BYOD Policies and Solutions

Forums › Android › BYOD Policies and Solutions

Sparky787

69 posts

Master Geek

#136472 28-Nov-2013 13:38

Hi Guys

We are in the process of testing our BYOD Android process, and I am just curious, what sort of solutions other organisations have in place.

I was hard pressed to find anything on the Internet, so thought I might ask the IP Pros here.

We are using Group Policy/ActiveSync/MobileIron to manage our Android devices, due to the stringent security requirements from the Security Team.

1 | 2

1039 posts

Uber Geek

#942260 28-Nov-2013 13:56

Take a look at this on the HP site, has some interesting info:

www.hp.com/go/byod

nathan

5695 posts

Uber Geek
Inactive user

#942268 28-Nov-2013 14:07

if they really cared about security you wouldn't let Android touch your systems

But if you're using MobileIron why not just keep on using that?

can you be a bit more specific about what you're looking for?

Sparky787

69 posts

Master Geek

#942272 28-Nov-2013 14:17

I agree with introducing Android into the fold, however we are under pressure from the one dept. that earns most of the $$.

Apple is our current Corporate Device, however it is becoming harder and harder to avoid this.

I am just curious as to how other organisations have implemented BYOD.

For Example: Do they just rely on Active Sync or a MDM tool? Or do they have in-house developed apps? How does your company implement BYOD.

We are going to be using MobileIron, however as any IT department, we need to be flexible and it is good to know about the other solutions out there, to see if there is a way to better our current practice.

adresdendoll

62 posts

Master Geek

#942286 28-Nov-2013 14:34

Have a look at this for a half decent guide - http://searchsecurity.techtarget.com/tip/How-to-write-an-effective-enterprise-mobile-device-security-policy

In order to even consider BYOD or Android in general, you are going to want some form of containerisation; Good, Airwatch SCL, KNOX are the three leading choices in my opinion.

You cannot secure Android sufficiently in a BYOD environment with device management technology alone. You have to secure the data and you cant do that by trying to lock down an Android (even with the extra SAFE API's), more so because your options will be limited by the nature of what you can enforce on an employee’s device.

It’s completely possible but it is not easy or cheap.

Darren

Sparky787

69 posts

Master Geek

#942302 28-Nov-2013 14:40

I think we are slightly hopeful that when we present the "Technical Solution" to the business, that they will see the light with the cost association and potential HR issues with introducing BYOD.

timmmay

20575 posts

Uber Geek

Trusted

Lifetime subscriber

#942326 28-Nov-2013 15:06

One government department is using Samsung Knox. Another option is to put the devices onto a network you consider public, then provide firewalled email and corporate apps.

What are you trying to achieve with BYOD? Just internet access for them, or some business benefit?

graemeh

2078 posts

Uber Geek

#942333 28-Nov-2013 15:17

timmmay: Another option is to put the devices onto a network you consider public, then provide firewalled email and corporate apps.

That is what we had at one power company I used to work for.

The email was delivered using exchange and there was no access to corporate apps (apart from Lync).

Equinox IT

Cloud spending continues to surge globally, but most organisations haven’t made the changes necessary to maximise the value and cost-efficiency benefits of their cloud investments. Download the whitepaper From Overspend to Advantage now.

nathan

5695 posts

Uber Geek
Inactive user

#942347 28-Nov-2013 15:38

this is an incredibly complicated area, and there is no silver bullet.

There is a lot of change happening in this area, and this whole space will be quite different in a years time (just look back a year from today - now only AirWatch and MobileIron are the remaining pure-play EMM companies that haven’t been snapped up by larger enterprise companies)

Samsung KNOX is incredibly immature IMHO. And you still need an MDM product as well

Containerization of apps is not the right approach in the long term I believe

The best direction is managing mobile apps (MAM) not devices (MDM) and coming at it from the user centric point of view, and controlling data access to data for DLP

Some new acronyms:
Mobile Application Management (MAM)
A more specific type of management, MAM focuses on delivering native apps from a corporate app catalog to an employee device while giving IT the power to selectively remove downloaded apps and associated data without touching personal apps and data.

Mobile Information Management (MIM)
This is the most granular type of management where IT policies are assigned directly to the data to ensure security no matter where it resides, flows to, or which app is using it.

Mobile Content Management (MCM)
Secure distribution and mobile access to documents for employees.

