World of BYOD
Bring Your Own Device ( BYOD ) initiatives allow employees to bring their own personal devices to work and allowing them to access corporate services such as email. We did a recent audit using our ability to integrate security incident and event management (SIEM) systems for a customer. The audit provided visibility into their traffic and found ActiveSync devices belonging to executives who are not under IT management. Here is an overview of their BYO devices
There are several reasons for allowing such access. - For example, to increase productivity or convenience of accessing e-mail from any employee unit. That said, as Uncle Ben said, "with great power comes great responsibility" , and this responsibility is the IT administrator from a security perspective. It is IT's responsibility to ensure that corporate data is not compromised or a leak in the following scenarios :?
- What happens when this personal device is lost or stolen
- What happens if the device is jailbroken or rooted?
- What happens if the device ends outside a geofence approved. For example, outside of the United States?
- What happens if the user inadvertently installs an application that has the ability and access to the memory of the entire apparatus, thus having unauthorized access to the data of 'business?
perspective of the end user on Enterprise Mobility
end users want access to corporate services such as email, the intranet, the ability to share and collaborate on documents, and also use 3 e third party applications such as Evernote, Quick office or GoodReader. With mobile solutions such as MDM XenMobile, CloudGateway, ShareFile and GoToAssist, Citrix provides i.e ubiquity . 'Access to any application. any device , and a unified view for applications with enterprise application store documents via ShareFile. That said, given that the user accesses multiple applications; the end-user experience is a key component of mobility solutions. For example, the bootstrap authentication and provide a single sign-on (SSO) to other applications.
Enterprise IT Perspective on BYOD
As IT provides access to corporate services, the main concern is about preventing data loss (DLP) and protection of corporate content on the mobile device. This means encrypting data at rest for application data and documents that are hosted on either SharePoint, network file sharing and storage cloud. From the point of view of DLP, for security conscious organizations, all mobile solutions, which includes XenMobile MDM and CloudGateway, can provide a secure messaging solution that prevent sensitive data from leaving the company's control. This prevents users from downloading attachments to a storage account in unsecure cloud.
regulated environments and BYOD
Our financial and federal customers do not want to expose the ActiveSync service DMZ. In this scenario, CloudGateway is able to provide a sandbox environment for corporate email and intranet access via @WorkMail and @WorkWeb applications. These applications are sandboxed, tamper proof, and protect corporate data on the device. This approach provides a separation of business and personal data on the device while respecting the privacy of the end user on the device.
Cisco ISE and XenMobile MDM
integration with Citrix XenMobile MDM Cisco ISE provides administrators to unmanaged devices and not conforming to the management console ISE, but also offers the option of either selectively allow, deny or quarantine access to corporate services. For example ,, Cisco ISE may refuse access to the intranet, but allow access to the Internet; if the device is rooted or not managed by MDM XenMobile.
For example Architecture with Cisco ISE and Citrix XenMobile MDM is shown below:
0 Komentar