how to manage the great blackberry migration

© 2014 Tangoe, Inc.

How to Manage the

Great BlackBerry Migration

Presented by:

Troy Fulton, Director, Product Marketing

Thursday, January 16, 2014


Today’s Speaker

2

Troy Fulton

Director, Product Marketing

• 20+ years in high-tech and communications devices

• Senior product marketing and management positions with global

corporations including Motorola Mobility, Nokia, and Compaq

• MBA from The College of William and Mary; BA from Boston

College


Agenda

• What’s Driving the Great BlackBerry Migration

• Managing Expectations

• Risk Analysis

• Help Desk Considerations

• Mistakes to Avoid

• Security and Access in a Consumerized World


Why the Great BlackBerry Migration is Happening

• Is waiting still an option?

• 4Q13

• BYOD trend presents challenges

• Shrinking subscriber base

• Problem definition

• BlackBerry fell behind Apple and Google

• Network outages

• Market share volatility

• Migration as normal

• Not your first…or last…migration

• Opportunity cost

• Beyond email

• Forgoing innovation

• Mobile transforming agility

• Optimize strategy and spend without sacrificing productivity, security, and manageability

• Simplified architecture and removal of throughput bottlenecks

4


Why Mobility is Complex

5

• Traditional computing supports…

• Silo architecture

• Linear control

• Systems thinking supports…

• Responsive architecture

• Ecosystem cause and effect

• Collaboration in real-time

• Shared objectives


Mobility Challenges & Priorities

• Trends straining traditional security

models

• Social collaboration

• Mobility

• Virtualized anywhere access

• Cloud-sourced IT and apps

• Hackers as a community and country

• BYOD and lack of practices and

procedures

• 70%+ of mobile workforce via personal

“smart” devices by 2018

• Enterprise Security Priorities

• Mobile Device Management

• Data Loss Prevention

• Security information and event

management & strong user authentication

• MDM strategy and implementation

• Security as agility enabler

• End-to-end security

• Connect, control and track devices

• Real-time contextual awareness

• Trigger-based response policies

• Trustability models

• Reporting and data analytics

• Network access control

• Mobile DLP (data leakage prevention)

6


Myths vs. Facts

7

Facts Myths

MDM is a strategy

Endpoint security is

critical path

Each mobile OS offers the

same security

MDM = security

MDM software & services

enable a mobility strategy

Data & content security

matter most

MDM functionality is

limited by OS providers

MDM offers policy and

enforcement


Risk Analysis

• Do you have a risk analysis already?

• What were the protection mechanisms of your BES and the endpoints?

• Levels of policy enforcement

• Update your firm’s risk profile

• Wide range of capabilities among BlackBerry, iOS, Android, and Windows Phone 8

• Business and service environment(s)

• Mobile endpoint use cases

• Risk types

• Sensitive data loss, malicious software, device loss, out-of-date

• Application architecture

• Risk is not horizontal

• Diverse user base

• Other variations

Business unit

Location

Mobile device usage location(s)

8


Involve HR, Finance, Business Unit Leads

• Technically, this is not difficult

• Managing change requires leadership from the front

• Visible platform transition

• Applications and use cases

• Expectation Management

• Who chooses the device?

• Ownership matters

• Focus on the User Experience

• Lock-down approach is losing most of its appeal

• Migration creates ownership policy issues for privacy and personal liability

• Company provided device offers minimal privacy for an employee

• No privacy challenges yet for BYOD liability model

• Uncharted: personal media content…

9


To the Help Desk & Beyond

• Help desk funding

• Critical path to productivity

• Any device? Person? Liability model?

• What level of support will you, or not, provide?

• Complete self-service not likely to fly

• Develop and clearly communicate your support policy

• Demark responsibilities and scenarios

• You already know a lot can go wrong…and will

• Data plan options and/or requirements

• If BYO is their only device and employee does not pay their bill?

Incurred data roaming costs on a 4G network

Inability to access email

• Going beyond

• Exec has first tablet device, does not know how to use it….

• Non-executive: do they wait? Unable to work?

10


Getting Started: Policy Strategy Questions

• Who qualifies?

• What devices are allowed?

• Who buys/owns the device?

• \What service expenses will be covered, and how?

• What is supported, at what level?

• What does the employee have to do?

• Enterprise security, data usage and privacy restrictions

• Employee privacy issues

• Labor implications of after-hours support

• Liability issues (E-discovery)

• Limitations on reimbursement (what is the strategy?)

• Penalties for noncompliance (and enforcement?

• Data and phone number transition at termination

• Support policies and liability issues must be reviewed by the corporate legal department, the

executive board, HR and business unit managers.

11


Minimize Platforms and Devices

• Do not support every device

• Minimize options based on value

• Determine minimal OS version

Encryption enforcement?

Robust VPN configuration?

Application management tools?

Understand how and frequency for OS updates

• Usability and performance

• Hotspot and tethering support?

