IT Guide: How to Balance Security and Productivity FAMOC
IT Guide: How to Balance Security and Productivity with FAMOC & Samsung KNOX Perspective #1 CIO Become a change guru The good old PC era is over. Computing technology escaped the desktop and made its way to our pockets. No matter how well IT designed and implemented their infrastructrue in the past, it is not prepared for a vast diversity of devices, OSs and applications. Since the times are changing, so is your role. It has evolved from being focused solely on IT to being focused on business risk and finding a way to embrace technology rather than restrict it. Security, BYOD, privacy, government regulations are all reasons for concern. But mobile is here to stay, so focus on how best to use it for your business. Forward thinking CIOs are the ones who understand what the company is trying to achieve by using tablets and mobile technologies. You want people to turn to you for advice and use your expertise on automation and software choice. www.fancyfon.com Perspective #2 Employee Anytime Anywhere For many employees there’s no going back to a ‘normal 8-hour workday’ - they wake up and check their email. Salespeople on business trips are always in search of a free WiFi. More and more people prefer to work from home as freelancers - and they like it this way. More often than not, the tool that allows them to get work done is their mobile device. Not just any mobile device. Workers – particularly Millenials – desire the latest and greatest tech tools and devices. They view technology as a perk. On the other hand, many employees still do not take adequate steps to protect their mobile devices. Almost half of all employees share their devices with friends and family; another 20 percent share their passwords. Such habits won’t change in a day but luckily the awareness of mobile security risks is growing. Which security measures would you find comfortable? 63% required password for network login www.fancyfon.com 41% location tracking 41% ability to lock or completely erase your device wirelessly How to turn the situation into a win-win with FAMOC & Samsung Knox 01 LET DEVICES IN... 02 ...BUT REMEMBER ABOUT SECURITY 03 KEEP UX IN MIND 04 ENGAGE & EDUCATE designed by Freepik.com www.fancyfon.com Step #1 Let Devices In... With mobile devices and apps easily accessible in our personal lives, employees want to have a final say in the devices they use for work. For the employee this choice has some very important benefits: it equates to freedom, and freedom results in the satisfaction of personal wants and needs. For IT it becomes a question of what allows employees to be flexible and agile, which helps increase their productivity and efficiency. Once you start looking at what your employees are doing and how they use new technologies, you can look at the overall tools that you want to use. It may make sense to let employees buy their own devices if the apps that they are going to use work well on any device. Or maybe they access sensitive information that you need to secure at all costs. www.fancyfon.com Meet Android With Android-powered smartphones and tablets spreading across enterprise mobile eco-systems, you are most likely to face the challenge of securing and managing these devices in your organization. 42% of applications analyzed for Android between 2011 and 2013 were classified as either malicious, unwanted, or suspicious Android, with its ability to be used on a broad selection of devices has gained enormous popularity in the customer market and it shows no signs of slowing down. Gartner believes that, by 2016, over 40% of enterprise-supported mobile devices will be Androids, so cross-platform MDM will be in even greater demand. www.fancyfon.com The unfortunate irony is that the same things that make Android so popular also make it a perfect target for hackers. Recent data shows that 97% of mobile malware is targeted at the Android platform. Without strong security measures in place to control and secure these devices, the very real threat posed by Android adoption will continue to grow rapidly. Cumulative breakdown of Android Apps MALICIOUS 15% BENIGN 38% UNWANTED 13% MODERATE 6% TRUSTWORTHY 14% SUSPICIOUS 14% Step #2 … But Remember About Security The mobile workforce is a security nightmare. A lost or stolen smartphone can compromise both business data on the phone and corporate data access channels such as VPNs. Coupled with the increase in the mobile malware, it creates a vulnerability that cannot be neglected. Fortunately, productivity and protection can travel together – if you fully understand what the risks are and what you can do to mitigate them. But first you must put all the building blocks in place. www.fancyfon.com 5 Questions You Need To Answer Before You Move On What type of mobile devices and platforms do you want and need to manage? Which deployment model (cloud or on-premise) is best for my organisation? How supportive the company is towards mobile working practises both in and outside the fixed office? What corporate data do people need on their mobile devices? Can you