

Citrix’s Jason Tooley highlights how to ensure enterprise mobility is both secure and fully productive.
You can’t go mobile with a desktop mindset — but that’s just what all too many IT organisations are doing. The most commonly applied mobile app policies are holdovers from the PC environment — like two-factor authentication and selective access based on Active Directory membership. These measures may be useful in a traditional computing setting. However, they’re woefully inadequate for the new world of enterprise mobility as they fail to account for concepts like jailbroken devices, bring-your-own-device (BYOD), untrusted public networks and offline usage.
To make enterprise mobility both secure and fully productive, you need to apply new policies designed specifically for the way mobile users work today. It’s not just about introducing restrictions and roadblocks — you also need to empower people to do even more with their mobile apps and devices to enable greater business value.
Before we get to our list of five mobile app policies you need to be thinking about now, let’s step back and consider why we’re talking about mobile app policies in the first place. Not that long ago, many organisations thought mobile device management (MDM) would be all they needed for secure mobility. But with so many different kinds of workers in the organisation — full-time and part-time employees, contractors, temps, partners — it quickly turned out that we needed a more sophisticated approach. After all, you can’t manage a device that belongs to a freelancer or partner company, and your own employees probably don’t want your hands all over their BYOD devices either. What really matters is managing the apps themselves. Hence, the rise of mobile application management (MAM).
The essence of good MAM is flexibility and granularity — being able to apply different policies for different apps, user types and mobility scenarios. If you get those policies right, your enterprise mobility security strategy is off to a strong start. Here are five you won’t want to leave out.
1. Block app access if a device is jailbroken or rooted
It happens every day. An employee leaves his tablet lying on the kitchen counter after work and his teenage son grabs it to play games. Before long, he’s jailbroken it to sideload the cool new Android game all his friends are talking about — the one you can only get in a private app store. Hello, malware. From now on, everything that employee does on the device is vulnerable to location tracking, data theft and other threats. The device may even have been rooted, allowing broad access to its Android functionality and settings.
To protect your business, make sure to block jailbroken devices from accessing your corporate apps and network.
2. Selectively allow copy/paste
Sometimes it’s fine to allow people to copy and paste content among mobile apps, like when an attorney uses a secure mobile email solution to send some contract language from her firm’s document management system to a client. But you sure wouldn’t want her to put that same language into her personal email — or, heaven forbid, on Yahoo! Mail.
The key is to take a granular approach to data leakage protection, allowing some apps to share content — for example, a secure enterprise document sharing app with a secure business email app — while preventing others. One way to do this is with a private clipboard that’s only used by secure, managed apps, and can’t be accessed by the device’s native consumer-grade apps. This allows ample productivity without exposing data to risk.