Securing the mobile enterprise environment Protect your organization’s information, systems and networks while supporting mobility and BYOD initiatives with Dell solutions

Securing your mobile enterprise environment is growing exponentially as the number of disparate devices accessing your confidential corporate information soars. The increasing use of employee-owned devices for work and the rising number of attempted security breaches make establishing best practices for mobile security critical for protecting information and networks. The best practices you adopt should help you maintain tight security no matter what use cases, device types, platforms and mobile enablement strategies you decide to support.

IT groups need ways to balance the openness of mobility and bring-your-own-device (BYOD) programs with the requirements of enterprise security. This paper identifies best practices for addressing security issues for the mobile enterprise environment. It highlights Dell solutions that can help your organization maintain tight security across a range of use cases, device types, platforms and enablement strategies.

2

The time to implement mobility/BYOD best practices is now. Attempted enterprise security breaches are already more prevalent than you might realize. A malware intelligence system implemented by researchers at Georgia Tech University is discovering 100,000 new samples of malware every day.1 The Dell SecureWorks information security service reports that 47 percent of the networks it begins to monitor have a major breach underway.

The growing number of mobile employees and BYOD programs can contribute to vulnerabilities that lead to breaches. Employee resistance to corporate security policies is also part of the problem. If your employees feel that security policies impede productivity or could encroach on their personal data, they might circumvent those policies. Employees don’t want IT to access personal emails or social media posts, or accidentally delete personal photos stored on a device. Nevertheless, developing individual work-arounds to protect individual privacy or personal data opens the door to breaches. The costs of breaches can be tremendous: Organizations must address breaches and often suffer from lost revenues based on the damage to their brand.

For many IT groups, the challenge is preventing costly security breaches while simultaneously expanding access to corporate applications and data for authorized individuals. To support mobility initiatives and BYOD programs, IT groups are asked to facilitate access through an increasingly broad array of computing device types (laptops, tablets and smartphones) and operating systems (such as Windows 8, Google® Android™ and Apple® iOS).

For many IT groups, the challenge is preventing costly security breaches while simultaneously expanding access to corporate applications and data for authorized individuals.

But enabling that access can introduce new security risks. If a laptop or mobile device is stolen, the thief could access sensitive enterprise information residing on that laptop or device. Moreover, an unauthorized person might use the laptop or device to access the corporate network and cause mayhem. In addition, a laptop or mobile device that is authorized to access the corporate network might unwittingly act as a conduit to infect the network with malware. Corporate data also could be intercepted over third-party wireless networks or mobile services selected by mobile workers.

IT groups need ways to balance the openness of mobility and BYOD programs with the requirements of enterprise security. Furthermore, IT groups must make sure achieving access to resources is simple for employees. They need an intuitive, native experience, not another security policy to break. At the same time, IT groups have to control administrative complexity. Adding multiple, distinct security solutions from different vendors can quickly burden administrators and keep them from more strategic projects. You need an integrated solution that avoids overlapping functionality and helps streamline management.

Mobile security best practices

Establish best practices for secure mobile access As your organization facilitates mobile access to corporate information and expands its BYOD program, improving network security must be a top priority. Implement some best practices for key network security to maintain security of corporate information and sustain compliance with regulations even as you enable greater anytime, anywhere access to information.

3

Build a BYOD network infrastructureEmployees are increasingly bringing personally owned mobile devices to work and using the enterprise network for internet connectivity. Unfortunately, the increased use of bandwidth-intensive tasks by these employees, including the streaming of videos and audio, can severely restrict the bandwidth available for work-related tasks. Personally owned devices also can introduce new security threats to corporate resources while putting regulatory compliance at risk.

Relegating these users and their devices to the guest network is not the best option. Doing so could reduce the bandwidth available for your clients and other visitors. But more important, you should consider implementing different security policies for guests and for employees using personal devices.