balance privacy requirements with enterprise security goals? designed by Freepik.com www.fancyfon.com Get Down To Basics What makes a standard security policy minimum? Detect or block non-compliant devices (jail broken, rooted etc.) Enforce password policies and encryption Automated reactions to policy breaches Wipe or lock the device in case of theft/loss Decide what apps will be allowed or banned www.fancyfon.com Choose the right MDM software You can address mobility challenges in two ways: by developing a BYOD strategy or by providing your employees with an IT-approved selection of devices (COPE Corporate Owned, Personally Enabled). With the second option, the company supplies and owns the mobile devices, but rather than locking them down, it enables their personal use for its employees. Whatever path you decide to follow, you will need a reliable partner to support you through the process and a proper cross-platform EMM to get you started. What Is FAMOC? FAMOC is the number one tool to secure your apps, data and device across different mobile operating systems. Like a Swiss-army knife, it’s in your pocket, ready to do the job for you: hosted or on-site EMM platform multi-OS support including Google Android, iOS, BlackBerry and Windows Phone best-in-class integration with Samsung KNOX and other Android manufacturers To reduce business risk, FAMOC has enabled Aviva to increase productivity by providing our employees with constant access to email and corporate resources. Piotr Kowalski Service Desk Manager, IT Department, Aviva Poland www.fancyfon.com Separate Business And Personal Data One of the methods of securing your most valuable data may be to restrict access to corporate data within an application sandbox, also known as a ‘container’ This approach provides convenient access to the corporate app store and approved apps — including secure email and web browsing, along with other apps with access to corporate data. The content of the container cannot be forwarded, or copied and pasted to applications outside the container. The user loses the ability to have a single inbox for business and personal emails, but it’s still better than carrying a second smartphone. www.fancyfon.com Samsung KNOX - securing Android With enhanced KNOX integration, FAMOC platform lets you create a safe work environment. Gated entry to the KNOX container and hardware and OS-level protection allows you to rest assured that that your corporate documents and data remain safe – not just in the office, but anywhere your users go. It helps organizations to implement the BYOD strategy by application container technology. The same tools that keep corporate data in the right place also work to keep personal data from being seen by an employer. Available for Samsung Android devices application sandbox which secures enterprise apps and prevents data leakage Industry-leading device management capability with over 390 IT policies Customizable KNOX container, which puts the enterprises in charge of what content and applications their employees can access Requires third-party EMM, like FAMOC, to get full functionality Our needs around mobile security constantly evolve, and we are always looking for new, better ways to secure our data on the mobile devices. KNOX is a perfect fit for our needs Lukasz Nowakowski IT Infrastructure Coordinator, LOTOS www.fancyfon.com Samsung Knox Key Features Require VPN for connectivity Don’t erase all data Check your users…twice It’s not enough to secure lost devices and corporate data, companies also need to protect data while-in-transit. VPN is a reliable solution that can be configured to suit an enterprise’s security needs. Selective data wipe is not only about BYOD-ers. As life and work frequently intercept, people use work devices for personal purposes, and vice-versa. Think about those pictures of Grandma on an employee’s device? And their personal email and address book. How do you think a contractor will react when you wipe information related to other clients? In these situations it will be useful to wipe the corporate container and leave the rest of the device untouched. For additional security you can introduce more stringent authentication and access controls for KNOX critical business apps. The KNOX container supports a two-factor authentication process, with which, the user can complete a fingerprint scan to access the container and select either a password or PIN as a second process to follow the fingerprint. In KNOX environment, you can push VPN client through FAMOC and set up container-wide VPN or per-app VPN (up to five separate, simultaneous VPNs). www.fancyfon.com Step #3 Keep User Experience In Mind Imagine your employee is a spoilt baby. It’s not enough to give a baby a toy phone with no batteries inside. Babies can tell the fake from the real thing and can’t be tricked this way. The same applies to your employees. If you lock all the smartphone features, they will just stop using it. www.fancyfon.com Creating user-friendly environment Geofencing Single Sign-On (SSO) FAMOC MyDevice With FAMOC geolocation services you can