IT Guide: How to Balance Security and Productivity with FAMOC & Samsung KNOX
Aug 16, 2015
www.fancyfon.com
Perspective #1CIO
Become a change guruThe good old PC era is over. Computing technology escaped the desktop and made its way to our pockets. No matter how well IT designed and implemented their infrastructrue in the past, it is not prepared for a vast diversity of devices, OSs and applications.
Since the times are changing, so is your role. It has evolved from being focused solely on IT to being focused on busi-ness risk and finding a way to embrace technology rather than restrict it. Security, BYOD, privacy, government regu-lations are all reasons for concern. But mobile is here to stay, so focus on how best to use it for your business.
Forward thinking CIOs are the ones who understand what the company is trying to achieve by using tablets and mobile technologies. You want people to turn to you for advice and use your expertise on automation and software choice.
www.fancyfon.com
Perspective #2Employee
Anytime AnywhereFor many employees there’s no going back to a ‘normal 8-hour workday’ - they wake up and check their email. Salespeople on business trips are always in search of a free WiFi. More and more people prefer to work from home as freelancers - and they like it this way.
More often than not, the tool that allows them to get work done is their mobile device. Not just any mobile device. Workers – particularly Millenials – desire the latest and greatest tech tools and devices. They view technology as a perk.
On the other hand, many employees still do not take adequate steps to protect their mobile devices. Almost half of all em-ployees share their devices with friends and family; another 20 percent share their passwords. Such habits won’t change in a day but luckily the awareness of mobile security risks is growing.
Which security measures would you find comfortable?
63% 41% 41%required password for network login
location tracking
ability to lock or completely erase your device wirelessly
www.fancyfon.com
How to turn the situation into a win-win with FAMOC & Samsung Knox
04 ENGAGE & EDUCATE
01 LET DEVICES IN... 02 ...BUT REMEMBER ABOUT SECURITY
03 KEEP UX IN MIND
designed by Freepik.com
www.fancyfon.com
Step #1Let Devices In...
With mobile devices and apps easily accessible in our personal lives, employees want to have a final say in the devices they use for work. For the employee this choice has some very important benefits: it equates to freedom, and freedom results in the satisfaction of personal wants and needs.
For IT it becomes a question of what allows employees to be flexible and agile, which helps increase their pro-ductivity and efficiency. Once you start looking at what your employees are doing and how they use new tech-nologies, you can look at the overall tools that you want to use. It may make sense to let employees buy their own devices if the apps that they are going to use work well on any device. Or maybe they access sensitive information that you need to secure at all costs.
www.fancyfon.com
With Android-powered smartphones and tablets spreading across enterprise mobile eco-systems, you are most likely to face the challenge of securing and managing these devices in your organization.
Android, with its ability to be used on a broad selection of devices has gained enormous popularity in the customer market and it shows no signs of slowing down. Gartner believes that, by 2016, over 40% of enterprise-supported mobile devices will be Androids, so cross-platform MDM will be in even greater demand.
The unfortunate irony is that the same things that make Android so popular also make it a perfect target for hackers. Recent data shows that 97% of mobile malware is targeted at the Android platform. Without strong security measures in place to control and secure these devices, the very real threat posed by Android adoption will continue to grow rapidly.Cumulative breakdown of Android Apps
Meet Android
42%of applications analyzed for Android between 2011 and 2013 were classified as either malicious, unwanted, or suspicious BENIGN 38%
MALICIOUS 15%
UNWANTED 13%
MODERATE 6%
TRUSTWORTHY 14%
SUSPICIOUS 14%
www.fancyfon.com
Step #2… But Remember About Security
The mobile workforce is a security nightmare. A lost or stolen smartphone can compromise both business data on the phone and corporate data access channels such as VPNs. Coupled with the increase in the mobile malware, it creates a vulnerability that cannot be neglected.
Fortunately, productivity and protection can travel together – if you fully understand what the risks are and what you can do to mitigate them. But first you must put all the building blocks in place.
www.fancyfon.com
What type of mobile devices and platforms do you want and need to
manage?
Which deployment
model (cloud or on-premise) is
best for my organisation?
What corporate data do people need on their
mobile devices?
