If users are looking to protect their personal Android smartphones or tablets, they have several options to remotely lock, wipe, or locate their devices:
Locate the lost device using GPS. As soon users discover their device is missing, they may want to try to locate it. They need a web-based interface that they can log in to, for locating the lost device using GPS.
Depending on your device’s make and model number, the vendor itself may provide services to remotely locate, lock, or wipe devices. Services are available to device owners from vendors like HTC, Samsung, and Google to manage these actions.
Remotely lock or wipe the device, or set off an alarm. If users are unable to locate a lost Android device using GPS, they can remotely lock or wipe it. They can also set off a remote alarm on the Android device to attract attention to it.
These actions are also typically taken from a web page by the device owner.
Recommend that users shop for loss and theft protection services from their carriers. Several carriers offer such services that may be competitively priced in comparison with buying them directly from a vendor.
Protecting personal Windows Mobile and Windows Phone 7 Devices
Microsoft’s Windows-based mobile operating system comes in two basic flavors. One is the older Windows Mobile operating system that runs on several phones from vendors such as HTC and Sony Ericsson; the other is the relatively newer Windows Phone 7. Both are vastly different operating systems with different sets of supported features.
Microsoft offers a service called My Phone for Windows Mobile and Windows Phone 7 devices, with support for loss and theft protection features, as well as the ability to sync photos, music, and other data from the phone to a computer.
Microsoft’s My Phone service (http://myphone.microsoft.com) is available in two options. One is a free option with limited features, and the other is a premium option with fully supported features.
If the user’s phone is lost or stolen, he can use the following My Phone features to protect the data:
Locate the lost device by using GPS. After the user has signed up for Microsoft’s My Phone service, he can locate a lost or misplaced device by logging into the service using a web browser from any computer.
Note that the free version of Microsoft’s My Phone service provides the location of a device when the last sync operation was performed. This clearly isn’t the same as locating the actual device when it’s lost or stolen. For example, if the user last performed a sync a month ago, it will show the location where the sync was performed, not the current location of the phone.
Remotely lock or wipe the device, or set off an alarm. If the user is unable to locate the lost device using GPS, he should attempt to remotely lock the phone or even wipe its contents clean. The My Phone service provides these services for a fee.
Remotely locking the device with My Phone involves using the web-based My Phone interface and setting a passcode to lock the device. The device owner can also use the My Phone web interface to issue a wipe command on the device if he’s fairly certain it has been lost or stolen.
Other solutions available commercially from other vendors include similar web-based interfaces to issue remote lock or wipe commands.
Protecting personal Blackberry devices
RIM offers a BlackBerry Protect app through the BlackBerry App World. This app allows users to protect their personal BlackBerry devices from loss and theft by giving them the ability to remotely lock, wipe, or locate their devices. The app also enables users to back up to a remote BlackBerry server and to restore the backup to a new BlackBerry device if the old one is lost.
BlackBerry Protect is available for users to download for free from www.blackberry.com/protect or from the App World on the device. Users can configure device backups at regular intervals of time and specify what types of data should be backed up (contacts, text messages, calendar, memos, tasks, and bookmarks).
From the BlackBerry Protect website, users can log in and take actions on their device, such as remotely locking or wiping the device.
Exploring Enterprise-Grade Solutions for Various Platforms
If you want to deploy a corporate solution to protect your employees’ mobile devices, you need what is generally referred to as a mobile device management (MDM) solution, which provides the remote management, provisioning, and configuration capabilities that enable you (the administrator) to take actions such as remotely locking or wiping devices.
Enterprise solutions typically include a web-based management interface that you can access from any web browser on a PC or Mac. The management interface allows you to manage a large number of devices, including remotely locking, wiping, or locating lost or stolen devices.
An enterprise MDM solution comprises a combination of mobile software apps deployed on the devices themselves, and a management console for administrators. Most MDM solutions offer the management server as an in-house appliance — SaaS (software as a service) — or a virtual appliance.
Enterprise-grade solutions for Apple iOS
If you’re looking for an enterprise-class solution scaling for thousands of iOS devices, look for solutions from vendors like Juniper Networks or MobileIron, which offer some of the more attractive and effective loss and theft protection for iOS devices. Juniper’s Junos Pulse solution and MobileIron’s Virtual Smartphone Platform are products available for enterprises to protect their employees’ lost or stolen devices.
Enterprise-grade solutions for Symbian
Solutions from Juniper Networks and WaveSecure (now McAfee) are among the more attractive and effective solutions for loss and theft protection on Symbian phones. Juniper’s Junos Pulse solution provides a good combination of enterprise features, including SSL VPN and loss and theft protection. Junos Pulse also includes a web-based management console that provides for easy administration of remote devices, scaling to thousands of devices.
Enterprise-grade solutions provide you with the ability to set passcode policies, locate or wipe stolen devices, or restore previous backups to devices. You can enforce and own actions that otherwise would be the user’s responsibility.
Enterprise-grade solutions for Android
One of the challenges of managing Android devices within an enterprise is the diversity of those devices. Android devices can range from smartphones built by Motorola, Samsung, or HTC to tablet devices from the same or other vendors. Employees are bringing all types of Android devices to work, thereby presenting the challenge to IT administrators to centrally manage all of them.
Several vendors offer competitive solutions for managing and securing Android devices. Solutions from Juniper Networks, WaveSecure (now McAfee), and Lookout are among the more attractive ones to protect Android devices from loss and theft.
When shopping for an Android solution, look for the diversity of devices and platforms supported by the vendor’s solution. Look for vendors that support all recent Android versions, or else you’ll be unable to support employees that have devices running certain versions.
Enterprise-grade solutions for Windows Mobile and Windows Phone 7
If you’re looking for enterprise-class solutions to provide loss and theft protection on Windows Mobile phones, several vendors provide such solutions. Solutions from Juniper Networks and Lookout are among the more attractive ones providing loss and theft protection for Windows Mobile smartphones.
At the time of writing this book, because Windows Phone 7 is still relatively new, there isn’t an enterprise-class mobile security solution available in the market for Windows Phone 7. The only solutions available for Microsoft’s mobile operating system are for Windows Mobile–based smartphones.
Enterprise-grade solutions for Blackberry devices
Devices running the BlackBerry operating system from RIM are typically protected and managed using the BlackBerry Enterprise Server (BES). BlackBerry devices are widely used within corporate environments and can be managed using the BES. The BlackBerry Ent
erprise Server can deploy apps to the managed devices and also send remote commands to the devices, such as to lock or wipe them.
For a corporate deployment, other solutions are also available to provide loss and theft protection to BlackBerry devices. Vendors such as Juniper Networks, McAfee, and Lookout provide attractive solutions that enable you to remotely lock, wipe, or locate lost or stolen BlackBerry devices.
These solutions protect Blackberry devices against loss and theft by allowing you to take the following actions:
Remotely locate the device.
Remotely lock or wipe the device.
Remotely set off an alarm on the device.
Detect SIM card changes and automatically wipe upon detecting a SIM change.
Deploying Enterprise-Wide Loss and Theft Protection
If you need to deploy loss and theft protection on hundreds or thousands of devices across your enterprise, you need to identify the platforms you want to support in your enterprise and then shortlist the vendors whose solutions you’d like to deploy.
Here are the specific steps you need to take to start planning your deployment:
1. Determine the types and platforms used in the enterprise.
Find out what types of devices and platforms you need to support across all your users in the enterprise. Can you limit yourself to supporting only Apple’s iPhones and iPads, or will you need to support Android devices as well? And what about BlackBerry devices, or the users who’ve bought themselves the shiny new Windows Phone 7 devices?
2. Shortlist the solutions feasible to protect each type of platform.
From your analysis of all the individual platforms, make a list of the available vendors and solutions to provide loss and theft protection for all the platforms you need to support.
Table 11-1 is an example of what your list might look like.
3. Evaluate free trials of the shortlisted solutions.
After you’ve identified the leading solutions of loss and theft protection for the platforms you need, explore free trials. Many vendors offer limited free trial durations (such as for 30 or 60 days), which will help you evaluate those solutions.
In the rapidly changing world of smartphones and other portable devices, look for vendors whose solutions aren’t restricted to just one or two mobile platforms. Because employees are likely to buy more than just one or two types of devices, it’s ideal to roll out a solution that will address everyone’s needs and provide a comprehensive loss and theft solution.
Case Study: AcmeGizmo’s Lost or Stolen Device Recovery
Returning to our ongoing AcmeGizmo case study, recall that Ivan, the IT manager, had fully deployed a smartphone solution for several hundred employees of AcmeGizmo. This solution included a mobile security solution that protects the mobile devices and the data on them, as well as a VPN solution, which authenticates users and encrypts any data transiting between the mobile device and the AcmeGizmo network.
Ivan was at his desk one afternoon when he received a frantic call from Ed in Engineering. Ed had been sitting in the food court at the mall enjoying lunch when he reached into his pocket to check the e-mail on his new Android phone, only to realize that it was not there. He checked his jacket pockets and shopping bags to no avail. Ed’s biggest concern was the fact that his phone contained the latest revision of the next-generation widget design that he and his team had been working on, despite a corporate policy against storing such data permanently on mobile devices. If this information were to get into the hands of AcmeGizmo’s competitors, their groundbreaking design would be compromised.
