1. IT Guide:
How to Balance Security and Productivity
with FAMOC & Samsung KNOX
2. www.fancyfon.com
Perspective #1
CIO
Become a change guru
The good old PC era is over. Computing technology escaped
the desktop and made its way to our pockets. No matter
how well IT designed and implemented their infrastructrue
in the past, it is not prepared for a vast diversity of devices,
OSs and applications.
Since the times are changing, so is your role. It has evolved
from being focused solely on IT to being focused on busi-
ness risk and finding a way to embrace technology rather
than restrict it. Security, BYOD, privacy, government regu-
lations are all reasons for concern. But mobile is here to
stay, so focus on how best to use it for your business.
Forward thinking CIOs are the ones who understand what
the company is trying to achieve by using tablets and
mobile technologies. You want people to turn to you for
advice and use your expertise on automation and software
choice.
3. www.fancyfon.com
Perspective #2
Employee
Anytime Anywhere
For many employees there’s no going back to a ‘normal 8-hour workday’ - they wake up and check their email.
Salespeople on business trips are always in search of a free WiFi. More and more people prefer to work from home
as freelancers - and they like it this way.
More often than not, the tool that allows them to get work done is their mobile device. Not just any mobile device. Workers –
particularly Millenials – desire the latest and greatest tech tools and devices. They view technology as a perk.
On the other hand, many employees still do not take adequate steps to protect their mobile devices. Almost half of all em-
ployees share their devices with friends and family; another 20 percent share their passwords. Such habits won’t change in a
day but luckily the awareness of mobile security risks is growing.
Which security measures would you find comfortable?
63% 41% 41%
required password
for network login
location tracking
ability to lock or
completely erase your
device wirelessly
4. www.fancyfon.com
How to turn the situation into a win-win
with FAMOC & Samsung Knox
04ENGAGE & EDUCATE
01LET DEVICES IN... 02...BUT REMEMBER ABOUT
SECURITY
03KEEP UX IN MIND
designed by Freepik.com
5. www.fancyfon.com
Step #1
Let Devices In...
With mobile devices and apps easily accessible in our personal lives, employees want to have a final say in
the devices they use for work. For the employee this choice has some very important benefits: it equates to
freedom, and freedom results in the satisfaction of personal wants and needs.
For IT it becomes a question of what allows employees to be flexible and agile, which helps increase their pro-
ductivity and efficiency. Once you start looking at what your employees are doing and how they use new tech-
nologies, you can look at the overall tools that you want to use. It may make sense to let employees buy their
own devices if the apps that they are going to use work well on any device. Or maybe they access sensitive
information that you need to secure at all costs.
6. www.fancyfon.com
With Android-powered smartphones and tablets
spreading across enterprise mobile eco-systems, you
are most likely to face the challenge of securing and
managing these devices in your organization.
Android, with its ability to be used on a broad selection of
devices has gained enormous popularity in the customer
market and it shows no signs of slowing down. Gartner
believes that, by 2016, over 40% of enterprise-supported
mobile devices will be Androids, so cross-platform MDM will
be in even greater demand.
The unfortunate irony is that the same things that make
Android so popular also make it a perfect target for hackers.
Recent data shows that 97% of mobile malware is targeted at
the Android platform. Without strong security measures in
place to control and secure these devices, the very real threat
posed by Android adoption will continue to grow rapidly.
Cumulative breakdown of Android Apps
Meet Android
42%of applications analyzed for Android between 2011 and 2013
were classified as either malicious, unwanted, or suspicious BENIGN 38%
MALICIOUS 15%
UNWANTED 13%
MODERATE 6%
TRUSTWORTHY 14%
SUSPICIOUS 14%
7. www.fancyfon.com
Step #2
… But Remember About Security
The mobile workforce is a security nightmare. A lost or stolen smartphone can compromise both business
data on the phone and corporate data access channels such as VPNs. Coupled with the increase in the
mobile malware, it creates a vulnerability that cannot be neglected.
Fortunately, productivity and protection can travel together – if you fully understand what the risks are and
what you can do to mitigate them. But first you must put all the building blocks in place.
8. www.fancyfon.com
What type of
mobile devices
and platforms
do you want
and need to
manage?
Which
deployment
model (cloud or
on-premise) is
best for my
organisation?
What corporate
data do people
need on their
mobile devices?
How supportive
the company is
towards mobile
working practises
both in and
outside the fixed
office?
Can you
balance privacy
requirements
with enterprise
security goals?
5 Questions You Need To Answer
Before You Move On
designed by Freepik.com
9. www.fancyfon.com
Get Down To Basics
Detect or block non-compliant devices
(jail broken, rooted etc.)
