Whitepaper: How to survive BYOD and mobile networks


Published on

Here comes BYOD, Bring Your Own Device.

A lot of the traffic, internal corporate and with customers and market, will be outside firewalls to mobile devices owned by the employees, on public networks. A lot of sensitive corporate data must be stored locally in the device to ensure that for instance sales people has updated and correct CRM data when visiting customers.

Employees will communicate internally on consumer tools like WhatsApp. This is not the safest environment, rather more or less a ticking bomb. Gartner expects that by 2017, “40% of enterprise contact information will have leaked on to Facebook via employees’ increased use of mobile device collaboration applications.”

To unlock the full potential of enterprise mobility, IT needs to allow people the freedom to seamlessly access all their apps and data from any device, company owned or private.

It is now time to recover lost grounds and include secure mobility in your IT strategy.

Published in: Mobile, Technology
1 Like
  • Be the first to comment

No Downloads
Total Views
On Slideshare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Whitepaper: How to survive BYOD and mobile networks

  1. 1. The Best Way To Protect Private Information, Is to have No Information To protect Enterprise Mobile Strategies - how to survive BYOD And mobile networks PING PAL The Secure Communication and Positioning Service Ephemeral | Anonymous | No data stored | Military grade encryption
  2. 2. pals@pingpal.io | pingpal.io | © 2014 PingPal AB | All Rights Reserved BitSight has put together a report detailing the security effectiveness of different companies in the US (http://blog.bitsighttech.com/how-strong-is-the-cyber-health-of-the-us-economy). Some high level findings: • During 2013, at any given time, between 68% and 82% of the S&P 500 companies had been compromised with an externally observable event • Only 18% of companies had strong SSL certificates, the remainder sent data across the Internet without proper encryption Perhaps this is an unavoidable reaction to the pressures organizations are under – is it feasible to deliver a product more rapidly while still remaining secure? In the name of lean everyone is trying roll out minimum viable products to test a business hypothesis. This is something inevitable when corporations try to operate faster and yet at lower cost, while trying to innovate products for an always faster moving market. Not only quality but more critically security issues are set aside. “We will fix this when we know that the product is viable and go for version 2, the real product.” The same mentality is spreading in the internal IT departments maintaining and developing the business systems under the mantra of ever increasing cost efficiency. And then comes BYOD, Bring Your Own Device. A lot of the traffic, internal corporate and with customers and market, will be outside firewalls to mobile devices owned by the employees, on public networks. A lot of sensitive corporate data must be stored locally in the device to ensure that for instance sales people has updated and correct CRM data when visiting customers. Employees will communicate internally on consumer tools like WhatsApp. This is not the safest environment, rather more or less a ticking bomb. To unlock the full potential of enterprise mobility, IT needs to allow people the freedom to seamlessly access all their apps and data from any device, company owned or private. What was right in the past decade is now an emerging problem For ten, or so, years companies have “webified” their desktop applications for all the good reasons, a simple unified platform-independent interface to the corporate data. But the challenges of mobile app development are way too different from what it took to move from the green screens of IBM mainframes to a browser based UI front-end. HTTP and browser is not a secure and effective mobile environment, especially for the 82% of the corporation without a secure SSL certificate. It is estimated that in 2017 over 67% of all integration flows will extend outside the enterprise firewall. Being mobile also means that you need to communicate. The users discuss and share restricted corporate data on their BYO devices, on open public networks. When using “traditional” telecoms like voice call or SMS, your security is in the hands of the operators. When using Gmail, we know that Google scans all user mails for keywords for their business purposes. When using Instant Messaging your users will use the same tools as they do privately, for instance WhatsApp, now owned by Facebook. Gartner expects that by 2017, “40% of enterprise contact information will have leaked on to Facebook via employees’ increased use of mobile device collaboration applications.” And mobile devices are more easily lost or stolen with all that restricted data still in the device. It is now time to recover lost grounds and include secure mobility in your IT strategy.