Build a distinct BYOD network instead of requiring employees to use a guest network. With a distinct BYOD network, you can, for example, enable your employees to stream the media they need for work without affecting the bandwidth for other users. In addition, you can set discrete security policies for these users, enabling access to corporate information and specific parts of the main network but also helping to ensure that no information leaks out through personally owned devices. In addition, you can make sure personal devices are validated before connecting to the network so they meet corporate security policies. You can also scan mobile traffic to block malware and prevent infection of corporate systems.

Mobile workers gain the fast, easy access to resources that they demand using the simple Mobile Connect app on their smartphones, tablets and laptops.

Set up secure mobile accessEmployees want to use mobile devices not only when they are working on the corporate campus but also when they are on the go. But as these mobile users access corporate information through WiFi hotspots at airports and coffee shops, they might unknowingly be exposing that sensitive information to security threats. Criminals could track keystrokes to steal passwords, conduct “man-in-the-middle” attacks and even install malicious apps on mobile devices. If a device is lost or stolen, unauthorized users could gain access to corporate apps and data.

4

Set up secure mobile access that uses context-aware authentication, network access controls and a virtual private network (VPN) to help prevent these problems. Context-aware authentication validates the user and interrogates the mobile device, allowing only authorized users and trusted devices that meet security policy requirements access to permitted corporate resources. Create a VPN so mobile workers can securely connect to corporate information while using public networks that might not be secure. Context-aware authentication and access controls help ensure that unauthorized users cannot get to corporate resources, and that mobile devices meet security policy requirements and do not become pathways for infecting the corporate network.

Inspect all network traffic The rising adoption of personal mobile devices for work and the increasing use of social media, Web 2.0 and streaming media applications can have important — and negative — implications for the corporate network. More devices mean more vectors for security and compliance breaches. In addition, bandwidth-intensive applications can slow performance across the network. You need ways to monitor and control traffic flowing both into and out of the enterprise to help maintain performance, security and compliance.

Next-generation firewall solutions can provide insight into all of this traffic, across all ports and protocols. These solutions can help your IT group determine which applications are consuming the most bandwidth and posing the greatest threats, and then set appropriate application usage policies. While certain critical applications need bandwidth prioritization, other nonproductive applications may need to be bandwidth-throttled or completely blocked. With greater insight into network traffic, you can set very granular policies to help guarantee bandwidth prioritization and help ensure maximum network security and productivity.

Establish a security baseline through effective identity and access management (IAM)Implement IAM capabilities to control access to information and enterprise systems. Effective IAM can help you establish a security stance that prevents intrusions resulting from incorrect, abused or compromised access credentials. The right IAM solution can help protect intellectual property, maintain privacy and ensure compliance with corporate policies and government regulations.

5

The right IAM solution can also reduce complexity and streamline operations. Your IAM solution should accommodate a diverse range of access needs and protect a wide array of systems that need to be accessed.

Often, a unified approach to access (such as single sign-on [SSO]), which raises all access to a more secure baseline, alleviates many of the risks typically associated with heterogeneous access needs. The best IAM solutions provide a unified approach to identity governance, privileged account management and access management (including SSO) so you can better control access while simplifying important functions.

Adopt robust, secure mobile access solutions

The Dell Mobile/BYOD Solutions portfolio can help you implement best practices for network security in several ways.

BYOD networkDell Networking W-Series Wireless solutions can help you implement BYOD and guest access networks. Centralized controllers, access points and instant access points coupled with network management and access management solutions provide the security and functionality you need. Dell Networking W-Series ClearPass Access Management enables you to enhance the security of the wireless network while simplifying deployment and management. ClearPass provides visibility into network traffic and lets you define access policies and prioritize traffic. Self-registration capabilities enable employees and guests to gain the access they need while freeing your administrators from time-consuming onboarding and provisioning processes.

