Diverse mobile devices changing security paradigm


This article can also be found in the Premium Editorial Download "Information Security magazine: Security researchers on biometrics, insider threats, encryption and virtualization."

Download it now to read this article plus other related content.

At Long and Foster Real Estate, CIO Michael Koval copes with a multitude of devices by dividing his workforce into two categories, employees and sales associates. As a large residential real estate firm serving the mid-Atlantic, Long and Foster depends on approximately 15,000 sales associates--independent contractors who carry personal handhelds, including 4,000 Black-Berries, Windows Mobile, Palm and iPhone data-enabled mobile devices. Employees carry another 400 company-issued devices, mostly BlackBerries.

"For employees, when you come on board and you need a mobile device, you're going to get a BlackBerry. If you're a senior executive, you can somewhat specify what you want--most have stuck with our standard, but some have moved to Windows Mobile or iPhone. We have four BES servers to handle that traffic, plus two ActiveSync servers," says Koval.

For company-managed BlackBerries, Koval can offer a full suite of management and security services such as over-the-air provisioning, authentication, data encryption, monitoring and decommissioning. "We go through a process of procuring the device and pushing the core OS and standard applications that we want our management team to have. At certain times we have to pull data from them--for example, to comply with a subpoena. If someone loses a device or

    Requires Free Membership to View

doesn't turn a device in, we can just brick [remotely disable] it."

But these operations are not yet feasible for iPhones. "I don't think of the iPhone as an enterprise device--it's a consumer device with a hook into Exchange and Web management," says Koval. "To enter my world as a [trusted] device, Apple would need to build a console to add/subtract and configure those devices from a central location."

However, this does not stop Long and Foster from supporting the iPhone in a limited fashion in order to provide its sales associates with a high level of service. "If they want a Palm or Windows Mobile or iPhone, I need to support them. Google Android will be coming into our organization the second the first agent buys one," says Koval.

Providing support to various devices is expensive and requires a full-time staff, Koval says, in addition to software and hardware and close relationships with all the wireless vendors "We do it because we want to be a good provider to our sales force and give them another reason to work with us," he says.

So how does Long and Foster deal with devices they neither own nor manage? "On agent [owned] devices, we don't get into putting programs on them or taking things off them. We apply a few Web filters, but other than that, we let users go where they want," says Koval. Instead of attempting to secure sales associate devices, the firm focuses on securing the systems they access. For example, most sales associates use thin clients to drill into multiple listing databases protected by SecureMLS token authentication.

At the end of the day, there's one security capability Koval would like to require from every device: the ability to kill it. "Even though they are owned by agents, I need this control, because they're part of our enterprise environment," he says. "We generally don't exercise this control unless an agent loses a device."

This was first published in November 2008

There are Comments. Add yours.

TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to: