Chapter 1 What’s So Smart About a Phone, Anyway? In This Chapter ▶ Taking a look at different mobile devices ▶ Getting up to speed on mobile operating system platforms ▶ Exploring data connections ▶ Examining the applications that run on mobile devices ▶ Putting the mobile device security deployment in order ▶ Introducing the AcmeGizmo case study he late 2000s and early 2010s ushered in a new era of mobility in the Tenterprise. Prior to this time, truly productive mobility required users to have a laptop, a mobile phone, and possibly a personal digital assistant (PDA) in order to be as productive offsite as they would be at the office. The rise of the smartphone, however, has changed all of that. Now users can get as much done with a device that fits in their pocket as they could when three separate devices were required to accomplish the same tasks. With tablets reaching widespread adoption as well, many users and organizations are trading in their laptops and desktops and replacing them with these new devices. Your enterprise may have worked for years on strategies for the use of Microsoft Windows (on laptops and desktops) and the Research In Motion (RIM) BlackBerryCOPYRIGHTED OS (on smartphones). MATERIALIn addition to the tools that Microsoft and RIM provide to manage, update, and secure these operating systems, your enterprise may have invested in a number of third-party com- ponents to help secure these systems further. However, with the overwhelming demand to bring smartphones and tablets into the enterprise, many IT departments are forced to allow these devices into their networks, in many cases without properly adopting security poli- cies and procedures and without rolling out the appropriate solutions to secure these devices. Because you have picked up this book, you are most likely concerned about how to successfully adapt what you know about secu- rity to an extremely wide range of mobile devices. 006_9780470927533-ch01.indd6_9780470927533-ch01.indd 9 77/11/11/11/11 33:54:54 PMPM 10 Part I: Living Securely in the Smart World In this chapter, we describe the various mobile device form factors (the physi- cal dimensions of the devices), the operating systems that run on those devices, and the types of data connections you need to be concerned with when planning a mobile device strategy. We also explain how the applica- tions and data running on these devices will impact your mobile device secu- rity strategy. Additionally, this chapter gives you an overview of the many considerations that you need to take into account when you decide to allow mobile devices to connect to your corporate network. We give you an introduction to the components that make up a successful mobile device security deployment, and then the rest of the book goes into the details. Finally, the chapter ends with an introduction to a case study of AcmeGizmo, a fictional company. At the end of many chapters of the book, you’ll find case study excerpts to show how this example company chose to deploy various security products and solutions to secure its employee smartphone deployment. Exploring Different Mobile Devices The many different mobile computing devices available in the market today range in sizes small enough to fit in your pocket to large enough to require a backpack or over-the-shoulder bag. In this section, we introduce the major form factors of mobile computing devices. Smartphones and tablets Smartphones and tablets fuel today’s mobile device explosion. Tens of mil- lions of these devices have been adopted in the last few years, with forecasts of tens of millions more to hit the market in the near future. These devices have very quickly found their way into the enterprise, and they’re the pri- mary subject of this book. Many of these devices (and their associated operating systems) were designed for the consumer market, and vendors have added more enterprise-friendly functionality over time. Still, their roots as consumer mobile devices have left some enterprises dissatisfied with or unsure of the risk level of these devices. Typically, these devices run operating systems specifically designed for smartphones: primarily, Apple iOS, Google Android, RIM BlackBerry OS, Microsoft Windows Mobile (up to version 6.5) and Windows Phone (version 006_9780470927533-ch01.indd6_9780470927533-ch01.indd 1010 77/11/11/11/11 33:54:54 PMPM Chapter 1: What’s So Smart About a Phone, Anyway? 