Category Archives: Mobile Iron

  • 0

Deliver cloud-based enterprise mobility management (EMM) at scale

Category : Mobile Iron

Empower employees to work faster and smarter with secure mobile productivity apps and content on any device. Reduce the risk of data loss with advanced mobile security protection extended across the entire mobile fleet. Using MobileIron Cloud-based EMM, which includes MDM, MAM, and MCM solutions, you can easily configure and secure all your mobile devices and apps in minutes.

Keep all your mobile apps and corporate data safe while freeing users to do great work on their preferred mobile devices. With advanced mobile security capabilities such as posture based access control and selective wipe, you can prevent business data from falling into the wrong hands. MobileIron Cloud MDM is a globally available solution that supports the most stringent compliance, security, and privacy requirements in the world. As part of our commitment to trust and security, MobileIron has successfully completed an SOC 2 Type 2 assessment. In addition, the MobileIron Cloud platform has received FedRAMP Authority to Operate (ATO).  FedRAMP ATO recognizes that MobileIron Cloud has passed the federal risk management process defining standard security requirements for all cloud providers.

  • Deliver MobileIron’s layered security platform through a cloud-based mobile device management console.
  • Easily distribute policies for email, Wi-Fi, VPN, user passwords, and security to mobile devices.
  • Provide secure access to key files and presentations.
  • Remotely wipe corporate data whenever a device is lost, stolen, or retired.
MobileIron Cloud Dashboard

Get mobile users up and running in minutes

In just minutes, you can secure devices, apps, and content with the most robust, multi-OS EMM platform today. Deploy everything users need to be productive on any Android, iOS, macOS and Windows 10 device. Whether your company relies on public or custom-built in-house apps, you can push them to any device through MobileIron Cloud-based mobile device management.

  • Quickly configure and deploy mobile devices over the air with no manual intervention required.
  • Distribute and update the productivity apps employees rely on every day.
  • Support the latest OS releases, including iOS 10, Android for Work, and Windows 10 through a cloud EMM console.

Learn More About

Simplify the IT management experience

Enable IT admins to work more efficiently and productively while keeping all your mobile assets secure. MobileIron Cloud provides an easy-to-use dashboard that allows IT admins to easily create complex policies, delegate administrative tasks, and quickly take action based on the state of the device. You can also proactively notify users and provide a self-service portal to help employees manage common device tasks and reduce help desk tickets.

  • Provide a single, easy-to-use console that simplifies complex mobile and PC management tasks and reporting.
  • Deploy, secure, and manage app and documents with cloud-based mobile device management.
  • Easily create policies and take action based on device compliance.
  • Get granular visibility into usage trends across your mobile deployment.

Source: https://www.mobileiron.com/en/products/emm-platform/mobileiron-cloud


  • 0

Evolution of the EMM Industry

Category : Mobile Iron

Gartner just published the 2017 Magic Quadrant for Enterprise Mobility Management Suites. For the 7th consecutive year, MobileIron is in the Leaders Quadrant. You can see the report here.*

To our customers and partners: Thank you for your trust. To our employees: It’s an honor to work with such a talented and wonderful group of people!

Here is my personal perspective on the evolution of the EMM industry:

  • The first Magic Quadrant for our category was published in 2011 and included 23 companies. Only two out of those 23 companies built a stand-alone business that qualified for the 2017 Magic Quadrant. MobileIron is now the leading stand-alone EMM provider in the world.
  • Over the last five years, no new EMM provider, including Microsoft, has been added to the Leaders Quadrant and one, Citrix, has fallen off. Building and sustaining a world class EMM platform is difficult and requires focus. I have seen many portfolio software companies underestimate that difficulty and get distracted over time because EMM is not their core business. BMC, Cisco, Computer Associates, F5, HP, McAfee, Oracle, Palo Alto Networks, SAP, and Symantec have all tried to compete in this market. Our success at MobileIron is driven by our 100% focus on EMM, and our modern architecture lets us unify desktop, cloud, and IoT security without requiring a mash-up of acquired technologies.
  • MobileIron made big investments in product quality and customer support over the last year. I believe many of our competitors, like VMware AirWatch, did not. Mobility is business-critical. If you are a VMware customer facing difficulties, we can help you.
  • In August 2017, BlackBerry plans to end-of-life Good for Enterprise, the well-known email and EMM product that came from BlackBerry’s acquisition of Good Technology. This means that every customer of the product must decide what to do next. I expect many of them to migrate to MobileIron given our emphasis on modern security and our lead over BlackBerry in Common Criteria and FedRAMP security certifications for EMM.
  • Microsoft Intune has not been able to achieve a leadership position in EMM. This does not surprise me because there is limited benefit to Microsoft, the company, in providing great security for Android, iOS, and non-Microsoft clouds. There is, however, huge benefit to Microsoft in providing great security for Office 365 to drive Azure adoption. Intune’s evolving role as EMM-neutral policy middleware accessible through the Microsoft Graph API will make this security available to all Office 365 customers instead of only to a small subset. Multi-OS, multi-cloud EMM is not a natural fit for Intune, but it is MobileIron’s core competence. Here is my video blog on Microsoft strategy.

