Feb 13, 2013

Mobile Security - A Day in the Life of an
IT Manager

In today's Whiteboard Wednesday, Saj Sahay and Giri Sreenivas do a little role play and discuss what it is really like to be an IT manager during the BYOD trend. Giri and Saj will provide you with more information around what BYOD is, how it effects your organization and what you can do to protect your company's information through mobile devices. Using a mobile risk management or mobile risk assessment software like Mobilisafe will allow you to track all of the devices that connect to your exchange server, see which devices are at risk, and even allows you to set policies that ensure that every device on your network meets the required security needs.

Read Video Transcript

Saj: Hi, everybody. My name is Saj and I am the Senior Director of Marketing here at Rapid7.

Giri: I'm Giri and I'm the VP and GM for Mobile at Rapid7.

Saj: Great. Welcome to another example of Whiteboard Wednesday. Today our topic is a day in the life of a customer. In this example, we're actually going to step back and do some role-playing for your guys today. So Giri is going to be an IT manager at a company and I'm going to ask him some questions related to his experience every day, both with the BYOD as well as the mobile security that goes along with BYOD.

Thanks for joining us today, Giri. Maybe you can start off by telling us a little bit about why did you enable BYOD in your company and why did you ultimately choose MRM solution to work with BYOD?

Giri: Absolutely. So let me take a step back for a moment and just talk a little bit about what BYOD is. So BYOD is a bring your own device trend, and what that really means is it's about employees bringing in devices that they've purchased to get work done. For example, this could be an iPhone. It could be an iPad, an Android device.

It's whatever device that employees choose to use for their personal life that they decide they actually want to start using for work as well. It's something that actually started with like a C-level exec wanting to say, "Hey, I really want to use my iPhone. Figure out a way to make it work."

So BYOD was going on around us and so I made a decision to securely enable BYOD. What that means is I want to know that my data and the company's data is actually secure on the employees devices as they're getting access to it. These are not devices that we as a company own but they're devices that have access to our data and actually save our data on them, so we have to be really careful about how we secure that data.

Saj: Great. Wonderful. So why did you choose an MRM solution? What is MRM? Maybe start off with that.

Giri: Sure, yeah. MRM is mobile risk management and what that means is basically it's a risk-based approach to ensuring that data is secure that's going out on these devices. So the reason I went with a mobile risk management solution is because I'm really busy. As an IT manager, I just don't have a lot of time. I'm certainly not getting a lot of resources.

I'm not getting a lot of money to go out and figure out how to solve this problem. I took a look at MRM, mobile risk management solution. I figured out, with the risk-based approach, there's a lot of automation that's involved. What that means for me is I get to a point where I understand what kind of risk my organization is willing to tolerate and I get to set it and forget it.

What that means is I get to go in to the small works management product, set some policies that make sense and decide that after that, it's going to take care of things for me. For the bring-your-own-device trend, there's certain things I cared about. I wanted to make sure that devices had a password-enforced lock screen enabled. I wanted to make sure that device encryption was enabled and I wanted to know when brand new devices were coming online.

For example, when we first enabled our secure bring your own device program, we figured out that about half the employees were using devices. But then really quickly we figured out that that number grew to about 80%. Turns out that that's actually pretty typical today. Most companies have about 80% of employees actually using mobile devices. So we started to learn about that and grow our security program as a result.

Saj: Great. So maybe we'll just step back and let me see what you do every day. So tell me what happens when you get into the office in the morning.

Giri: Right. So when I roll into the office in the morning, the first thing I do is open up my email and one of the first emails that I see is one that explains to me exactly what is going on within my organization as it relates to mobile security. So what I see is an average score that helps me understand how risky or how trustworthy is my environment, with regard to mobile devices? helps me understand how many mobile devices there are and any new employees that have brought their device online.

Once I understand and get a sense for that, I feel a little bit more comfortable knowing that, "Okay, I've got a solution that's helping protect our data as new employees are bringing in, using their devices."

Saj: So why is all this important?

Giri: Well, one of the main reasons that it's important is, what I've come to learn just by using a mobile works management product is mobile is very dynamic. So employees are changing devices all the time. There's new firmware updates that come out all the time, new vulnerabilities are being discovered, and I really need something that's sort of staying on top of that and managing it for me. If I don't do that, the thing that I worry about is that our data is going to be at risk. The last thing we want is to have a CNN moment.

Saj: That makes a lot of sense to me. So what has this done for your people in your company?

Giri: Honestly, it's made employees a lot happier.

Saj: Good.

Giri: It's actually given IT a sense of security in the sense that they know that there's a solution that's actually taking care of the problem for them. Employees know that when they come online and they bring their device online that it's actually being encouraged. That's a fundamental difference for us as an IT team where we're actually telling employees, "We can enable you to use your devices. We want you to be happy with the devices that you use and we have a way to manage the security around it."

It turns out that when we actually send messages out to employees to get their devices updated to run the latest versions of firmware, not only are they closing security holes that we care about, but they're getting new features. They're getting better performance, better reception so it's really a win-win scenario.

Saj: I would imagine that you just became the best friend of your employees, as opposed to being kind of the enemy, right?

Giri: Yeah, we're certain in a lot better place than we used to be.

Saj: That's great. That's wonderful. Thank you, everybody, for joining us today for another great Whiteboard Wednesday.

On-Demand Webcast

Establishing Your Company's Mobile
Security Policy

Watch Now