Tag Archives: mobile security

Make the move to corporate-liable devices

Tuesday, November 11, 2014


Have you completed rule number one of the 10 essential rules for reducing wireless expenses?



Then it’s time to address rule number two.


reduce wireless expenses by moving to corporate-liable devices

Rule #2 – Move to Corporate-Liable Devices 

To centralize the wireless spend, all wireless devices used in the business should be company-owned. This step not only enables the cost benefits of pooled plans, but improves oversight and control in several areas:

    • Corporate-owned devices can be standardized and electronically monitored. This gives managers the ability to enforce user policies, and as well, implement appropriate security. An unmonitored device is equivalent to a stray key to the corporate network, and could be carrying sensitive information as well.
    • Employees feel that when they own the device, it is their right to use it as they please. It is hard to govern the use of something that your company does not own.
    • Centralizing the purchase of devices allows companies to gather data on costs and features, and determine what best serves the business.
    • From a commercial standpoint, it’s important for the company to own all phone numbers that are being used to contact the company. Otherwise, when an employee leaves the company, so might the phone number that was a customer’s only point of contact.


If you would like help reducing your wireless costs, or would like advice on how to better negotiate your wireless contracts, please contact Avema for a free consultation.

5 MDM Selection and Implementation Mistakes

Tuesday, July 29, 2014

mdm selection and implementation

We’ve helped over 100 companies with MDM selection and implementation, and here are the most common challenges that we’ve seen.

Policies that don’t balance all stakeholder needs 

Security is important to the company, but so is user experience. Is it possible to be too secure? The answer is yes, if you don’t take into consideration end users and their desire for ease of use with their devices. You could implement policies that make using a mobile device so onerous that people actually become less productive. On the flip side, you could give up too much control to your end users. Balance is the key.

Viewing MDM software as commodity

Because there are limitations on MDM functionality that are imposed by operating systems, it’s common to think that most MDM software have the same basic set of tools. But there are vast differences in how these tools are used amongst the software vendors. For example, most MDM software can allow an administrator to enable or disable WiFi or a VPN application. But one may use data from Active Directory to automatically change these settings when an employee moves from one group to another.

Believing the hype

Mobile management software is a relatively new category, with many competitors vying for attention and dollars. Unless you’re new to IT, you’ve probably experienced vendors who embellish on what they can deliver. It’s important to itemize the most important features that you need, and do a pilot where you can evaluate them. A partner that works with several major MDM providers can provide unbiased advice, saving you time in evaluations. Here’s where I insert a shameless plug – Avema has helped over 100 companies to evaluate and install MDM software. Ask us any questions you may have.

Buying mismatched software for your IT environment

Similar to ensuring that the MDM features that you need actually work the way you expect, it’s also important to make sure that the hardware that you’re planning for works with the software that you’re buying. Some MDM features may work “for Android,” but only on certain versions.

For example, if you’re planning to use remote support functionality, different MDM providers do this in different ways, and it won’t be consistent between different versions of Android. Some devices allow remote viewing of the screen but not remote input. Others allow for both. Salespeople may either not know the specifics, or may embellish, knowing that more functionality is being added in future releases.

MDM in the cloud?

Cloud is a popular topic today, and it’s an important decision point for MDM software. MDM usually works with other types of software, such as email or directory services, so it will work better if it matches best to your environment. For example, if all of your other services are on your own servers, MDM is probably not your best choice for your first cloud service. Also, cloud-based MDM often lacks some features compared to the traditional licensing model.

If you would like help selecting the right MDM tool for your enterprise, Avema can help.  Contact us here.

Even IBM Is Struggling With BYOD

Wednesday, May 30, 2012

“The trend toward employee-owned devices isn’t saving IBM any money, says Jeanette Horan, who is IBM’s chief information officer and oversees all the company’s internal use of IT. Instead, she says, it has created new challenges for her department of 5,000 people, because employees’ devices are full of software that IBM doesn’t control.”


IBM has had a BYOD program since 2010, and out of about 400,000 employees, they’re using 40,000 Blackberrys, and 80,000 other smartphones and tablets, some of them employee owned.

Some advantages that IBM has that you (probably) don’t:

  • Technology as core competency of the company
  • Internal tools – they sell their own MDM software and have their own cloud storage application, MyMobileHub
  • Scale

IBM is one of the earlier adopters of BYOD. What can other companies learn from their challenges?


“We found a tremendous lack of awareness as to what constitutes a risk,” says Horan. So now, she says, “we’re trying to make people aware.”

