Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Backing up Android and iOs devices


Published on

Backing up Android and iOs devices.
document fourni par

Juin 2012

Published in: Technology
  • Be the first to comment

  • Be the first to like this

Backing up Android and iOs devices

  1. 1. Next reports Rep or ts.InformationWeek .com June 2012 $99Backing Up AndroidAnd iOS DevicesAs more employees use their own tablets and smartphones forwork, IT teams need to figure out how to back up data createdwhile on the go. The answer: a smart mix of policies, cloudservices and mobile device management. We outline a dataprotection plan that doesn’t depend on end users, because“BYOD” shouldn’t mean “back up your own data.”By Ben DuPontReport ID: S5060612
  2. 2. Previous Next reports Backing Up Android and iOS Devices CONTENTS 3 Author’s Bio ABOUT US 4 Executive Summary 5 Mobile Invasion InformationWeek Reports’ analysts arm 5 Figure 1: Policy on Personal Mobile Device business technology decision-makers Use? with real-world perspective based on 6 Figure 2: Storage of Corporate Data on qualitative and quantitative research, Mobile Devices business and technology assessment 7 Figure 3: Mobile Device and Data Policies? and planning tools, and adoption best 9 Consider Cloud practices gleaned from experience. To 9 Figure 4: Cloud Storage Concerns contact us, write to managing director 11 Encryption Art Wittmann at, 11 Figure 5: Importance of Cloud Storage content director Lorna Garey at Features, editor-at-large Andrew 12 Figure 6: MBM Feature of Interest Conry-Murray at, and 13 Work in Progress research managing editor Heather Vallis at 15 Related Reports Find all of our reports at TABLE June 2012 2
  3. 3. Previous Next Table of Contents reports Backing Up Android and iOS Devices Ben DuPont is a software engineer in Green Bay, Wis., and owner of Nebland Software LLC. He can be reached at Ben DuPont InformationWeek ReportsWant More?Never Missa Report! Follow © 2012 InformationWeek, Reproduction Prohibited June 2012 3
  4. 4. Previous Next Table of Contents reports Backing Up Android and iOS Devices SUMMARY Smartphones and tablets present new backup challenges for IT. First, IT has to wrestle with a broad category of products that run on a variety of operating systems, which complicates centralized management and backups. Second, many of these mobile devices are owned by the employee, not the company, which limits IT’s control. At the same time, these employee-owned devices access corporate applications and data, and IT has an obligation to protect that data. The result is that IT has to assemble a set of policies and technologies that rely on a variety of products and services, including cloud-based backup, file synchronization and mobile device management. A growing number of cloud backup and file synchronization services offer administrative controls that allow IT to enforce policies, provision and deprovision users, and monitor content such as Office files. At present, backup isn’t a significant feature in mobile device management products, but that’s likely to change over time as more and more end users bring personal mobile devices into the workplace. At the same time, mobile device management helps ensure that data will be safe from prying eyes in the event that a device gets lost or stolen. June 2012 4
  5. 5. Previous Next Table of Contents reports Backing Up Android and iOS Devices Mobile Invasion As smartphone and tablet use grows in the corporate applications or data, make sure your issued devices. That’s the wrong approach, enterprise, IT wrestles with how to back up mobile device policy clearly describes the says Michael Finneran, an independent con- sensitive data that might reside on these plat- company’s requirements for allowing that sultant and industry analyst. “Our job is to forms. This task is complicated by the fact that access. IT’s first reaction to the bring-your- make sure mobile users get access to the stuff many mobile devices are the property of the own-device phenomenon may be to write they need securely, regardless of who owns employee, not the employer. In fact, 86% of separate policies for employee- and company- the phone,” says Finneran. “What level of se- respondents to InformationWeek’s 2012 Figure 1 Mobile Security Survey said they allow or plan to allow employee-owned devices (Figure 1). Policy on Personal Mobile Device Use? Does your mobility policy allow employees to use personal mobile devices for work? Unfortunately for IT, the devices users choose aren’t the ones IT is most ready for. While IT can manage BlackBerry devices with- No, and we have no plans to allow personal device use out much difficulty, users want Apple and 14% Android products. Our survey shows that 46% of respondents allow employee-owned Apple Yes iOS devices to store corporate data, followed 24% 62% No, but we’re developing a policy by 42% that allow Android 3.x and 4.x devices, and 28% that allow Android 2.x devices (Fig- ure 2). Add BlackBerry at 41% and Windows Phone at 26% to that list and you can see IT has its work cut out for it when it comes to backing up data on these devices. Data: InformationWeek 2012 Mobile Security Survey of 322 business technology professionals, March 2012 R4720512/3 If you allow user-owned devices to June 2012 5
