Americans who use their personal mobile devices for work181%

Employees who believe that mobile devices balance work and personal life2 78%

Employees who use personal devices at work, regardless of their employer’s official BYOD policy3

67%

here is a massive upsurge

of mobile devices in the

consumer market.

Corporations are also

demanding their employees

to have instant connectivity to their

working environment. These two factors

are reshaping the IT landscape. IT

consumerization has blurred the lines

between work and personal life – especially

when it comes to mobile devices. People

use mobile devices for their personal life

and for work with the desire to access

corporation IT systems anytime and

anywhere.

According to Forrester, more than 50% of

the information workface will use three or

more devices. Gartner is also predicting

that by 2017, half of the employers will

require employees to use their own mobile

devices for work purposes.

Bring Your Own Device (BYOD) refers to

the arrangement of allowing employees to

bring personal mobile devices to perform

company work related activities. This trend

is becoming inevitable and it is imperative

that corporations form a strategy to deal

with it.

To examine the prevalence of BYOD, Dell

commissioned Vanson Bourne interviewed

1,485 IT heads from across the globe

regarding their opinion toward BYOD. The

results indicated that companies could

realize corporate gains from BYOD4.

69% or more of the surveyed organizations

believe that BYOD can help their

employees be more productive, respond

faster to customers, improve work

processes, work better in the future and

improve operational efficiencies.

BYOD poses new security threats to

companies because companies have little

control over employees’ personal mobile

devices. Sensitive corporate information

can be stored in personal mobile devices

with little protection. Malware can be

introduced into corporate environment by

negligent employees connecting their

personal mobile devices into the corporate

network.

Information Security Updates

Mobile Security – Bring Your Own Device

BYOD Cases

Insurance claim adjusters

routinely use mobile devices

and applications to help

policy holders immediately

file insurance claims after an

accident.

In healthcare, doctors and

nursing staff conduct a wide

range of bedside care

activities using mobile

technology; allowing them to

immediately share

information with hospital

pharmacies, admission

offices, insurance companies

and compliance departments.

HP – Five Steps to Enabling

a Mobile Workforce

Vanson Bourne Survey

Commissioned by Dell4

T

BYOD Security Concerns

Mobile Device Management (MDM) is

management software that allows

corporations to centrally control the policy

and configuration for employee’s mobile

devices. It helps corporations manage their

BYOD program by supporting security,

network services, software and hardware

management across multiple mobile device

platforms. This allows employees to use

personal devices for work related activities

in a much more controlled and secure

environment.

Key Functions and Features

General Policy

General policy refers to the enforcement of

corporate security policies on mobile

devices. Examples of policy restrictions

include restricting user and application

access to hardware and restriction to native

OS services (e.g. built-in web browser,

calendaring, contacts, etc.). Policy can also

control the management of wireless

network interfaces, automatically monitor,

detect and report policy violations, and

limit or prevent access based on the

operating system version, vendor model,

and whether the device has been rooted or

jail broken.

Data Communication and Storage

Data communication and storage refers to

the capability of encrypting data

communications between the mobile

device and the corporation, and encrypting

data on both built-in storage and removable

media storage. Also, there should be the

capability to support remote wiping of the

mobile device data if the device is reported

to be lost or stolen.

User and Device Authentication

It is important to authenticate a user before

granting access to corporate resources. This

includes basic parameters for password

strength and a limit on the number of

retries permitted without negative

consequences. The control should also be

able to automatically lock a mobile device

after an idle period of inactivity.

Application Management

Some MDM solutions even provide the

functionality of controlling the installation

and execution of mobile applications.

Application control can restrict permissions

(e.g. camera access, location access)

assigned to each mobile application, verify

digital signatures on applications to ensure

that only applications from trusted entities

are installed and verify that code has not

been modified.

There are also some MDM solutions

designated to perform finer grained mobile

application management. They are often

referred as Mobile Application

Management (MAM). Besides controlling

installation and execution of mobile

applications, MAM manage the entire life

cycle of mobile applications.

Case Study

The University of Kent

serves more than 16,000

undergraduate and post-

graduate students and 2,000

staff. The University

provides a Study Bedroom

Service (SBS) with nearly

4,000 wired connections to

its main campus network to

enable students to access

email, networked files,

course material, library

resources, and the Internet

using their own devices.

At the start of each term,

students now follow a

simple, online process to

register their devices for

access to the campus

network.

Bradford Networks Case

Study5

Mobile Device Management

The power of BYOD allows employees to

use personal mobile devices to access

corporate applications. What if the

application does not have a mobile

equivalent version which can be managed

under MDM?

Virtualization is a technological solution

which allows IT departments to present

corporate applications securely on user

devices regardless of the device model.

