apps from attacking corporate assets, get an EMM solution that disables app stores while blacklisting and whitelisting apps.

Despite what you’re thinking, malicious apps may be one of the biggest threats your mobile enterprise will face. You might believe that device encryption, the use of a PIN to logon and utilizing a VPN to connect to your corporate network means your safe. You’re not.

Within the security envelope your device has created, a rogue app could still drive a truck through your VPN tunnel and attack internal assets. Users routinely download apps without paying attention to the list of permissions and capabilities the app is asking for. They can’t be bothered. What could possibly go wrong with the simple drawing app that somehow needs network access and the ability to read your contacts?

While it’s the job of your company’s mobile COE to vet apps used by employees for work, it’s good to have a backup plan. When performing due diligence on EMM packages for your company, make sure blacklisting and whitelisting are supported to prevent users from downloading objectionable apps. Additionally, EMM packages must prevent rogue apps from launching in the event an employee has already downloaded it. To ensure employees can only use a curated, internal enterprise app store, the ability to disable access to public app stores may also be a requirement. Clearly, this flies in the face of BYOD and some employees may reject having this functionality on their device. Containers may be better in some cases.

Protect corporate systems and reduce risk to your company by blocking apps containing code that can inflict harm. What is your organization doing to protect itself from malicious apps unwittingly downloaded by employees?

Learn how to digitally transform your company in my newest book, “Mobile Strategies for Business: 50 Actionable Insights to Digitally Transform your Business.”

Book Cover

Click to purchase a copy of my book today and start transforming your business!

Sharing my knowledge and helping others never stops, so connect with me on my blog at http://robtiffany.com , follow me on Twitter at https://twitter.com/RobTiffany and on LinkedIn at https://www.linkedin.com/in/robtiffany

Reduce Corporate Risk by Enforcing Security Policies on Mobile Apps with MAM

Oklahoma City

To enforce policies on individual mobile apps, get an EMM solution with MAM capabilities to prevent data leaking from corporate to personal.

Mobile App Management (MAM) allows IT departments to protect corporate data without having to manage the whole device like you would with MDM. Since apps are the delivery mechanism of business data to employees, the thinking is, if you can lock down the apps, you can lock down the data. You may not need MDM anymore.

The BYOD phenomenon has IT departments concerned about the co-mingling of personal and business apps and data. EMM and mobile operating system vendors have tackled this data loss prevention (DLP) problem with variety of approaches ranging from the use of a Chinese wall to proprietary versions of public apps. The MAM component of EMM delivers:

  • An enterprise app store where employees can select internally and externally developed apps and websites
  • Encrypted containers dividing a mobile device into business and personal workspaces where data cannot be shared
  • Ability to allow or block the opening of business documents and the copying & pasting of data between apps
  • Selective wipe of corporate email, apps, data, certs and management policies
  • Secure PIM
  • App wrapping with or without an SDK
  • Apps that prompt for a PIN for devices that aren’t configured to prompt for credentials

Reduce risk to your organization by securing your mobile apps and the data they deliver to your employees with a protective envelope. What is your organization doing to mobile apps and data safe?

Learn how to digitally transform your company in my newest book, “Mobile Strategies for Business: 50 Actionable Insights to Digitally Transform your Business.”

Book Cover

Click to purchase a copy of my book today and start transforming your business!

Sharing my knowledge and helping others never stops, so connect with me on my blog at http://robtiffany.com , follow me on Twitter at https://twitter.com/RobTiffany and on LinkedIn at https://www.linkedin.com/in/robtiffany

Reduce Company Expenses and Enforce Mobile Security with Exchange Active Sync

Houston

If you don’t have an Enterprise Mobility Management solution, start with Exchange Active Sync to enforce device policies and security.

Baby steps. While you might not say Microsoft Exchange Server in the same breath as enterprise mobility management, this product has managed more devices than any other system over the last decade. Since most enterprises already use Active Directory for identity coupled with Exchange Server on-premises or via Office 365 in the cloud for email, calendar and contacts, this is a simple way to get started. A protocol called Exchange ActiveSync (EAS) that dates back to the Pocket PC and is used by virtually every mobile operating system to allow the magic to happen.

So what does this have to do with managing devices? Well, EAS helps secure smartphones and tablets via policy enforcement. This allows you to require PINs and passwords, device and storage card encryption, remote wipe for lost or stolen phones, and S/MIME email encryption, to name a few. It also lets you disable features like a phone’s camera, removable storage, Wi-Fi, Bluetooth, SMS and others. If you’ve worked in the public sector, this probably rings a bell.

If you think managing your mobile devices via Exchange ActiveSync is unorthodox, remember this was the only way to manage iPhones until iOS 4 and Android until version 2.2 was released. I think EAS facilitated the BYOD movement more than any other factor.

Reduce expenses and risk to your company by enforcing security policies on your mobile devices using the capabilities found in an email server you probably already own. What basic steps has your organization taken to enforce mobile security on smartphones and tablets?

Learn how to digitally transform your company in my newest book, “Mobile Strategies for Business: 50 Actionable Insights to Digitally Transform your Business.”

Book Cover

Click to purchase a copy of my book today and start transforming your business!

Sharing my knowledge and helping others never stops, so connect with me on my blog at http://robtiffany.com , follow me on Twitter at https://twitter.com/RobTiffany and on LinkedIn at https://www.linkedin.com/in/robtiffany

Reduce Business Risk by Protecting Corporate Assets and IP from BYOD Employees

Los Angeles

Send “Bring your own Device” BYOD employees to the Internet via a separate Wi-Fi network versus giving them direct access to internal servers.

Many companies today have a guest network. This is a separate Wi-Fi network that visitors use to access the Internet when they come meet with employees. Some of these guest networks require a password given to them by the person at the front desk and others don’t use security.

Now imagine a guest network on steroids serving all your mobile employees when they’re in the office and extending the data plans on their personal devices.

I’m sorry, but I still don’t believe in the concept of the trusted enterprise wireless network where mobile employees have direct access to internal servers. Compromised mobile devices and apps can unwittingly attack those networks and servers. Send them out to the Internet and have them come back into the Intranet through a secure path. Your company has already spent a lot of time and effort creating a secure Extranet for employees who need remote access. Put your reverse proxies, firewalls, routers, VNETs and switches to use for all mobile employees. Instead of maintaining two classes of access to internal resources, just reuse the one you already have.

Moving into the future, Intranet resources will disappear as everything migrates to the cloud. Concepts like remote access and internal servers will vanish and your super-fast guest network will look like a stroke of genius.

Reduce Risk to you corporate assets and intellectual property by blocking direct Wi-Fi access to Intranet resources. Is your organization allowing employees to access internal servers with their personal mobile devices?

Learn how to digitally transform your company in my newest book, “Mobile Strategies for Business: 50 Actionable Insights to Digitally Transform your Business.”

Book Cover

Click to purchase a copy of my book today and start transforming your business!

Sharing my knowledge and helping others never stops, so connect with me on my blog at http://robtiffany.com , follow me on Twitter at https://twitter.com/RobTiffany and on LinkedIn at https://www.linkedin.com/in/robtiffany

Improve Employee Productivity by Enhancing Corporate Infrastructure to Support BYOD

SanDiego

The “Bring your own Device” (BYOD) phenomenon has moved employees from 1:1 PC computing to 5:1 mobility requiring enhanced infrastructure & cloud workloads.

More and more BYOD employees are using their own laptops, tablets and smartphones to access corporate data, apps and other services to do their jobs. It started with email in the early 2000s, progressed to synched calendars and contacts, the mobile web and then an explosion of apps. This transformation took employees from Ethernet-connected PCs to multiple, wireless-connected mobile devices.

Imagine you live in a city with 100,000 citizens. Over the course of just a few years, the population swells to 500,000. Asleep at the wheel, city leaders and civil servants didn’t build new roads, add mass-transit, increase the sewer systems or deploy new power cabling to meet the needs of this larger city. This reflects the infrastructures of most corporations today.

