Many organizations struggle to define mobile work/play boundaries

Many organizations struggle to define mobile work/play boundaries

The K-12 private education Paideia School in Atlanta now hands out about 550 Apple iPads each year to students for classroom teaching and homework purposes. And while students love them, some parents are now pressing the IT department to restrict use of apps on the devices because they think there's too much game-playing.

"We don't block the apps the students are using, and a lot of students are playing Angry Birds,' something we don't want," says Brian Meeks, network engineer at Paideia School. Teachers there have embraced iPads as an academic tool for classroom learning, and the school's philosophy is to encourage students to adhere to using iPads only for schoolwork. But kids will be kids, and their parents are noticing their children see the iPads as great toys as well.

Meeks says the school may well have to reluctantly make the decision to put tighter controls on the school's iPads.Paideia School has deployed the mobile-device management (MDM) software Sophos Mobile Control on the student iPads for purposes that include managing inventory, configuring and installing apps, and checking to make sure iPads aren't "jailbroken." In the future, Sophos Mobile Control may be used to restrict the apps that students use, too, says Meeks.

HP: 90% of Apple iOS mobile apps show vulnerabilities

Differentiating between apps for work and play is not just an issue for schools. Businesses and government have similar concerns about work and personal apps. Most of the MDM software can use whitelisting to restrict apps, points out Andrew Braunberg, research director at NSS Labs, which does analysis and testing of network gear.

But many organizations want to go further than just whitelisting, Braunberg notes, by creating a "secure workspace" on mobile devices, whether these are corporate-issued or the employee's own "Bring Your Own Device" (BYOD) personal mobile device.

One challenge in doing this, says Braunberg, is that the popular mobile platforms, especially the ubiquitous Apple iOS and Google Android, are changing fast, creating both the opportunity to do new things but the struggle of keeping up with the latest bells and whistles.

The Apple iOS 7 platform, for example, "has an additional way to do containerization through what's called Managed Open In'," says Braunberg. Apple's Managed Open In' feature in iOS 7 lets IT managers control which apps and accounts are used to open documents and attachments. It can prevent personal documents from being opened in managed apps.

There are many other approaches to this idea of "secure workspace" and NSS Labs goes into several of them in its report out this week entitled, "Need for Data Isolation Drives Innovation" on which it reviews a number of today's mobile application management (MAM) options.

In this report, NSS Labs examines several options for "secure workspace" technologies available from vendors AirWatch, Aruba Networks, Cellrox, Citrix, Enterproid, Fixmo, MobileSpaces, OpenPeak, Red Bend, Samsung and VMware.

"The list is in no way comprehensive," Braunberg acknowledges, noting there are several more in the MDM/MAM software market today. But each in the NSS Labs report "introduce trade-offs in usability and app development overhead" that NSS Labs says should be carefully considered before jumping in.

The report notes that some vendor offerings are "offered only through service provider or device manufacturer channel relationships," the NSS Labs report points out. "Within the United States, both AT&T and Verizon have been actively working to deliver secure workspace services. AT&T is currently partnered with Enterproid and OpenPeak, while Verizon is currently partnered with Enterproid and VMware."

Braunberg says the "main questions that any organization needing to control apps should be asking are: How will it impact the user experience? What's the impact on the development community?" To build certain kinds of "hardened apps," for example, that use code libraries for encryption authentication and VPNs, he points out, might mean a major commitment of development time and money.

Ellen Messmer is senior editor at Network World, an IDG publication and website, where she covers news and technology trends related to information security. Twitter: MessmerE. E-mail:

Read more about anti-malware in Network World's Anti-malware section.

Join the CSO newsletter!

Error: Please check your email address.

Tags MDMNetworkingsecurityeducationwirelessindustry verticalsanti-malwaremobile appssophosApple

More about AppleCitrixGoogleHPIDGSamsungSophosTwitterVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Ellen Messmer

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place