Virtualization can also provide control over

data storage and location. For mobile

devices such as tablets, virtualization

allows existing applications to be delivered

to tablet users without the need to wait for

the availability of an iOS or Android

mobile version of the application.

Considerations when Exploring

Virtualization as part of BYOD

The touch screen interface will not be

suitable for many Windows

applications.

Client-host desktop virtualization is not

an option on tablets because they do

not have sufficient computing power or

memory to run a locally hosted virtual

Windows desktop.

Application compatibility can be a

problem. Applications that are

available for a certain mobile device

platform might not be available on

others.

Even if the above challenges can be

addressed, virtualization to support

delivery of corporate applications to mobile

devices should be implemented step by step.

It is important to understand that BYOD is

not the same as MDM. MDM is only one

of the components of a complete strategy

and program implementation for securing

personal devices used for business.

Corporations are unlikely to succeed

implementing BYOD and achieve all its

benefits with just MDM alone; they also

need a strategy, supporting policies and

operational processes.

BYOD Strategy

The first upmost step is to define the

BYOD strategy and the scope of coverage.

Part of this strategy can be to implement a

stipend program to encourage employees to

use their own personal devices for work.

Whatever the strategy is, the strategy

should be clearly defined, including how to

realize the stated objectives and benefits.

The corporation should also be clear about

whether BYOD will only include personal

smartphones, tablets or even laptops.

Associated IT policies supporting BYOD

should also be defined so that the users

understand what is deemed acceptable and

what is not. If the corporation has sensitive

data, the corporation will have to determine

whether they allow certain employees to

access and store such sensitive data in their

personal devices.

MDM and virtualization should be

regarded as the technological enablers for

BYOD. A suitable MDM solution as well

as the supporting virtualization technology

should be sourced through careful testing

and selection.

Virtualization in Stages

Apigee, an application

programming interface

platform company in Palo

Alto, United States, advised

that mobile application

deployment be implemented

in three phases.

The first is to use

virtualization to deliver

existing application to

mobile devices. The second

takes an existing application

and turn it into a cross-

platform mobile app. The

third decouples the data

from the application and

picks the appropriate

application for the platform

or device being used.

Case Study

The University of São Paulo

(USP) is the largest

Brazilian university, serving

over 100,000 students on 11

campuses.

USP deployed Citrix and

NetApp technologies to

build a university-wide

cloud orchestrated by Citrix

CloudPlatform. A self-

service portal built with

Citrix CloudPortal Business

Manager provides services

to teaching and research

sites. XenDesktop powers

centrally managed desktops

and streamed applications.

Citrix and Netapp Case

Study9

Virtualization

Implementation Strategy

Important Preparations

Corporations should prepare for the worst

and know how to deal with incidents such

as employees losing their personal mobile

devices, which have been enrolled in the

BYOD program. Moreover, employees

may have questions and require technical

assistance as part of the operational support.

All these operational processes should be

developed as part of the BYOD

implementation strategy. It is also

important that security fixes are taken into

consideration so that the latest mobile

security threats do not compromise a

corporation’s IT security.

The business nature and operating

environment of universities is different

from those of commercial corporations.

Universities advocates openness and

freedom of knowledge sharing. Also, there

are vast number of students and staff

requiring network and computing access in

a university. The turnover of students is

very dynamic with new freshman and

students graduating every year.

Universities also has to support many

different work conditions including full

time staff, part time staff, visiting scholars,

research assistants, etc. Because of all these

complicated factors, the way corporations

uses MDM to control the usage of personal

mobile devices may not be entirely

applicable to universities.

Nevertheless, BYOD has already been

somewhat implemented in university

environments. Staff and students are

already connecting their personal devices

to the campus network, and authentication

is required before granting these personal

computing devices access to university IT

applications and resources. Facing the

current wave of BYOD and constant

alerting security threats affecting mobile

devices, universities will have to look

further to tighten the way BYOD should be

supported.

Case Studies –

Adopting Technologies

and Implementing

Controls

Roanoke College (Va.) uses

Apple Mobile Device

Manager and Dell’s KBOX

to manage institution-

owned Apple devices and

Dell laptops. These

“managers” push out apps

that are volume purchased

and sets up policies and

settings for wireless devices

for faculty members. IT can

also wipe lost, stolen, or

infected devices remotely

and Students can wipe their

own BYOD gadgets

through a web page.

New York Law School uses

a ForeScout CounterAct

NAC appliance to gain

visibility into the network

and provide mobile

security, endpoint

compliance (keeping

devices clean and up-to-

date), and protection

against network security

threats.