The BYOD tsunami combined with the impact of the Cloud and IoT requires significant infrastructure upgrades in order to cope:

  • More bandwidth via redundant, Internet connected and private fiber circuits.
  • Faster routers, switches, proxies and firewalls with increased capacity.
  • A managed Wi-Fi infrastructure using multiple channels, higher access point density and the most bandwidth possible.
  • Dramatically beefed-up DNS, email and line of business servers with shorter DHCP leases.

Improve User Productivity by building a corporate infrastructure that supports the unique needs of today’s BYOD workforce. What kinds of improvements has your organization made to its infrastructure to handle of onslaught of mobile and IoT devices?

Learn how to digitally transform your company in my newest book, “Mobile Strategies for Business: 50 Actionable Insights to Digitally Transform your Business.”

Book Cover

Click to purchase a copy of my book today and start transforming your business!

Sharing my knowledge and helping others never stops, so connect with me on my blog at http://robtiffany.com , follow me on Twitter at https://twitter.com/RobTiffany and on LinkedIn at https://www.linkedin.com/in/robtiffany

Reduce Business Risks by Creating a Corporate Mobile Center of Excellence

Create a corporate mobile center of excellence to create processes, establish governance & develop a matrix of supported devices.

Your transformation must begin with your people!

Despite the growing maturity of mobile technologies in the enterprise, most organizations have been unable to put the governance in place needed to make mobility work well for employees and employers alike. When BYOD users don’t know the rules for using their devices at work, it’s the same as having no rules at all.

The most important step you can take is to create a mobile center of excellence (COE) comprised of employees from most of your different business units and IT. This team will create processes that make the best use of your technology:

  • Creating a matrix of supported devices that meet the company’s app, security and management needs
  • Creating a document that spells-out all mobile policies and procedures
  • Defining how telecom expenses will be covered via stipends or reimbursements as well as international roaming policies
  • Performing due diligence on the selection of app development, backend integration and device management packages
  • Defining wireless LAN, WAN and cellular standards as well as negotiating plans with mobile operators

Establishing a Mobile Center of Excellence will not only reduce risk to your company by clearly spelling-out what your employees can and cannot do, but it will also improve employee productivity by eliminating all the “guess work.” What steps is your organization taking to assemble relevant stakeholders to build a mobile COE?

Learn how to digitally transform your company in my newest book, “Mobile Strategies for Business: 50 Actionable Insights to Digitally Transform your Business.”

Book Cover

Click to purchase a copy of my book today and start transforming your business!

Sharing my knowledge and helping others never stops, so connect with me on my blog at http://robtiffany.com , follow me on Twitter at https://twitter.com/RobTiffany and on LinkedIn at https://www.linkedin.com/in/robtiffany

Mobile Strategies for Business is Now Available

Book Cover

I’m pleased to announce that my newest book, “Mobile Strategies for Business: 50 Actionable Insights to Digitally Transform Your Business” is now available.

Mobile Strategies for Business is the first book to clearly explain how executives can digitally transform their organization through a simple, step-by-step process.

The mobile tidal wave has permanently transformed the consumer world and now it’s washing up on the shores of the enterprise. This drives the need for an enterprise mobile strategy to mobilize existing applicationsmodernize infrastructuresbuild new apps for employees and customers, and bring order to your environment via enterprise mobility management. Mobile Strategies for Business guides you through this transformation and drives positive outcomes including reducing expensesimproving employee productivityincreasing revenueboosting user engagement and reducing risk.

Based on the top 50 most important enterprise mobility concepts spanning four major topic areas, Mobile Strategies for Business is the first book to clearly explain how to digitally transform your business through a simple, step-by-step process.

You’ll learn how to address the following organizational challenges:

  • How to transform IT infrastructures that are wholly unprepared to deliver on the promise of Mobile and IoT for employees and customers. Learn how to enhance performance, scalability, bandwidth and security to support today’s mobile and cloud workloads.
  • How to reconcile the convergence of the Bring Your Own Device (BYOD) phenomenon and the need to keep corporate data secure. Learn how to support the flexible work styles of your mobile employees while keeping everything safe.
  • How to migrate the millions of out-of-date, insecure and unsupported desktop and Web 1.0 apps that currently run global business to run on modern mobile platforms. Learn how to unchain your line of business apps and web sites from the desktop and move them to the mobile devices your employees actually use.
  • How to rapidly build mobile enterprise apps that run on any platform and work with data from any backend system. Learn how to mobile-enable your existing systems and data to empower your mobile employees and reach out to your mobile customers.