EMM and its successor, UEM (Unified Endpoint Management), are the foundation of a modern security architecture. If the foundation cracks, the house comes tumbling down. EMM cannot be a side project for a vendor. For EMM, focus matters.

Source: https://www.mobileiron.com/en/smartwork-blog/evolution-emm-industry


  • 0

Securing Mobile Access for the Government with the MobileIron PIV-D Entrust App

Category : Mobile Iron

Presented by: Sean Frazier, Chief Technical Evangelist – Federal, MobileIron | Dan Miller, US Federal Sales Manager, Entrust Datacard

MobileIron recently announced a technology alliance partnership to deliver Derived Credentials (PIV-D) for next-generation multi-factor authentication with Entrust IdentityGuard Mobile Smart Credential.

Derived Credentials will allow the Government Agenciesas well as other regulated industries (i.e. Finance, Banking, Health Care) that are using smart cards for authentication to easily extend this technology to mobile devices, providing strong, password-less authentication to the most sensitive of resources including Web, Email and Applications.

The new MobileIron PIV-D Entrust app will support the General Services Administration’s Federal Identity, Credential, and Access Management (ICAM) architecture and is compliant with NIST SP 800-157.

Join MobileIron and Entrust Datacard for an informative session that will show you how their Derived PIV Mobile Smart Credential solution can help you to:

  • Deploy and manage existing and new mobile devices and applications
  • Derive a PIV compliant mobile smart credential from your existing smart cards
  • Use protected applications to securely access to tools you need to do your job while in the field

Register now

Source: https://www.mobileiron.com/en/resources/webinars/securing-mobile-access-government-mobileiron-piv-d-entrust-app-0


  • 0

Introducing MobileIron Bridge, Harnessing the Power of EMM to Secure and Manage PCs and Cut PC TCO by Up to 80%

Category : Mobile Iron

Presenter:
Abby Guha, Director of Product Marketing | Mark Cavins, Senior Product Manager

Session Date/Time:
Wednesday, November 2 at 10am PDT/6pm BST

Mobile and PC security are converging. PC management has evolved significantly over the years in an effort to support rapidly changing enterprise needs and evolving security models. In the modern enterprise, with a broad variety of devices being utilized by users on-the-go, IT needs a consistent platform to manage devices that are intermittently connected to the corporate network, across both PCs and mobile. Windows 10 addresses modern requirements by shifting device management from domain-joining to establishing Enterprise Mobility Management (EMM) as a single point of trust in the enterprise.

While EMM already solves for many of the most common use cases for PC management, until now there were a few gaps that prevented IT from moving away from old school PC management tools. MobileIron Bridge now closes the GPO gap and frees IT up to harness the power of a modern EMM approach to secure and manage PCs. And with a modern, more efficient approach, organizations can expect to cut up to 60% in PC TCO across a variety of areas. Attend this session to learn more and see how you can build stronger relationships with your customers in the new Windows 10 world.

Register


  • 0

The Cost and Consequences of Security Complexity: New Ponemon Institute Research Identifies 8 Best Practices

Category : Mobile Iron

Presented by: Dr. Larry Ponemon, Chairman and Founder, Ponemon Institute | Ojas Rege, Chief Strategy Officer, MobileIron

Please register to view the on-demand webinar.

