TREND BRIEF

Five Essential Elements for an

Effective Mobile Security Strategy

TREND BRIEF

Understanding the Importance of

a Sound Security Policy

The Five Factors of Mobile

Security Strategy

In the cacophony of business headlines, news of data security breaches come

through like a high-tempo drum beat. In fact, the number of incidents keeps
growing at a rate of 66 percent CAGR, with a cost per breach of $5.9 million.1
And some of the worlds most recognized brands are sustaining bruises to their
reputations and harmful hits to their bottom lines as they scramble to repair the
damages.

Its important to understand that while security policy provides IT

organizations with a platform to manage security, it doesnt provide
specific solutions. For that, we need to look at exactly what you ought
to be protecting.

Enterprise IT organizations are facing an elusive enemyperpetrators who range

from sophisticated cybercriminals and government-sponsored spies to hackers
and script kiddies, and who have motives as diverse as money, politics, or simply
youthful mischief.
Whoever the threat and whatever the reasons, whats evident is that
opportunities for cyberattacks continue to grow along with the increasing
proliferation of mobile devices. End users want access to data anytime, anywhere,
and businesses appreciate the collaboration and productivity such access allows.
But access exposes enterprises to risk, and compels a mobile security strategy
that can keep the threats at bay. In this trend brief, we will review the essential
elements of building a mobile security strategy, and how VMware AirWatch
solutions make it possible to construct your strategy and gain broad user
acceptance.

Head off Potential Harm with a

Formal Security Policy

Data
In addition to the theft of data, cybercriminals are known to alter data,
which can lead to equally dire consequences for the enterprise. If
corporate information is inaccurate, the outcome is wrong decisions
made from the wrong assumptions.
The solution can be found with mobile application management (MAM),
an approach that allows you to place corporate content in secure
containers. For example, enterprises are protecting email data and
attachments through a containerized email client, and containerizing
enterprise data and managed applications without the need for device
management.
Additional features include customized management policiesa multitenant environment for delegating role-based access and capabilities to
certain users, device groups, and locationsand encryption settings that
require devices to be enrolled, encrypted, and compliant before
permitting access to corporate email.

While cyber threats to your data center seem to be constantly circling, you can
take up a defensive position to thwart potential attacks by establishing a firm set
of security guidelines. A formal security policy is based on three key
characteristics.
First, identify the information thats most sensitive for your business. By taking
this step, you can separate enterprise data from user data, which is especially
useful for managing a bring-your-own-device (BYOD) environment.
Next, clarify who should be allowed to access your sensitive data, and under
what circumstances they should have access.
Finally, determine how you will act if a data breach occurs. Even the best of
perimeter defenses can be pierced, so be prepared to respond.

1 PwC, Managing cyber risks in an interconnected world: Key findings from The Global State of
Information Security Survey 2015, September 2014.

|2|

TREND BRIEF

Infrastructure
Mobile security relies on a solid infrastructure thats compatible with
your mobile environment. The right solution allows you to integrate
mobile devices into a management framework that includes security,
identity, application, and content management.
Look for a solution that supports direct integration with Apple,
Microsoft, and Google infrastructures using APIs. With these models,
you can enforce policies that control email access, require device
encryption, block compromised devices, deploy or revoke certificates,
and block unmanaged devices.
Even more, you can secure your networking connections by enabling
app tunneling through VMware AirWatch Tunnel and VMware
AirWatch Mobile Access Gateway (MAG), or per-app VPN. And by
combining per-app VPN with the VMware NSX network virtualization
platform, you can deliver user-level micro-segmentation that extends
security from the device all the way inside the data center.
Make sure to build your infrastructure using an integrated approach with
a single management console to manage several security tools, such as
email security, Web security, data loss prevention (DLP), etc. Otherwise,
managing multiple solutions will only add unnecessary complexity and
pose additional security issues.

Devices
With all the benefits of mobile technology comes the ever-increasing spread
of devices across the enterprise. And since your corporate data lives on
these devices, its imperative to know about everyone and everything thats
connected to your network.

With a mobile device management (MDM) solution, you get visibility

from a single management console into all the devices, whether
employee- or corporate-owned, that access your network. When a
device is lost, compromised, or out of compliance, ensure your solution
can automatically disable access to the network and wipe the device
clean of corporate data.
In addition to MDM, a multi-layered approach to security can cover
devices, email, applications, content, and even browsing. At the user and
device level, strengthen security with multi-factor authentication. At the
application level, you can take advantage of techniques such as antimalware/anti-virus, email security, secure Web gateway, encryption,
application white listing/control, DLP, advanced threat protection, and
mobile security.

4 Applications
With mobile users acquiring applications independently through app
stores, the risk is real that someone will install a compromised app that
leaks sensitive data. By adopting a method of better application
delivery, that risk can be substantially reduced.
Ensure your solution allows you to easily manage internal, public,
purchased, Web, and virtual applications throughout the entire lifecycle
across devices from one central console. And if you develop internal
applications, using tools like the AirWatch Software Development Kit
(SDK) and AirWatch App Wrapping can provide additional security
features directly to your applications.
Its also critical to deliver the right applications to the right people, while
providing a desired user experience. Enable administrators to push
applications automatically when users enroll, and make applications
available for on-demand installation. You can also provide conditional
access to work apps to ensure only compliant, managed apps can
access the organizations business systems.

|3|

TREND BRIEF

Users
Your security tactics will only be as effective as the compliance of
your users. If your policies are difficult to follow and limit user
freedom, you may find employees working around security standards
in the interest of productivity. For example, an employee issues a
Google Drive or Box invitation because its a simpler way to
collaborate, even if its unsecure.
Preempt user unrest by instituting controls that dont sacrifice user
empowerment. Look for a solution that simplifies enrollment, pushing
apps and content automatically once a user is authenticated, and
pushing profiles automatically over the air. Foster easier collaboration
by using technologies such as the VMware Boxer Email App, making
it easy to sync and share files so users can collaborate securely
without leaving the inbox. You can also empower employees with a
self-service portal, easing the management burden on your IT team.
With customizable privacy policies to help you separate corporate
and personal data on devices, you can further eliminate hesitancy of
adoption. Additionally, streamlining access across applications
through a one-touch mobile single sign-on (SSO) allows users to
access apps without passwords or complex PIN challenges while at
the same time increasing security. Lastly, dont forget that earning a
users trust is a significant step to user adoption of successful mobile
programs. Maintain constant communication with users to keep them
informed on security policy changes.