Back Cover

Mobile Strategies for Business is a project plan and an implementation guide allowing your organization to digitally transform so it can ride the mobile wave to employee and customer success. Along the way, it builds a future-looking foundation that prepares your organization for successive technology tidal waves that will impact your business, workforce and customers.

What is your organization doing define and execute on a mobile strategy? It’s time to empower your mobile workforce.

Click to purchase a copy of my book today and start transforming your business!

Sharing my knowledge and helping others never stops, so connect with me on my blog at http://robtiffany.com , follow me on Twitter at https://twitter.com/RobTiffany and on LinkedIn at https://www.linkedin.com/in/robtiffany

Microsoft Enterprise Mobility Management (EMM) is Here

iPad Portal

I’m pleased to announce the release of Microsoft’s Enterprise Mobility Management (EMM) solution comprised of Windows Server 2012 R2, System Center Configuration Manager 2012 R2 and Windows Intune.

In this article, I’ll walk you through each EMM component and illustrate the respective Microsoft capabilities.

Mobile Device Management (MDM)

This is the most general type of management where IT can apply policies, configurations, provisioning, and settings to mobile devices enrolled with an on-premise MDM server or cloud-based service.

The Microsoft MDM solution interfaces with the management APIs exposed by the various mobile operating systems.  As with all MDM offerings on the market, this means there are variations in management capabilities across operating systems since each exposes a different set.

Policy settings for enrolled devices include:

  • Requiring passwords and associated configurations and restrictions
  • Enforcing device encryption
  • Allowing cameras, web browsers on iOS and Android
  • Allowing iCloud backup and document sync on iOS
  • Content ratings on iOS
  • Allowing cloud settings and credential sync on Windows 8.1
  • Internet Explorer settings on Windows 8.1
  • Allowing voice and data roaming on iOS
  • Deployment of user and device certificates for managed devices by using the Simple Certificate Enrollment Protocol (SCEP). These certificates can be used to support Wi-Fi and VPN connections.  Supported devices include those running iOS, Windows 8.1 and Windows RT 8.1, and Android.  Learn more on TechNet: http://technet.microsoft.com/en-us/library/dn261202.aspx
  • Deployment of VPN profiles that provision devices with the settings and certificates that they need to access corporate networks.  Supported devices include those running iOS, Windows 8.1, Windows RT and Windows RT 8.1.  Learn more on TechNet:  http://technet.microsoft.com/en-us/library/dn261217.aspx
  • Deployment of Wi-Fi profiles that provision devices with the settings and certificates that they need to access corporate Wi-Fi hotspots.  Supported devices include those running iOS, Windows 8.1, and Windows RT 8.1, and Android.  Learn more on TechNet:  http://technet.microsoft.com/en-us/library/dn261221.aspx
  • Jailbroken iOS devices and rooted Android devices are detected

A comprehensive matrix of supported policies per device can be found on TechNet:
http://technet.microsoft.com/en-us/library/dn376523.aspx

In addition to Remote Wipe which removes everything from a device, we also have Selective Wipe which removes company apps, data and management policies from the mobile device while leaving personal apps and data untouched.  Learn more on TechNet:  http://technet.microsoft.com/en-us/library/jj884158.aspx#bkmk_dev

Mobile Application Management (MAM)

A more specific type of management, MAM focuses on delivering native apps from a corporate app catalog to an employee device while giving IT the power to selectively remove downloaded apps and associated data without touching personal apps and data.

Microsoft provides a Company Portal (Self Service Portal) that is downloadable from the Windows Store, Apple App Store, and Google Play.  Windows 8/RT, Windows 8.1/RT/Pro/Enterprise, Windows Phone 8,  Android 4 and higher as well as iOS 6 and higher are all supported.  Users can download corporate apps to their device from the portal.