Complexity seems unstoppable. The Ponemon Institute surveyed almost 600 security professionals to study, for the first time, the impact of complexity on enterprise security posture. How can you identify the warning signs of complexity in your organization? Is complexity stopping security technologies from being implemented effectively? Is the move to mobile and cloud making the problem worse? What are the implications for security architecture and who should be accountable in your organization for addressing them?

Dr. Larry Ponemon, Founder of Ponemon Institute, and Ojas Rege, Chief Strategy Officer of MobileIron, will share the findings of the research and discuss practical approaches for dealing with an increasingly paralyzing problem. Attendees will receive a complimentary copy of The Cost and Consequences of Security Complexity research from the Ponemon Institute.

Dr. Larry Ponemon is the Chairman and Founder of the Ponemon Institute, a research think tank dedicated to advancing privacy and data protection practices. Dr. Ponemon is considered a pioneer in privacy auditing and the Responsible Information Management or RIM framework. Ponemon Institute conducts independent research, educates leaders from the private and public sectors and verifies the privacy and data protection practices of organizations in various industries. In addition to Institute activities, Dr. Ponemon is an adjunct professor for ethics and privacy at Carnegie Mellon University’s CIO Institute. He is a Fellow of the Center for Government Innovation of the Unisys Corporation.

Ojas Rege is Chief Strategy Officer at MobileIron. His perspective on enterprise mobility has been covered by Bloomberg, CIO Magazine, Financial Times, Forbes, and Reuters. He coined the term “Mobile First” on TechCrunch in 2007, one week after the launch of the first iPhone, to represent a new model of personal and business computing. He is co-inventor on seven mobility patents, including the enterprise app store and BYOD privacy. Ojas is a Fellow of the Ponemon Institute and has written extensively on the implications of the evolving architectures of Android, iOS, and Windows on enterprise security.


  • 3

WNCRY ransomware demonstrates dangers of homogeneous, unpatched networks

Category : Mobile Iron

Whenever history seemed to repeat itself, my Granny used to quip, “same song, different verse.” As the WannaCry (WNCRY) ransomware spread like wildfire in a dry forest, I heard the familiar refrain and discordant notes of previous worms: Blaster (2003), Welchia “Nachi” (2003), and Conflicker (2008). Each of these worms spread via well known flaws in Microsoft Windows for which patches were already available. Why then, after a decade and a half, are we still seeing worms spreading via known flaws? I believe there are three root causes:

  1. Upgrading is hard and expensive
  2. Patching seems risky
  3. Homogeneous environments are really vulnerable to worms

Our CEO Barry Mainz noted, “Every company is going through an evolution in enterprise computing, from legacy to modern.” This category of modern operating systems includes mobile OSes Android and iOS, as well as Windows 10. In this new world, IT organizations will need to adapt to a different and much faster way of handling upgrades and patches – and to the new reality of a heterogeneous environment.

Upgrading is hard and expensive

So many organizations are still running obsolete operating systems that Microsoft issued a patch for Windows XP, which the company had officially stopped supporting over three years ago!

Why were these organizations still running an unsupported version of Windows? The answer is that upgrading is hard and expensive. Upgrading can mean having to buy new licenses for 3rd party software as well.

Then there are the challenges with systems that interact with expensive hardware devices. Take medical scanners as an example. Controlling these devices requires specific software and device drivers that may not run on newer OSes, and there’s the risk that upgrading the OS may void the warranty on a system that costs hundreds of thousands of dollars to purchase and maintain. We used to call these “embedded devices” but now they’re “Internet of Things” (IoT) devices. They present new challenges, which we’ll return to later.

Now, contrast all the difficulty and expense in legacy computing with what happens in mobile computing. According to 9To5Mac, iOS 10 was running on over 65% of devices within 27 days of release. With that kind of adoption rate, it’s safe to assume that upgrading mobile devices is relatively painless and cheap. One key thing about mobile OS architectures is that applications are not allowed to tie themselves too closely to the OS. Thus, they’re less likely to break after an upgrade. The App Store model also gives mobile OS vendors the opportunity to test each new release with large numbers of 3rd party applications; something that is not easily accomplished in the legacy computing world.