Employees want to use mobile devices not only when they are working on the corporate campus but also when they are on the go. But as these mobile users access corporate information through WiFi hotspots at airports and coffee shops, they might unknowingly be exposing that sensitive information to security threats.

Secure mobile accessThe Dell SonicWALL Mobile Connect application works with Dell Secure Mobile Access (SMA) series appliances and Dell SonicWALL Next-Generation Firewall solutions to deliver policy-enforced mobile access to approved enterprise applications and protect corporate systems and data from mobile threats. Mobile workers gain the fast, simple access to resources that they demand using the simple Mobile Connect app on their smartphones, tablets and laptops. Meanwhile, IT can efficiently establish access control policies and make sure the corporate network is protected from mobile threats such as unauthorized access to data and malware attacks.

Dell SMA appliances offer interrogation capabilities that validate essential device security information, such as jailbreak or root status, device ID, certificate status and OS version. These capabilities allow only mobile devices that meet configured security policy requirements to access the network. Dell SonicWALL Next-Generation Firewall solutions scan traffic to eliminate embedded malware and prevent attacks.

Firewall solutionsDell SonicWALL Next-Generation Firewall solutions perform deep packet inspection, scanning each byte of every packet to provide deep network protection without slowing network traffic. These solutions combine intrusion prevention, anti-malware prevention and Secure Sockets Layer (SSL) decryption and inspection. Application control, content/URL filtering and real-time traffic visualization capabilities help you enforce corporate policies meant to enhance employee productivity and maintain compliance.

6

Dell SonicWALL Clean Wireless offers the dual protection of high-speed secure wireless combined with a high-performance Next-Generation Firewall. With Dell SonicWALL Clean Wireless, you can secure the wireless connection and inspect and encrypt the traffic flowing over the wireless network without affecting performance.

IAM solutionsThe Dell One Identity family of IAM solutions unifies identity governance, privileged account management and access management to help organizations secure and control access to information and systems. You can implement a single, centralized security policy that applies equally even across a diverse enterprise, reducing disparate authentication methods and making it easier to understand who is accessing what. By basing authorization on a unified set of roles, provisioning workflows and business-driven attestations, you can make sure the right people are accessing the right assets, regardless of how they access those assets — on the company premises or remotely, with an organizationally controlled device or in a true BYOD scenario.

Incorporate best practices for mobile device security

In addition to protecting the corporate network, you need to ensure that data does not “leak” from the enterprise through mobile devices. While it might be difficult to stop the rampant theft of smartphones and tablets, you can help ensure that stolen or lost devices do not lead to the loss of any corporate information residing on the device or accessible through the device. At the same time, you must maintain the security of data in motion, making sure hackers and other criminals cannot siphon information or record keystrokes for future attacks.

Make sure mobile and remote users avoid some of the basic behaviors that might introduce malware or expose corporate information.

The challenge of maintaining mobile security is complicated by the large variety of device types and operating systems. You need to implement mobile security solutions that can address all of the user work preferences, device types, operating systems and enablement strategies employed across the enterprise. For example, an employee-owned smartphone running iOS used by a salesperson might require different security capabilities and policies than a corporate-managed laptop running Windows 8 used by an executive. Adopt best practices that help lay the foundation for mobile security across the enterprise.

Institute a password policyAs a first step, insist that employees implement a PIN or password to access the device’s operating environment or apps. Doing so provides a good first line of defense against data theft if a device is stolen, potentially buying time for the user to report the device missing and disable functionality remotely. Unifying application access through SSO improves security while reducing the need for IT assistance when users access resources from a variety of devices.

Implement user education programs Make sure mobile and remote users avoid some of the basic behaviors that might introduce malware or expose corporate information. For example, employees should not use public wireless networks for work without a VPN connection or click links included in email or text messages from unfamiliar people.

7

Keep the OS up to dateOS vendors are very keen on eliminating vulnerabilities that could jeopardize security. Consequently, you must regularly install (or require the installation of) OS updates on smartphones, tablets and laptops to eliminate the possibility of exploiting security flaws in earlier versions.