  6. 6. Previous Next Table of Contents reports Backing Up Android and iOS Devices Figure 2 curity is required is defined by the organiza- tion, … and what users get access to is de- Storage of Corporate Data on Mobile Devices fined by their role.” On which of the following mobile device platforms does your organization permit corporate data to be stored? Your policy should also be clear about Company-provided Personally owned 80% where IT’s responsibilities lie regarding back- ups: IT has a right and an obligation to back 70% up company data, and to take steps to do so.FAST FACT But IT doesn’t have any obligation to protect 62% a user’s personal information, files, applica-86%of respondents to tions and other information, such as photos and videos. Of course, separating personal and corporateInformationWeek’s 2012 46% data is easier said than done. A mobile device 42%Mobile Security Survey 41% 41% can quickly become a hodgepodge of busi-said they allow or plan to ness and private information. For instance, a 36% Non-Windows laptops/netbooks (OS X, Linux) 35%allow employee-owned 35% 34% phone’s contact list could have personal anddevices. 30% business contacts. Business documents saved 28% 26% as PDFs may be loaded into an e-reader app. 25% 23% Thus, your policy must make it clear that while Windows laptops/netbooks IT isn’t responsible for backing up your MP3 14% Android 3.x and 4.x files or vacation photos, some personal data 10% Windows Mobile Windows Phone may be intermingled with corporate backups. 7% Android 2.x BlackBerry 6% Apple iOS Almost half of the respondents to our Infor- Symbian 4% 4% WebOS Bada mationWeek Mobile Device Management and Security Survey have written policies and pro- Data: InformationWeek 2012 Mobile Security Survey of 322 business technology professionals, March 2012 R4670512/ June 2012 6
  7. 7. Previous Next Table of Contents reports Backing Up Android and iOS Devices cedures regarding the handling of mobile Figure 3 data (Figure 3). If you haven’t yet developed a Mobile Device and Data Polices? mobile policy, make sure you get input from Does your organization currently have written policies or procedures pertaining specifically to mobile/portable multiple sources, including HR, security, legal devices or the handling of mobile data? and users themselves. 2011 2010 Yes; written policies and procedures Backup Challenges 49% 52% Your IT organization probably has mecha- Yes; written policies only nisms in place to back up users’ laptops and 18% PCs. A typical plan calls for backing up every- 19% thing on the device, including the OS, appli- Yes; written procedures only 6% cations and files such as Office documents. 4%2012 State ofMobile Security Full backups, including the OS, are possible No, but policies are being considered or are under development on mobile platforms, but not without some 21%With 62% already allowingpersonal devices at work, IT’s challenges. The operating systems for Apple 22%juggling laptop policies and Wi-Fi and Android phones and tablets run applica- Nopolicies and BYOD policies—and 6%that means security gaps big tions in a sandbox that don’t permit apps to 3%enough to drive a semi through. see data generated by other apps, which Base: 323 respondents in August 2011 and 307 in March 2010 R3321011/19Most, 80%, require only Data: InformationWeek Mobile Device Management and Security Survey of business technology professionalspasswords for mobile devices means a traditional backup agent like thethat access enterprise data/- kind that runs on a PC wouldn’t be able tonetworks, yet just 14% require capture all the data on a mobile device. vice is also used to update the devices and re- agement tools. If users sync their Applehardware encryption, noexceptions. Let’s be clear: Mobile Organizations that want to perform a full install the OS, if necessary. Apple phones and phones or tablets to their work computers,security is data security, and we backup will have to use workarounds. tablets have to sync with iTunes to back up then iTunes will automatically back up themust do better. Apple requires the use of its iTunes service data. IT can deploy iTunes software to em- mobile device and store that backup on the Download to activate iPhones and iPads. The iTunes ser- ployees’ work computers using desktop man- work computer, which gives IT some June 2012 7
  8. 8. Previous Next Table of Contents reports Backing Up Android and iOS Devices of control over the data. Apple’s manual for data; the Android OS doesn’t provide hooks risks. Rooted devices have a greater potential enterprise deployments has more informa- needed for a full device backup. A backup of exposing private data to malware, because tion on backing up Apple mobile devices. manager API is built in to the Android plat- malware on the device can take advantage of Apple also allows for different data types to form, but each Android device vendor, such root privileges. And users with rooted phones be synced to different computers. For exam- as Samsung and Motorola, must create a cus- may also have the ability to disable security ple, music files can be synced to a home com- tomized backup transport that user applica- features enabled by mobile device manage- puter and contacts to a work computer. If IT tions can communicate with through the ment software, such as the password strength activates the tablet or phone for the