  3. 3. pals@pingpal.io | pingpal.io | © 2014 PingPal AB | All Rights Reserved 9 Important aspects to consider You need a well-defined mobile strategy for your enterprise, no matter what size you are. This is the necessary foundation for your important decisions on various mobile frameworks, development tools to use, devices to support and mobile development providers. Listen to the app agencies promoting their favorite tools, but decide on what’s best for you long term, not the cheapest offer today. 1. Security and Privacy Outside the Firewall Have a common framework for authentication and authorization of your mobile apps as they are more vulnerable than desktop or web based applications protected by the company firewall. Consider the whole transport mechanism for all your applications, internal messaging, etc. You need a secure “pipe” for everything. The most common solutions for this are VPN’s and Mobile VPN’s. A VPN provides an encrypted tunnel through the Internet between your device and a VPN server. This is called a tunnel, because unlike other encrypted traffic, like https, it hides all services, protocols, and contents. Depending on the actual network state (coverage, signal strength, etc), there might be problems since the mobile networks response time can be high and VPN connections are very sensitive regarding response time. This is due to security concerns but it means that a slow response might interrupt a VPN connection, making it very difficult to work on the corporate network from a mobile device. A VPN connection is set up once, and only terminates when you decide, but the tunnel is disconnected if the client loses network connectivity or due to inactivity. This makes it a good solution for a more permanent or continuous connection to the corporate network, as long as you have a good enough Internet connection. But it is highly impractical for e.g. messaging that is more sporadic in its nature. When using VPN from a mobile device all Internet traffic, disregarding if it is corporate or private, will have to pass through the company firewall. You will also have to take into account management of temporary (e.g. consultants) users, letting people participate in secure discussions without connecting them to restricted services inside the firewall.
  4. 4. pals@pingpal.io | pingpal.io | © 2014 PingPal AB | All Rights Reserved 2. Device and local data Management and Monitoring Mobile devices are used anywhere, often over untrusted networks, with a significant potential for loss or theft You must be able to remotely lock a lost device and wipe off selected corporate data as well as emails, chat conversations, etc. The same goes for employees leaving the company and consultants/sub-contractors that bring their own devices. The solution must reduce the risk of leaking data by mistake or by theft and it is here that the auto-deleting, or ephemeral, mechanisms come in. Snapchat has popularized the auto-deleting images for casual communication. The same kind of mechanism can be used for any type of messaging or corporate data when it is controlled by a specific app. Possible ephemeral triggers are, for instance, deleting after a set number of views, or at a set time, or by using a geofence; “this information must not leave this building”. You should also be able to push newer apps or versions of apps to every employee so that everyone runs the same version, as you have the app store update mechanisms for commercial apps. 3. Device Independence Your IT infrastructure must be built with device independence in mind. You have to protect sensitive information wherever and however it’s used and stored—even when business and personal apps live side-by-side on the same device. Support for various current and future mobile platforms and form factors should not pose too big a challenge and a fortune to implement and support. Do not try to throw in every feature of an existing web app or desktop app into your mobile app. This will only increase bulkiness and development and maintenance cost. Build smaller apps that only take care of a handful of features, that are easy to replace when your organization or IT implementation changes. Provide a suite of such apps and let customers, partners and employees pick and choose what may be the best fit for them. Remember the high interoperability and ease with which mobile apps can kick off another mobile app based on user’s inputs and preferences. Also keep in mind, the integration possibilities with independent productivity apps like Evernote, Email clients, Document and Image editing and management tools.
  5. 5. pals@pingpal.io | pingpal.io | © 2014 PingPal AB | All Rights Reserved 4. Server side implementation A mobile application isn’t the same as a desktop application, and while the difference starts in the device, it’s the server side of the mobile equation that will make the difference between productivity gains and losses. If you do not already have an enterprise bus infrastructure in place or your current infrastructure is too old to handle mobile requirements, consider revisiting the brokering and routing requirements. An optimum server-side mobility solution will consider state control in transactions, presentation of information and management of mobile data flows. You also need to analyze and minimize data volumes. Mobile applications rely on a relatively low-speed link to the devices, and available mobile bandwidth may vary considerably, depending on the user’s location and the local cellular traffic load. In many cases there may be usage charges applied, which could make mobile applications expensive to run if data volumes are high. 5. Data synchronization Database synchronization presents one of the toughest hurdles in deploying distributed mobile solutions. You need