how to manage the great blackberry migration
DESCRIPTION
BlackBerry might be forcing the migration issue for many organizations, but this is the new normal. The demands of users and the breakneck speed of IT consumerization driven by mobile, and now applications, have made that clear. Technically, this is not difficult. So what is the real issue? A deepening opportunity cost in innovation (lack of) that drives enterprise agility. Tackle the key points of consideration and methodologies required for a successful platform migration both before and after implementation.TRANSCRIPT
© 2014 Tangoe, Inc.
How to Manage the
Great BlackBerry Migration
Presented by:
Troy Fulton, Director, Product Marketing
Thursday, January 16, 2014
© 2014 Tangoe, Inc.
Today’s Speaker
2
Troy Fulton
Director, Product Marketing
• 20+ years in high-tech and communications devices
• Senior product marketing and management positions with global
corporations including Motorola Mobility, Nokia, and Compaq
• MBA from The College of William and Mary; BA from Boston
College
© 2014 Tangoe, Inc.
Agenda
• What’s Driving the Great BlackBerry Migration
• Managing Expectations
• Risk Analysis
• Help Desk Considerations
• Mistakes to Avoid
• Security and Access in a Consumerized World
© 2014 Tangoe, Inc.
Why the Great BlackBerry Migration is Happening
• Is waiting still an option?
• 4Q13
• BYOD trend presents challenges
• Shrinking subscriber base
• Problem definition
• BlackBerry fell behind Apple and Google
• Network outages
• Market share volatility
• Migration as normal
• Not your first…or last…migration
• Opportunity cost
• Beyond email
• Forgoing innovation
• Mobile transforming agility
• Optimize strategy and spend without sacrificing productivity, security, and manageability
• Simplified architecture and removal of throughput bottlenecks
4
© 2014 Tangoe, Inc.
Why Mobility is Complex
5
• Traditional computing supports…
• Silo architecture
• Linear control
• Systems thinking supports…
• Responsive architecture
• Ecosystem cause and effect
• Collaboration in real-time
• Shared objectives
© 2014 Tangoe, Inc.
Mobility Challenges & Priorities
• Trends straining traditional security
models
• Social collaboration
• Mobility
• Virtualized anywhere access
• Cloud-sourced IT and apps
• Hackers as a community and country
• BYOD and lack of practices and
procedures
• 70%+ of mobile workforce via personal
“smart” devices by 2018
• Enterprise Security Priorities
• Mobile Device Management
• Data Loss Prevention
• Security information and event
management & strong user authentication
• MDM strategy and implementation
• Security as agility enabler
• End-to-end security
• Connect, control and track devices
• Real-time contextual awareness
• Trigger-based response policies
• Trustability models
• Reporting and data analytics
• Network access control
• Mobile DLP (data leakage prevention)
6
© 2014 Tangoe, Inc.
Myths vs. Facts
7
Facts Myths
MDM is a strategy
Endpoint security is
critical path
Each mobile OS offers the
same security
MDM = security
MDM software & services
enable a mobility strategy
Data & content security
matter most
MDM functionality is
limited by OS providers
MDM offers policy and
enforcement
© 2014 Tangoe, Inc.
Risk Analysis
• Do you have a risk analysis already?
• What were the protection mechanisms of your BES and the endpoints?
• Levels of policy enforcement
• Update your firm’s risk profile
• Wide range of capabilities among BlackBerry, iOS, Android, and Windows Phone 8
• Business and service environment(s)
• Mobile endpoint use cases
• Risk types
• Sensitive data loss, malicious software, device loss, out-of-date
• Application architecture
• Risk is not horizontal
• Diverse user base
• Other variations
Business unit
Location
Mobile device usage location(s)
8
© 2014 Tangoe, Inc.
Involve HR, Finance, Business Unit Leads
• Technically, this is not difficult
• Managing change requires leadership from the front
• Visible platform transition
• Applications and use cases
• Expectation Management
• Who chooses the device?
• Ownership matters
• Focus on the User Experience
• Lock-down approach is losing most of its appeal
• Migration creates ownership policy issues for privacy and personal liability
• Company provided device offers minimal privacy for an employee
• No privacy challenges yet for BYOD liability model
• Uncharted: personal media content…
9
© 2014 Tangoe, Inc.