This includes a list of apps to avoid, such as Siri, and external file-transfer services, such as Dropbox or iCloud. Both apps transfer user data, either direct data like hosted files or indirect data like the full contact list transfered to Siri for voice matching purposes, to servers owned by private companies, and the enterprise may not agree with the terms offered by these provider companies. Not to mention these servers may be in foreign jurisdictions and therefore have legal ramifications that the enterprise may find unacceptable. Users are highly unlikely to understand the risks associated with these apps. IBM has it’s own cloud file transfer service, MyMobileHub, to get around these issues.

Employees base their decision to buy a device largely on UI and apps, including things like iCloud and Siri. Does this defeat the point of giving employees the choice to use an iPhone?

The article also mentions that employees are using smartphones to create open Wi-Fi hotspots, which could make data accessible by outsiders.


IBM employees are much more likely to be tech savvy than in most other companies. They would theoretically require less support for day-to-day issues such as accessing email, or help with specific applications. However, the additional security software and workarounds like MyMobileHub create more work and/or cost.


“The trend toward employee-owned devices isn’t saving IBM any money.” I would wager that it’s actually costing more. IBM has far more volume than the vast majority of companies, with which they no doubt negotiate best in class contracts with their vendors. For the employee owned devices, each user would pay for their own bill at much higher consumer rates, and expense it back to IBM. Even if a user expenses half of his bill, it’s probably still more than IBM would pay directly.

Top Five Mobile Challenges for CIOs in 2012

Monday, January 9, 2012

Article published in Wireless Business & Technology:

2012 is shaping up to be a challenging year for CIOs as they figure out how to safely embrace the slew of mobile devices entering their networks. Smartphones and tablets are seriously threatening the IT status quo, and CIOs who fail to adapt and get ahead of this technological upheaval risk getting pink slips and seeing themselves replaced by more agile colleagues.

Clearly, 2012 is the year that organizations of all shapes and sizes must come to terms with their mobile problem. Here are five serious mobile challenges CIOs will have to deal with in 2012… http://wireless.sys-con.com/node/2118812


There is so much happening with mobility in the enterprise, and it’s happening so quickly. We expect to see many more companies looking for outside help in the form of managed services, as it will be very difficult to keep up with all these demands.

Bring Your Own Device (BYOD) Security Policies

Wednesday, November 16, 2011

Creating an effective security policy for personal devices accessing the corporate network

You probably already have a wireless security policy governing the use of corporately owned devices, but what about those employee owned devices?

If you don’t already have a good Bring Your Own Device policy, then your organization falls into one of two scenarios:

  1. Personal devices are being blocked from the corporate network and therefore your company is missing out on the free increased productivity associated with an employee making use of a mobile device.
  2. Personal devices are already accessing your corporate network, with or without your knowledge, and you aren’t doing anything to ensure that this is being done securely.

In either case your organization can likely benefit from a good corporate policy which allows a user to take advantage of the increased productivity in a safe manner. In general a good BYOD policy acknowledges that the enterprise doesn’t own the device but does, however, own the data. It is reasonable to require that this corporate data be effectively protected. Your policy should include specific points addressing each of the following:

  • What happens to the data when an employee leaves the company?
  • What about lost or stolen devices?
  • How is a device configured to receive and transmit corporate data?
  • What kind of passwords are acceptable to use?
  • What kind of encryption standards are acceptable?
  • What types of devices are allowed and what types are not?
  • What about jailbroken, rooted or compromised devices?

In an effort to enforce these BYOD policies many corporations are looking to MDM software. This type of software has the ability to ensure the correct corporate policy is enforced based on the device type and employee job function.

IBM Adds Hosted Mobile Device Management Service

Wednesday, November 16, 2011

IBM has announced that it will be entering the Mobile Device Management ring with the introduction of an MDM service aimed at enterprises “embracing employees bringing their own devices.”

IBM has partnered with Juniper Networks to provide this cloud-based service, which is expected to be offered at a price of $3-$10 per device.

In its press release, IBM makes specific mention of their intention to include the capability of “protecting against spyware and viruses” on the mobile devices under management.  Such functionality could be a differentiator in the MDM space. It will be interesting to see how this product is able to accomplish something not typically mentioned in other MDM products.

Companies that are most likely to use the IBM MDM service are ones that are already outsourcing IT management to IBM, which, of course, tend to be very large companies.

Google, who has announced plans to support the BYOD trend by offering an MDM-like service, echoed this strategy. 

The fact that these tech heavyweights consider BYOD important enough to invest resources in it supports the industry consensus that mobility and IT are making a significant shift with the consumerization of IT. 

Google joins the Mobile Device Management Bandwagon

Tuesday, November 15, 2011

Google has recently announced plans to offer a Mobile Device Management (MDM) type of service within the Google App suite. This service will allow the basic management and policy enforcement of corporate iOS, Android and Windows Mobile devices.

It’s too early to say how well the functionality and features compare to established MDM vendors. Google has created many applications and services over the years. Some do very well, others stumble along, and still others are eventually pulled.

