Self-service BYOD is a lot easier than it seems

With just a few apps, enterprises can give employees the tools to stem the risks of BYOD by separating corporate and personal apps, and choosing just trusted apps for each.

Two companies that debuted at the Under the Radar (UTR) "Consumerization of IT" conference last Thursday in San Francisco could change the mobile security and BYOD industry. MobileSpaces and Appthority both bring a low-cost, consumer-like, self-service approach to enterprise BYOD.

image alt text

MobileSpaces delivers enterprise BYOD security for $5 per month per smart mobile device. It is a self-service model. With a very light approach to installation, provisioning and administration, Mobile Spaces aims to serve enterprises by letting them try it, buy it and scale it.

MobileSpaces builds a secure container for Android and iOS called a workspace that isolates corporate data and apps from personal information on the device. MobileSpaces is essentially an app that manages the secure operation of selected apps that fit an enterprise’s policy. It neutralizes a significant attack vector that could be used to compromise corporate data on unprotected smartphones. This attack vector is another personal app that the user downloads with the permissions to read and upload corporate data, such as address books or those that contain a shared library with a known exploit that puts corporate data at risk.

Another important data security issue that MobileSpaces addresses is control over the use of corporate data files, such as document and PDF files associated with apps. A file downloaded into the workspace can only be opened by the associated app installed in that workspace and can’t be copied to the personal workspace.

To secure an employee’s smartphone, the mobile administrator using the MobileSpaces console generates a registration code and automatically sends it with a link to download MobileSpaces from the Google Play Store, via either SMS or email. The user installs and registers the MobileSpaces app with the registration code. Once installed, an SSL connection to the admin console is initiated and the user is authenticated. The policies and approved list of apps is downloaded to the secured device. Any app deemed safe for the enterprise can be included on the approved list without modification. The user can now download approved apps and connect to corporate services such as email, Salesforce and Sharepoint using his or her usual credentials. The icons of the approved apps installed on the smartphone are slightly modified with the blue brushstroke MobileSpaces logo so the user can identify them.

The employee and the enterprise benefit from MobileSpaces. Apps and data in the enterprise workspace are isolated from all of the employee’s private apps and data, and vice-versa, giving the enterprise security and the user privacy.

If the user removes the MobileSpaces workspace, he or she will be unable to access enterprise apps and data. If the employee leaves the company, the MobileSpaces workspace and all the apps and corporate data in it can be deleted from the admin console.

MobileSpaces plans to create use cases for the integration of enterprise directories and authentication. Microsoft Active Directory will likely be first, but it will be determined based on customer commitments to scale the use of Mobile Spaces. Cisco, Juniper and Checkpoint VPN customer use cases will also determine timing of these integrations.

Appthority makes an app that could work very well alongside MobileSpaces. For $2.50 to $4 per user per month, Appthority ranks the risk of mobile apps. The ranking is based on a combination of factors, such as static and dynamic analysis or an assessment of which permissions the app uses.

image alt text

According to Appthority, only 0.27% of mobile apps have malware, but 79%of apps can access corporate data on an unsecured smart mobile device. As an example, Appthority cites Angry Birds, because for some unknown reason it can access the corporate phonebook and calendar and shares unencrypted data with six ad networks. This is a huge problem because corporations are subject to privacy regulations, such as HIPAA and Sarbanes Oxley. And while the percentage of malware is small, it could lead to a data breach.

Appthority’s app risk rankings could be used to qualify apps for inclusion in the approved list of apps to be deployed securely using MobileSpaces.

Between MobileSpaces and Appthority, a smart mobile device can be secured for enterprise use, and BYOD could actually be valuable. The only other addition might be to add Lookout’s mobile security suite, which scans for malware for $3 per device.

A self-service approach to mobile device security fits because smartphone and tablet users are used to self service. This approach bodes well for reduced user adoption friction and a lesser administration burden on IT.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.
Must read: 10 new UI features coming to Windows 10