Mobility Management and Security. A Customer Panel. Part Two.


Learn from a panel of industry peers the solutions and the best practices that have turned consumer mobile technology into a competitive advantage for their companies.

This is Part Two of the post based on the panel that I moderated at the IDC mobileNext Forum 2011 in San Francisco. Click here for Part One.

Eric Erickson
VP Information Systems
Liberty First Credit Union

Bill Troyak
Team Leader End User Devices
Navistar

Jeff Jackson
Partner
Acumen Technologies

Going back to the three step approach to consumerization, the last step is to deploy new security and management tools to enable these new models. It’s not just about new platforms. Traditional System Management tools don’t really cut anymore. Id love to know more about your experience and your learning with regard to the necessary new infrastructure.

Eric:  Well, being a financial institution, it’s critical for us to make sure our data is secure.

With our devices, we’ve implemented different security protocols on each of the devices. Specifically, with the tablets that we’ve been using, we do turn on the encryption for those. They all have the passwords to be able to get in. We’ve also expanded and went to application locks, so that if the device did get into the hands of someone else, in order to bring up the application, you’d have to unlock it with a code or one of the patterns. We’ve also put in the management on the device for locating the device and potentially remotewiping it if we need to. Those types of things are important to us. We don’t want the data to be on the device. So that’s the other step, is, where is that data going to be held? In the cloud.

Jeff:  In this instance, for the third part, from an infrastructure perspective, the easiest way to describe what we did was something that’s been called the onion effect. So from a security perspective, we looked from outer to inner at all the layers of the infrastructure. So that came from outside. And I’m talking right now about the infrastructure of the data management systems and the application systems. So we looked at things like files and networks and then the physical location of servers, and we went all the way down each layer to make sure that we were secure down to the application and server environment. When we were clear that we were very secure, we were then able to utilize that security foundation to manage endpoints. And those endpoints were mobile devices, laptops, and thin clients through virtual desktop infrastructure, and being able to publish applications, etc. But the first thing from an infrastructure perspective is to make sure that all those levels of security are in place, so that the mobile device management and any other security and device management interfaces were inherently secure themselves. So that’s kind of the way we did it, from outside in.

Bill:  We’ve pretty much leveraging all the ActiveSync controls, not to say that we are entirely comfortable with that, the limited level of control we had, but we just feel that the mobile device management space is still being sorted out. We are comfortable with operating at risk at this point, because of the content that’s being delivered through the mobile devices, we don’t feel is in danger of corrupting any of our internal data. So one thing that we definitely are looking at in mobile device management is to get firmer controls on inventory and things of that nature. So we also, in regards to accessing data, we are also using the VDI approach, the virtual desktop approach, on mobile devices and tablets. We feel that’s the most comfortable way for us to make sure the data’s not being contained on the device themselves and being susceptible to data loss or DLP.

Very well. I’d like to ask you a question on IOS and Android and how safe you think these platforms are. I am really interested in your perception in terms of security of these platforms, especially when compared to other traditional operating systems such as Windows.

Bill:  Well, NaviStar’s approach has been that we expect the end users to be good custodians of our data. So we kind of put the onus on the end users to not do things outside of the normal activities to open our infrastructure up to attack. So specifically, in the mobile sector, we feel comfortable with IOS and we feel comfortable with Blackberry. Android is still something that we’re concerned about.

Jeff:  I agree with Bill as far as IOS and Blackberry, versus Android. As I mentioned, one of the things that we did was really be able to secure and compartmentalize the data, and therefore we used to have organizations try and stop email. You couldn’t actually get to email unless you had a tunnel or whatever. That’s gone, we all know that’s gone, and therefore we feel that if you can transmit through email, we can’t stop you these days. However, having policies in place and being very clear about what data can be transmitted in any medium, and therefore stored and being part of the mobile environment, that’s where we’re stepping up now. And then being able to be clear about what that data is. So do I feel comfortable? As comfortable as I think I can, at this point with my customers’ data.

Eric:  We’re going to have need for email. We’re just a society that has to have everything right away. The mobile devices are providing that for us. Statistically, we see hits on our website and right now, Androids are the devices that are hitting the most, followed by the IOS. So we are allowing the Android devices. We probably have more of those devices in our organization right now. But it falls back to the accountability of individuals, the end users. That’s why we have those policies in place.

A final question. If there is one piece of advice you would give on how to approach consumer technology in the enterprise, what would it be?

Bill:  I would say early interaction with the end users. Get their feedback first before you start to make recommendations. Get what your users want to use. We were in the fortunate situation that the users were flooding to us, so I think there’s definitely a problem if you are trying to demonstrate yourself as being open by forcing them more choices, just by forcing choices, rather than getting their feedback first before you start to develop a new open environment for consumerization.

Jeff:  I think my learning out of all this is compassion. The end users are going through a transformation from a media and from a power perspective. They’ve got some of the power back. IT has typically, and corporations have typically been able to mold what that technology looks like, and the interaction between the two parties. Plus, then you put a management piece in there as well. It means there’s going to be a lot of dialogue. And when there’s a lot of dialogue, I think Bill was just saying, I think, that it’s going to take a while. And everybody’s got to kind of listen. Because if not then there’s going to be a big power struggle. So for me it’s about compassion and being aware that there’s going to be pain on both sides. That’s what I’ve come to learn over the last few weeks.

Eric:  I put compassion definitely. I think that for us it’s just not over committing our promises. It’s real easy with technology to say, oh, OK, this is coming out. This is great. Let’s all start using it. Well, let’s take our time and see what we really need and what we can really do.

About Cesare Garlati
Chief Security Strategist prpl Foundation Co-Chair Mobile Group Cloud Security Alliance

One Response to Mobility Management and Security. A Customer Panel. Part Two.

  1. Pingback: Mobility Management and Security. A Customer Panel. « BringYourOwnIT.com

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: