Mobile Security:How to Secure,Privatize,and Recover Your Devices
上QQ阅读APP看书,第一时间看更新
上一章目录下一章

Mobile Device Management

Bringing your own device to work is not totally new. Many employees have been using their own devices, which they themselves purchased, for years. Many companies run software to check a user's computer before the user is permitted to connect to a corporate network. The growth of the home office changed the rules of corporate computing. IBM's policies provide a good example of how home offices can be integrated into the modern workplace; many of the authors of this book have not had a dedicated office space for years. Some companies will allow users to connect with an employee-owned computer from their home, while others will allow only a corporate computer to connect to a corporate network.

One very important point to understand is that the use of BYOD can be different from company to company and also can be impacted via various government rules.

Does your company trust your device?

There is an initial issue with bringing your own device to work (in this case, the corporate network). If the process for BYOD is not managed properly then corporate data could be exposed outside of the trusted network. The authors have worked with many companies where the smart device, with corporate data, is lost. In this case, confidential data that could be stored on the phone is now available to hackers or competitors.

Another big issue is scalability. For example, if one person at a company requests access to the corporate network using a smartphone, then that is normally not a big issue (there is always a security concern). But if there are 10,000 requests, then this becomes a management scaling (running large number of devices) issue. Now, there are issues with the ability to support the users, keep the data secure, and keep a certain access quality service-level.

Most companies provide a basic trust in the employees within a computing environment. Also, these same companies will verify that the computing environment is protected and that the bad people, also known as hackers, don't get into the trusted network.

Internet facing companies have built a strong set of defenses to protect the trusted internal network. These defenses, up to this point, have focused on Personal Computers (PC) and not as much on the new smartphones and/or tablets.

Many companies will verify the use of your PC and/or BYOD and then make sure the devices are safe to be used on the corporate environment. This verification process includes: policies, procedures, and specialized products.

As a part of the specialized products that the companies use to protect their frontend network, a device known as Mobile Device Management (MDM) is being installed. The use of a MDM is basically between you and your company, but many companies will not allow access into their network and/or e-mail unless an MDM style product is used. Also, the MDM software is used to verify the use of the mobile device and to help remotely fix any issues that may occur on the device.

Details of MDM

MDM is a product that is normally installed by a specific corporate computing enterprise. Overall end users will not purchase the MDM solutions, but end users will be impacted (and potentially benefited) by MDM.

So, let's jump into MDM; this book is about the end user experience, but we will also share the names of the products. Most end users will not be buying these products but, as noted before, will experience the result of having these products installed. The diagram and description shows how easy it is for you, the end user, to get connected to your corporate computing network.

The following diagram shows the basics of a simple MDM end user access:

The steps shown in the preceding figure are simple:

  1. Open your device.
  2. Access the URL from your company.
  3. Now it is automatic; the MDM server will access the e-mail.

    Or

    The MDM will access your applications via a set of corporate rules.

Access to your corporate data is very transparent to the end user. Overall you, the end user, will not even notice that your device is being managed by the MDM software.

MDM end user benefits and impacts

Today's MDM solutions will provide organizations with end-to-end security. This is a complex expression, but overall this means that your data is safe (possibly encrypted) from the point it is sent on your device to the mail server way back at the corporate server or the cloud solution that you are using.

MDM features include:

  • If a device has been jailbroken or rooted
  • Safe data transfer
  • Password management: Both for access to your corporate data and a device password; including password lockout management
  • Corporate authentication: This can be the same password that you use for your Windows account and/or special passwords
  • Configuration management to corporate services, e-mail, and VPN
  • Ability to wipe a device if the device is lost or stolen
  • Application inventory management
  • Policy management: This controls what you can access on the corporate network
  • Some MDM solutions provide mechanisms for end users to reset their passwords without having to call a help desk
  • A formal process to enrol the devices into the mobile management solution: The enrolment process may require you (as an end user) to put in a temporary password, in order to gain initial access to the corporate server and/or corporate cloud
  • Backup and restore: This is a cool feature that many MDMs and cloud solutions include

In some cases companies, via the MDM solution, will automatically install encryption technologies. This technology can provide an end-to-end encryption solution for any data that is sent from your phone to a corporate network. This is not the case with all companies, check with your company and ask if this solution has been enabled for you.

Jailbreak and rooting

When you purchase a mobile device (phone or tablet) you will find that a specific type of software is installed, also known as an operating system (OS), for example:

  • Windows Mobile
  • IOS (Apple)
  • Android

Many of these operating systems are known as closed systems; overall that means that you cannot make changes to the basic software that runs the device. You can still download your applications, games, and e-mail, but you cannot modify the OS and add your custom changes. This OS restriction is there to provide a consistent and secure user experience as well as to protect the end user and to help keep the applications at a high quality.

There have been several postings on the Internet on how to jailbreak your device. This jailbreak process can allow you to install applications that have not been approved applications for that vendor. As a part of this term you will see rooting; this is the same step, removing the protections so additional applications can be installed.

Note

The authors of this book do NOT recommend that anyone jailbreak/root a device.

Digital Rights Management

Many devices include a special layer of software known as Digital Rights Management (DRM). This is a code that protects the device from bad applications. This is one reason not to jailbreak a device. Be sure and understand your rights and/or your rights based on the country you live in before you make any core changes to the base device.

Check this link for more information about DRM: http://en.wikipedia.org/wiki/Digital_rights_management.

A company may allow an employee to use their own BYOD or issue a device. If the employee then jailbreaks (or roots) the device, then the employee can put the company at risk. Bad software, hacks, and bots can all be infected into the phone and if the end user breaks the security on a device and ignores the DRM, then the company can be put at great risk.

MDM solutions and products

There are several MDM products on the market, the following is a short list for you and your management team to review, if you don't have an MDM solution already:

上一章目录下一章