Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.




63 posts

Master Geek
+1 received by user: 2


# 136472 28-Nov-2013 13:38
Send private message

Hi Guys

We are in the process of testing our BYOD Android process, and I am just curious, what sort of solutions other organisations have in place.

I was hard pressed to find anything on the Internet, so thought I might ask the IP Pros here.

We are using Group Policy/ActiveSync/MobileIron to manage our Android devices, due to the stringent security requirements from the Security Team.



View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
1031 posts

Uber Geek
+1 received by user: 112


  # 942260 28-Nov-2013 13:56
Send private message

Take a look at this on the HP site, has some interesting info:

www.hp.com/go/byod

5123 posts

Uber Geek
+1 received by user: 1431

Trusted
Microsoft

  # 942268 28-Nov-2013 14:07
One person supports this post
Send private message

if they really cared about security you wouldn't let Android touch your systems

But if you're using MobileIron why not just keep on using that?

can you be a bit more specific about what you're looking for?

 
 
 
 




63 posts

Master Geek
+1 received by user: 2


  # 942272 28-Nov-2013 14:17
Send private message

I agree with introducing Android into the fold, however we are under pressure from the one dept. that earns most of the $$.

Apple is our current Corporate Device, however it is becoming harder and harder to avoid this.

I am just curious as to how other organisations have implemented BYOD.

For Example: Do they just rely on Active Sync or a MDM tool? Or do they have in-house developed apps? How does your company implement BYOD. 

We are going to be using MobileIron, however as any IT department, we need to be flexible and it is good to know about the other solutions out there, to see if there is a way to better our current practice. 





60 posts

Master Geek
+1 received by user: 1


  # 942286 28-Nov-2013 14:34
Send private message

Have a look at this for a half decent guide - http://searchsecurity.techtarget.com/tip/How-to-write-an-effective-enterprise-mobile-device-security-policy

In order to even consider BYOD or Android in general, you are going to want some form of containerisation; Good, Airwatch SCL, KNOX are the three leading choices in my opinion.

You cannot secure Android sufficiently in a BYOD environment with device management technology alone. You have to secure the data and you cant do that by trying to lock down an Android (even with the extra SAFE API's), more so because your options will be limited by the nature of what you can enforce on an employee’s device.

It’s completely possible but it is not easy or cheap.


Darren



63 posts

Master Geek
+1 received by user: 2


  # 942302 28-Nov-2013 14:40
Send private message

I think we are slightly hopeful that when we present the "Technical Solution" to the business, that they will see the light with the cost association and potential HR issues with introducing BYOD.


14754 posts

Uber Geek
+1 received by user: 2746

Trusted
Subscriber

  # 942326 28-Nov-2013 15:06
Send private message

One government department is using Samsung Knox. Another option is to put the devices onto a network you consider public, then provide firewalled email and corporate apps.

What are you trying to achieve with BYOD? Just internet access for them, or some business benefit?

2078 posts

Uber Geek
+1 received by user: 230

Subscriber

  # 942333 28-Nov-2013 15:17
Send private message

timmmay: Another option is to put the devices onto a network you consider public, then provide firewalled email and corporate apps.


That is what we had at one power company I used to work for.

The email was delivered using exchange and there was no access to corporate apps (apart from Lync).

5123 posts

Uber Geek
+1 received by user: 1431

Trusted
Microsoft

  # 942347 28-Nov-2013 15:38
Send private message

this is an incredibly complicated area, and there is no silver bullet.

There is a lot of change happening in this area, and this whole space will be quite different in a years time (just look back a year from today - now only AirWatch and MobileIron are the remaining pure-play EMM companies that haven’t been snapped up by larger enterprise companies)

Samsung KNOX is incredibly immature IMHO. And you still need an MDM product as well

Containerization of apps is not the right approach in the long term I believe

The best direction is managing mobile apps (MAM) not devices (MDM) and coming at it from the user centric point of view, and controlling data access to data for DLP

Some new acronyms:
Mobile Application Management (MAM)
A more specific type of management, MAM focuses on delivering native apps from a corporate app catalog to an employee device while giving IT the power to selectively remove downloaded apps and associated data without touching personal apps and data.

Mobile Information Management (MIM)
This is the most granular type of management where IT policies are assigned directly to the data to ensure security no matter where it resides, flows to, or which app is using it.

Mobile Content Management (MCM)
Secure distribution and mobile access to documents for employees.


Please note that I am biased, but right

"Mobile Device management is in chaos right now, and I think this market is going to die," said John Girard, vice president and distinguished analyst at Gartner. "MDM will reach an endpoint and then we'll really start to see vendors have to look at mobile application management and application shielding around the app -- that is really what is happening."

5123 posts

Uber Geek
+1 received by user: 1431

Trusted
Microsoft

  # 942349 28-Nov-2013 15:45
Send private message

adresdendoll: Have a look at this for a half decent guide - http://searchsecurity.techtarget.com/tip/How-to-write-an-effective-enterprise-mobile-device-security-policy

In order to even consider BYOD or Android in general, you are going to want some form of containerisation; Good, Airwatch SCL, KNOX are the three leading choices in my opinion.

You cannot secure Android sufficiently in a BYOD environment with device management technology alone. You have to secure the data and you cant do that by trying to lock down an Android (even with the extra SAFE API's), more so because your options will be limited by the nature of what you can enforce on an employee’s device.

It’s completely possible but it is not easy or cheap.


Darren


I'd be thinking about Citrix in your top 3 as well, their Zenprise acquisition which is now called XenMobile is pretty interesting

Again I question the whole Containerisation thing as well.  Frankly the only reason it exists is because you can't trust the devices your apps are running on

279 posts

Ultimate Geek
+1 received by user: 15


  # 942364 28-Nov-2013 16:03
Send private message

Sparky787: Hi Guys

We are in the process of testing our BYOD Android process, and I am just curious, what sort of solutions other organisations have in place.