Similar to many other MDM providers, this service will connect to devices making use of the standard ActiveSync protocol. For more information check out this article over at InformationWeek.

This service is only useful to companies already using Google Apps. While this is a small segment of the enterprise market, the tantalizing zero dollar cost might be enough to draw a few enterprises towards Google Apps. 

It will be interesting to see the effect on the overall MDM market if Google chooses to make this project a priority in 2012.   

Flaw in Apple iPad 2 Could Lead to Security Breach

Friday, October 21, 2011

9to5Mac has pointed out a flaw in the locking feature of the iPad 2. Essentially, a malicious person could circumvent the passcode locking mechanism by holding down the power button while closing and then opening the smart cover and then swiping the cancel button.  This has been confirmed for devices running the new iOS 5 but may affect earlier versions as well.

This is particularly concerning to enterprises that rely on the use of a passcode to protect and encrypt corporate data on iOS devices. Physical access to a lost device would be all that is needed to access data protected in this way. This kind of vulnerability highlights the usefulness of Mobile Device Management software, which allows devices that have been lost to be remotely wiped of corporate data.

For now, users can mitigate their vulnerability by following some advice from lifehacker. To fix this bug:

…go to Settings, then General Settings and switch the “iPad Cover Lock/Unlock” button to Off (http://lifehacker.com/5852064/how-to-prevent-someone-from-breaking-into-your-ipad-2-with-a-smart-cover)


Jailbroken, Rooted, and Compromised Mobile Devices – What Does That Mean?

Wednesday, October 5, 2011

You may have heard the terms “jailbroken” or “rooted” in relation to Apple iOS and Google Android devices. This is the concept of altering the device operating system for the purposes of removing or circumventing restrictions.

The OS’ which power smartphones and tablets are specifically designed to be restrictive.  There are free software packages available that can remove these restrictions.

There are several reasons that a user might want to compromise the OS of their device. A few examples include:

  • install software that has not been approved or has not been made available by the manufacturer/carrier
  • augment or create additional operating system features
  • install commercial software without purchasing licences for that software
  • freely migrate from one carrier to another
  • repurpose the hardware for a use not anticipated or intended by the manufacturer

By itself, the concept of circumventing OS restrictions is not necessarily a bad thing. There are many peoplewho use jailbroken or rooted devices every day without issue. The potential danger is that circumventing these restrictions requires, and later allows, the use of unsigned, unapproved code which may contain viral or malicious code. This type of code has the potential to:

  • facilitate unauthorized distribution of data stored on the device. For example, secretly forward corporate emails or contact lists
  • disable or prevent encryption
  • circumvent passwords to unlock devices

In response to the risk associated with a compromised device, many organizations have chosen to prevent these compromised devices from accessing corporate data. This effectively eliminates the risks jailbroken or rooted devices having access to corporate data. Educating end users on the risks associated with using a compromised device is a common practice within these organizations. In addition to educating employees, many companies turn to Mobile Device Management (MDM) software to ensure that compromised devices are not used. Many MDM software packages allow companies to limit or prevent corporate data from being accessed  from compromised devices.

For more information about MDM software, download the complimentary “Executive Brief on MDM.”

My CEO, CFO, VP or Other Really Important Person Just Got an iPad… How Should IT Support It?

Sunday, September 25, 2011

Let me be the first to say, congratulations to your important person on his/her new toy. Now how do you make sure he/she has access to his corporate email, calendar, etc? More importantly, how do you secure that corporate data?

If your organization is like most corporations you are probably using Microsoft Exchange to provide access to corporate email, calendar, and contact lists though the use of a service known as ActiveSync.

The good news is that newer versions of iOS and Android natively support ActiveSync. The bad news is that Exchange/ActiveSync doesn’t do much to secure that corporate data once it gets to the mobile device. If your important person loses the device, that corporate data is left unprotected.

If you want to protect that data from being stolen, you will need a class of software known as Mobile Device Management or MDM. This type of software allows you to ensure that your important person has safe and secure access to the corporate data they need on the device they want.

Here are a few of the main benefits of using MDM software on your iOS and Android devices:

  • You can ensure passwords and encryption are used, and used properly.
    • If a device is physically lost the data remains securely protected.
  • You can remotely wipe a lost or stolen device
    • If a user reports a device missing you can easily remotely wipe corporate data, or even the entire device.
  • You can ensure the device is provisioned correctly, and this can be done remotely
    •  Profiles to access corporate email, contacts, calendars, wifi, vpn, etc. Can be remotely pushed to the device greatly reducing the amount of time you need to spend setting up each new device.

If you have the right MDM software in place, and your security policies are implemented properly your important person can continue to happily use their new toy and you can feel comfortable that your company’s data is safe.