EXECUTIVE SUMMARY
– Mobile Device Management (MDM)
PURPOSE
The purpose of this document is to outline and highlight the current risks and associated governance considerations pertaining to the use of smart mobile technology and devices by company employees accessing corporate resources (ie: that are typically of a sensitive nature and / or strategic and confidential to the business). These devices are today predominantly non-blackberry smartphone and/or tablet devices (ie Apple IOS, Samsung android or Nokia windows phone) that are either company owned, company funded or owned by the employee (ie BYOD, bring your own device) – all being used remotely as an alternative to employees’ desktops or laptops.
Over and above the trends and realities in the market, the document serves to provide some clarity and suggested solutions and recommendations that are available today to allow the end user the freedom to work as and where he/she pleases but at the same time helping provide IT (the representative of the company) the peace of mind that there is no exposure to company confidential IP or assets.
BACKGROUND & OVERVIEW
Smartphone and tablet adoption worldwide has, over the past 3 years, seen an explosion bigger than any other IT era – even more than the internet! You only have to look at HP’s financial results in 2013 (the worst in their history) and the recent statistic by an independent research house that Apple sales now exceed combined desktop and laptop sales.
But it hasn’t been plain sailing for all the mobile device manufacturers. Blackberry has seen a total collapse in their market share and value over the past 3 years as has Nokia – the latter looking to be saved through their acquisition by Microsoft. Going forward the analysts are predicting three OS platforms dominating the enterprise arena over the next 5years –
Apple IOS, Android (Samsung) and Windows Phone (Nokia). In short, no single OS will dominant again like blackberry as the choice of device has now shifted very much to the end user.
Most importantly, end user employees are now insisting that they can use the device in their business environment as a convenient alternative to their desktop and/or laptop function.
Blackberry’s BES or BIS server provided the necessary security and management but does not cater for multi-OS non-blackberry devices such as Apple, Samsung and Nokia.
Added to this complexity, is that many companies, until recently, have been putting off their mobile device management planning and implementation until their BYOD company policy has been formalised. However, the reality is that employees are already using their own
Page 1

device of choice (invariably a non-Blackberry device) and gaining remote access to company confidential resources and information.
The challenges are numerous against this backdrop:
1. For IT, it’s the hassle and cost of integrating these multiple OS device platforms into the organisation PLUS the securing and management of the device and user (notably the high profile user).
2. The real risk and exposure to the organisation, however, emerging over the past 12 months is the IP beyond the device itself – specifically confidential documents, sharing of content and the requirement for secure distribution of company owned applications and/or public domain websites/applications.
Without proper management, control and security of these types of devices (exacerbated by the associated information, content and applications that users are demanding access to) companies are at severe risk of being undermined and/or marginalised.
OPTIONS FOR CONSIDERATION & RECOMMENDATIONS
Key criteria for consideration are as follows:
1. INTEGRATION: ability to integrate any IOS, Android and/or Windows Phone (ie non-
Blackberry) device seamlessly, as a single feed, into the organisation
2. USER EXPERIENCE: ability for end users to flexibly and freely work on their smart mobile devices as though they were working from their own desktops or laptops in the office
3. MOBILE FIRST SECURITY: a. ability to establish a trusted device/end user entering the organisation b. ability to separate personal from company confidential information c. ability to secure email attachments and documents d. ability for a mobile device to securely access and obtain shared content (eg: a
SharePoint file or document) e. ability to securely distribute in-house and/or public domain applications f. ability to securely access an intranet or public domain URL without the need for a VPN or proxy g. ability to carry out a selected wipe or full wipe of the device real time h. single management console i. ability to scale j. must cater for a cloud and/or on-premise implementation k. ability for jailbreak / root detection
4. CREDIBLE SOLUTION PARTNER: MOBILE FIRST SECURITY COMPANY FOCUS,
INVESTMENT IN R&D AND SUSTAINABLE STRATEGIC ROADMAP: must feature as a leader on the Gartner Magic Quadrant for MDM
5. TECHNICAL SUPPORT: strong in country technical support capability, expertise and track record with a direct partnership with a global leader principal
Page 2

