How CSOs can balance convenience and security when it comes to implementing a better enterprise mobility strategy
Bitzer Mobile Inc., a leading enterprise mobility solution provider, enhances employee productivity by allowing secure access to corporate apps and data from mobile devices while preserving rich user experiences. Bitzer is headquartered in the heart of Silicon Valley and has additional R&D offices in Bangalore, India and sales offices and distributors in eastern US and Europe. Bitzer was incorporated in 2010 and has raised funding from venture capitalists. For more information, please visit www.bitzermobile.com.
Info Security PG: What is "enterprise mobility?
Naeem Zafar: Enterprise mobility is about enabling your workforce to work from anywhere, providing them with seamless access to data and apps to do their jobs, and at the same time maintaining security and control over enterprise data. Today, users want to use their mobile devices to be productive, and allowing them do so is no longer an option. How well an organization enables its mobile workforce will be a key factor in determining its velocity of conducting business.
Initially it was about the ability to access your email and calendar on the mobile devices. As employees soon realized that they can do much more than emails on these devices shadow IT projects grew everywhere. The concern with unprotected data on the employee’s devices and desire to control it gave birth to MDM (Mobile Device Management) market. This was BYOD 1.0 where company could remotely wipe the employee’s device in case that employee left or the device was lost.
Things got more complicated when many of these devices were not corporate-owned but personally bought and had a lot of personal data. This meant that one should be able to isolate corporate data and apps from personal data and apps and IT departments should only be able to surgically affect just the corporate data. This is BYOD 2.0 which is less about controlling the device and more about controlling the data and providing authenticated access and encryption.
About Naeem Zafar
Naeem Zafar is the co-founder and CEO of Bitzer Mobile, the latest in a series of six start-ups that he's founded and/or managed. He's also served as president/CEO of three venture backed technology companies, and has been a board member/advisor to dozens of companies. Naeem teaches entrepreneurship at the University of California, Berkeley, and has published six books on entrepreneurship. He holds degrees in E.E. from Brown University and the University of Minnesota.
Info Security PG: How can CSOs balance the irresistible convenience of enabling a mobile workforce with the cost, security and privacy challenges that are bound to come up?
Naeem Zafar: The standard IT answer had been “we don’t support that device” but the avalanche of new devices and the pressure often emanating from the C-suite on supporting smartphones and tablets has been too hard to resist. Actually there is promise of cost savings by not purchasing and maintaining smart phones but letting employees buy their own devices, and still be able to access the corporate data securely. By shifting the responsibility of the device to employees has profound impacts on the company. This is the Consumerization of IT and the trend enables the BYOD (Bring Your Own Device) movement. This has the promise of reducing operating costs for the company and allowing IT department to play more strategic roles in improving how efficiently a company runs and not just be fixing laptops and smartphones.
We witnessed a similar trend when cars were no longer company-provided cars. This trend still has not altered in Europe and other countries where the company is expected to provide a car for the employees. In the USA we got away from this trend many decades ago as each employee had a car of their own choosing and today it will be silly to expect one from your employer (of course there are exceptions for certain jobs). We will see the same trend when it comes to the mobile devices.
The issue for the CSO now shifts to enabling the employee and data security. This is where a container solution comes into play which ensures security, user experience and privacy.
Info Security PG: What is "containerization" and how does it enable a secure enterprise workspace?
Naeem Zafar: Containerization is the ability to separate and isolate corporate data and apps from personal ones. There are many ways to create these container and not all of them are equal. One should be asking about FIPS140-2 compliance, key lengths for encryption of data, and how keys are obtained and managed. Once the container is on the device (technically it is an app that can be downloaded like any other app) it connects to the corporate servers.
The ability to take any app – internally developed app or a third part app – and include it inside the container so that it follows the prescribed policy is how app wrapping works. If these apps all share a single tunnel for communication and can share data then the terms is “containerized apps”. This allows the IT department to control how employees use these apps and what they can do with them.
A suitable container solution comes with several commonly used apps – email, calendar, contacts, document editors and SharePoint access. Some include a secure browser as well and the ability to add additional apps.
Info Security PG: What changes can CSOs plan for in the near future when it comes to BYOD, ubiquity of mobile devices and big data paradigms?
Naeem Zafar: We know that it is all about the apps and these apps drive new ways for employees to work and be productive. But CSOs must get the infrastructure right. This infrastructure is the proverbial stool with four legs. All have to be present for it to work well.
(a) Don’t compromise or downgrade whatever method of authenticating the users you use on premise. From smart cards to hardware tokens or passphrases, make sure that your mobile infrastructure supports those methods.
(b) Worry about data at rest (how is it encrypted? Where are the encryption keys stored? How are they obtained? What happens if the device is jail-broken?
(c) Worry about data-in-transit security. VPN from a mobile device is not a good option as it opens a tunnel to all that may be present on that device. Also as the users move from network to network it requires re-authentication.
(d) Make sure that you have fine grained control over the corporate data; by role, by geography, by groups and individually. You should be able to do remote locks, unlocks, wipe commands.
And then the most important aspect is to not kill the user experience. This is the reason these devices were adopted in the first place. The user experience matters. That is why support for single-sign-on (SSO) technologies such as Kerberos and NTLM must be supported by your selected solution. It is not easy to deal with all of these aspects but this is as big a paradigm shift as was going from client-server to the web model in the 1990s.
Company: Bitzer Mobile
440 N. Wolfe Road, Sunnyvale, CA 94085 U.S.A.
Founded in: 2010 CEO: Naeem Zafar Public or Private: Private Head Office in Country: United States Products: Bitzer offers the ability for employees to access corporate data and apps on their smartphones and tablets while providing end-to-end data security and control. Bitzer’s secure container creates a Secure Enterprise Workspace on a mobile device – corporate owned or personal, and for all major mobile platforms. Employees can get seamless access to intranet, corporate data and apps with enterprise-grade security and deep integration with Windows Authentication for true Single Sign-On. Company's Goals: To enable companies to reduce operating expenses and increase productivity by enabling employees to access actionable data and apps wherever they are. Mobile computing presents new ways for employees to work and deliver value but end-to-end data security remains paramount. Bitzer solves the new challenges presented by this new paradigm.
JOIN NOW THE CYBER SECURITY WORLDWIDE COMMUNITY ON LINKEDIN