Mobile Endpoint Security: Buying Guide: Page 2

Selecting the best mobile endpoint security solution depends on which BOYD model you use, cost, and method of protecting sensitive data.


You Can't Detect What You Can't See: Illuminating the Entire Kill Chain

(Page 2 of 2)

3. Figure out how to manage mobile expenses.

Skyrocketing mobile costs can quickly sink BYOD’s expected efficiency and productivity gains. As you embrace BYOD, figure out how you will keep costs in check. Canada’s CTV, a division of Bell Media, wanted to deal with handheld mobile security and expense management with one tool.

Their IT and telecom staff was struggling to manage 3,000 mobile devices – a mix of BlackBerry, iPad, iPhone, Android and others. CTV produces a number of TV shows in remote locations such as Haiti and Japan, so traveling employees need their mobile devices in order to stay connected and to send real-time updates – and often video – while on location.

Whenever a company device was lost or stolen, confidential information was at risk, since they were unable to remotely wipe devices or track them down. At the same time, while abroad, employees were often going over their monthly data plans, which would cost tens of thousands of dollars without them even knowing it.

To get a handle on both problems, CTV turned to a combined MDM and TEM (Telecom Expense Management) solution from Tangoe. CTV chose Tangoe over other solutions because of its “real-time telecom expense management” capabilities. Tangoe’s system allows the IT department to monitor all devices and track usage.

The IT department now has the ability to shut down a device if it is not being used according to the company’s policy, if it’s lost or stolen, or even if it goes over its allotted data plan.

4. Don’t forget about mobile AV.

Fortunately, free mobile AV solutions are available from the likes of Lookout Mobile Security. This is what I use on my own Android and it’s worked well.

However, IT probably wants to strive for AV unity across devices and platforms. Check to see what your existing endpoint protection provider has in the works for mobile AV. If they offer Android support but don’t protect iPhones yet, find out what their roadmap is. If support for additional platforms is too far out, you might want to reevaluate them as your desktop AV provider too.

However, vendors that have a PC-protection mindset may not adapt well to mobile.

Related Articles

This is purely anecdotal, but after checking out a Webroot demo at RSA 2012, I’m seriously considering switching to it for all of my endpoint protection for my own content-creation firm, Sandstorm Media.

The suite is powered by the cloud, so it has a tiny device-side footprint, as opposed to traditional resource-hogging security suites, and mobile support for Androids and iOS has recently been added.

It’s not that I dislike Lookout, but I prefer simplicity when possible, and my legacy endpoint security suite, CA, is not satisfactory and a resource hog to boot. Thus, I have two AV solutions. I have no idea whether CA has a mobile solution and won’t bother looking. My licenses are almost up, so I want to unify device protection for my small organization – which even for about seven or so devices is complicated.

Besides protecting against malware, Webroot Mobile allows IT to locate, lock and wipe devices, while adding additional features like SMS spam filtering and app inspection.

5. Realize strong authentication is a must.

Many organizations feel a false sense of security once they are able to enforce screen locks and passwords on devices. For mobile, weak authentication isn’t good enough. For instance, Android phones allow you to unlock the device by drawing a pattern.

I’m no criminal genius, but it took me all of ten seconds to realize that the oil on people’s fingers would leave a distinct enough smudge that figuring out the pattern would be easy. Weak user names and passwords are nearly as bad. BKD, an accounting and advisory firm, needed to boost authentication standards for mobile devices and first investigated tokens as a two-factor authentication solution.

“We quickly determined the traditional token approach would require significant internal resources at a time when internal resources were stretched thin on multiple projects,” said Bill Melgren, BKD Director of Information Services. Managing, configuring, troubleshooting and repairing or replacing broken hardware tokens would add significant overhead.

Instead, BKD turned its attention to software-based authentication and selected the solution from PhoneFactor.

PhoneFactor relies on the mobile device itself as a second authentication factor. “PhoneFactor got us up and running in a fraction of the time that would have been required by a traditional token approach,” said Melgren. “Internal resource utilization has been kept to a minimum throughout.”

With PhoneFactor, each time a user tries to authenticate, following password validation, the user’s phone is called. The user simply has to answer the phone and is prompted to enter an assigned PIN number. Because of the secondary authentication call, attackers need to know both the user’s password and have physical possession of the user’s phone. This second factor – the possession of the phone itself – adds an additional layer of security.

Page 2 of 2

Previous Page
1 2

Tags: security, mobile, endpoint security, buyer guide, mobile endpoint security

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.