KNOVATION SOLUTIONS
Knovation Solutions is a South African based (Pty) Limited solutions provider with a 20 year track record in the local IT/Technology industry – the latter 4 years of which has been focused exclusively on the provision and support of mobility solutions to the corporate enterprise sector of the market. As the company tagline denotes, Knovation Solutions’ strategy is around Mobile First for Enterprise
Key focus areas include:
1. Mobile device security, management and control. Direct partner principal: MobileIron
– the global leader in cloud and on-premise MDM (Gartner). Knovation Solutions has the longest standing interaction and partnership with MobileIron in SA than any other entity.
2. Custom multi-OS mobile application design, development and integration
3. Mobile voice biometrics for real time triple factor caller authentication
4. Private closed community social business media for enhanced collaboration and communication across all stakeholders
ABOUT THE MOBILEIRON PLATFORM
The MobileIron Mobile IT platform secures and manages apps, docs, and devices for global organizations. It supports both company owned and employee owned devices, offering true multi-OS management across the leading mobile OS platforms. MobileIron is available as both an on-premise system through the MobileIron VSP and a cloud service through the
MobileIron Connected Cloud.
Page 3

Page 4

Mobile Device Management:
Mobile devices are quickly becoming the primary communications and computing platform for business. This presents a new amazing opportunity for businesses to make their employees more productive on devices that they love to use. However, the adoption of smartphones and tablets in the enterprise introduce cost, security risk, and usability challenges that traditional IT management tools cannot address. A new management approach is required: Mobile Device Management (MDM).
MobileIron’s Mobile Device Management solution, part of our Mobile IT platform, allows IT to leverage existing enterprise resources such as email, content repository, security certs and identity management.
Mobile Application Management:
One of the unique benefits of MobileIron is the integrated ability for managing mobile apps for business users. The built-in Enterprise App Storefront provides both the tightest security and best end-user experience for Mobile Application Management, from distribution and delivery to the whole lifecycle management of mobile applications company-wide.
Mobile Content Management:
The widespread adoption of consumer mobile technology is driving organizations to embrace mobility as the primary IT platform for the enterprise.
End-users expect everything from email to sensitive business files on mobile devices, and they are often already accessing these tools - with or without IT’s approval.
So how can IT preserve the mobile user experience that is driving adoption in the first place without sacrificing content security?
MobileIron® Docs@Work gives the end user an intuitive way to access, store, and view documents from email and other enterprise content repositories such as SharePoint, while letting the administrator establish controls to protect these documents from unauthorized distribution. With Docs@Work, organizations enable end-users to be productive on mobile devices of their choice.
Page 5

Security:
The goal of a Mobile First IT organization is to serve the needs of the business by establishing the best mobile user experience for the employee. Mobile security should be invisible to the user while still protecting corporate data.
MobileIron’s Layered Security Model protects corporate data without compromising the user experience. It provides the basis for a partnership between IT and employees based on productivity, not restriction, without putting enterprise data at risk.
An enterprise persona is the collection of enterprise data (email, apps, documents, web content) and settings (certificates, policies, configurations) on an employee’s mobile device.
The MobileIron platform is built on a Layered Security Model that allows organization to secure the enterprise persona without impacting the personal use of the mobile device. It protects data reliably by aligning effectively with user behaviour.
From Threat to Opportunity:
The true challenge of mobile security is not protecting corporate data, but rather protecting that data without compromising the user experience.
MobileIron’s Layered Mobile Security Model protects both the interests of the organization and the individual. It provides the basis for a partnership between IT and employees based on productivity, not restriction, without putting enterprise data at risk.
Secure Email:
MobileIron Docs@Work, together with the MobileIron Sentry intelligent gateway, is the first solution in the industry to secure email attachments without requiring a third-party email solution.
Users access their corporate email using the mobile device’s native email but all corporate email traffic flows through MobileIron’s intelligent gateway ensuring the transport is secure and encrypting all attachments. Mobile IT can enforce policies to limit forwarding, cut/paste, or uploading to consumer cloud storage services. Enterprise security protocols are enforced while maintaining the user experience your workers want.
Page 6

Bring your own device (BYOD):
Many organizations want to support employee owned mobile devices for business use to drive employee satisfaction and productivity (Bring Your Own Device or BYOD), while reducing mobile expenses.
A successful BYOD program requires a clear separation of corporate and personal information, apps, and content ad. MobileIron provides a Complete Multi-OS Enterprise
Persona that separates personal and professional apps and content while preserving the native mobile user experience.
Mobile IT controls the corporate email, apps, documents, identity, and policies without monitoring or modifying personal data on the device.
Page 7