API. The upshot is that each individual appli- policy and autolock. Users can also install employee via iTunes, the service can be pre- cation on the device must have backup sup- apps that would otherwise be blacklisted by configured to enforce this separation of data, port built in by the application vendor, and MDM software. For these reasons, many or- so that information important to the com- IT cannot necessarily control where the ganizations don’t allow rooted mobile devices pany is synced and backup lands. onto the corporate network. backed up to a corpo- Some third-party services, such as MyBack- Most Android smartphones come with a Your policy should also be clear rate PC, while personal upPro, will back up just about everything on card slot into which the user can plug an about where IT’s responsibilities data stays with a user’s an Android device except the OS, but the An- external storage device, such as an SD Card. lie regarding backups. computer. droid device has to be rooted to enable this. The Android device can be configured to save However, given that A device is rooted when the user subverts sys- data to this external device, providing another many Apple devices are tem controls placed by the device manufac- backup option for IT, but again this requires a purchased by employees, there’s a strong like- turer so that the user can get “root,” or diligent user who knows enough to back up lihood that they would activate and sync their administrator, access to the device. Many the data and then either save the data to a PC mobile devices to iTunes running on a per- organizations don’t want rooted devices con- that IT regularly backs up or deliver the re- sonal computer, which may put backups out- necting to corporate networks because of the movable card to IT for backup. Some backup side of IT’s control. potential security dangers. agents can also back up data on an SD Card. Android devices aren’t much better when While users root their devices to gain more If you store corporate data on an SD Card, be it comes to a full backup of the OS and all control, they also expose themselves to more aware that the data will not be encrypted June 2012 8
  9. 9. Previous Next Table of Contents reports Backing Up Android and iOS Devices device encryption and the data will be read- Figure 4 able by any application on the device. Cloud Storage Concerns While backup for most mobile device data is What are your main concerns about using cloud storage services? challenging, email is the exception, particularly 2012 2011 for companies that use Microsoft Exchange. Mi- Security crosoft offers an ActiveSync agent that syn- 79% 79% chronizes email and attachments between the Reliability and availability Exchange server and mobile devices. The data 52% remains on the Exchange server so it can be 55% synced among multiple devices (laptop, desk- Performance top, mobile phone, etc.). Exchange servers are 49% 51% already part of a company’s centralized backup Cost program, so corporate email doesn’t need to 39% be backed up on individual mobile devices. 48% Regulatory concerns 38% Consider Cloud 34% Android and iOS devices do support backups Other of certain user data, such as device settings, cal- 3% endar and contacts, photos, and SMS, but 5% there’s no easy way for an enterprise to back up Note: Multiple responses allowed R4190212/23 Base: 313 respondents in January 2012 and 377 in November 2010 that information to a central location—unless Data: InformationWeek State of Storage Survey of business technology professionals IT is willing to consider cloud-based backup. One option is a company called Druva, which have backups stored on premises or in Druva’s Android devices. On iOS and Android plat- provides a variety of services, including cloud. Druva’s application, inSync, provides ad- forms, administrators can schedule backups of backup, for laptops and mobile devices. IT can ministrator-controlled backup for Apple and contacts, pictures, videos, text messages June 2012 9
  10. 10. Previous Next Table of Contents reports Backing Up Android and iOS Devices call history. When it comes to Office-type files, cluding updates and changes, in the cloud. If devices. On the Android platform, users can up- the user can manually share files with inSync a mobile device is lost or wiped, users can still date existing files and create new ones, and and inSync will back them up. recover their files. In addition, many of these have them synced via the service to be avail- Asigra also offers a cloud-based backup services support some form of centralized able elsewhere. Apple iPhone users can upload service that supports mobile devices. On the management for IT, such as being able to cre- and view files, but can’t create new files. Sync- Android platform, Asigra’s DS-Mobile Client ate and monitor corporate accounts for users. plicity, which was recently acquired by EMC, can back up contacts, calendar, call logs, set- While IT may be uncomfortable with putting supports administrative controls such as revok- tings, apps and Office files. On iOS, the client corporate data into the cloud (security was ing user accounts and setting and resetting can back up contacts, calendars, photos and the No. 1 concern of cloud storage in Informa- passwords. Other products that combine cloud video. Many cloud backup vendors also resell