Introduction
Mobile devices, including smartphones and tablets, rule the marketplace. Regardless of whether these devices are employees’ personal devices or company-issued, you need to adopt best practices in an effort to secure them. It’s an effort, because very little planning and budget are devoted to these powerful little devices; but you have to have a plan for securing your company and its network, people, resources, and information.
This book helps you plan for mobile device security in your business and extend it into the lives and homes of your company’s employees. Having a plan helps you plead your case to management, and this book gives you the background you need to make the best decisions for your own implementation of mobile security, management, and control.
We (the authors) work on mobile security software and hardware and have worked for many years on security software implementation throughout the world. This is not to emphasize our massive intelligence in the matter, but rather point out that we’ve seen just about every marketplace and every issue that various IT departments and network administrators face in implementing a mobile strategy. And because we work for Juniper Networks, on the Junos Pulse product team, we know intimately what our customers need. In this book, we give you a view of the mobile security world from a collective viewpoint: beginner, implementer, and successful provider. Regardless of whether you choose Junos Pulse or another solution, or implement your own customized solution, this book helps you understand the threats facing mobile device adoption today and implement the current best practices for securing these devices in the enterprise (the best practices we’ve learned the hard way).
About This Book
This book isn’t meant to be read from cover to cover. It’s more like a reference than a suspense novel. Each chapter is divided into sections, each of which has self-contained information about a specific task in setting up a mobile device security solution.
You don’t have to memorize anything in this book. The information here is what you need to know to complete the task at hand. Wherever we mention a new term or are possessed by the need to get geeky with the technical descriptions, we’ve been sure to let you know so that you can decide whether to read or ignore them. Aren’t we thoughtful? You’re welcome.
Mobile device security has several players: you, the administrator; the mobile device users; management, who must fund security solutions; vendors, who create and sell their solutions; and a shifting crowd of nefarious hackers, thieves, and competitors who are looking for cracks in your wall. While you might find other books about mobile device security, you won’t find one that makes you aware of all the players all the time. This is a new-school book about new-school technology.
Foolish Assumptions
We make a few assumptions about who you are. For example, we assume you bought this book to learn more about mobile device security in the enterprise, hence we assume your job is as an enterprise IT or network administrator. If you’re not one of those industrious people, we assume you might be in IT management or even sales management. In short, you work for a company whose employees all connect to the network with their mobile devices, and you’re supposed to be, somehow, one of the people who control this.
We have bad news and good news for you. The bad news is that we’re sorry you are in this position. If you haven’t had security problems yet, you will. We’ve seen many customers seeking security solutions in our lifetimes, and the good news is that this book details the threats facing mobile device adoption today and the best practices that you can implement for securing them in the enterprise.
Conventions Used in This Book
We know that doing something the same way over and over again can be boring (like Mr. Rogers always wearing the same kind of sweater), but sometimes consistency is a good thing. In this book, those consistent elements are called conventions. In fact, we use italics to identify and define new terms you might not recognize, just like we’ve done with the word conventions. Additionally, when we type URLs (web addresses) within a paragraph, they look like this: www.wiley.com.
That said, throughout this book we use the terms smartphones and mobile devices interchangeably. Sometimes only smartphones have the capability of over-the-air transmission, but new mobile devices are coming that could far surpass even the smartphone’s capabilities. So we use smartphone, mobile device, iPad, iPhone, Android, BlackBerry, and other terms interchangeably, too.
At the end of many chapters, we include a case study based on experience we’ve gained from our customers who have grappled with similar situations. It’s the only way we can justify how many miles we’ve flown during the past five years, but more importantly, we hope you can benefit from this running example of how you might implement some of the policies we discuss throughout the book.
That’s about it. Mobile device security is so new that the only convention you share with everyone else around you is a feeling that your data isn’t secure. At all. But fear not — it will be after you implement the policies discussed in this book.
How This Book Is Organized
This book is organized into five main parts. Don’t feel that you need to read these parts in sequential order; you can jump around as much as you like, and each part is meant to stand on its own.
Part I: Living Securely in the Smart World
Sometimes it’s comforting for authors to describe the world you live in. Part I of this book describes the world that you’re trying control. You’ll be able to find yourself here, in one of the chapters, in one of the scenarios. Misery loves company, and eventually by Chapter 3, we ask you to stop fighting the hordes of mobile devices in your environment and instead embrace them. Embrace, adapt, protect, and manage are the four stages of living securely in this smart new world.
Part II: Implementing Enterprise Mobile Security
Part II assumes you’ve given up the “no mobile devices permitted onsite” fight and taken down the signs. Implementation starts by creating policies and then managing and monitoring them. It’s not rocket science, and chances are you already do many of them today. This part helps you put your policies together and perform the real trick: Make your mobile device policies conform to existing compliance policies so you don’t have to redo policies for the whole company.
Part III: Securing Smart Device Access
Part III moves from the policy to the real world — your network. How do you build the system of monitoring, accepting/rejecting, or limiting access to the hordes of devices entering your main, branch, and remote offices? Not to reveal the ending too much, but you’re going to leverage technology to provide granular, application access control.
Part IV: Securing Each Smart Device
At some point, you have to touch your customer. It’s time to roll out the policy, programs, and technology to encrypt, protect, and back up the device hoards. You don’t want to be in upper management, anyway.
Part V: The Part of Tens
Indispensable places and checklists tend to come in lists of tens, and mobile device security is no different. Turn here often as you read the book, and come back when you’re done.
Icons Used in This Book
To make your experience with the book easier, we use various icons in the margins of the book to indicate particular points of interest.
Whenever we give you a hint or a tip that makes an aspect of mobile device security easier to understand or speeds the process along, we mark it with this little Tip thingamabob. It’s our way of sharing what we’ve figured out the hard way so you don’t have to.
This icon is a friendly reminder or a marker for something that you want to make sure that you keep in mind, or remember, as the icon says.
Ouch! This icon is the equivalent of an exclamation point. Warnings give you important directions to prevent you from experiencing any nightmares. (Well, at least where security is concerned. Offering premonitions about your personal life costs extra.)
Sometimes we feel obligated or perhaps obsessed with some technical aspect of mobile security. We are geeky guys, but mark this info thusly so that you know it’s just geeky background information.
Where to Go from Here
Now you’re ready to use this book. The beginning introduces basic security concepts so you’re familiar with both the terminology and the state of affairs in today’s mobile device security marketplace. If you’re new to mobile device security, start here, or depending on your background, you may want to start by jumping straight to the meat of the discussion in Part II. Once you zoom in to what interests you, we highly recommend going to the other parts or chapters because there are key concepts and usage cases in each chapter.
If you have a mobile device on your desk right now, we recommend muting the ringer and alarms and putting it to sleep for awhile. These devices don’t like to be corralled at first, and if they see you reading this book, they’ll start acting strange for an hour or so.
If you ever want to see what we authors really do, and some of the products we actually get paid to work on, check out Junos Pulse at the Juniper Networks website, www.juniper.net/pulse.
Please note that some special symbols used in this eBook may not display properly on all eReader devices. If you have trouble determining any symbol, please call Wiley Product Technical Support at 800-762-2974. Outside of the United States, please call 317-572-3993. You can also contact Wiley Product Technical Support at www.wiley.com/techsupport.