To the Help Desk & Beyond
• Help desk funding
• Critical path to productivity
• Any device? Person? Liability model?
• What level of support will you, or not, provide?
• Complete self-service not likely to fly
• Develop and clearly communicate your support policy
• Demark responsibilities and scenarios
• You already know a lot can go wrong…and will
• Data plan options and/or requirements
• If BYO is their only device and employee does not pay their bill?
Incurred data roaming costs on a 4G network
Inability to access email
• Going beyond
• Exec has first tablet device, does not know how to use it….
• Non-executive: do they wait? Unable to work?
10
© 2014 Tangoe, Inc.
Getting Started: Policy Strategy Questions
• Who qualifies?
• What devices are allowed?
• Who buys/owns the device?
• \What service expenses will be covered, and how?
• What is supported, at what level?
• What does the employee have to do?
• Enterprise security, data usage and privacy restrictions
• Employee privacy issues
• Labor implications of after-hours support
• Liability issues (E-discovery)
• Limitations on reimbursement (what is the strategy?)
• Penalties for noncompliance (and enforcement?
• Data and phone number transition at termination
• Support policies and liability issues must be reviewed by the corporate legal department, the
executive board, HR and business unit managers.
11
© 2014 Tangoe, Inc.
Minimize Platforms and Devices
• Do not support every device
• Minimize options based on value
• Determine minimal OS version
Encryption enforcement?
Robust VPN configuration?
Application management tools?
Understand how and frequency for OS updates
• Usability and performance
• Hotspot and tethering support?
• 6-ft. drop on concrete test
• Multi-platform, multi-department
• Multi-departments will use the same
enterprise apps
• Cost of internal app development can rise
dramatically with BYOD
• Understand the implications of
multiple platforms
• Can equal greater opportunity but also
be a challenge if considered after the
fact
• Consider device lifecycle
• Policy enforcement, usability, apps,
usage monitoring, secure data and
communications, support, warranty
12
© 2014 Tangoe, Inc.
Mistakes to Avoid: Inconsistent Security Policies
• Focus on business requirements first and devices second
• Policy gaps are the origins of most mobile security failures
• Determine approved platform options for BYOD
• Get cross-departmental buy-in
• Business information requirements may be overly broad and difficult to fulfill
across mobile platforms
• Security policies need to account for OS limitations
• Adapt data and application policies accordingly, and document your policies
• All mobile devices are work platforms, irrespective of liability model
• Anticipate that mobile work platform loss could result in data breach event
• May require disclosure
• Know and track your device, application, and data inventory
13
© 2014 Tangoe, Inc.
• Create an access baseline
• Determine who has access
• Identify access control gaps
• Tie access controls to environment
• Segregate access by role and liability model
• Best practice what works best for your
company
• Check applicable regulations
• Policy of “least access”
• Regulators want doctrine of “least privilege”
applied
• Enable specific security roles to enforce
security and access management policies
• Automate device provisioning
• Pre-configure AUP liability models
• Integrate with TEM procurement
• Terminate unused accounts
• Prevent access to resources
• Consider a device recycle program
• Proactively monitor for unusual activity
• Monitor high volume of SMS or data
• Control remote access to apps and
databases
• Mobility and cloud computing expand the
enterprise operational perimeter
• NAC is becoming a baseline requirement
Security and Access Critical Success Factors
© 2014 Tangoe, Inc.
Horizontal AUP’s
• All devices
• Device will lock your account after 10 failed
login attempts
• Device will lock every 30 minutes requiring
reentry of password
• Password rotation every 90 days with
minimal strength
• Remote wipe..full vs. partial?
• Minimum device level: iPhone 4, iOS 5.0x,
Android 3.x
• Company-administered MDM
• No jailbreak & no rooting policies
• Certificates for any and all access: email,
apps, networks
• Application and data encryption at all times
• Personal devices
• Limit device enrollments at company
discretion
• Filter sensitive data at company
discretion
• Accept company lock/wipe decisions
• Require end-user acceptable-use
policy agreement
• What about…
• Intentional data leakage
• NA vs. EMEA vs. APAC?