change the policy on the device depending on where the device is located and/or the specific time of the day. By creating geofencing rules you can be less restrictive outside your company facility and after standard working hours. In other conditions (e.g. a remote location, a different country) you can require a more rigorous login process, or even block the device. What’s important, the process happens automatically on the device without connecting to the MDM server. This feature is especially useful if you are engaging users across multiple applications. Employees only have to log in once to get access to multiple business applications. The FAMOC administrator creates and distributes the SSO configurations through the EMM console which is later used by the device for ongoing authentication by applications. The FAMOC MyDevice end-user self-care portal enables users to help themselves. Your employees will now be able to remotely locate, lock or wipe their device and verify app reputation. If necessary, they can also perform backup or restore lost data. www.fancyfon.com This ensures that the number of calls placed at the help desk is kept to a minimum, and improves the overall productivity and efficiency of both the IT and the end user. Step #4 Engage & Educate Done right, mobile enterprise strategy enables companies to move quickly on new opportunities. Done wrong, it results in employee’s rebellion and distrust. Unless you involve your employees in the process of choosing the right technology and explain the reasons behind company policy, you risk the complete failure of your mobility program. People will vote with their feet and simply not use your mobile service or, worse, find insecure workarounds. www.fancyfon.com Step #4 Engage & Educate 73% of employees want to get involved in decisions regarding what kind of software or security is put into their personal devices Enabling mobile working is about taking an employeecentric approach. You don’t want to patronize your coworkers but at the same time you need to make them aware of potentially risky behavior. Try discussing possible consequences of using unsecured networks, transferring data to personal email and storage accounts or granting apps widespread permissions. Focus on best practices for password protection, WiFi network usage and safe Internet use. 74% of employees agreed that involving employees is a good way to improve security compliance www.fancyfon.com Your mobile policy should describe what employees can and can’t do with their mobile device and how they should access the corporate network. Employees should understand that data access comes with a responsibility to comply with corporate mobility policy. Nearly five in ten of employees would stop using personal devices for work if companymandated security app was added to their personal device Your actions should be transparent too. Consider preparing a written contract that will clearly describe on what terms you allow BYOD devices. Clear communication over sensitive issues such as privacy is critical for establishing employee trust. End users need to know what policies are applied to the device, what is being monitored and what is the reaction to a security breach. What can you expect to achieve? By opening your organization up to mobility, and involving everyone in the process, you will begin a journey to transformation and enhance your chances of success, now and into the future. None of us can predict all the ways mobility will transform your business one or five years from now, still you need to develop the right strategy to get ready for what’s to come. Remember: - involve management and employees in the process - decide how to protect your most sensitive data and users’ privacy - choose a vendor you can grow with - trust but verify – it’s one thing to develop a strategy, but another to monitor it once set up www.fancyfon.com Click here and try it now! www.fancyfon.com Sources CDW, Mobility at Work: Making Personal Devices a Professional Asset CDW.com/MobilityAtWork WEBROOT, Fixing the Disconnect Between Employer and Employee for BYOD Webroot.com/shared/pdf/WebrootBYODSecurityReport2014.pdf COVER PHOTO: wwarby All rights reserved. No part of the contents of this document may be reproduced or transmitted in any form or by any means without the written permission of the publisher. PUBLISHED BY FANCYFON Software Limited Atrium Business Centre The Atrium, Blackpool Park Cork, Ireland Copyright© 2008-2014 by FancyFon Software Limited www.fancyfon.com FancyFon™ and FAMOC™ are either registered trademarks or trademarks of FancyFon Software Limited. This publication may contain the trademarks and service marks of third parties and such trademarks and service marks are the property of their respective owners. THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS AND SERVICES IN THIS PUBLICATION ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS PUBLICATION ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. Samsung and KNOX are either trademarks or registered trademark of Samsung Electronics Co. Ltd.
© Copyright 2024