Please note that I am biased, but right

"Mobile Device management is in chaos right now, and I think this market is going to die," said John Girard, vice president and distinguished analyst at Gartner. "MDM will reach an endpoint and then we'll really start to see vendors have to look at mobile application management and application shielding around the app -- that is really what is happening."

nathan

5695 posts

Uber Geek
Inactive user

#942349 28-Nov-2013 15:45

adresdendoll: Have a look at this for a half decent guide - http://searchsecurity.techtarget.com/tip/How-to-write-an-effective-enterprise-mobile-device-security-policy

In order to even consider BYOD or Android in general, you are going to want some form of containerisation; Good, Airwatch SCL, KNOX are the three leading choices in my opinion.

You cannot secure Android sufficiently in a BYOD environment with device management technology alone. You have to secure the data and you cant do that by trying to lock down an Android (even with the extra SAFE API's), more so because your options will be limited by the nature of what you can enforce on an employee’s device.

It’s completely possible but it is not easy or cheap.

Darren

I'd be thinking about Citrix in your top 3 as well, their Zenprise acquisition which is now called XenMobile is pretty interesting

Again I question the whole Containerisation thing as well. Frankly the only reason it exists is because you can't trust the devices your apps are running on

CB_24

366 posts

Ultimate Geek

#942364 28-Nov-2013 16:03

Sparky787: Hi Guys

We are in the process of testing our BYOD Android process, and I am just curious, what sort of solutions other organisations have in place.

I was hard pressed to find anything on the Internet, so thought I might ask the IP Pros here.

We are using Group Policy/ActiveSync/MobileIron to manage our Android devices, due to the stringent security requirements from the Security Team.

Not really a BYOD policy you're after if your specifying the type of devices (Android), your more after MDM.

adresdendoll

62 posts

Master Geek

#942619 29-Nov-2013 08:20

nathan:
adresdendoll: Have a look at this for a half decent guide - http://searchsecurity.techtarget.com/tip/How-to-write-an-effective-enterprise-mobile-device-security-policy

In order to even consider BYOD or Android in general, you are going to want some form of containerisation; Good, Airwatch SCL, KNOX are the three leading choices in my opinion.

You cannot secure Android sufficiently in a BYOD environment with device management technology alone. You have to secure the data and you cant do that by trying to lock down an Android (even with the extra SAFE API's), more so because your options will be limited by the nature of what you can enforce on an employee’s device.

It’s completely possible but it is not easy or cheap.

Darren

I'd be thinking about Citrix in your top 3 as well, their Zenprise acquisition which is now called XenMobile is pretty interesting

Again I question the whole Containerisation thing as well. Frankly the only reason it exists is because you can't trust the devices your apps are running on

For BYOD I personally would not trust the device; you can't enforce the same level of security on a non corp owned device.

That really leaves either the applications, the information on the device or both as far as your remaining points of security. Containerisation is really just the easiest way to allow a decent level of corp access without having to compromise on your security standards.

SSO, PKI integration, compromise detection built into the container or the apps through MDM/MAM SDK wrapping, forced encryption and DLP are all offered with a decent container and I don’t see BYOD requiring much more than that. The catch is that the container apps need to perform as well or better than the native options.

I have not used Citrix or Zenprise in the past 12 months, so I can’t really comment on their capability. I'm pretty keen to see how Airwatch Workspace handles in real life; the presentations ive seen are impressive.

As you previously said, there is no silver bullet approach. The biggest piece of advice i can give anyone looking at mobility is the get your requirements articulated clearly and then try find the solution that ties in best with the existing infrastructure you have in place.

Sparky787

69 posts

Master Geek

#943885 2-Dec-2013 08:04

timmmay: What are you trying to achieve with BYOD? Just internet access for them, or some business benefit?

We need to deliver email, contacts and calendar.

Sparky787

69 posts

Master Geek

#943887 2-Dec-2013 08:08

CB_24:
Sparky787: Hi Guys

We are in the process of testing our BYOD Android process, and I am just curious, what sort of solutions other organisations have in place.

I was hard pressed to find anything on the Internet, so thought I might ask the IP Pros here.

We are using Group Policy/ActiveSync/MobileIron to manage our Android devices, due to the stringent security requirements from the Security Team.

Not really a BYOD policy you're after if your specifying the type of devices (Android), your more after MDM.

Hi - we already have the BYOD solution for Apple, we were required to develop one for Android due to pressure from the business. It isn't perfect, but we have to make do.

Sparky787

69 posts

Master Geek

#944088 2-Dec-2013 13:31

Hi - Something I forgot to mention- we are using Office365 for emails. This does changes things quiet a bit for us, therefore the containerisation solution did not work for us.

nathan

5695 posts

Uber Geek
Inactive user

#944094 2-Dec-2013 13:34

if all you need to provide is corporate email/contacts/calendar is Exchange ActiveSync enough?

or are you trying to stop people doing stuff with their email once its on the device

or trying to stop malware running on Android from interacting with their email or?

1 | 2