• MDM client and monitoring apps?
• Monitoring WLAN usage
BYOD…sites visited, etc?
Restrict WLAN access?
15
© 2014 Tangoe, Inc.
Mobile Device Containerization
16
• Data security
• Enterprise apps & services
• Easy to manage and control
• Personal phone, SMS, web
• Choice of device, services
• Freedom & privacy
• Separate corporate data from personal data
• Allow “personal data” to co-exist
• Provide controls over corporate data
© 2014 Tangoe, Inc.
Getting Started
• Lack of formal mobility strategy creates security risks
• A well-intentioned employee is the biggest risk with unmanaged personal device
• Have an action response plan
• Encrypt all data…everywhere (native on-device & behind the firewall)
• Deploy iOS and Android apps that utilize data protection APIs
• 2014: Agile Scalability
• Ownership Trust
• Identity and “trustability”
• Monitoring, consulting… and less controls
• Implement enforceable policies
• Cross-discipline buy-in
• One approach (aka PC) will not fly
• Security enforcement consistency across segments
• Know what employees need now vs. next year
• Guide business leaders
17
© 2014 Tangoe, Inc.
Key Elements for Mobility Lifecycle Management
18
Hardware
• Procurement integration
• Provisioning
• Asset / inventory
• Activation
• Deactivation
• Performance
• Battery
• Memory
• Lifecycle
• Recycle
Software
• Multi-OS
• Configuration
• Updates
• Patches
• Provisioning
• Authorized monitoring
• Hosting
• Application Lifecycle Management
• App Store
• Backup/Restore
• Localization
Security
• Context awareness
• Remote Wipe
• Remote lock
• Policy enforcement
• Encryption
• Mobile VPN
• Authentication
• Antivirus
• Containerization
• DLP
• ABQ
• Liability model
• Location-based services
Services
• Monitoring
• Alert
• rTEM usage
• Help Desk
• Product
• On-site Engineer
© 2014 Tangoe, Inc.
First Business, Last Technology
• Mobility is a business challenge
• Systems thinking approach for shared objectives across business disciplines
• Technology issues driven by business unit end results
• Focus on the business first, then the technology
• Identify use cases
• Consult with business units
• Assess risk
• Focus on your data
• Satisfaction counts
• Assess requirements and use cases
• Prioritize business requirements
• Not everyone is high value
• Trustability does not mean lock down across the mobile estate
• Requirements for data mobility and endpoint control
19
© 2014 Tangoe, Inc.
Questions and Contacts
Troy Fulton
Director Product Marketing
Tangoe
203.859.9300
www.tangoe.com
© 2014 Tangoe, Inc.
APPENDIX
21
© 2014 Tangoe, Inc.
iOS Policy Enforcement Capabilities
22
© 2014 Tangoe, Inc.
Samsung SAFE MDM API Support
23
Source: Samsung SAFE website 9/2013
© 2014 Tangoe, Inc.
Policy Enforcement
• BlackBerry is synonymous with mobile security
– End-to-end encryption out of the box and built-in data protection
technologies
• Secure & Consumerized…not there yet
– Android, iOS, and Windows Phone are consumer platforms
– Encryption and data protection are to be enabled
• Enforcing security policies
• Android provides basic device and data security
• Apple opts for simplicity
• iOS a closed ecosystem but offers uniformity and consistency
• Standardize security and communication management
• Certificate management configuration
• VPN and Wi-Fi communication
• iOS has flexible Wi-Fi and VPN configuration
• Android needs to partner with a device manufacturer
• Samsung works with a number of VPN providers for encrypted
communication
iOS IPCU
© 2014 Tangoe, Inc.
Android Device Security
• Android offers flexibility via APIs
• Keychain API with encrypted storage so applications can utilize
private keys, certificate chains, and user certificates
• VPN API with secure credential storage to help lock down data
transmissions
• Securing connections to enterprise networks
• Android supports SSL and VPN (password)
• Samsung offers proprietary VPN solutions
• Cisco, F5, Juniper, and others
• Carriers or OEMs are bundling VPN solutions
• Example: certain Motorola models on Verizon and Sprint
Samsung APIs