Patching Seems Risky

In a legacy computing environment, fixes are distributed individually. This lets IT pick and choose which security fixes to apply, but it also means there are a huge number of potential patch combinations installed on any given system. Sometimes, even the order in which the patches were applied matters. The result is that many IT departments are reluctant to install patches without extensive testing. Contrast this with the mobile model where whole new versions of the operating system are distributed. For instance, Apple just released iOS 10.3.2, which fixed some two dozen security issues. Applying these patches is an all-or-nothing proposition.

Microsoft is moving to a similar approach for Windows. This has real benefits for customers. It’s far easier for software houses to develop, test, and support a handful of discrete releases than to support a world where every customer has a different set of patches installed in different orders. This improves stability because testing resources can be focused on a small number of configurations deeply rather than many configurations shallowly. Thus, fewer bugs escape into the wild to plague customers and IT departments. This lets IT deploy updates faster because there’s less testing needed.

Homogeneous environments are really vulnerable to worms

In the legacy computing model, IT works towards standardising all systems on one OS and a small number of device models. There are some benefits to this, and it was arguably necessary in order to successfully manage legacy systems. But WNCRY and other worms see that homogeneity as a huge attack surface. We’ve learned from nature that homogeneous ecosystems tend to be hugely vulnerable to diseases that wipe out entire populations.

In contrast, the mobile computing world is characterized by diversity. If you visit a modern software development organization, you’ll find a variety of systems: iOS, Android, Linux, MacOS, Windows, and maybe even a Chromebook or two. None of these OSes is completely immune to attack. However, just as diseases have difficulty jumping from species to species, so too malware that affects one OS is often harmless to others. Thus, with greater diversity the value and impact of attacking any given OS goes down. The attackers have to work harder to find and package flaws in each OS individually.

Here’s an example of why heterogeneity is so useful. (Note: all numbers are made up, but they serve the point.) Let’s assume that there are 10,000 hackers in the world capable of finding and exploiting security flaws to make worms like WNCRY. Let’s say that Microsoft employs 30,000 engineers. That means that for every three Microsoft engineers trying to build code and fix problems there is one attacker looking for flaws. Since it’s far easier to find flaws than to eliminate all of them, the attackers will win.

Now consider a mobile environment. Assume that Microsoft, Apple, and Google each employ 30,000 engineers. The number of attackers has stayed the same, but now there are 3X as many engineers building and defending their systems. Additionally, finding new exploits for systems requires deep knowledge of the platform, so now the attackers have to spread their efforts over 3X as many platforms. In other words, the defenders just gained a 9X advantage! And that doesn’t consider the relative benefits as these software development firms improve the security of their products to gain competitive advantage.

One of the classic arguments against a heterogeneous network has been that IT doesn’t know how to manage all these different OSes, but mobile computing is changing this. All major mobile OSes support similar sets of controls and EMMs are able to provide a single pane of glass to manage all of them. As one of our customers observed:

“If we want to add another operating system to our mobile device inventory, we’re well prepared with MobileIron…” – Thomas Hönig-Heinemann, Head of the ICT network department.

And for Windows 10, MobileIron Bridge allows IT organizations to leverage their legacy GPO settings via their MobileIron EMM. All of this leads to an environment where IT can manage a diverse set of systems, something that was nearly impossible just a few years ago. EMM’s have the ability to quarantine devices that are not properly patched. Integrations with products from Cisco and Aruba can even be used to quickly kick potentially vulnerable systems off your network. Since not every system is vulnerable, the business can continue to function. While this may impact a subset of users, it can buy IT valuable time to deploy patches or other mitigations in the event of an outbreak like this one.

The bottom line is business continuity: with a heterogenous environment, you won’t see all your systems disabled or compromised.

IoT could make things worse

We have already seen botnets like Mirai take over huge numbers of systems using nothing more than default passwords. It’s not hard to imagine that in a few years when IoT vendors have addressed these basic issues, hackers will begin looking for code-level flaws in these products. While mobile computing is characterized by fast update cycles, IoT today is characterized by the never update model. Thus, some security experts fear that we will see huge numbers of unpatched IoT devices lingering on networks for years after exploits are well known.

MobileIron’s vision for IoT starts by securing intelligent gateways that manage endpoints – sensors, machines and actuators. These gateways can then properly isolate the IoT devices behind them. If the IoT devices get compromised, these intelligent gateways could be configured to block the incoming connections used to spread worms, filter dangerous network traffic, and even interface with intrusion detection(IDS) or intrusion protection (IPS) systems. Organizations can then perform the necessary corrective actions.

We also see a convergence where IT organizations are extended not only to manage mobility and desktop devices but also intelligent edge as organizations go through their digital transformation.

Mobileiron recently launched an IOT division focused on bringing this vision to market.

Conclusions

WNCRY demonstrates that that today’s government exploits can easily become tomorrow’s hacker tools. Organizations need to assume that they’re going to be targeted by attackers with government-grade exploits. In this new reality, the legacy computing model of slow, infrequent upgrades, slow patching, and homogeneous environments fails. The mobile computing model delivers more security as a direct result of the diversity of platforms and devices. IT organizations now have the tools to manage this diverse ecosystem. The challenges are real, but the opportunities for improved security and business continuity are huge.


  • 0

Mobile for work is the next Industrial Revolution

Category : Mobile Iron

Tech and mainstream news is full of headlines about how mobile is disruptive to business processes, IT departments, and even entire categories of jobs. The real story, the big overarching theme that gets lost in the barrage of headlines about the disruptive potential of mobile devices, is that mobile technology isn’t just changing how we do our jobs or where we work, it’s changing the very meaning of work and its place in our lives.

We’re not talking about disruption or evolution, we’re talking about a real revolution of work and workplace of a kind that the world hasn’t witnessed in over a generation and of a kind that has only occurred a few times in human history.

A brief history of global work transformations

Understanding just how truly transformative mobile is when it comes to work and our lives requires taking a much longer view of the history of work and the handful of technological and societal transformations surrounding each era.

Going from hunter-gatherer to farmer

The first real transformation of work for humanity was thousands of years ago when we shifted from a hunter-gatherer lifestyle to one based on agriculture. That was probably the most transformative change in work that has ever taken place as it gave us the ability to live in enduring communities that eventually grew into towns and cities.

Going from farmer to craftsman, specialist, and trader

The move to sustained agriculture also led to the second big shift in humanity’s understanding of work – craftsmanship. Because food could be reliably grown by a subset of society, agriculture fostered specialization. Those that could make garments or erect buildings or fashion tools best ended up doing so, resulting in different trades and better products. That specialization brought as the very concept of trade that we know today and eventually led to the concept of currency or money to facilitate transactions. It led to apprenticeships and training and, to some degree, education, which in turn facilitated the idea of higher learning.

Going from farmer and craftsman to factory worker

Despite technological advances, exploration, the growth of city-states and nations, the evolution of democracy and politics, and the creation of highly specialized professions like medicine, law, and accounting, humanity’s next real leap in terms of work and its place or impact on our lives was thousands of years in coming and it was the Industrial Revolution.

The Industrial Revolution was a force that transformed virtually every aspect of the agrarian life that humans had led for all of recorded history. It turned farmers into factory workers. It made travel and communication faster than anyone had ever imagined possible. It engendered the creation of mega-cities like New York. It revolutionized trade and lay the first real seeds for globalization. And although most of us think of the Industrial Revolution as something that happened in the second half of the 19th century, you can make the argument that it continued well into the 20th with ever-more mechanized and computer-controlled factories that eventually came to need far fewer workers.

Going from factory worker to knowledge worker

The Information Age, defined by the rise of the knowledge worker and modern office, was the next major change in work for a large swath of mankind. Nine to five became the norm, the American dream of a house in the suburbs became accessible to millions, and things that had been luxuries like an automobile or television were within reach of a growing middle class. Education, particularly higher education, became more important and more common. The Information Age placed work into a comfortable box for most people, divorced from their personal life, and changed work from being solely about providing the basic needs to providing a better quality of life.

Even the introduction of the PC, enterprise computing, and the Internet didn’t fundamentally change the notion of work or the office. They automated transactions, improved efficiency, eliminated redundant positions, and improved workplace and business to customer communications, but didn’t change the notion of work or how business was conducted in a fundamental way.