Encrypt devices and dataAdding encryption to a mobile device can be a highly effective way to protect data from loss and theft. With the right encryption solutions, administrators (or users) can set encryption policies based on the user, user group and data sensitivity.

Create secure enterprise workspacesIn some cases, creating a secure workspace for enterprise applications on personal devices will be the right choice for preventing security problems. The workspace separates the enterprise operating system, applications and data from the personal operating system, applications and data. With a secure workspace, you can prevent personal applications and data from commingling with corporate information, which helps significantly reduce the threat of corporate information being captured.

A secure workspace can help avoid security problems that occur when employees break security rules in an effort to improve productivity. By downloading a simple app (the workspace), employees can easily access all the tools they need on their preferred mobile devices. Because the workspace provides them with productivity and collaboration tools, protects their privacy and keeps their personal data from being accidentally wiped by IT, employees are more likely to adopt this secure technology and stop skirting IT to get what they need.

Secure workspace solutions might be particularly useful when using contractors, supporting new employees acquired through a business merger or acquisition, and in healthcare situations — for example, when you want to limit access to certain applications, avoid the introduction of outside threats and eliminate the risk of a user placing enterprise information on a mobile device. In addition, workspace solutions can be used for home-based employees, telecommuters and remote-office employees who use their own computers. These solutions are also a good fit for mobile employees who are often on the road, visiting customer sites, or working from home or a conference room.

8

As an alternative to a secure workspace, you could adopt a virtual desktop infrastructure (VDI) model to ensure no applications or data actually reside on the device. Although employees access applications and data residing in the secure data center, they cannot move any of that data onto their mobile devices. Or, employ a virtual desktop model that keeps data in motion on the device but in a secure workspace, so users can continue to work offline.

Implement identity and access managementImplement an effective IAM solution to provide a rock-solid foundation for secure access and dramatically reduce the likelihood of security issues, even as employees increasingly use personally owned devices. IAM helps ensure individuals can access only what they are supposed to access across a wide range of situations, scenarios and use cases.

Deploy mobile device security solutions

Dell offers mobile device security solutions that can support a full range of use cases, device types and enablement strategies.

Dell Enterprise Mobility Management (EMM) is a comprehensive mobile enablement solution that supports your mobile/BYOD strategy. Secure and manage all your endpoints — including mobile devices, laptops and desktops — or your enterprise workspaces on them. Built from industry-leading security and management technology, this unified solution integrates multiple capabilities, including management of systems, mobile devices, applications, content, encryption and policies; secure access to corporate resources; user self-service; and real-time reporting and alerts.

Dell Mobility Solutions for security can help you implement best practices and accommodate an ever-expanding array of use cases, device types, platforms and enablement strategies.

9

Dell KACE appliances deliver a full range of lifecycle management capabilities — including systems management and policy enforcement of workstations, servers, desktops, laptops, tablets and printers — all from a single console. You gain centralized management and reporting as well as the ability to enforce compliance, identify and fix vulnerabilities, and keep operating systems up to date.

Dell Data Protection provides managed encryption, anti-malware and authentication for everything from smartphones to desktops. Centrally manage user credentials, passwords, and encryption and authentication policies. Set policies based on users, groups and data sensitivity.

Cloud Client-Computing (CCC) includes a broad array of solutions for desktop virtualization, including solutions that let you implement a workspace approach. Run applications from the data center and store data solely in the data center — only encrypted keystrokes are transmitted between the device and the secure IT infrastructure. For mobile devices, CCC enables you to provide anywhere, anytime access to applications and data from any devices, without allowing sensitive information to reside on those devices.

Gain flexibility with a comprehensive solution portfolio

Adopt security solutions from the comprehensive Dell solution portfolio to realize several key benefits.