MEET THE MOBILE SECURITY ALLIANCE

AirWatch has added muscle to managing applications
through its membership in the Mobile Security Alliance
(MSA).2
In an effort to resist malicious and suspicious behavior across
mobile deployments, AirWatch recently joined 10 other
industry companies to launch the MSA. For AirWatch
customers, its an additional tool for ensuring threat detection
is in place. If any of the allies detects a threat, AirWatch is
informed automatically. AirWatch then takes automatic and
administrator-defined compliance actions to protect
customer devices, user information, and corporate data.
The MSA simplifies the complex cybersecurity ecosystem for
advanced mobility security into three categories:
Device: Predictive threat analysis for securing and
protecting against malware, viruses, and suspicious device
behaviors
Application: Contextual threat analytics that scan, analyze,
and validate public and private applications based on
internal and external factors
Networking: Advanced behavioral analytics and remediation
of network traffic from the mobile device, mobile apps, and
through mobile networks

2 AirWatch, AirWatch Introduces the Mobile Security Alliance to Simplify Cybersecurity, September 2015.
http://www.air-watch.com/company/news-room/press-releases/2015/09/airwatch-introduces-the-mobilesecurity-alliance-to-simplify-cybersecurity/ and http://blogs.air-watch.com/2015/09/simplifying-mobilecybersecurity-with-airwatch-and-the-mobile-security-alliance/

|4|

TREND BRIEF

Go End to End with AirWatch

COMPLIANCE
IS CRUCIAL

With mobility management from AirWatch, you get a unique

end-to-end solution thats rooted in security. Heres a snapshot at
the five features that will deliver a mobile security strategy.

As you prepare your

security strategy, ensure your
approach is not only effective
but proactive, enabling IT to
take preventive measures,
implement detection
mechanisms, and perform
escalating actions to prevent
noncompliance.
Additionally, keep in mind
your responsibility to
government regulations and
confidentiality mandates.
Stay in compliance with
VMware AirWatch Content
Locker with FIPS-140-2
validated, AES-256 bit
encryption. In fact, federal
agencies and highly
regulated industries deploy
AirWatch to get the benefits
of a layered security
approach.

Enterprise-grade

security
Identify and control end points that access your network; and
with AES 256-bit encryption, protect data in transit and at rest.
C
 onsumer simplicity and empowerment
Single sign-on provides a seamless, secure user experience, and
self-service tools allow users to enroll additional devices, view
device information, and more.
P
 roactive security
Real-time dashboards show device fleet data, and a
customizable central portal allows administrators to identify
issues before a problem arises.
S
 imple administration without sacrificing control
A multi-tenant environment delegates role-based access and
capabilities to both user groups and specific device groups.
S
 ecure management and delighted users
Push out apps to appropriate groups of end users so they have
the right apps to be productive.

Complete device
management
Secure corporate
workspaces
Dual persona security
Containerized email
Wrapped applications for
managing a cross-platform
fleet of mobile devices
|5|

TREND BRIEF

CASE STUDY

Investment Firm Finds

Safe Route to Mobility with
AirWatch Solutions
As its employees began using
company-owned mobile devices
to access email and business
data, investment services firm
ADS Securities wanted to ensure
that corporate information was
protected and the company
stayed compliant with regulatory
requirements. Using the AirWatch
compliance engine, ADS Securities
is able to remotely configure and
enforce corporate usage and
security rules based on employee
business roles and device ownership
types. In addition to mobile asset
management and security, ADS
Securities uses AirWatch Content
Locker to safely collaborate
and share corporate files and
presentation materials.

Conclusion
With every mobile device in the hands of your employees, you are providing a
point of access to your corporate network. For your IT teams, that means
multiple dimensions of risk to manageat the device level, the data level, the
user level, and the network level. Establishing a sound strategy for mobile
security is essential to protecting your enterprise against this risk. And with
mobility solutions from AirWatch, youll be on solid footing to defend your data.
To learn more of how mobility management solutions from AirWatch can help you
implement an effective mobile security strategy, visit the AirWatch Mobile Security
Management solutions site.

Whether new employees join

our offices in Abu Dhabi, London
or Singapore, we can ensure that
their mobile devices are properly
provisioned to allow immediate
and secure access to email and
corporate data.
Illyas Kooliyankal, Director of
Information Security, ADS Securities
Read More

VMware, Inc. 3401 Hillview Avenue Palo Alto CA 94304 USA Tel 877-486-9273 www.vmware.com
Copyright 2016 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws. VMware products are covered by one or more patents listed at http://www.vmware.com/go/patents.
VMware is a registered trademark or trademark of VMware, Inc. in the United States and/or other jurisdictions. All other marks and names mentioned herein may be trademarks of their respective companies.
Item No: 16-VMWA-3202_Trend_Brief_5_Essential_Elements
4/16

Join Us Online

Blog: http://blogs.air-watch.
com/category/airwatch-emmsolutions
Twitter: @AirWatch
Facebook: https://www.
facebook.com/airwatch/