Each of the transitions had massive impacts on individual lives, businesses, governments, and on humanity as a whole. Each was disruptive in every sense of the word. Each redefined humanity, culture, and work as well as the place work had in our collective lives.

Each of these transformations and the eras of history they created are often looked at in isolation. We don’t think of agriculture giving birth to various specialized craftsmen, trade, or even money, but none of these things would’ve happened without agriculture. In much the same way, the Industrial Revolution paved the way for the Information Age. As factories moved production farther from shops and suppliers and led to companies hiring hundreds or thousands of workers rather than just a handful, the need for paperwork to manage these new realities developed. That need eventually became so great that the modern office evolved out of it.

Today – Going from knowledge worker to mobile worker

Today’s nascent era, which many have dubbed the Mobile First era, is still just beginning to emerge, but it has already begun to be obvious that it will be equally transformative to work, its place in our lives, and to the overall meaning of our lives as the transitions of the past. For many, it already has been.

Mobile has already blurred and will eventually destroy the boundaries between work and personal life that the Industrial Revolution and Information Age built.

As many of us already know, it is now possible to work anywhere at any hour in many professions. As much as we work from home or Starbucks or a doctor’s waiting room or anyplace else, we also do more personal tasks during traditional work hours in the office – email, Facebook, checking to make sure the kids made it home from school, paying bills electronically, etc. The old notion of the work/life balance has given way to a continuum of work/life blending and context switching that encompasses our waking hours.

Employers, including state and federal agencies, are beginning to encourage us to work from home. It improves morale and reduces the need for large workspaces since workers come into the office only when there’s a real need, saving a good deal of money in the process. These early shifts led to the co-working movement; to services like Liquid Space that let you easily find and rent an office, cube, or desk wherever you are for as long as you need it; and it’s led to companies creating completely flexible workspaces where you can sit at any desk you like or use alternative spaces like lounges, quiet rooms, and conference spaces as needed.

The shift has changed the power dynamic when it comes to selecting and procuring work tools. Users can select whatever mobile apps for whatever devices they find most productive. Individuals and managers at all levels can purchase mobile and cloud solutions without the involvement of IT.

Mobile, along with other technologies, has also changed the way we collaborate. When collaboration can occur between two people on different continents as easily as between two people sharing a cubicle, the ability to collaborate and source talent explodes exponentially. This is especially true as workers increasingly tap their own social networks for knowledge, expertise, and advice.

The very nature of work has become incredibly more fluid thanks to mobile, cloud, and social technologies. Collaboration and expertise are no longer bound by the walls of an office building or a company. The ability to work however and whenever is beginning to take root as a core requirement of a modern workplace. The place of work in our daily lives has become equally as fluid, allowing us greater flexibility to manage and to blend our work and home lives as much as we need.

All of this has transpired in a few short years, seven if you count the iPhone as the birth of modern mobile technology (six if you start with the release of Apple’s App Store). The level of change already is astounding and the Mobile First world is in its infancy. By contrast, it took centuries for trade to develop and transform society after the move to agriculture; it took the Industrial Revolution the better part of a century to take root around the world; and it took a few decades for the Information Age to transform our daily lives. At the rate things are changing, mobile has the potential to achieve this level of transformation not in a century, but by the end of this decade.


  • 0

How the World Bank is mobilizing their workforce with Android

Category : Mobile Iron

Since formally launching enterprise support in Android two years ago, we’ve seen an explosion in the way companies are using mobile devices to evolve their businesses.

The World Bank Group, which provides financial and technical assistance to developing countries, was one of the first to mobilize their workforce with Android’s built-in enterprise features. With about 30% of their employees traveling at a given time, productivity on-the-go is critical for the Washington D.C.-based institution. After adopting the enterprise features, the World Bank has been able to provide a full set of internal and third-party mobile apps through the managed Google Play Store, allowing employees to work from anywhere. All applications are delivered and configured automatically through Google Play, so users don’t need to set up apps.

Employees have a choice between corporate-provisioned or personally-enabled Android phones that provide users with first-class mobile-enhanced capabilities. By using Android’s work profileand VPN support, employees can access sensitive data and keep it secure and separate from personal information. And with the availability of dual SIM devices, many users have been able to ditch a second device and work with one Android phone to communicate abroad and at home.

