You can’t go mobile with a desktop mindset — but that’s just what all too many IT organisations are doing. The most commonly applied mobile app policies are holdovers from the PC environment — like two-factor authentication and selective access based on Active Directory membership. These measures may be useful in a traditional computing setting. However, they’re woefully inadequate for the new world of enterprise mobility as they fail to account for concepts like jailbroken devices, bring-your-own-device (BYOD), untrusted public networks and offline usage.
To make enterprise mobility both secure and fully productive, you need to apply new policies designed specifically for the way mobile users work today. It’s not just about introducing restrictions and roadblocks — you also need to empower people to do even more with their mobile apps and devices to enable greater business value.
Before we get to our list of five mobile app policies you need to be thinking about now, let’s step back and consider why we’re talking about mobile app policies in the first place. Not that long ago, many organisations thought mobile device management (MDM) would be all they needed for secure mobility. But with so many different kinds of workers in the organisation — full-time and part-time employees, contractors, temps, partners — it quickly turned out that we needed a more sophisticated approach. After all, you can’t manage a device that belongs to a freelancer or partner company, and your own employees probably don’t want your hands all over their BYOD devices either. What really matters is managing the apps themselves. Hence, the rise of mobile application management (MAM).
The essence of good MAM is flexibility and granularity — being able to apply different policies for different apps, user types and mobility scenarios. If you get those policies right, your enterprise mobility security strategy is off to a strong start. Here are five you won’t want to leave out.
1. Block app access if a device is jailbroken or rooted
It happens every day. An employee leaves his tablet lying on the kitchen counter after work and his teenage son grabs it to play games. Before long, he’s jailbroken it to sideload the cool new Android game all his friends are talking about — the one you can only get in a private app store. Hello, malware. From now on, everything that employee does on the device is vulnerable to location tracking, data theft and other threats. The device may even have been rooted, allowing broad access to its Android functionality and settings.
To protect your business, make sure to block jailbroken devices from accessing your corporate apps and network.
2. Selectively allow copy/paste
Sometimes it’s fine to allow people to copy and paste content among mobile apps, like when an attorney uses a secure mobile email solution to send some contract language from her firm’s document management system to a client. But you sure wouldn’t want her to put that same language into her personal email — or, heaven forbid, on Yahoo! Mail.
The key is to take a granular approach to data leakage protection, allowing some apps to share content — for example, a secure enterprise document sharing app with a secure business email app — while preventing others. One way to do this is with a private clipboard that’s only used by secure, managed apps, and can’t be accessed by the device’s native consumer-grade apps. This allows ample productivity without exposing data to risk.
3. Define app access by network type or location
People love the freedom to be able to work productively anywhere — a café, a WiFi-enabled park, an airport lounge. But if you’re a financial services organisation or a hospital, that free WiFi can come at a high price in terms of security. Who knows who might be snooping into those networks and capturing your passwords, corporate data and other sensitive information? Should people really be sending your clients’ financial information over SSID BlackHatInTheMiddle?
You wouldn’t want to lock out public networks entirely — after all, there are plenty of tasks that don’t involve sensitive information. But there are certain apps that should only be allowed on secured networks, like those that access regulated data, trade secrets and legal contracts. You might also decide to allow access for some apps only over specified SSIDs — like only allowing access to electronic medical records (EMR) over your hospital’s own WLAN.
4. Control app usage based on connectivity
For some apps, you need to be able to track how, when and for how long people used them, and what they did — for example, healthcare and legal industry apps where audit trails and non-repudiation come into play. This can be true for both employees and partner personnel.
To support this, you can set a policy to restrict the app to work only when the device is online, or else set a maximum amount of time for its offline use.
5. Enable follow-me data across platforms
One of the main advantages of enterprise mobility is the ability to choose the right device for the right situation — a laptop for an extended business trip, a tablet for an overnighter or a sales call. Of course, it only helps if you can access the documents you need on whatever device you happen to be using. One way to do this is to email the files in question to yourself — but that’s a hassle, and it inevitably raises problems with forgotten items and out-of-sync versions when you get back to the office.
Follow-me data capability lets you enable truly device-independent productivity for your workforce. People can just drop all the docs they might need into a designated file sharing folder, like Citrix ShareFile, and they’ll appear automatically in the corresponding folder on all their other devices as well — even the smartphone they hadn’t expected to use to review their presentation before the meeting. Any changes are updated in real time across platforms as well; edits made while offline are synced instantly on reconnection.
Enterprise mobility is truly a new way of working — not the same old desktop scenario in a different box. Your mobile app policies need to reflect the security implications of different device ownership, usage and network access models — and go beyond user restrictions to empower people to realise the full benefits of mobility. The latest mature enterprise mobility management solutions will give you the flexibility to define mobility in your own way without compromising security. Discover what’s possible — and where it can take your organisation.
By Jason Tooley, UK country manager, Citrix