How supportive the company is towards mobile
working practises both in and
outside the �xed o�ce?
Can you balance privacy
requirements with enterprise security goals?
5 Questions You Need To Answer Before You Move On
designed by Freepik.com
www.fancyfon.com
Get Down To Basics
Detect or block non-compliant devices (jail broken, rooted etc.)Enforce password policies and encryptionAutomated reactions to policy breachesWipe or lock the device in case of theft/loss Decide what apps will be allowed or banned
What makes a standard security policy minimum?
www.fancyfon.com
Choose the right MDM software
You can address mobility challenges in two ways: by developing a BYOD strategy or by providing your em-ployees with an IT-approved selection of devices (COPE - Corporate Owned, Personally Enabled). With the second option, the company supplies and owns the mobile devices, but rather than locking them down, it enables their personal use for its employees.
Whatever path you decide to follow, you will need a reli-able partner to support you through the process and a proper cross-platform EMM to get you started.
FAMOC is the number one tool to secure your apps, data and device across different mobile operating systems. Like a Swiss-army knife, it’s in your pocket, ready to do the job for you:
What Is FAMOC?
To reduce business risk, FAMOC has enabled Aviva to increase productivity by providing our employees with constant access to email and corporate resources.
Piotr KowalskiService Desk Manager, IT Department, Aviva Poland
hosted or on-site EMM platform multi-OS support including Google Android, iOS, Black-Berry and Windows Phone best-in-class integration with Samsung KNOX and other Android manufacturers
www.fancyfon.com
Separate Business And Personal DataOne of the methods of securing your most valuable data may be to restrict access to corporate data within an application sandbox, also known as a ‘con-tainer’ This approach provides convenient access to the corpo-rate app store and approved apps — including secure email and web browsing, along with other apps with access to corpo-rate data.
The content of the container cannot be forwarded, or copied and pasted to applications out-side the container. The user loses the ability to have a single inbox for business and personal emails, but it’s still better than carrying a second smartphone.
www.fancyfon.com
Samsung KNOX - securing Android
With enhanced KNOX integration, FAMOC platform lets you create a safe work environment. Gated entry to the KNOX container and hardware and OS-level protection allows you to rest assured that that your corporate documents and data remain safe – not just in the office, but anywhere your users go.
It helps organizations to implement the BYOD strategy by application container technology. The same tools that keep corporate data in the right place also work to keep personal data from being seen by an employer.
Available for Samsung Android devices application sandbox which secures enterprise apps and prevents data leakage Industry-leading device management capability with over 390 IT policies Customizable KNOX container, which puts the enter-prises in charge of what content and applications their employees can access Requires third-party EMM, like FAMOC, to get full functionality
Our needs around mobile security constantly evolve, and we are always looking for new, better ways to secure our data on the mobile devices. KNOX is a perfect �t for our needs
Lukasz NowakowskiIT Infrastructure Coordinator, LOTOS
www.fancyfon.com
Samsung Knox Key Features
Require VPN for connectivity
It’s not enough to secure lost devices and corporate data, compa-nies also need to protect data while-in-transit. VPN is a reliable solution that can be configured to suit an enterprise’s security needs. In KNOX environment, you can push VPN client through FAMOC and set up container-wide VPN or per-app VPN (up to five separate, simultane-ous VPNs).
Don’t erase all data
Selective data wipe is not only about BYOD-ers. As life and work fre-quently intercept, people use work devices for personal purposes, and vice-versa. Think about those pic-tures of Grandma on an employee’s device? And their personal email and address book. How do you think a contractor will react when you wipe information related to other clients? In these situations it will be useful to wipe the corporate container and leave the rest of the device un-touched.
Check your users…twice
For additional security you can introduce more stringent authenti-cation and access controls for KNOX critical business apps. The KNOX container supports a two-factor authentication process, with which, the user can complete a fingerprint scan to access the container and select either a password or PIN as a second process to follow the finger-print.
www.fancyfon.com
Step #3Keep User Experience In Mind
Imagine your employee is a spoilt baby. It’s not enough to give a baby a toy phone with no batteries inside. Babies can tell the fake from the real thing and can’t be tricked this way. The same applies to your employees. If you lock all the smartphone features, they will just stop using it.
www.fancyfon.com
Creating user-friendly environment
Geofencing
With FAMOC geolocation services you can change the policy on the device depending on where the device is located and/or the specific time of the day. By creating geofenc-ing rules you can be less restrictive outside your company facility and after standard working hours. In other conditions (e.g. a remote loca-tion, a different country) you can require a more rigorous login proc-ess, or even block the device. What’s important, the process happens automatically on the device without connecting to the MDM server.