Company Portal

Corporate apps can also be pushed (user consent may be required) and remotely uninstalled from all devices except Windows Phone 8.  Public apps made available by IT can deep linked to their respective public stores via the portal.  Remote apps can also be made available and accessed across mobile platforms via Remote Desktop Services (RDS) for high-security scenarios.  Administrators can view an inventory of installed corporate apps on the devices while not seeing the personal apps.

iPad Portal

A new Identity and Access feature is Workplace Join which makes your mobile device known to your IT department by creating an object in Active Directory.  Employees can access applications and data everywhere, on any device. Employees will get single sign-on when using browser applications or enterprise applications.

Workplace Join

Single Sign On (SSO) is facilitated via the new Web Application Proxy which securely publishes corporate resources out to mobile devices without the need for VPN.  Active Directory Federation Services (ADFS) simplifies access to systems and applications using a claims-based access (CBA) authorization mechanism to maintain application security.  ADFS supports Web single-sign-on (SSO) technologies that help information technology (IT) organizations collaborate across organizational boundaries.  Multifactor authentication boosts the level of secure access to corporate resources.

Mobile Information Management (MIM)

This is the most granular type of management where IT policies are assigned directly to the data to ensure security no matter where it resides, flows to, or which app is using it.

Active Directory Rights Management Services protects and encrypts documents and Exchange email by identifying the rights a user has to a given file and removes the option to perform actions outside those rights.  This data loss prevention (DLP) capability keeps corporate email from being forwarded to external email accounts and data from being uploaded to 3rd party cloud file sharing providers.  Using our rights management technology means your mobile data is secure wherever it goes.

Mobile Content Management (MCM)

Secure distribution and mobile access to documents for employees.

Secure mobile file synchronization is facilitated by Work Folders.  This is a secure share on Windows Server 2012 R2 that is made available to individual mobile devices that are Workplace joined.  In order to say “Goodbye” to Dropbox and “Hello” to corporate file sync, you’ll have to accept some security policies on your device.   Your IT department can encrypt the Work Folders on your device, require a password to sign in, and erase all the files in your Work Folders if you lose your device.

Work Folders

Our Dynamic Access Control technology can be used with the server share to provide automatic document classification and protection based on their content.  Using Work Folders is a great way to make your work files available to all your devices, even when you’re offline.  You can even control if files are synched over metered connections or while roaming.

Takeaways

System Center Configuration Manager is the Gartner Magic Quadrant Leader for Client Management Tools with the largest global market share.  With the majority of corporations using SCCM to manage their Windows and Mac desktops and laptops plus Windows, Linux and UNIX servers, this is management technology that you probably already own and a skillset your IT staff already has.  Over the years we’ve added support for managing new clients as dictated by their market share and customer requests.  Managing the growing variety of mobile devices roaming on wireless data networks via our Windows Intune cloud gateway allows you to leverage 20 years of SCCM “know-how” instead of purchasing point solutions.  You’ll get the massive scalability you’re looking for as well as the support and sustained engineering you’ve come to count on from Microsoft.

 

Sharing my knowledge and helping others never stops, so connect with me on my blog at http://robtiffany.com , follow me on Twitter at https://twitter.com/RobTiffany and on LinkedIn at https://www.linkedin.com/in/robtiffany

Sign Up for my Newsletter and get a FREE Chapter of “Mobile Strategies for Business!”

[mc4wp_form id=”5975″]

The Future of Enterprise Mobility – Live from the Mobile World Congress

Future

Learn about the future of Enterprise Mobility from me, Benjamin Robbins: Principal at Palador, Vishy Gopalakrishna: VP at SAP, and Ben Smith: Head of Mobile Product at Tribal Labs.

We’re broadcasting live from Barcelona; the Mobile Capital of the World.

https://www.brighttalk.com/webcast/288/67769

 

Sharing my knowledge and helping others never stops, so connect with me on my blog at http://robtiffany.com , follow me on Twitter at https://twitter.com/RobTiffany and on LinkedIn at https://www.linkedin.com/in/robtiffany

Sign Up for my Newsletter and get a FREE Chapter of “Mobile Strategies for Business!”

[mc4wp_form id=”5975″]