to set up advanced synchronization and filtering between each mobile device and the central system, deciding what data they share, and the manipulation rules. The complexity grows exponentially with the amount of shared data so it is necessary to select good tools to manage this. The data in the app should be stored in a secure local database in the device with strong encryption. There should also be an automatic self-delete (ephemeral) mechanism implemented in the app to automatically remove data in accordance with the internal business processes, as well as a complete wipe through a remote command. The synchronization mechanism should also take into account the mobile network characteristics of everything from high to low speed data connections, dropped connections in the middle of processing and even complete off-line situations. The data synchronization should be done partially on connection losses, giving clients the opportunity to continue synchronization where it was when the connection got lost. It should also handle multi-user conflicts, primary-key changes and other problems usually associated with database synchronization.
  6. 6. pals@pingpal.io | pingpal.io | © 2014 PingPal AB | All Rights Reserved 6. Offline behavior of app Employees must be able to download corporate data in their device. It could be as simple as Excel and PowerPoint files, but also for instance all CRM, customer support, order delivery, etc data related to a specific customer for a meeting. People need access to important and sensitive data to perform their job even when traveling on an airplane or visiting a remote site with poor data network coverage. Partners and associates might also need to download offline data, like actionable items, messages and reports. For your customers you might want to offer the ability to download receipts, order status, and special offers even when they are off the network. The highly sensitive nature of this data makes it critical to develop security mechanisms, like database encryption and the ability to remotely wipe everything from lost or stolen devices. There might also be privacy or other regulatory compliances needed to investigate. 7. Scalability Mobile customers’ attention span is shorter than that of desktop and webapps. Customers use devices everywhere and at any time of day. Mobile app infrastructure has to be scalable as once an app becomes a big hit, it becomes extremely important to scale up the back end within hours or days. Otherwise you will end up having a short- lived success and by the time you scale up the customers will be all gone. The simple way is to apply vertical scaling by adding more resources to your server. This might be OK for a small niche app but will not be sufficient for massive scaling. Design your app and backend solution for horizontal scaling where you distribute data and route messages over several servers. This is especially important if your app is customer facing.
  7. 7. pals@pingpal.io | pingpal.io | © 2014 PingPal AB | All Rights Reserved 8. Prioritize user experience Mobile apps are setting the stage for what users expect from their working environment. People expect the same look, feel and power from your internal apps as they expect from commercial apps. This has raised the stakes for IT. As you work to deliver a superior user experience, look for ways to give people more than they expect and provide useful capabilities they might not have thought of yet. For example: • Think mobile first! • The design and layout of the app is at least as important as the functional task it is intended for. • Compare your intended app with similar commercial consumer apps. Is your app looking as good or better? It should, if you want your users to love the app. • Allow people to access their apps and data on any device they use, complete with their personalized settings, so they can get to work right away. • Automate controls on data sharing and management, such as the ability to copy data between applications, so people don’t have to remember specific policies. • Define allowed device functionality on an app-by-app basis, so people can still use functions such as printing, camera and local data storage on some of their apps even if IT needs to turn them off for other apps. • Make it simple for people to share data with colleagues by for instance sending a link. • You should measure and analyze usage of various features to decide future development of the app. 9. Customer facing apps The app will reflect on your brand and you as a supplier and it’s important that the app feels and behaves as good, or better, than a commercial app. Social networking is increasingly becoming an important aspect of mobile app development. It could mean as simple as enabling app authorization using customers social IDs, for instance signing on with the users Facebook ID. If implemented correctly it will also offer insights into demographics of customers as well as help manage your company’s online reputation and address customer concerns before it is too late, all important aspects for developing your products, offering and brand. The app has to be appealing and will need regular facelifts to keep competition at bay unlike the previous generation webapps wherein functionality alone was enough to keep customers engaged.