The native capabilities in Android allow the World Bank to manage its devices through our partner MobileIron in a consistent way, reducing complexity and the cost of support. As part of their migration to modern enterprise management APIs and the managed Google Play Store, they’re able to follow Android’s enterprise best practices for secure deployments, such as blocking installation of apps from unknown sources.

The World Bank is a leading example of how organizations can leverage the built-in enterprise features in Android to securely expand mobility and make employees more productive.


  • 0

Q&A: James Plouffe, lead solutions architect at MobileIron

Category : Mobile Iron

Just how much do security breaches really cost? Nick Booth puts the question to MobileIron

Calculating the cost of a breach can be incredibly difficult. The most easily quantifiable measures are regulatory fines and settlements, but it’s harder to decipher the financial implications of business downtime or the marketing strategies needed to mitigate customer concerns. That’s before you consider reputational damage and loss of competitive advantage.

A lot of organisations cite reputation as the most important asset. Putting a price on 80 years in business is no small task. All of these elements have to be factored in to even have a chance of accurately measuring the impact of a data breach.

The cyber security industry is full of hype and scaremongering. Each new iteration of malware or data breach stokes the fires of security fears once again. Yes, many threats can be hugely damaging, but it’s not always clear how one compares to another. What answers does MobileIron have to offer?

What’s the best way to work out how much you need to invest in cyber security and justify that to the bosses who sign it off?

There’s no universal model, but most organisations have to factor in the level of exposure, brand recognition, intellectual property, industry compliance requirements and government legislation.

Often, action is taken retrospectively after a breach, adding more security to the compromised areas. Risk management is a better model, however, and clarity helps security departments focus on business value with clear measurable results.

Some companies have a culture where the staff are in a permanent state of seething resentment. Surely, they need to be identified because they need to spend more on security than regular companies with happy cultures?

Granular factors such as employee morale, physical theft of equipment and propensity to human error can contribute to data loss. However, a comprehensive risk assessment and full IT estate inventory helps to allocate spend to the most affected areas of the business.

Many organisations have plans for natural disasters and work stoppage. Cyber security and data breaches should have that same level of scrutiny and preparedness.

Surely, the whole bring your own device (BYOD) movement, created by IT firms, drives a coach and horses through anyone’s budget ceiling, not to mention their defences?

Shadow IT was once used to describe anything that wasn’t supported by the IT department. But with BYOD and cloud-based apps the term takes into account a much broader remit. This makes securing a network extra challenging, but not impossible.

Forward-thinking IT departments are opting for EMM [enterprise mobility management] suites which allow teams to manage company-owned and employee-owned devices from a single pane of glass.

What security strategy do you recommend to clients?

Classify their assets, identify the risks to those assets and define their risk tolerance. This determines what risks they need to mitigate and which they can accept. This exercise may include detailing which devices are corporate-owned and loaned to employees and what level of access each employee gets.


  • 0

MobileIron and Microsoft Strategy

Category : Mobile Iron

This three-part blog series is my perspective on Microsoft’s strategy, the evolution of Microsoft Intune, and the critical role MobileIron plays in a Microsoft shop. My opinions are based on publicly available and third-party data plus my analysis of Microsoft’s actions. Part II of this series provides a high-level comparison between MobileIron and Microsoft Intune, while Part III provides technical details on that comparison.

Like almost every infrastructure software company in the world, MobileIron is both partner and competitor with Microsoft. Most of our customers are also Microsoft customers.

I believe Microsoft’s future depends on the success of three initiatives:

  • Migrate compute workload quickly to Azure
  • Don’t lose the battle for identity
  • Win back the developer

Three product solutions provide the underlying pillars for these three initiatives.

1. All roads lead to Microsoft Azure

For Microsoft to win, enterprise workload must move to Microsoft Azure instead of Amazon Web Services (AWS) or Google Cloud Platform. Azure consumption is a central metric Microsoft can measure to gauge whether its strategy is working. Each month, compute cycles, data storage, and transactions in Azure must increase at a rate higher than the rest of the market.