tionWeek’s 2012 State of Storage Survey), the synchronization with administrative controls Asigra’s client to support mobile device fact is, users are flocking to these offerings include Trend Micro SafeSync and Mezeo. backup for their customers. with or without IT’s approval (Figure 4). IT may Other options include services from Egnyte Business contacts and SMS data are impor- be better served by getting out in front of the and SugarSync, both of which offer cloud- tant to IT, but Office files are likely to be the problem by offering a version to users that al- based file synchronization and storage most sensitive corporate information that lows some measure of administrative control. for mobile platforms. Both companies gets used on mobile devices—think of an For instance, in May, Box announced new se- enable mobile access to files, and both can executive working on spreadsheets while curity and administration features to make it synchronize and save new files that are waiting to catch a connection at the airport, easier for IT to manage users and files. Mean- created on a mobile device, or changes that or a salesperson updating a presentation for while, Dropbox launched a Teams version of have been made to existing files (assuming a new customer. its service that includes administrative func- that the mobile platform offers file creation or If IT is concerned about Office files, it may tions such as the ability to add and remove editing capabilities). want to consider cloud-based synchroniza- users from the service. All of these services ensure that documents tion services such as Box and Dropbox. While Similar options include Syncplicity, a file syn- and files will remain available to IT and busi- not technically a backup, these file synchro- chronization and sharing platform designed ness users even if the mobile device is lost or nization services do store copies of files, in- for enterprise use that supports mobile June 2012 10
  11. 11. Previous Next Table of Contents reports Backing Up Android and iOS Devices Encryption When using a cloud-based service, data Figure 5 should be encrypted both in transit and at rest. Importance of Cloud Storage Features Respondents to the InformationWeek’s Public How important are the following features when using or evaluating a cloud storage service? Please use a scale of 1 to 5, where 1 is “not important” and 5 is “very important.” Cloud Storage Survey rated data encryption as Very concerned 5 the third-most-important feature of a cloud 4.4 storage system, just behind the ability to move 4.3 4.3 4.3 4.2 data between cloud and on-premises storage, 4.1 4.1 4.1 4.0 Compatibility with legacy systems/processes, e.g., Active DirectoryLike This Report? Wide support for transfer protocols (SCP, FTP, SAMBA/CIFS, RSYNC) 3.9 3.9 3.9 and on-demand access (Figure 5). 3.8 3.8Rate It! Ability to move data between cloud and on-premises storage 3.7 3.7 Most cloud backup and synchronization 3.6Something we could do services support encryption in transit—thebetter? Let us know. procedures and protocols for encrypting data as it travels over networks are well estab- Ability to establish/enforce retention policy Rate Native file system support (mount point) lished. Many cloud storage and file synchro- nization services also encrypt the data stored Reporting (usage and compliance) on their systems. For instance, SugarSync encrypts all stored files using 128-bit AES, and Integrity policy reporting Geographic redundancy Box encrypts data at rest using 256-bit AES. Network encryption Limitless scalability On-demand access 1 Not at all concerned Instant scalability Data compression Monitoring tools The question then becomes one of trust. If Data encryption Deduplication the provider manages decryption keys, which potentially opens the door to unau- SLAs thorized access to your information by a rogue employee or outside attacker. The Note: Mean average ratings R2750511/7 Base: 229 respondents at organizations using, planning to adopt or assessing public cloud storage services probability of such an occurrence is low, but Data: InformationWeek Public Cloud Storage Survey of 363 business technology professionals, April 2011 if it represents a risk you don’t want to take, June 2012 11
  12. 12. Previous Next Table of Contents reports Backing Up Android and iOS Devices you can look for a vendor that supports a dis- to the encryption key; part of the key is Mobile Device Management tributed key management system, such as encrypted with the user’s password, and MDM systems are available to help IT get a Druva. In Druva’s approach, neither the the key can only be recovered when a user measure of control over smartphones and company nor the customer has direct access logs in. tablets, including user-owned devices. We rec- ommend the use of MDM products as part of Figure 6 your overall mobility strategy. Unfortunately, MDM Features of Interest only a handful of MDM platforms address Whether or not you have a mobile device management (MDM) system for controlling tablets and smartphones, which centrally controlled features are of greatest interest to you? backup: Of 11 products in the Information- Week Mobile Device Management Buyer’s 53% Guide, just three support remote backup: 51% Fiberlink, Sybase and Wyse. However, we an- 44% ticipate that more MDM vendors will offer 40% some form of backup service or partner with a provider. 