In our September Mobile Workforce Report, we asked some questions about security issues regarding smartphones and tablets.
Although most mobile workers haven’t had anything happen to their smartphones, 15% have broken or destroyed theirs. 4% have lost their phone and 2.4% had them stolen. Although the numbers are small, that’s still 64 out of every thousand employees that IT has to deal with.
73% of mobile workers said that IT requires security on their smartphone in order to access corporate data and 25% say it’s required for tablets. This data changes slightly if the company pays all or part of the smartphone and tablet costs. In this case, 83% of mobile workers have security for smartphones to access corporate data and 28% on tablets.
This trend of an increase in security when the company pays, continues:
Remote wipe capability:
54% of mobile workers report having remote wipe capability on their smartphone; but 59% if the company pays all or part.
29% report remote wipe on their tablet overall; 32% if the company pays all or part of the cost.
Remote wipe is required slightly more in North America on average
Required passcode lock on smartphone or tablet:
76% of mobile workers are required to have a lock on their smartphone; compared to 83% if the company pays.
40% of tablet owners are required to have a lock on average; compared to 44% if the company pays.
So, then a mobile worker uses a workaround:
24% of mobile workers use a workaround (a bypass) to access corporate data; but this only rises to 25% if the company pays for some or all of the smartphone costs.
12% of tablet owners find a workaround, compared to 13% of company-funded tablets
Employees that have paid for their own smartphone will use a workaround for a smartphone more (27%) but less for a tablet owners (9%)
Although BYOD gives a sense of ownership, if a company does not pay for some of the cost, the employee is less likely to have security on their device, but they are less compelled to workaround to access corporate data. However, the more benefits that IT and the company can provide a BYOD employee, such as providing negotiated rate plans, then employees will continue being productive with their device of choice.
To start off your new year with the new devices coming into the Enterprise, here are some articles on device security.
Android vs iOS vs BlackBerry: Which is the most secure holiday gift? by Steve Hunt and Neohapsis, CSO
Fragmentation on Android continues to be a problem, along with behind-the-scenes activities of some downloaded apps, unbeknownst to the owner. iOS has the good/bad relationship of a closed platform, often with delayed security fixes.
For CIOs, Time To Deal With All Of Those Holiday Mobile Devices by Eric Savitz, Forbes
“The first lesson of BYOD is crystal clear. Apply the same data protection policies to mobile devices that you have for laptops or desktop computers…But new solutions are starting to emerge that let CIOs separate applications and data from personal aspects of the mobile gadget. For instance, on some phones, users have different sign ins for work apps and home apps…”
Today I want to provide a bit more context on why I think this is a big deal for the Enterprise. Let’s start at looking at some of the trends IT is facing. I think it is fair to say that IT is being asked to do more with less these days, with many of the investments in cloud computing and end-user liable devices designed to simplify the role of IT and move it away from infrastructure management. This way, IT can focus more on strategic initiatives that are core to the business.
Along these lines is a general desire to reduce the complexity of managing devices, partly to reduce the management burdens on IT, and partly to make devices such as laptops easier for users to use so they have less need to contact support. However, there still is a need to make sure that as IT reduces complexity there is not any compromise in security.
With these trends in mind, our technology partner Juniper designed Junos Pulse. Junos Pulse provides a unified client for Windows devices that consolidates VPN/Network connectivity, application acceleration and security into a single interface designed to minimize end user interaction. It is designed with the necessary intelligence to understand the user’s location (remote or on the network) and apply policy accordingly. The goal is to simplify, and minimize, the interactions required by users in order to connect to the network securely.
This makes sense to me, as one of the design goals we had with Open Mobile is to make the best connection choice for the user, so the user doesn’t have to. Partly to simplify the user’s experience, but partly to make the best decision. We believe that if you present the user with too many choices they will default to the easiest one, even if that is not the most secure or cost effective choice. With the Junos Pulse client, I think Juniper had the same belief.
