BYOD Applications and MDM for Enterprises: The Biometric Way

Today’s mobility driven digital landscape is advancing with “on-the-go” approach for personal as well as professional endeavors. Enterprises are also adopting this new way of doing business, which is faster, more efficient and convenient than the conventional one. Companies involved in design and development of these ultra-portable devices have recognized this trend and are fitting more power into even lighter and smaller form factors. Mobility and cloud are under the spotlight as to give users the power of server-side computation on their portable devices. Millions of transactions are being performed everyday on these portable devices, from social media status update to authorizing business transactions or making payments.

Today’s smartphones, tablets and notebooks are more powerful than ever, and with the processing power of cloud servers, they can do complex things in a fraction of second. Now Wearable computers and devices are knocking doors and are set to take present communication and computing scenario to the next level. But with the world shrunken in these devices, they have also become a center of distraction, where every notification wants to grab your attention. Unsolicited advertises, unneeded updates, and unnecessary information seem to keep people occupied. This 24×7 connectivity and ability to do things have also made people more or less addictive to their personal devices even at the workplace.

With increased tendency in employees to use smartphones, tablets and other personal devices at work; first of all Intel introduced BYOD (Bring Your Own Device) concept, in which employees were allowed to bring their own device and access corporate resources with it.

A study conducted by IBM found that employees bringing their own devices to work feel more satisfied. They feel comfortable working on their own device and this comfortability could result in productivity gains, which was indicated in the report as well. Allowing personal devices at work also gave employer a chance to pose as flexible and employee friendly organization. BYOD also results in lowered cost to the company as they don’t have to spend on buying devices.

From the past few years, adoption of BYOD has taken a swift and according to a report by Global Market Insights, Inc., BYOD market size is estimated to be valued at USD 366.95 billion by 2022. IBM Corporation, Alcatel-Lucent, MobileIron, Good Technology, and Cisco are the biggest BYOD adopters.

Flexibility to use personal devices at any location anytime looks great at first glance, but it also poses threats that can be severe in nature if a formal BYOD policy is not properly implemented. Personal devices accessing corporate networks may have not been gone through full IT scan of the company, which would not be the case with company owned devices. Personally owned devices usually come with mediocre level of security. Malware protection and firewall are also not as good as company owned devices, as employees often overlook these aspects. Personally owned devices often do not meet corporate security standards and these substandard end-nodes invite threats. Data stored on the personal devices have more chances to get compromised if device is lost or stolen. Employees may sell their device without informing office IT department and wiping data, which can be retrieved by the untrusted buyer for malicious usage.

Using personal devices at work can result in corporate data breaches, unauthorized access to the corporate network resources, theft of business crucial information or a remote user taking control network resources using weakness of a personal device. On the other hand, rooted or Jail-broken devices can be serious risk to data integrity as malicious apps can access root / system directories of such devices and can compromise data.

Elevated security risk introduced by personal devices is not something cannot be taken care of, with a proper BYOD policy implementation and access control with user authentication, most of these risks can be mitigated.

MDM or Mobile Device Management solutions offer a great relief for enterprises where employees are allowed to bring their devices and connect them with the corporate network. MDM solutions make sure that all communication and transmission taking place via the device is properly managed and secured. MDM solutions provide comprehensive security functions in terminal, transmission, apps, and security management, striking a balance between efficiency and security. They help to apply policies by user and device type automatically.

Mobile Device Management is a complete end to end solution that can help an organization to gain a rich understanding of the new devices on its network and the applications their employees are using, secure their network by controlling what applications and resources employees can access, setting access policies, applying security settings, and deploying enterprise applications. Typically an MDM solution consists of a server and client components. Mobile devices receive commands from server component. Server component can detect devices on network and send settings, updates and commands and can configure them using an administrative console. Over the Air (OTA) configuration is also made possible by an enterprise grade Mobile Device Management Solution. It can remotely lock the device or wipe data if device is stolen or lost. There are MDM solutions in the market that provide feature of “Selective Wipe”, in this feature, only corporate data is wiped from device and user data remains intact.

