Joseph Razavian

Q&A: What CISOs Can Do About Mobile Security Threats

This blog was updated on May 22,2017, with the latest information about the Device Enrollment Program from Apple. Join the conversation on Twitter using #iOSinBusiness.

What is the Device Enrollment Program from Apple?

The Device Enrollment Program provides a fast, streamlined way to deploy your corporate-owned Mac, iOS or tvOS devices. With a mobile device management (MDM) and unified endpoint management solution like VMware AirWatch, IT can:

  • Customize device settings;
  • Activate and supervise devices over the air; and
  • Enable users to setup their own devices out of the box.

[Related: 27 Questions Answered about AirWatch & the Device Enrollment Program from Apple]

What IT challenges does the Device Enrollment Program help address?

The Device Enrollment Program solves several critical requirements for corporate-owned devices. First, organizations save time and money by eliminating high-touch processes for IT. DEP takes configuration time to zero. Deployment of corporate-owned devices with DEP means zero-touch configuration for IT, eliminates staging and automates device configuration.

Second, onboarding iOS or macOS devices is streamlined for users. Based on the settings IT configured, users are prompted through Setup Assistant (skipping through any unnecessary screens). Users only need to authenticate and don&#rsquo;t need to be tech savvy to get the content, apps and email they need on their smartphones.

Finally, supervising iOS devices over the air is possible with the DEP. With supervision, administrators have more control over the device and can disable features like AirDrop, the App Store and account modification. They can also enable features like password protection. Also, the MDM profile cannot be removed, which eliminates the possibility of un-enrollment to protect data and investments in devices and provides the best user experience possible.

What role does AirWatch play in Apple&#rsquo;s Device Enrollment Program?

To utilize the Device Enrollment Program, MDM capabilities like those part of VMware AirWatch are required. AirWatch integrates with the Device Enrollment Program, enabling organizations to automatically import devices in the console based on order history. Then, administrators can easily configure settings, apply profiles, assign applications and set restrictions that will apply automatically when users unbox devices.

[Related: iOS 10.3, tvOS 10.2 & macOS 10.12.4 Are Live! VMware AirWatch Has Your Mobile Business Covered]

How can I join the Device Enrollment Program from Apple?

First, enroll with Apple and register your organization&#rsquo;s information to create an account and designate your administrators. Next, configure your device settings and Setup Assistant steps in the AirWatch console. You then can ship devices directly to your users.

For more information, check out Apple&#rsquo;s Device Enrollment Program Guide.

What are the device requirements for the Apple Device Enrollment Program?

The devices must be corporate-owned and purchased directly from Apple or through participating Apple Authorized Resellers.*

*The Device Enrollment Program may not be supported by all Apple Authorized Resellers and carriers.

Where is the Device Enrollment Program available?

The Device Enrollment Program is available in 34 countries: Australia,Austria,Belgium,Brazil,Canada,Czech Republic,Denmark,Finland,France,Germany, Greece,Hong Kong,Hungary,India,Ireland,Italy,Japan,Luxembourg,Mexico,Netherlands, NewZealand,Norway,Poland,Portugal,Singapore,South Africa,Spain,Sweden,Switzerland, Taiwan,Turkey,United Arab Emirates,United Kingdom andUnitedStates.

What’s available for education with the Device Enrollment Program from Apple?

Both Apple and AirWatch give special consideration to unique education use cases. With Apple School Manager (ASM), Apple has delivered a central place for account creation, role definitions and content purchases. To support ASM, AirWatch designed a console section for education to setup mobile deployments and streamline management of teachers, students, classes, apps and more—whether you have a 1:1 or shared device deployment. After importing data from Apple School Manager, use AirWatch to:

  • Match devices with students or classes;
  • Assign applications (to users or devices); and
  • Configure the new Classroom application, allowing teachers to guide learning on iPads.

Students quickly choose the device with their photo displayed once their teacher has started the class.

Visit apple.com/business/dep/ and apple.com/education/it/ to learn more about the Device Enrollment Program.

 

Read more..

AppConfig Community Membership Soars

During Mobile World Congress 2016 in Barcelona, VMware joined forces with several enterprise mobility management (EMM) players to launch the AppConfig Community. Our joint mission was simple: to make enterprise app configuration and security less complicated for developers by expanding the use of OS-native standards. In doing so, we&#rsquo;re collectively accelerating mobile deployments for the […]]> During Mobile World Congress 2016 in Barcelona, VMware joined forces with several enterprise mobility management (EMM) players to launch the AppConfig Community. Our joint mission was simple: to make enterprise app configuration and security less complicated for developers by expanding the use of OS-native standards. In doing so, we&#rsquo;re collectively accelerating mobile deployments for the enterprise.

The benefit of using the native operating system (OS) standards of Android and iOS for app configuration and security is that those standards are consistent across EMM solutions and apps, instead of proprietary to a particular EMM or app vendor.

This simplifies things for app developers, who can use one approach across EMM solutions, rather than create separate apps for each. This also reduces costs and simplifies deployment for IT organizations, who can use one approach across the apps they deploy to their end users, rather than separate approaches for each app vendor. Finally, the real winners are the end users, who can enjoy a seamless out-of-the-box experience for the apps that help them get their work done. Now that&#rsquo;s what we call a win-win-win.

The word is spreading. Nick McQuire, vice president of enterprise research at CCS Insight, recently commented:

“The AppConfig Community has brought together many members of the EMM industry to drive developer awareness about the power of native OS standards for app configuration and security. The momentum of the Community since its founding in 2016 is a testament to the value of this open approach for both ISVs and IT organizations.&#rdquo;

One year after launching, the AppConfig Community membership base has grown dramatically:

  • From 60 to 90 independent software vendors (ISVs)
  • From 4 to 19 EMM providers
  • From 160 to more than 1,400 individual developers
  • From 1 to 2 operating systems (including iOS upon launching with expansion to Android in May of 2016)

These metrics and others are detailed in the AppConfig Community Annual Report webcast, available here for your viewing pleasure.

Click here to watch the webcast: AppConfig Community Annual Report.

Ready to join the community? Learn more about the AppConfig Community and download the AppConfig XML schema at appconfig.org.

Because you liked this blog:

  • AppConfig Community Adds New EMMs to Help Accelerate Business Apps Adoption
  • AppConfig Panel: We Can Do Better on Mobile App Development
  • What Is #AppConfig?

Read more..

7 Simple Ways to Secure Your Smartphone

As we move more of our work and personal lives digital and carry all of it in our pockets, securing our smartphones often feels daunting and confusing. If you follow a few simple steps, you can protect yourself from the vast majority of threats that exist—both physical and digital. Here are seven easy ways to […]]> As we move more of our work and personal lives digital and carry all of it in our pockets, securing our smartphones often feels daunting and confusing. If you follow a few simple steps, you can protect yourself from the vast majority of threats that exist—both physical and digital.

Here are seven easy ways to secure your smartphone, plus a few special considerations for enterprise IT folks.

1. Disk Encryption

In the event that your device is lost or stolen, encrypting your device prevents malicious actors from getting your private information. If you use an iOS device, automatically encrypt your phone by setting up a pin or passcode. If you use an Android device, head into your settings pane and setup full disk encryption. Android links a password or passcode to the encryption scheme, so even if someone were to copy your data, it would be useless.

2. Automatic Updates

Apps make it easy to get work done, keep up with friends and play games on the go. Unfortunately, sometimes these apps leak information or expose vulnerabilities. Set your phone to auto-install new app updates to avoid security risks. An added benefit is that oftentimes these updates include speed improvements and new features.

3. Up-To-Date Operating System (OS)

Apple and Google constantly make improvements to iOS and Android. Throughout the year, both release new OS versions. Download these updates as soon as available to take advantage of new security improvements, which often reduce the threat surface for attackers and remove known vulnerabilities.

[Related: Update Your iOS Apps Now!]

4. Screen Lock

Physical security is just as important as good digital hygiene. Since most devices today include biometric capabilities, like TouchID or other fingerprint readers, the pain of constantly entering your device password is gone. Set your screen to lock with the minimum amount of time available on your device—oftentimes 30 seconds. This will prevent someone from grabbing your phone and accessing your data if you step away from your device.

5. Jailbreaking / Rooting

Some dubious websites provide guidance on how to root (Android) or jailbreak (iOS) your device. This allows you to customize your device more than the manufacturer intended. While this might seem nice at first, this compromises the entire security model of the phone and exposes you to malicious actors and security vulnerabilities. By rooting or jailbreaking your device, you could give someone complete control and access to your data without even knowing it. Avoid jailbreaking or rooting your device.

6. Malicious Profiles

Configuration profiles allow your corporate IT department or school to make it easier to access specific resources, like email on your smartphone. Sometimes, nefarious websites attempt to install a profile without you knowing. Questionable websites claim to offer free access to apps, games, movies or other content to install a configuration profile on your device. These malicious profiles can give full access to your device and web traffic. Avoid installing configuration profiles that do not come from your corporate IT department or school.

[Related: 4 Top Cyber Security Horrors, According to the Experts]

7. Avoid Insecure Public Wi-Fi

Using public Wi-Fi is a great way to get mobile access to the web and email without using your data plan. Unfortunately, malicious actors can snoop on this traffic from your mobile device. To prevent this, avoid using unknown public Wi-Fi when possible or use a free solution like Opera VPN. Opera VPN and similar apps are available in app stores and encrypt traffic moving from your mobile device. This means no one can snoop.

Special Considerations for Enterprise IT Administrators

If your organization runs a bring-your-own-device (BYOD) program, provides corporate-owned devices to employees or you are responsible for managing these devices within your organization, take note of some ways you can ensure security for your organization and employees:

1. Use a product purpose built for managing mobile devices.

VMware AirWatch is a unified endpoint management (UEM) platform that allows your corporate IT department to manage iOS, Windows, Mac, Android and other devices in a single solution. AirWatch provides all of the tools IT needs to create and manage a mobility program:

  • Configure policies including app blacklists, Wi-Fi security, TLS enforcement and more.
  • Enforce a device-level passcode with complexity and history requirements.
  • Revoke access to company apps and data automatically if compliance policies are violated.
  • Enable device-level encryption, data encryption and hardware security policies.
  • Enforce containerization of business apps and data using native OS controls.
  • Monitor for malware threats or jailbroken devices and automatically remediate with a remote lock, device wipe or customizable device quarantine controls.

2. Use an identity and access management solution with single-sign on (SSO) capabilities.

Reduce password pain for end users and strengthen your organizations security posture with an integrated identity and access management solution. VMware Workspace ONE combines identity and access management with UEM. This powerful combination eliminates the need for complex passwords with single sign-on (SSO), a unified app catalog and endpoint management powered by AirWatch.

Need more tips about helping secure your smartphone and/or your company’s mobile fleet? Here are a few more blogs you might like:

  • Why Every Smartphone Owner Needs Good Personal Hygiene
  • Trend Alert: 5 Next Big Things in Mobile Security
  • VMware AirWatch Security: Year In Review

Read more..

Go Que Newsroom Categories