• 6-ft. drop on concrete test

• Multi-platform, multi-department

• Multi-departments will use the same

enterprise apps

• Cost of internal app development can rise

dramatically with BYOD

• Understand the implications of

multiple platforms

• Can equal greater opportunity but also

be a challenge if considered after the

fact

• Consider device lifecycle

• Policy enforcement, usability, apps,

usage monitoring, secure data and

communications, support, warranty

12


Mistakes to Avoid: Inconsistent Security Policies

• Focus on business requirements first and devices second

• Policy gaps are the origins of most mobile security failures

• Determine approved platform options for BYOD

• Get cross-departmental buy-in

• Business information requirements may be overly broad and difficult to fulfill

across mobile platforms

• Security policies need to account for OS limitations

• Adapt data and application policies accordingly, and document your policies

• All mobile devices are work platforms, irrespective of liability model

• Anticipate that mobile work platform loss could result in data breach event

• May require disclosure

• Know and track your device, application, and data inventory

13


• Create an access baseline

• Determine who has access

• Identify access control gaps

• Tie access controls to environment

• Segregate access by role and liability model

• Best practice what works best for your

company

• Check applicable regulations

• Policy of “least access”

• Regulators want doctrine of “least privilege”

applied

• Enable specific security roles to enforce

security and access management policies

• Automate device provisioning

• Pre-configure AUP liability models

• Integrate with TEM procurement

• Terminate unused accounts

• Prevent access to resources

• Consider a device recycle program

• Proactively monitor for unusual activity

• Monitor high volume of SMS or data

• Control remote access to apps and

databases

• Mobility and cloud computing expand the

enterprise operational perimeter

• NAC is becoming a baseline requirement

Security and Access Critical Success Factors


Horizontal AUP’s

• All devices

• Device will lock your account after 10 failed

login attempts

• Device will lock every 30 minutes requiring

reentry of password

• Password rotation every 90 days with

minimal strength

• Remote wipe..full vs. partial?

• Minimum device level: iPhone 4, iOS 5.0x,

Android 3.x

• Company-administered MDM

• No jailbreak & no rooting policies

• Certificates for any and all access: email,

apps, networks

• Application and data encryption at all times

• Personal devices

• Limit device enrollments at company

discretion

• Filter sensitive data at company

discretion

• Accept company lock/wipe decisions

• Require end-user acceptable-use

policy agreement

• What about…

• Intentional data leakage

• NA vs. EMEA vs. APAC?

• MDM client and monitoring apps?

• Monitoring WLAN usage

BYOD…sites visited, etc?

Restrict WLAN access?

15


Mobile Device Containerization

16

• Data security

• Enterprise apps & services

• Easy to manage and control

• Personal phone, SMS, web

• Choice of device, services

• Freedom & privacy

• Separate corporate data from personal data

• Allow “personal data” to co-exist

• Provide controls over corporate data


Getting Started

• Lack of formal mobility strategy creates security risks

• A well-intentioned employee is the biggest risk with unmanaged personal device

• Have an action response plan

• Encrypt all data…everywhere (native on-device & behind the firewall)

• Deploy iOS and Android apps that utilize data protection APIs

• 2014: Agile Scalability

• Ownership Trust

• Identity and “trustability”

• Monitoring, consulting… and less controls

• Implement enforceable policies

• Cross-discipline buy-in

• One approach (aka PC) will not fly

• Security enforcement consistency across segments

• Know what employees need now vs. next year

• Guide business leaders

17


Key Elements for Mobility Lifecycle Management

18

Hardware

• Procurement integration

• Provisioning

• Asset / inventory

• Activation

• Deactivation

• Performance

• Battery

• Memory

• Lifecycle

• Recycle

Software

• Multi-OS

• Configuration

• Updates

• Patches

• Provisioning

• Authorized monitoring

• Hosting

• Application Lifecycle Management

• App Store

• Backup/Restore

• Localization

Security

• Context awareness

• Remote Wipe

• Remote lock

• Policy enforcement

• Encryption

• Mobile VPN

• Authentication

• Antivirus

• Containerization

• DLP

• ABQ

• Liability model

• Location-based services

Services

• Monitoring

• Alert

• rTEM usage

• Help Desk

• Product

• On-site Engineer


First Business, Last Technology

• Mobility is a business challenge

• Systems thinking approach for shared objectives across business disciplines

• Technology issues driven by business unit end results

• Focus on the business first, then the technology

• Identify use cases

• Consult with business units

• Assess risk

• Focus on your data

• Satisfaction counts

• Assess requirements and use cases

• Prioritize business requirements

• Not everyone is high value

• Trustability does not mean lock down across the mobile estate

• Requirements for data mobility and endpoint control

19


Questions and Contacts

Troy Fulton

Director Product Marketing

[email protected]

Tangoe

203.859.9300

[email protected]

www.tangoe.com

mailto:[email protected]


APPENDIX

21


iOS Policy Enforcement Capabilities

22


Samsung SAFE MDM API Support

23

Source: Samsung SAFE website 9/2013


Policy Enforcement

• BlackBerry is synonymous with mobile security

– End-to-end encryption out of the box and built-in data protection

technologies

• Secure & Consumerized…not there yet

– Android, iOS, and Windows Phone are consumer platforms

– Encryption and data protection are to be enabled

• Enforcing security policies

• Android provides basic device and data security

• Apple opts for simplicity

• iOS a closed ecosystem but offers uniformity and consistency

• Standardize security and communication management

• Certificate management configuration

• VPN and Wi-Fi communication

• iOS has flexible Wi-Fi and VPN configuration

• Android needs to partner with a device manufacturer

• Samsung works with a number of VPN providers for encrypted

communication

iOS IPCU


Android Device Security

• Android offers flexibility via APIs

• Keychain API with encrypted storage so applications can utilize

private keys, certificate chains, and user certificates

• VPN API with secure credential storage to help lock down data

transmissions

• Securing connections to enterprise networks

• Android supports SSL and VPN (password)

• Samsung offers proprietary VPN solutions

• Cisco, F5, Juniper, and others

• Carriers or OEMs are bundling VPN solutions

• Example: certain Motorola models on Verizon and Sprint

Samsung APIs