34% 34% However, it’s also clear that IT isn’t looking 30% 29% Over-the-air provisioning and updates to MDM vendors for backup capabilities. In 26% Support for multiple device types Management of physical devices our 2011 Mobile Device Management and Se- 21% 20% Schedule backup and restore Remote selective data wipe Jailbreak/rooting detection curity Survey, only 11% of respondents listed 18% Compliance/policy setting Vulnerability remediation Remote troubleshooting Application whitelisting Sandboxing capabilities “scheduled backup and restore” as a feature Remote full data wipe Policy enforcement Role-based policies RSS/Web browsing 11% 11% of interest. Twelve other features ranked Private app store Device updates 9% 8% 8% higher, including security-centric features 5% Auditing such as compliance and policy settings, policy 2% Other enforcement and remote wipes (Figure 6). Note: Five responses allowed R3321011/27 That attitude may change as smartphones Data: InformationWeek 2011 Mobile Device Management and Security Survey of 323 business technology professionals, August 2011 and tablets become more ingrained in June 2012 12
  13. 13. Previous Next Table of Contents reports Backing Up Android and iOS Devices rate workflow, and as the devices’ ability to cryption, which IT may find comforting in case prevent sensitive information from being create content improves. In the meantime, the a device is lost or stolen. However, note that en- leaked, but you’ll also destroy whatever per- lack of backup in an MDM platform doesn’t cryption isn’t guaranteed protection because sonal information was stored on the detract from MDM’s other capabilities. recovery of the encryption key is possible, device.This might not be a problem if the As you evaluate MDM products, ask the though difficult. For a device to encrypt and device couldnt be recovered, but it will be an vendors where backup sits on their road maps. decrypt data, it needs a key that must be stored issue if the employee leaves the company. Look And in the meantime, there are a few other pro- somewhere on the device. Android and iOS de- for an MDM product that can differentiate tection mechanisms you should ensure are vices solve this problem by encrypting the en- between private and company-owned data. available today. cryption key with the user’s password. The mo- For instance, Symantec says its MDM product, The first line of defense is a strong password. bile device prompts the user for the password, Symantec Mobile Management, can keep per- However, users are notorious for selecting sim- decrypts the encryption key, and can then en- sonal and corporate data separate. We also rec- ple passwords, so you can fortify the mobile crypt and decrypt data. ommend that your policy address the issue of device with an autolock feature. Autolock However, if an attacker gains direct access remote wiping for employee-owned devices. If makes the device inaccessible if a person fails to the flash memory on the device, the your policy requires that a device be wiped, and to enter the correct password after a predeter- attacker can carry out a brute-force attack you allow the use of personal devices, make mined number of tries. However, while lockout against the encrypted key. If the password is sure employees understand the potential to features will slow down an attacker, the lockout simple, the key can be recovered quickly. have personal data eliminated. mechanism is only effective if the device is at- Other features to look for include device Other MDM features to look for include tacked through the UI. If an attacker can get di- tracking and remote wipe. Device tracking will application blacklisting or whitelisting, rect access to the content on the device, allow you to confirm the location of a user’s detection of rooted phones, and the ability Like This Report? whether through an OS exploit or by getting device. If it seems that the probability of to host a corporate app store with apps physical control of the device and prying out recovering a device is low, remote wipe will sanctioned by the company. Share it! the memory chip, the lockout won’t help. That’s ensure that no one can recover the data. Like Tweet why encryption is the next line of defense. Of course, a remote wipe is tricky with a Work in Progress Share Most MDM platforms support full device en- device owned by the employee—you’ll Enterprise backup schemes for Android June 2012 13
  14. 14. Previous Next Table of Contents reports Backing Up Android and iOS Devices iOS devices are still in their infancy, which means IT may have to take a variety of approaches to protect corporate data on these devices. First and foremost, IT needs to have a mobile device policy that describes its role and responsibility for data backups. That policy should be created with input from a variety of stakeholders, not just the IT department. IT should also consider cloud services for backing up and synchronizing files; while IT may be reluctant to embrace cloud storage, such services can be a sensible alternative to traditional, premises-based backup products for mobile devices. Finally, deploy an MDM product that sup- ports full device encryption, strong pass- words, autolock and remote wipe. These steps will go a long way to protecting corporate June 2012 14