  8. 8. pals@pingpal.io | pingpal.io | © 2014 PingPal AB | All Rights Reserved Services Tier Design for Mobile Applications The mobile aspects brought up in this whitepaper shows that the old three-tier architecture has to be updated. Many vendors have started promoting a new four-tier model to assist in solving key challenges associated with current delivery systems, where new dynamic apps with cache solutions will be able to effectively adapt and scale with changing demand. The four-tier model is brought forward, and explained in much more detail, by Forrester Research Inc: http://www.forrester.com/Mobile+Needs+A+FourTier+Engagement+Platform/fulltext/-/E-RES100161 Client tier • Mobile clients • Wearables • Internet of things • Responsible for experience delivery Delivery tier • Optimizes content for proper display on device • Caches content for performant delivery • Drives personalization by using analytics to monitor user behavior Aggregation tier • Aggregates and federates services tier data • Provides discovery for the underlying service library • Performs data protocol translation (e.g. SOAP to JSON) Services tier • Existing on-premises systems of record, services and data • External third-party services (e.g. Box, Twilio) 1. The client tier is all about the user experience. It separates the unique capabilities of each app and device — wearable, desktop or mobile, browser or dedicated app, platforms and HW devices, Internet of Things, etc — from the services that back-end applications deliver. This frees developers from having to customize development to each device and platform, which allows them instead to focus on building out a single application, increasing productivity, and decreasing maintenance load. It also means the possibility to more freely chose tools and vendors. 2. The delivery tier takes the app- and device-specific information from the client tier to optimize content and delivery method for each device. It queues and caches content both locally and on servers so that in the event of lost service while using the application they would still be able to have a smooth working experience. 3. The aggregation tier is the API layer that has two brokerage roles, providing discoverability between app requests and services and bidirectional translation between client requests and back-end or third-party services. By applying business intelligence, analytics, and role-based access the dynamics of the service increases. 4. The services tier contains your legacy systems. It’s the many systems you have within the firewall AND third-party services in the cloud. Each of these services has a different interface with its own specifications for how to access functionality and data. Data is provided to the layers above without concern for how that data is consumed, creating maximum flexibility in the consumption and dynamic composition of services.
  9. 9. pals@pingpal.io | pingpal.io | © 2014 PingPal AB | All Rights Reserved Reports show that 40% of all employees rely on mobile devices every day during the workweek, with 37% of the employees use their mobile devices to work for more than 60 minutes a day. Early mobile implementations in enterprise systems have mostly tried to mimic the desktop and browser implementations, but this provides a poor solution and experience. The tools market is a mixture of the old giants that tries to raise themselves to mobility and app development tools targeting consumer apps. Choosing the best tools for security, user experience, content, platforms and devices they wish to deliver will be increasingly critical. Try to think ahead where you want to be in a couple of years and chose tools and develop strategies with future flexibility. Don’t go for the latest buzz if it cannot be thrown out again if it fails or gets out of fashion. Mobility is here to stay but devices and technology will change. Quickly. Final Notes About PingPal PingPal is a platform for military grade encrypted privacy protected self-destructing (“ephemeral”) communication and positioning. Like Snapchat or WhatsApp on steroids for ANY app developer or organization. Simple implementation and low cost traffic subscriptions means great ROI. In reality this means that we are re-creating the casual off-the-record conversation, like for instance a tête-à-tête, on Internet and mobile communications. We protect all private or corporate communication, chats, image sharing, video calls, positioning, etc. Communication and positioning are supposed to be a dialog between two people, not something that is stored and mined for marketing, competition or political reasons. This is also most important for companies that need to communicate with people in the field even though they bring their own devices and communicate over public networks. PingPal runs outside the standard VPN providing even higher security and convenience to messaging, positioning services and app data transport, making it the perfect tool for BYOD or outside firewall communication. We invite ALL apps, platforms, devices and “things” to use this technology to protect their users. We are not only revolutionizing how developers build communication into their apps, we are revolutionizing in the way we make mobile and Internet communication private again. We bring back the control of the app user data to the user. We don’t know anything about anyone communicating on the PingPal service. And that’s the best way to protect user privacy; to not have any data to protect.