The first thing that Ivan did was log into the Junos Pulse Mobile Security Gateway and lock the device. Figure 11-4 shows the two commands (Handset GPS Location and Handset Lock) that Ivan sent to Ed’s mobile device. Fortunately, Ivan was able to successfully lock Ed’s device and track it via the GPS feature on the phone. Unfortunately, it appeared as though the device were in someone’s vehicle heading northbound away from the mall on the freeway.
Figure 11-4: Remotely locking and locating Ed’s lost mobile device.
Ivan’s next step was to turn on GPS Theft mode, which constantly updates the Mobile Security Gateway with the device’s location and emits an audible “scream” or alarm on the device. Ivan was able to emit the alarm even though Ed had left the device in silent mode.
Ivan also initiated a wipe of the handset, as shown in Figure 11-5. Despite not being able to confirm that the thief actually wanted access to sensitive corporate data, best practices dictate that the handset be wiped in this case, to avoid that data getting into the wrong hands.
From that point, Ivan realized that his investment in this security infrastructure had paid off — the device had been wiped. Because the location tracking was enabled, Ivan was also able to report the theft to the local police department so that they could recover the device.
Figure 11-5: Placing the device into Theft mode and wiping sensitive data.
Chapter 12
Educating Users about Backing Up Data
In This Chapter
Backing up data from a mobile device
Restoring data from a mobile device backup
Transferring data from one mobile device to another
Just as we detail in Chapter 11, there are practical things you must tell your employees about mobile device security. In this chapter, we give you information that you can readily pass along to users, written at their level. Check the facts because some of the procedures may have changed since the writing of this book, but use the material in this chapter to show users what to do to back up, restore, and transfer data.
Smartphones, tablets, iPads, and other portable devices that work along similar lines are increasingly vital to our daily lives. On these devices reside plenty of vital personal and corporate data, including e-mails, SMS messages, contacts, call logs, photos, and videos. Anyone who has lost or misplaced a smartphone can vouch for the fact that losing such a device causes a lot of angst, especially if the device’s contents aren’t backed up to a computer or other storage device.
This chapter looks at the types of data that users need to back up from their mobile devices and smartphones. We also look at the tools available to back up and restore data for different types of mobile devices.
Backing Up Data from Smartphones
As smartphones and tablets steadily gain adoption, the amount of valuable data on them is also growing. Employees bring many of these devices into the corporate workplace and use them to access e-mail and other applications. As an administrator managing mobility policies for your corporate users, you may need to take actions such as remotely locking or wiping a device when it’s lost. In such circumstances, when the user gets a new device, it becomes a simple matter of restoring the previously backed up configuration to the new device. Having backups not only benefits the users who can get their data onto their new devices easily but also enables you to take actions such as wiping the device, knowing that the contents are securely backed up.
It’s critical for device owners to back up their devices periodically to avoid losing data accidentally. As an administrator, you must encourage users to back up their devices often and explain how to do it. This chapter describes in detail the steps that device owners can follow to regularly back up all the contents or specific contents of their devices.
Mobile devices such as smartphones and tablets have the following types of data that need to be backed up:
Personal files, including videos and photos
Call log and contact information
Apps and app settings
SMS messages
E-mail and calendar information
Phone settings (backgrounds and other customized configurations)
Though almost every smartphone has the ability to store the preceding types of data, the mechanisms to back up or restore data differ drastically from one device type to another.
Most smartphones rely on the technique of backing
up data when the device is physically connected to a computer. Desktop applications such as BlackBerry Desktop Manager, Apple iTunes, and Nokia PC Suite can be installed on the user’s computer. These applications can back up some or all of the preceding types of data from the device to the computer. They can also restore data from the computer back to the device. Encourage users to back up their smartphones or mobile devices often by connecting those devices to their computers.
Some commercial software applications can back up the smartphone’s contents periodically without requiring that the device be connected to a computer. These applications are especially useful if you want to deploy a corporate-wide solution for all your company users. We look at such applications in Chapter 15 as well as in the section “Exploring Corporate Solutions for Backup and Restore,” later in this chapter.
Instructing Users on Backing Up Their Devices
In the following sections, we give you examples of the type of hands-on instructions that you’ll want to pass along to your users for backing up their devices.
Backing up iPhones and iPads
Apple provides the iTunes software application that can be installed on Windows PCs and Mac computers. The iTunes application (www.apple.com/itunes) provides a simple user interface to control backups as well as to restore data from the computer back to your device, if needed.
To back up an iPhone and iPad to your computer, connect your device to your computer and sync it with iTunes. iTunes makes a backup each time you sync the device to your computer.
Only one copy of the backup is maintained, so even if you back up more than once, only the most recent copy is maintained on the computer.
Mobile Device Security For Dummies Page 27