Will it increase Azure workload?” is a simple litmus test to predict Microsoft’s actions.

2. All roads start from Microsoft Azure Active Directory

Microsoft cannot afford to lose its position as the system of record for identity. I believe Microsoft Azure Active Directory is the most important product in the Microsoft stack. Microsoft has been very public that “identity is the control plane.” As a result, Azure services are all tightly tied to the identity services that Microsoft provides.

If a Google or an Okta starts taking over identity within a customer, Microsoft loses its most important architectural control point. Office 365 is not only a productivity suite, but also a forcing function to drive identity into the Microsoft Cloud.

3. All roads are built on Microsoft Graph

Before we talk about Microsoft Graph, let’s first turn the clock back 20 years. Microsoft became the largest software company in the world because it won the hearts and minds of developers. Customers go where developers are, and developers were inevitably on Microsoft platforms. Both server-side and client-side developers built on Windows. Microsoft Developer Network (MSDN) was the center of the universe because almost everyone used Microsoft tools.

Then Linux matured and many new developers, like MobileIron, chose it as their server platform. At the same time, client applications on the desktop moved into the browser. In 2010, iOS and Android adoption exploded and, as always, developers followed their customers and started building native apps for those OS platforms. Meanwhile, cloud became the primary infrastructure choice of startups, and AWS quickly established a leadership position.

Now it is 2017. A new startup, funded today, will most likely run in AWS, with Android, iOS, and web apps on the front-end. There is a good chance that the startup will not use any Microsoft development technologies even if the service is consumed on Windows devices. That was infeasible 15 years ago, but practical now.

Microsoft must win back the developer. Winning with Office 365 but losing the developer is not an option.

Microsoft Graph is the centerpiece of the Azure developer strategy. It is the API stack for Azure, and Microsoft needs as many developers to use it as possible.

The Role of MobileIron and Microsoft Intune

At MobileIron, we’ve seen Microsoft’s strategy evolve over the last few years. Microsoft Intune is a perfect example. Because of the strong position Microsoft System Center Configuration Manager (SCCM) has held in the traditional desktop management market, I believe Microsoft assumed Intune could easily achieve a similar position in the enterprise mobility management (EMM) market.

But it didn’t work out that way. Intune struggled with capability breadth, depth, and maturity against the more established EMM players. Intune lacked the fundamental advantage of SCCM – control of the operating system. Apple and Google, not Microsoft, were the primary OS vendors in mobile.

Intune needed a product advantage and it came in the form of Office 365 controls. Microsoft decided not to use the native frameworks for app configuration and security that Apple and Google had built into their operating systems (http://www.appconfig.org/), even though that was the preference of many Microsoft customers. Instead Microsoft built a proprietary set of controls for Office 365 apps and only exposed them to their EMM product, Intune. This meant that other EMM products could not leverage incremental security functions for Office apps, like preventing copy / paste or ensuring that a document was not saved to a consumer storage service.

The Microsoft sales team starting pitching that “only Intune secures Office 365.” They tried to convince customers to uproot their entire existing EMM infrastructure and switch to Intune to access a handful of Office configurations. Customers pushed back and the common outcome was not that they switched to Intune, but rather that they lived without these additional, useful configurations.

In January 2017, Microsoft changed course and exposed these functions through new Microsoft Graph APIs. Access to these APIs still requires the customer to buy Microsoft’s Enterprise Mobility + Security (EMS) suite, which includes Intune, so the Microsoft sales team does not lose a revenue opportunity. However, to me it indicates that Microsoft realized adopting a closed approach to Office security was not in the customer’s or Microsoft’s best interests.

I believe that, over time, product economics and strategy alignment will naturally shift the focus of Intune from trying to compete head-to-head for EMM business to instead providing Azure policy middleware that other EMM products can leverage. The middleware model better meets customer requirements and, more importantly for Microsoft, drives adoption of Microsoft Graph. Microsoft has a tremendous incentive to secure Azure services but none to secure Android or iOS as OS platforms.

The true battle for Microsoft is not EMM. It’s winning back the developer through Microsoft Graph and moving enterprise workload to Azure with identity at the core.

Please read Part II of this series, “MobileIron and Microsoft Intune,” for more details on these two products.


Support