So how does iPass Open Mobile work with Junos Pulse? With the Junos Pulse client, Juniper understood that connection management had an important role with providing that unified user experience for connectivity and security, where connectivity is more than connecting to the corporate network, but also connecting to the Internet itself. That is where iPass comes in. Through a Junos Pulse API, iPass Open Mobile can operate as a plug-in to the Junos Pulse Windows client. The user is presented with a list of available connection options within the Junos Pulse client, but the connection choices are managed by iPass. Organizations can still set connection policies for users on how they can establish Wi-Fi, Ethernet, Dial and Mobile Broadband connections just like they would with the standalone Open Mobile client, however they can have those policies apply to the Junos Pulse client. This provides a simpler experience for the user as there are less clients on the Windows device that they have to interact with.
To try this out, you need to be set up with access to both Junos Pulse and iPass Open Mobile. If your organization has a goal of simplifying the life of your end users and IT staff, I suggest it may just be worth checking out.
For more information check out you can check out more from iPass and from Juniper.
Last week I introduced the Open Mobile client v2.0 for Windows to everyone. This week we are going to take a closer look at the new Endpoint Integrity Verification feature introduced with this release.
The concept of checking the security of the endpoint is not new. Many organizations use different VPN and NAC solutions to ensure that a Windows laptop is configured correctly before allowing the user onto the network.
However, many of these solutions only do their check after the user is already connected to the Internet, and often require the user be in the process of connecting, or already connected to the network in order to perform the security check. What happens if the user never connects to the network? With more and more organizations deploying cloud based applications that don’t sit on the organization’s network, there is the increasing chance that mobile users will spend less and less time connected to the network itself.
This is where we knew Open Mobile could add value. Since Open Mobile is built to manage all connections to the Internet, it is uniquely positioned to be able to enforce security at the moment of connection. With the Open Mobile client v2.0 for Windows, we set out to make it much easier to do exactly that.
With this release, administrators can easily create policies that look for specific Anti-Virus, Personal Firewall and Anti-Spyware applications at the point of connection. We make it easy by providing an extensive list of applications to pick from so it is as easy as just checking an item off a list. If the user attempts to connect and everything is running as required, they can connect.
However, if they don’t meet the requirements, either the required application is not running or is running the wrong version, then organizations have the choice of prompting the user and allowing the user to continue or take several different actions that block the user to the Internet and/or the VPN. Organizations can customize the message that the user sees so the required action on their part can be made very clear and match the languages used in the security policies that employees are used to.
Want to learn more? Feel free to check out the video below which provides a short demo of the Endpoint Integrity Verification capability in action. Also, make sure to read more about the Open Mobile Portal and Open Mobile Client.
Be sure to check back next week as we continue to highlight some of the great new features with the Open Mobile v2.0 client for Windows.
If IT feels that they have less control over mobile devices, then the mobilocracy may be calling the shots.
Our recent Mobile Enterprise Report asked IT: Do you have more or less control over your employees’ choice of devices than you did a year ago?
41% felt that they had less control, and 21% felt that they had more. Here’s a look at how these groups compare in security policies, issues and strategies.
For companies in which IT had more/same amount of control, they are:
Less likely to have changed their guidelines recently to be more accomodating to personal devices. Has IT decided and that’s that?
More likely to not allow access from non-IT-managed devices
More likely to audit their mobility strategy
Slightly less likely to have a security issue
IT is viewed slightly more as an enabler, less as an inhibitor
More likely to have mobile security, mobile device liability and employee education in their mobility strategy
Now, if IT feels that they have less control over the employees’ choice of devices, then I think there might be cases of the “tail wagging the dog” or mob rules. Mobilocracy in this case.
This group has been much more likely to have changed their guidelines to accommodate personal devices and 23% more likely to make a provisioning exception for a “specialized member” (e.g. executive). Are the guidelines merely stating what’s already happening in the organization?
Interestingly, IT is seen less as an enabler and more as an inhibitor, although they say they have less control over the devices. These companies are slightly more likely to have security issues and less likely to have mobile security and policy enforcement in their mobility strategy. However, they provide more employee education.
Companies that have had a security issue? They are much more likely to believe that their companies need to update their data security, data access and password policies. I would recommend starting now, before the next new device is brought into the enterprise.
For more trends on IT control and security, you can download the report.
In our September Mobile Workforce Report, we asked some questions about security issues regarding smartphones and tablets. 