I was hard pressed to find anything on the Internet, so thought I might ask the IP Pros here.

We are using Group Policy/ActiveSync/MobileIron to manage our Android devices, due to the stringent security requirements from the Security Team.




Not really a BYOD policy you're after if your specifying the type of devices (Android), your more after MDM.

60 posts

Master Geek
+1 received by user: 1


  # 942619 29-Nov-2013 08:20
Send private message

nathan:
adresdendoll: Have a look at this for a half decent guide - http://searchsecurity.techtarget.com/tip/How-to-write-an-effective-enterprise-mobile-device-security-policy

In order to even consider BYOD or Android in general, you are going to want some form of containerisation; Good, Airwatch SCL, KNOX are the three leading choices in my opinion.

You cannot secure Android sufficiently in a BYOD environment with device management technology alone. You have to secure the data and you cant do that by trying to lock down an Android (even with the extra SAFE API's), more so because your options will be limited by the nature of what you can enforce on an employee’s device.

It’s completely possible but it is not easy or cheap.


Darren


I'd be thinking about Citrix in your top 3 as well, their Zenprise acquisition which is now called XenMobile is pretty interesting

Again I question the whole Containerisation thing as well.  Frankly the only reason it exists is because you can't trust the devices your apps are running on


 

For BYOD I personally would not trust the device; you can't enforce the same level of security on a non corp owned device.

That really leaves either the applications, the information on the device or both as far as your remaining points of security. Containerisation is really just the easiest way to allow a decent level of corp access without having to compromise on your security standards.

SSO, PKI integration, compromise detection built into the container or the apps through MDM/MAM SDK wrapping, forced encryption and DLP are all offered with a decent container and I don’t see BYOD requiring much more than that. The catch is that the container apps need to perform as well or better than the native options.

I have not used Citrix or Zenprise in the past 12 months, so I can’t really comment on their capability. I'm pretty keen to see how Airwatch Workspace handles in real life; the presentations ive seen are impressive.

As you previously said, there is no silver bullet approach. The biggest piece of advice i can give anyone looking at mobility is the get your requirements articulated clearly and then try find the solution that ties in best with the existing infrastructure you have in place.



63 posts

Master Geek
+1 received by user: 2


  # 943885 2-Dec-2013 08:04
Send private message

timmmay: What are you trying to achieve with BYOD? Just internet access for them, or some business benefit?


We need to deliver email, contacts and calendar.





63 posts

Master Geek
+1 received by user: 2


  # 943887 2-Dec-2013 08:08
Send private message

CB_24:
Sparky787: Hi Guys

We are in the process of testing our BYOD Android process, and I am just curious, what sort of solutions other organisations have in place.

I was hard pressed to find anything on the Internet, so thought I might ask the IP Pros here.

We are using Group Policy/ActiveSync/MobileIron to manage our Android devices, due to the stringent security requirements from the Security Team.




Not really a BYOD policy you're after if your specifying the type of devices (Android), your more after MDM.


Hi - we already have the BYOD solution for Apple, we were required to develop one for Android due to pressure from the business. It isn't perfect, but we have to make do.



63 posts

Master Geek
+1 received by user: 2


  # 944088 2-Dec-2013 13:31
Send private message

Hi - Something I forgot to mention- we are using Office365 for emails. This does changes things quiet a bit for us, therefore the containerisation solution did not work for us.

5123 posts

Uber Geek
+1 received by user: 1431

Trusted
Microsoft

  # 944094 2-Dec-2013 13:34
Send private message

if all you need to provide is corporate email/contacts/calendar is Exchange ActiveSync enough?

or are you trying to stop people doing stuff with their email once its on the device

or trying to stop malware running on Android from interacting with their email or?

 1 | 2
View this topic in a long page with up to 500 replies per page Create new topic



Twitter »

Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





News »

WLG-X festival to celebrate creativity and innovation
Posted 22-May-2019 17:53


HPE to acquire supercomputing leader Cray
Posted 20-May-2019 11:07


Techweek starting around NZ today
Posted 20-May-2019 09:52


Porirua City Council first to adopt new council software solution Datascape
Posted 15-May-2019 12:00


New survey provides insight into schools' technology challenges and plans
Posted 15-May-2019 09:30


Apple Music now available on Alexa devices in Australia and New Zealand
Posted 15-May-2019 09:11


Make a stand against cyberbullying this Pink Shirt Day
Posted 14-May-2019 20:23


Samsung first TV manufacturer to launch the Apple TV App and Airplay 2
Posted 14-May-2019 20:11


Vodafone New Zealand sold
Posted 14-May-2019 07:25


Kordia boosts cloud performance with locally-hosted Microsoft Azure ExpressRoute
Posted 8-May-2019 10:25


Microsoft Azure ExpressRoute in New Zealand opens up faster, more secure internet for Kiwi businesses
Posted 8-May-2019 09:39


Vocus Communications to deliver Microsoft Azure Cloud Solutions through Azure ExpressRoute
Posted 8-May-2019 09:25


Independent NZ feature film #statusPending to premiere during WLG-X
Posted 6-May-2019 22:13


The ultimate dog photoshoot with Nokia 9 PureView #ForgottenDogsofInstagram
Posted 6-May-2019 09:41


Nokia 9 PureView available in New Zealand
Posted 6-May-2019 09:06



Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Support Geekzone »

Our community of supporters help make Geekzone possible. Click the button below to join them.

Support Geezone on PressPatron



Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.