11 7.0+), and Nokia Symbian (which Nokia is in the process of abandoning in favor of Microsoft Windows Phone 7), though there are several other operat- ing systems on the market today. Smartphones The line between a smartphone and a traditional feature phone blurs with each new generation of devices on the market. Vendors continually add more and more functionality to traditional feature phones, while at the same time, lower-end smartphones are introduced to the market in an effort to appeal to the more price-conscious consumer. That said, there are still distinctions between the typical feature phone and a smartphone. Smartphones are frequently described as handheld computers. All have built-in mobile phone functionality, but what differentiates a smart- phone from a traditional mobile phone is the ability for the user to install and run advanced applications (in addition to the ability for independent devel- opers to actually build and distribute those applications). It is this ability to add third-party software that makes smartphones an incredible productivity tool for enterprise users, while at the same time makes them susceptible to malware and other types of attacks targeted at those systems. This book helps you to balance productivity gains with security as you enable your end users to use these advanced devices. In recent years, many smartphones have transitioned to the touchscreen interface, as shown in Figure 1-1, though some still feature a stylus as an input device. Some smartphones include a physical keyboard; others do not. Increasingly, smartphones feature large screens and powerful memory and processors. One of the big appeals of smartphones today is the availability of third-party applications, typically through application stores or marketplaces, such as iTunes (from Apple), Ovi (from Nokia for Symbian devices), or Android Market (from Google). These marketplaces are where users typically go to purchase and download applications. In recent years, many enterprise applications have started to make their way into these marketplaces, enabling employees to easily acquire software that helps them to be more effective and productive in their jobs. One of the most common examples is the killer application: e-mail or, more generically, mes- saging. E-mail is almost always the first application used by enterprises on mobile devices. As enterprises have embraced these mobile devices more completely, they have moved on to more comprehensive business applica- tions such as online tools access, database applications, and sales force applications such as Customer Relationship Management Software (CRM). In fact, you would be hard pressed to find a type of application that hasn’t been ported to mobile devices somewhere. 006_9780470927533-ch01.indd6_9780470927533-ch01.indd 1111 77/11/11/11/11 33:54:54 PMPM 12 Part I: Living Securely in the Smart World MOTOROLA Figure 1-1: Both the iPhone (left) and Droid (right) sport touchscreen interfaces. Tablets Tablets are most commonly identified by their slate shape (see Figure 1-2). They use touchscreens as their primary input device. You’ll find a wide vari- ety of devices in this style, but today’s devices generally run either a version of Microsoft Windows or one of the smartphone operating systems. Tablets running smartphone operating systems such as Apple iOS or Google Android are among the most popular tablets on the market today. In this book, we focus on tablet devices that run one of the smartphone oper- ating systems. Devices running one of the several Windows variants can be treated very much like a laptop or a netbook from a security perspective, because they are capable of leveraging the endpoint security and desktop management tools available for those other devices running Windows. As a result, devices that run full versions of the Microsoft Windows operating system are outside of the scope of this book. Devices running the Microsoft Windows Phone or Windows Mobile operating systems, by contrast, are cov- ered in detail in this book. Devices such as Apple’s iPad (which runs iOS), or one of the many Google Android-based tablets on the market, are similar to smartphones in terms of their capabilities and the security issues that the typical enterprise should be concerned about when allowing these types of devices to access corporate networks. Because these devices run the same operating systems as their smartphone brethren, the security implications and the security policies applied to each are exactly the same. 006_9780470927533-ch01.indd6_9780470927533-ch01.indd 1212 77/11/11/11/11 33:54:54 PMPM Chapter 1: What’s So Smart About a Phone, Anyway? 13 Figure 1-2: The iPad is a type of tablet. Laptops and netbooks Notebooks (or laptops) and netbooks are traditionally used as the primary computing devices in many enterprise environments for mobile users (though trends are quickly changing that positioning). Typically, these devices run versions of the major desktop operating systems: Microsoft Windows or one of several popular distributions of Linux (Red Hat, SUSE, Debian, Ubuntu, and so on). Macintosh laptops generally run a version of Mac OS X. Notebook devices are most often based on x86 processing and come in a variety of sizes, with varying hard disk, memory, and other components. Notebooks have been around in the enterprise for a very long time, and most IT departments have made significant investments in securing and patching these devices.