Single Sign-On (SSO)
This feature is especially useful if you are engaging users across mul-tiple applications. Employees only have to log in once to get access to multiple business applications. The FAMOC administrator creates and distributes the SSO configurations through the EMM console which is later used by the device for ongoing authentication by applications.
FAMOC MyDevice
The FAMOC MyDevice end-user self-care portal enables users to help themselves. Your employees will now be able to remotely locate, lock or wipe their device and verify app reputation. If necessary, they can also perform backup or restore lost data.
This ensures that the number of calls placed at the help desk is kept to a minimum, and improves the overall productivity and efficiency of both the IT and the end user.
www.fancyfon.com
Step #4Engage & Educate
Done right, mobile enterprise strategy enables companies to move quickly on new opportunities. Done wrong, it results in employee’s rebellion and distrust. Unless you involve your employees in the process of choosing the right technology and explain the reasons behind company policy, you risk the complete failure of your mobility program.
People will vote with their feet and simply not use your mobile service or, worse, find insecure workarounds.
www.fancyfon.com
Step #4Engage & Educate
Enabling mobile working is about taking an employee-centric approach. You don’t want to patronize your co-workers but at the same time you need to make them aware of potentially risky behavior. Try discussing possi-ble consequences of using unsecured networks, trans-ferring data to personal email and storage accounts or granting apps widespread permissions. Focus on best practices for password protection, WiFi network usage and safe Internet use.
Your mobile policy should describe what employees can and can’t do with their mobile device and how they should access the corporate network. Employees should understand that data access comes with a responsibility to comply with corporate mobility policy.
Your actions should be transparent too. Consider pre-paring a written contract that will clearly describe on what terms you allow BYOD devices. Clear communica-tion over sensitive issues such as privacy is critical for establishing employee trust. End users need to know what policies are applied to the device, what is being monitored and what is the reaction to a security breach.
73%of employees want to get involved in decisions regarding what kind of software or security is put into their personal devices
of employees would stop using personal devices for work if company-mandated security app was added to their personal device
Nearly five in ten
74%of employees agreed that involving employees is a good way to improve security compliance
www.fancyfon.com
What can you expect to achieve?By opening your organization up to mobility, and involving every-one in the process, you will begin a journey to transformation and enhance your chances of success, now and into the future.
None of us can predict all the ways mobility will transform your business one or five years from now, still you need to develop the right strategy to get ready for what’s to come.
Remember:- involve management and em-ployees in the process- decide how to protect your most sensitive data and users’ privacy- choose a vendor you can grow with- trust but verify – it’s one thing to develop a strategy, but another to monitor it once set up
www.fancyfon.com
Click here and try it now!
www.fancyfon.com
Sources
CDW, Mobility at Work: Making Personal Devices a Professional Asset CDW.com/MobilityAtWork
WEBROOT, Fixing the Disconnect Between Employer and Employee for BYOD Webroot.com/shared/pdf/WebrootBYODSecurityReport2014.pdf
COVER PHOTO: wwarby
PUBLISHED BYFANCYFON Software LimitedAtrium Business Centre The Atrium, Blackpool ParkCork, IrelandCopyright© 2008-2014 by FancyFon Software Limited
All rights reserved. No part of the contents of this document may be reproduced or transmitted in any form or by any means without the written permission of the publisher.
FancyFon™ and FAMOC™ are either registered trademarks or trademarks of FancyFon Software Limited.This publication may contain the trademarks and service marks of third parties and such trademarks and service marks are the property of their respective owners.
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS AND SERVICES IN THIS PUBLICATION ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS, INFORMATION, AND RECOMMENDATIONS IN THIS PUBLICATION ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED.
Samsung and KNOX are either trademarks or registered trademark of Samsung Electronics Co. Ltd.