Monthly cost of Company Owned Device

Average USD80/month for a company-

owned device 77% able to reduce mobile users using

company-owned devices to 60% or less 50% can reduce even further to 20% or

less Good Technology - State of BYOD Report12

Define strategy, coverage and policies

Determine data classification and

protection

Source for MDM and virtualization

solutions

Plan in case of incidents

Revise new technologies

Monitor against OS vulnerability updates

Consult security professionals

Implication to University

STATS

IT Security Strategies for Universities

Universities can explore using Network

Access Control (NAC) to ensure that

mobile devices meet a set of security

requirements and IT standards before they

are allowed to be connected to the network.

NAC can scan device operating systems,

applications, and security software to

ensure they are up-to-date and that the

security software has recently run so that

the device is clean. A self-provisioning

portal can be setup to ease the burden of IT

department registering every single device,

and also speed up the process of registering

and validating a device with the additional

benefit of managing an inventory of

devices.

Depending on the need to control security,

MDM can still be implemented in phases

according to the supported devices and user

community. The first batch of supported

devices can be university issued devices

and then gradually cover personal devices.

As for user community, the rollout can be

initially to support full time staff, then

faculty members and non-full time staff,

and eventually the student community.

Mobile device has become an

indispensable component in our personal

life as well as work life. Many people are

already using personal mobile devices in

their work environment to perform work

related activities. The wave of BYOD is

becoming inevitable that corporations have

to look into how to support BYOD with the

proper implementation of security controls

such as MDM and virtualization

technology.

Although the work nature of university is

different from commercial corporations,

similar controls can be adopted to better

govern the usage of personal mobile

devices in the university environment.

Case Study At Ohio State, MDM will allow the university to containerize personal applications so it can wipe a BYOD with user permission, in the event of a virus infection or other security issue. According to Robinson, York College uses Bradford Networks’ Campus Manager to monitor student devices. It recognizes if they are registered as soon as the browser is opened. Unregistered devices get put on a separate VLAN, where they have access only for registration. University Business – Device Management Across the Network13

Conclusion

References 1. "BYOD Stats: What Business Leaders Need To Know Right Now." Leapfrog Extraordinary IT Services. Mar. 2013. Web. 02 July 2014. 2. "SAMSUNG Mobile Index Reveals BYOD Trend." Samsung Electronics America. Samsung U.S. News, 08 Jan. 2013. Web. 02 July 2014. 3. Jones, Jeff. "Microsoft Security Blog." BYOD- Is It Good, Bad or Ugly from the User Viewpoint? Microsoft, 26 July 2012. Web. 02 July 2014. 4. A Vanson Bourne Survey Commissioned By Dell. BYOD: Putting Users First Produces Biggest Gains, Fewest Setbacks. Vanson Bourne. Web. 5. "Bradford Network's Network Sentry Helps University of Kent Control and Manage Its Student Residence Network." Network Access Control (NAC), Network Security, BYOD, Mobile Security, Consumerization, Bradford Networks. University of Kent, Web. 6. Souppaya, Murugiah. "NIST SPECIAL PUBLICATION 800-124." Guidelines for Managing the Security of Mobile Devices in the Enterprise. National Institute of Standards and Technology, June 2013. Web. 7. "Mobile Application Management." Wikipedia. Wikimedia Foundation, 18 May 2014. Web. 8. "Embracing Bring Your Own Device (BYOD) by Dell Software." Embracing Bring Your Own Device (BYOD) by Dell Software. Dell. Web. 02 July 2014. 9. Bowker, Mark. "Desktop Virtualization." White Paper. Enterprise Strategy Group, Oct. 2009. Web. 10. Farbush, James. "Mobile App Virtualization Eases Deployment Headaches for IT." Mobile App Virtualization Eases Deployment Headaches for IT. Search Consumerization, 24 Oct. 2012. Web. 11. For Kaspersky Lab, The World’s Largest Private Developer Of Advanced Security Solutions For Home Users A. Global Corporate IT Security Risks: 2013. Kaspersky Lab, May 2013. Web. 12. "Good News: Good Technology’s 2nd Annual S... | Good Community." Recent Posts. Good, Web. 13. Geer, David. "Device Management Across the Network." University Business Magazine. UB University, Feb. 2013. Web. 02 July 2014. Copyright Statement All material in this document is, unless otherwise stated, the property of the Joint Universities Computer Centre (“JUCC”). Copyright and other intellectual property laws protect these materials. Reproduction or retransmission of the materials, in whole or in part, in any manner, without the prior written consent of the copyright holder, is a violation of copyright law. A single copy of the materials available through this document may be made, solely for personal, non-commercial use. Individuals must preserve any copyright or other notices contained in or associated with them. Users may not distribute such copies to others, whether or not in electronic form, whether or not for a charge or other consideration, without prior written consent of the copyright holder of the materials. Contact information for requests for permission to reproduce or distribute materials available through this document are listed below: copyright@jucc.edu.hk Joint Universities Computer Centre Limited (JUCC) c/o Information Technology Services The University of Hong Kong Pokfulam Road, Hong Kong