It was a dark, cold, and scary night when I returned from dinner with friends and noticed that my mobile phone was missing. It had corporate sensitive data such as emails, calendar events, and documents, as well as personal data (including pictures, videos and other documents). Well, let me be honest with you, I didn't really lose my phone. However, many cell phones, tablets, and other gadgets are lost or stolen on a daily basis. The problem of stolen mobile devices is huge. According to a report from the Federal Communications Commission (FCC) earlier this year, about 40 percent of robberies in Washington, D.C., New York, and other major cities now involve mobile devices. The FCC has teamed up with the nation's top wireless carriers, including AT&T, Verizon, T-Mobile, and Sprint, to develop a database of stolen mobile devices.
Allowing employees to access corporate email, critical business applications and data makes workers more productive and effective. Finding just the right balance when allowing easy access to the applications that users need to be more productive, while maintaining the integrity and security of enterprise resources, will give your organization a competitive advantage.
Stolen and lost devices are among the many challenges of mobile device security.
There are many third-party tools and solutions for mobile device management (MDM) and mobile application management (MAM) that allow administrators to set mobile device policy or provision software (apps). An MDM can perform and facilitate the following features:
Enforce an encryption policy for both the mobile device, as well as media components such as Secure Digital (SD) cards.
Lockdown security for the device camera, SD, Bluetooth, or Wi-Fi
Remote lock and wipe
Real-time remote control
Enterprise data boundary with selective wipe and privacy policies
Access control, device visibility and blocking of email access
Digital certificate distribution
Secure administration with role-based access, group-based actions and persistent log and audit trails
There are other less sophisticated apps such as "Find My iPhone" and "Where's my Droid" that allow you to locate your phone, tablet, or even your laptop (MAC) on a map, display a custom message on the device screen , play a sound (even if your device is set to silent) , and remotely lock or wipe your device .
Identity, authentication, and system-wide visibility showing you who and what is on the network (wired, wireless, or VPN) is also very important. Cisco Identity Services Engine (ISE) provides a consistent enforcement of policies across wired and wireless networks. It integrates authentication, authorization, and accounting (AAA) services, as well as profiling, posture, and guest services to simplify deployments and cut costs. Cisco ISE provides greater visibility and control of the endpoint with Mobile Device Management solution integration. MDMs take a device-centric approach to management while Cisco ISE takes a network-centric approach. Each solution provide distinct services and they are not mutually exclusive. Many administrators deploy both an MDM and Cisco ISE solution in parallel. Cisco is working with several MDM vendors to continue to integrate services and functionality that are part of the "Bring Your Own Device (BYOD)" solution.
At some point in the life cycle of a device or employee, it may become necessary to terminate access to the device due to a lost or stolen device, employee termination, or other changes. Network and security administrators must have the ability to quickly revoke access to any device and "remotely wipe" (erase) some or all of the data (and applications) on the device.
Share your experiences while addressing these issues and how you overcame some of these challenges.
After a "TelePresence SX20" disconnect occurred in a video conference, troubleshooting was initiated to identify the root cause. After log analysis, we found that the call was disconnected by H.323 timeout.I would like to know if you have any analysis or ...
I have an Ironport C670, where all licenses have expired except for Incoming Mail Handling, but the emails were "being sent" because there was no queue at the checkout, but the recipients did not receive them, however all employees were receiving and emai...
Hi all, I am working on a 5510 ASA that I have acquired and I seem to be having an issue getting gig throughput on it. I can configure it to get on the net and get the ACLs and NAT working and all that, however, when I do a speed test on my PC, I see...
I was wondering how I would figure out if all ISE 2.4 features in code version 15.0.2-SE11 on multiple cat3k platforms are supported. I have followed the release notes of and matrix, and while this code version falls in-between the minimu...
Hi guys,today I am faced with a NAT issue and want to ask you for your valued advice.An external host (and only this host) should access the outside interface of the ASA (OS rel. 8.4(7)30) and this should be translated to an internal server for all kind o...