Protecting Mobile Enterprises Zenprise: Everywhere Your enterprise is upwardly mobile, but can your audit committee breathe a sigh of relief? Mobility as business opportunity chain, and road warriors entering the day’s sales data into their Even though the transition of mobile phones into computers has smartphone on the ﬂy, mobile strategies are making companies been a long time coming, the sea change in the past two years more productive and driving top-line growth. is dramatic: Consumer mobile devices that are so compelling and offer business users such a powerful medium for learning, And yet… transacting, sharing, and presenting that companies are willing Here’s the rub. The audit committee, C-Suite, and board alike to upend the “way we do things around here” to have them. agree—even as they gleefully tap-tap on their favorite devices— that letting employees choose their own devices and then Just as game changing: apps. A few taps and $0.99 gets you the access corporate resources, apps, and data is a risky proposition. coolest tool, utility, communications service, or game. In fact, the Unlike standard-issue, locked-down PCs or tightly controlled mobile apps marketplace is so alluring that the paradigm has BlackBerrys, mobile devices in today’s enterprise are diverse, given rise to a new breed of developer—talented entrepreneurs have varying levels of vulnerability, and offer no consistent way who crank out apps for consumers and businesses alike. Expense for IT to manage even the most basic security like passcode tracking, financial calculators, trip planners, document con- enforcement. tainers, social networking. Users are consuming apps for work, play, and increasingly, a mixture of the two. Incidents such as the recent phone hacking that unraveled a tabloid media outlet bring those risks into stark relief. With an Businesses are in on it too. Virtually every enterprise software increasing number of companies issuing sensitive business vendor has a mobile app, downloadable for free on major app documents to their boards of directors via the iPad, the closer- stores. Mobile apps are key to their strategy for staying relevant to-home consequences of data breach are more easily imagined. and sticky in a hypercompetitive world, with plans hatched in This line of thinking easily translates to the organization as a board rooms around the world. whole as employees-at-large bring their smartphones and tablets to work in record numbers. The multiplier effect of everybody Opportunities abound for organizations everywhere, not having unmanaged mobile access to corporate applications just software companies. With iPads changing the way sales and data makes the risk of data leakage, system compromise, associates in department stores serve and sell, warehouses and even mobile threats such as malware a real possibility. adopting ruggedized Android tablets to track goods in a supply SOLUTION BRIEF
Protecting Mobile Enterprises Everywhere Still smarting from data breaches that put companies out of Zenprise offers your organization: business in the mid-2000s and with new skin in the game as a result Full mobile device lifecycle management of Sarbanes-Oxley, executives and board members have an urgent The broadest and deepest device support in the market need for their organizations to govern and secure mobile devices. Truly scalable and highly-available architecture, load balancing, and server and data redundancy; 100% uptime SLA for cloud Your enterprise is in their pocket Real-time security at all layers of your mobile enterprise Giving access to employee devices is tantamount to your letting Device security: Secure mobile access, discovery and blocking, your employees slip your enterprise into their pockets every time continuous compliance, data protection in the event of device they leave the ofﬁce (has to be a really big pocket). From their loss or employee departure devices they access the corporate network, business applications, and your most sensitive enterprise data whenever and wherever App security: Secure application access via app tunnels, black- they need to. Just as you need to take extra precautions to ensure listing, whitelisting, and dynamic, context-aware policies that the board meeting notes don’t leave your iPad, they need Network security: Mobile Security Intelligence, visibility into to secure the data on (or accessed by) their devices: What if they and protection against internal and external mobile threats, don’t have a passcode enabled and leave their device at Starbucks? blocking of rogue devices, unauthorized users, and non- What if they’re synching non-public ﬁnancial data using Dropbox? compliant apps, integration with security information and What if they’re logging into your salesforce automation tool over event management (SIEM) systems an insecure wireless network at the airport? These are just a few Data security: Enterprise mobile data leakage prevention of the activities that can jeopardize sensitive data and expose the (DLP) that addresses sensitive data; integration with leading enterprise to mobile threats. enterprise collaboration software Flexible deployment options: On-premise, public cloud, and The time is now for a secure mobile device management solution hybrid cloud that offers real-time defenses at all layers of the mobile enterprise. Your role in your enterprise’s mobile strategy With Zenprise, the audit committee can now breathe You’re aware of the risks, you know a little about Zenprise and a sigh of relief our secure mobile device management solutions. You are now Zenprise, the leader in secure mobile device management, armed and dangerous. You can help your embrace enterprise delivers the real-time defense enterprises need to capture the mobility but do so in a way that keeps your company secure and business opportunities that mobile business brings while compliant. Go forth and conquer. safeguarding corporate IP, customer and employee data, non- public ﬁnancial information, and business intelligence. With cloud-based and on-premise offerings, Zenprise lets your IT professionals secure and manage the most comprehensive array of mobile devices, gain visibility into and control over mobile apps, and shield the corporate network from mobile threats.