• MDM solutions use cryptographic containerization to secure data. Applications, documents, emails are processed and stay encrypted inside the container boundaries ensuring corporate data stays classified and does not mix with user’s personal data.
• It can offer functionalities like remote device management, device tracking, monitoring of device usage, tracking of location coordinates and devices logs.
• MDM solutions typically come with a secure email and browser, as inbuilt mobile browser can be potentially unsafe.
• Ability to deploy certificates, Wi-Fi profiles and VPN profiles (including app specific profiles)
• Prevention of cut / copy / paste / save as of data from corporate apps to personal apps
• Secure content viewing via managed browser, Image Viewer, PDF Viewer and AV Player.
• Mobile Data Management solutions also provide ability to manage corporate app catalogue, which can push proprietary enterprise apps to user devices.

An ideal MDM solution has ability to detect whether a device comply with MDM policies or not. Some Mobile Data Management solution also has ability to detect rooted / jail-broken devices so that such devices can be denied enrollment.

It has become nearly impossible to avoid the wave of ultra-portable devices driving the business and not surfing the wave may outcompete your business. While devices being business tools and with the number of threats knocking doors from cyberspace, it has become imperative to implement an efficient BYOD policy. A number of customizable MDM suits available in the market to deploy, which promise to provide the finest experience of mobile device management. All MDM solutions, in some way or other, will use authentication to know its user, so user authentication becomes a crucial aspect of a mobile device management solution and overall BYOD policy implementation.

Traditionally, passwords have been used as a trusted method for user authentication, but with changing times and increasing risks, passwords are losing their significance. An employee can use same password for his personal and professional access, which is again an unintentional security risk. Entering password on a mobile device using on-screen touch keypad does not offer as smooth and user friendly experience as with physical keyboard, and often end-up wrongly entered password. Chances of entering wrong password elevate with a complex passwords containing special characters, caps, numbers and set minimum number of characters. “Remember Password” checkbox looks friendly but poses a security risk in case of device being lost or stolen.

Passwords resetting takes inconvenience and insecurity to further level, answers to password reset security questions can be assumable by anyone knows you personally. Even if you don’t forget your password, most corporate password policies want you change it after a set duration.

Drawbacks associated with passwords made security experts look elsewhere and that’s where biometrics came into the picture. Biometric identifiers are measurable unique traits of an individual. They can be divided in two categories: Physiological and Behavioral. Face, fingerprints, iris, retina, DNA are physiological biometrics while typing rhythm, voice, and gait can be categorized in behavioral biometrics. Biometric characteristics are unique and can be used to uniquely identify a person.

Trial Launch of Biometric Bank card by MasterCard, the leading multinational finance services company, marks the day in history of biometrics. This step signifies that current landscape of financial services needs stronger and securer authentication methods than passwords and PINs.

Biometric authentication is efficient, more reliable, faster and eliminates shortcomings of password based authentication method. It works as a password that people cannot forget or enter incorrectly. There is no need to set minimum password complexity measures as biometrics are already complex enough to be unique. Employees can biometrics both on personal as well as professional devices, without posing any security threat. With more and more mobile devices launching with fingerprint sensors, iris scanners and face recognition software, no additional hardware is required for mobile device to be a biometric authenticator. Combined use of biometrics authentication eliminates even slightest possibility of an accidental match.

Biometrics authentication in mobile device management can add extra layers of security and protect devices from becoming a security risk for corporate network and resources. It can authenticate who and what is on the network, and where. Through biometric identification technology, organizations can control all access throughout the network. Using biometric as authenticator, devices not only become uniquely identifiable but also helps establish that device is in right hands. It ensures that device is being used to the authorized user and not by someone else. Multi-step authentication can further strengthen security measures. In Biometric authentication, data specific points are processed through an algorithm and biometric information is stored in encrypted format. This information is matched every time user wants to login by scanning his/her biometrics. Security features proposed by biometric technology has no alternative and are exclusive to it.

According to a report by Frost and Sullivan, revenue of US$1.48 billion was earned by commercial biometric market in 2012, which is estimated to reach US$6.15 billion in 2019. The wave of socio-economical digital transformation has changed the way people connect, interact, pay, play and work. Enterprises are also keen for digital makeover to take early advantage or the market. The innovation doesn’t stop here, next wave of enterprise cloud computing brings the immense power of “on-demand” environment, where suite of services are available anywhere, anytime.