You can’t go mobile with a desktop mindset — but that’s just what too many IT organizations do. The most commonly applied mobile app policies are holdovers from the PC environment, like two-factor authentication and selective access based on Active Directory membership. These measures may be useful in a traditional computing setting, but they’re woefully inadequate for the new world of enterprise mobility. They fail to account for concepts like jailbroken devices, bring-your-own-device (BYOD), untrusted public networks and offline usage.
To make enterprise mobility both secure and fully productive, you need to apply new policies designed specifically for the way mobile users work today. It’s not just about introducing restrictions and roadblocks — you also need to empower people to do even more with their mobile apps and devices to enable greater business value.
Let’s step back and consider why we’re talking about mobile app policies in the first place. Just a year ago, many organizations thought mobile device management (MDM) would be all they needed for secure mobility. But with so many different kinds of workers in the organization — full-time and part-time employees, contractors, temps, partners — it quickly turned out that we needed a more sophisticated approach. You can’t manage a device that belongs to a freelancer or partner company, and your own employees probably don’t want your hands all over their BYOD devices, either. What really matters is managing the apps themselves. Hence, the rise of mobile application management (MAM).
The essence of good MAM is flexibility and granularity — being able to apply different policies for different apps, user types and mobility scenarios. If you get those policies right, your enterprise mobility security strategy is off to a strong start. Here are five you won’t want to leave out.
1. Block app access if a device is jailbroken or rooted
It happens every day. An employee leaves his tablet lying on the kitchen counter after work and his teenage son grabs it to play games. Before long, he’s jailbroken it to sideload the cool new Android game all his friends are talking about — the one you can only get in a private app store. Hello, malware.
From now on, everything that employee does on the device is vulnerable to location tracking, data theft and other threats. The device may even have been rooted, allowing broad access to its Android functionality and settings.
To protect your business, make sure to block jailbroken devices from accessing your corporate apps and network.
2. Selectively allow copy/paste
Sometimes it’s fine to allow people to copy and paste content among mobile apps, like when an attorney uses a secure mobile email solution to send some contract language from her firm’s document management system to a client. But you sure wouldn't want her to put that same language into her personal email — or, heaven forbid, on Yahoo! Mail.
The key is to take a granular approach to data leakage protection, allowing some apps to share content — for example, a secure enterprise document sharing app with a secure business email app — while preventing others. One way to do this is with a private clipboard that’s only used by secure, managed apps, and can’t be accessed by the device’s native consumer-grade apps. This allows ample productivity without exposing data to risk.
3. Define app access by network type or location
People love the freedom to be able to work productively anywhere — a café, a WiFi-enabled park, an airport lounge. But if you’re a financial services organization or a hospital, that free WiFi can come at a high price in terms of security. Who knows who might be snooping into those networks and capturing your passwords, corporate data and other sensitive information? Should people really be sending your clients’ financial information over SSID BlackHatInTheMiddle?
You don't want to lock out public networks entirely — after all, there are plenty of tasks that don’t involve sensitive information. But there are certain apps that should only be allowed on secured networks, like those that access regulated data, trade secrets and legal contracts. You might also decide to allow access for some apps only over specified SSIDs — like only allowing access to electronic medical records (EMR) over your hospital’s own WLAN.
4. Control app usage based on connectivity
For some apps, you need to be able to track how when and for how long people used them, and what they did — for example, healthcare and legal industry apps where audit trails and non-repudiation come into play. This can be true for both employees and partner personnel.
To support this, you can set a policy to restrict the app to work only when the device is online, or else set a maximum amount of time for its offline use.
5. Enable follow-me data across platforms
One of the main advantages of enterprise mobility is the ability to choose the right device for the right situation: a laptop for an extended business trip, a tablet for an overnighter or a sales call. Of course, it only helps if you can access the documents you need on whatever device you happen to be using. One way to do this is to email the files in question to yourself, but that’s a hassle, and inevitably raises problems with forgotten items and out-of-sync versions when you get back to the office.
- Are You Too Old to Work in Tech? IT's Midlife Crisis
- If Hadoop Disappears, Will the Label on Your Distro Matter?
- Inside Acquia's Gartner Ascension, Web CMS' Next Road Trip
- Customer Success is a Failure
- SharePoint is Already Legacy
- Connecting Workers to Information in the Digital Workplace
- Wake-Up IBM: OpenText Offers Lessons on Cloud Computing