FlexibilityOne size does not fit all when it comes to security solutions for the mobile enterprise environment; your needs are specific to your environment and your mobile/BYOD enablement strategy. Dell solutions support breadth and choice of management: You can manage everything from smartphones to secure workspaces to desktops, regardless of who owns the endpoint. And you can choose how you manage each endpoint, whether by user identity or use case. Moreover, Dell solutions give you the flexibility to change, so you can support your current needs and be ready for evolving requirements in the future.

Integrated functionalityUnlike individual point solutions available from distinct vendors, the Dell solutions are designed to be integrated with one another up and down the security chain. Choose Dell solutions to avoid the duplication of functionality that can result from adding multiple, discrete solutions from multiple vendors.

One size does not fit all when it comes to security solutions for the mobile enterprise environment; your needs are specific to your environment and your mobile/BYOD enablement strategy.

10

Industry-leading capabilitiesDell provides industry-leading technology that enterprises around the globe are using to address current and emerging security threats.

Simplified ordering and streamlining support with a single vendorThis comprehensive collection of endpoint and workspace security solutions comes from a single strategic partner — the same partner that offers leading hardware solutions. You can choose the security solutions you need while simplifying ordering and streamlining support.

With the number and variety of security threats increasing, you need ways to provide a secure mobile enterprise environment that enables employee productivity while protecting sensitive information. Best practices for network and mobile security can help your organization bolster security without restricting access to required applications and data.

Dell Mobile/BYOD Solutions for security can help you implement those best practices and accommodate an ever-expanding array of use cases, device types, platforms and enablement strategies. With Dell solutions, you can help improve employee productivity while helping to protect your organization’s information.

Learn More

Dell Mobile/BYOD Solutions:Dell.com/mobility

Dell Enterprise Mobility Management:Dell.com/EMM

Dell Secure Mobile Access:Dell.com/us/business/p/secure- remote-access

Dell SonicWALL Mobile Connect:Dell.com/us/business/p/dell-software-sonicwall-mobile-connect/pd?~ck=anav

Dell SonicWALL Clean Wireless:www.sonicwall.com/us/en/products/Clean-Wireless-Series.html

Dell SonicWALL Next-Generation Firewall:www.sonicwall.com/us/en/products/Next-Generation-Firewall.html

Dell Data Protection Solutions:Dell.com/dataprotection

Dell Desktop Virtualization Solutions (DVS):Dell.com/learn/us/en/555/virtual-client

Dell Networking W-Series Solutions:Dell.com/networking

Dell One Identity Solutions:software.dell.com/solutions/identity-and-access-management

Dell Wireless Solutions:Dell.com/wireless

Contact a Dell Mobility Expert:marketing.dell.com/mobility-solutions

A secure workspace can help avoid security problems that occur when employees break security rules in an effort to improve productivity.

11

1 “Malware intelligence system enables organizations to share threat information,” May 23, 2012, www.gatech.edu/newsroom/release.html?nid=132601.

About Dell Software

Dell Software helps customers unlock greater potential through the power of technology — delivering scalable, affordable and easy-to-use solutions that simplify IT and mitigate risk. The Dell Software portfolio addresses five key areas of customer needs: data center and cloud management, information management, mobile workforce management, security and data protection. This software, when combined with Dell hardware and services, drives unmatched efficiency and productivity to accelerate business results. www.dellsoftware.com

12

White Paper - Enterprise Mobile Management - US - TDA - 2014-09-17

© 2014 Dell Inc. All rights reserved. Reproduction of this material in any manner whatsoever without the express written permission of Dell Inc. is strictly forbidden. For more information, contact Dell.

Dell, the DELL logo, the DELL badge, KACE, SecureWorks and SonicWALL are trademarks of Dell Inc. Other trademarks and trade names may be used in this document to refer to either the entities claiming the marks and names or their products. Dell Inc. disclaims any proprietary interest in trademarks and trade names other than its own.

September 2014