With this checklistExecutive Checklist in hand, you areDevice Deﬁne your company’s goals for enterprise mobility. Specify whether you are focused on productivity improvements, now armed andconsiderations top-line opportunities, or employee device freedom. Ensure that your organization’s mobile strategy reﬂects those goals. dangerous. You Decide whether your organization will embrace a “bring-your-own-device” program, and determine whether your can help your IT stance will be to tolerate, encourage, or even subsidize it. organization and Determine who will be mobile-enabled (executives? sales? everyone?). the rest of your Ensure that your IT professionals have thought through device support tradeoffs between device freedom and company embrace choice or consistency and control. Make sure they (and you) are comfortable with the variations in device types and enterprise the governance and security the devices enable IT to have. mobility andApp Ensure that your IT department has thought through which mobile apps your organization will enable (just email, capture theconsiderations contacts, and calendar? business automation? ERP? custom applications?). Ensure that their roll-out calendar makes many business sense for the needs and risk proﬁle of your business. Make sure that the application access IT enables can vary by role, opportunities it group, device, and whether the device is company-issued or personally-owned. brings. Go forth Ensure that IT has speciﬁed which mobile apps and resources they intend to restrict (e.g., Facebook during market and conquer. hours, the camera at the ofﬁce, or Angry Birds…all the time), and that those restrictions map to your corporate policies. Get to know the mobile goals and timelines of your lines of business. Ensure that IT has taken into account whether your LOBs intend to mobilize their favorite apps for their users and partners, and whether they intend to develop or extend custom apps for speciﬁc devices.Data Review your IT organization’s mobile data access policy (ensure that your organization can set role-, group-, device-,considerations and even context-based policies for who will be allowed to access apps and data repositories containing intellectual property, customer or employee data, personally-identiﬁable information, business intelligence, non-public ﬁnancial data, transaction data, yet-to-be released announcements, under what circumstances, and from what types of devices). Determine the value and risk of the data that employees will be accessing, and lay out the consequences of data loss or breach. Make sure you and your executive team/board are comfortable with the reward-risk tradeoff. Ensure that your IT organization can protect sensitive data. Make sure that your IT organization has planned for how it will prevent leakage of sensitive data via mobile devices.Policy Review the regulatory, industry, and corporate policies to which your organization is beholden (regulations likeconsiderations HIPAA, industry guidance such as PCI, guidelines such as from the SEC, IT frameworks such as ITIL, other corporate policies), and ensure that your mobile strategy supports your current compliance controls. Review the foreign laws and regulations for regions in which your company operates or serves customers, and ensure that your mobile strategy supports your adherence to those policies. Review your mobile device and access policies (policy setting, oversight, and reporting) with your audit committee, C-Suite, and board of directors.Security Understand how your IT organization will handle the presence of rogue devices, unauthorized users, and non-considerations compliant mobile apps on the network. Understand how your IT organization will secure corporate data from unauthorized access, inadvertent loss, and insider threats. Understand how your IT organization will monitor your security infrastructure for security threats as well as network, app, and device performance. If you have a log maintenance policy for compliance and forensic purposes, ensure that they are equipped to collect, maintain, and protect those logs. Understand how your IT organization will remove data from devices upon device loss or theft or upon employee departure. If you intend to have personally-owned devices in the workplace, consider your plan for removing corporate data while leaving personal content intact. Ensure that you have a plan to clearly articulate policies and processes to all affected employees. Understand whether your IT organization will integrate your mobile device management system with a security information and event management or other system, and ensure that there is a plan in place to do so.Scalability and Ensure that your IT organization has articulated and can support an uptime service-level agreement, and whether ithigh-availability maps to your business requirements.considerations Ensure that your mobile strategy takes growth into account and enables your IT organization to support all of the users you would like to mobilize today and over time. Ensure that your mobile strategy enables you to scale users in a cost-effective way, and that all associated hardware, software, and service costs are accounted for. Understand your mobile strategy’s high-availability plan. If your strategy includes load balancing, server and data redundancy, and (if a cloud-based solution) global redundancy for disaster recovery, ensure these investments are in the plan.Service Understand whether your mobile strategy includes monitoring telecommunications service quality. If so, ensureconsiderations that your IT organization can articulate what actions you will take as a result of the business intelligence you garner. Understand whether your mobile strategy includes managing telecommunications expenses. Ensure that you have articulated your savings goals and measurement mechanisms for evaluating your progress against those goals. Understand whether your mobile strategy involves providing remote support, diagnostics, and troubleshooting, and what mechanisms are in place to do this. Understand whether your IT organization intends to offer a self-service portal for users to perform basic security and management actions on their devices. SOLUTION BRIEF