Enforce password policies and encryption
Automated reactions to policy breaches
Wipe or lock the device in case of theft/loss
Decide what apps will be allowed or banned
What makes a standard security policy minimum?
10. www.fancyfon.com
Choose the right MDM software
You can address mobility challenges in two ways: by
developing a BYOD strategy or by providing your em-
ployees with an IT-approved selection of devices (COPE -
Corporate Owned, Personally Enabled). With the second
option, the company supplies and owns the mobile
devices, but rather than locking them down, it enables
their personal use for its employees.
Whatever path you decide to follow, you will need a reli-
able partner to support you through the process and a
proper cross-platform EMM to get you started.
FAMOC is the number one tool to secure your apps, data
and device across different mobile operating systems.
Like a Swiss-army knife, it’s in your pocket, ready to do the
job for you:
What Is FAMOC?
To reduce business risk, FAMOC has enabled Aviva to increase productivity by
providing our employees with constant access to email and corporate
resources.
Piotr Kowalski
Service Desk Manager, IT Department, Aviva Poland
hosted or on-site EMM platform
multi-OS support including Google Android, iOS, Black-
Berry and Windows Phone
best-in-class integration with Samsung KNOX and
other Android manufacturers
11. www.fancyfon.com
Separate Business And Personal Data
One of the methods of securing
your most valuable data may be
to restrict access to corporate
data within an application
sandbox, also known as a ‘con-
tainer’ This approach provides
convenient access to the corpo-
rate app store and approved
apps — including secure email
and web browsing, along with
other apps with access to corpo-
rate data.
The content of the container
cannot be forwarded, or copied
and pasted to applications out-
side the container. The user loses
the ability to have a single inbox
for business and personal
emails, but it’s still better than
carrying a second smartphone.
12. www.fancyfon.com
Samsung KNOX - securing Android
With enhanced KNOX integration, FAMOC platform lets
you create a safe work environment. Gated entry to the
KNOX container and hardware and OS-level protection
allows you to rest assured that that your corporate
documents and data remain safe – not just in the office,
but anywhere your users go.
It helps organizations to implement the BYOD strategy
by application container technology. The same tools that
keep corporate data in the right place also work to keep
personal data from being seen by an employer.
Available for Samsung Android devices application
sandbox which secures enterprise apps and prevents
data leakage
Industry-leading device management capability with
over 390 IT policies
Customizable KNOX container, which puts the enter-
prises in charge of what content and applications their
employees can access
Requires third-party EMM, like FAMOC, to get full
functionality
Our needs around mobile security constantly evolve, and we are always
looking for new, better ways to secure our data on the mobile devices.
KNOX is a perfect fit for our needs
Lukasz Nowakowski
IT Infrastructure Coordinator, LOTOS
13. www.fancyfon.com
Samsung Knox Key Features
Require VPN for connectivity
It’s not enough to secure lost
devices and corporate data, compa-
nies also need to protect data
while-in-transit. VPN is a reliable
solution that can be configured to
suit an enterprise’s security needs.
In KNOX environment, you can push
VPN client through FAMOC and set
up container-wide VPN or per-app
VPN (up to five separate, simultane-
ous VPNs).
Don’t erase all data
Selective data wipe is not only about
BYOD-ers. As life and work fre-
quently intercept, people use work
devices for personal purposes, and
vice-versa. Think about those pic-
tures of Grandma on an employee’s
device? And their personal email and
address book. How do you think a
contractor will react when you wipe
information related to other clients?
In these situations it will be useful to
wipe the corporate container and
leave the rest of the device un-
touched.
Check your users…twice
For additional security you can
introduce more stringent authenti-
cation and access controls for KNOX
critical business apps. The KNOX
container supports a two-factor
authentication process, with which,
the user can complete a fingerprint
scan to access the container and
select either a password or PIN as a
second process to follow the finger-
print.
14. www.fancyfon.com
Step #3
Keep User Experience In Mind
Imagine your employee is a spoilt baby. It’s not enough to give a baby a toy phone with no batteries inside.
Babies can tell the fake from the real thing and can’t be tricked this way. The same applies to your employees.
If you lock all the smartphone features, they will just stop using it.
15. www.fancyfon.com
Creating user-friendly environment
Geofencing
With FAMOC geolocation services
you can change the policy on the
device depending on where the
device is located and/or the specific
time of the day. By creating geofenc-
ing rules you can be less restrictive
outside your company facility and
after standard working hours. In
other conditions (e.g. a remote loca-
tion, a different country) you can
require a more rigorous login proc-
ess, or even block the device. What’s
important, the process happens
automatically on the device without
connecting to the MDM server.
Single Sign-On (SSO)
This feature is especially useful if
you are engaging users across mul-
tiple applications. Employees only
have to log in once to get access to
multiple business applications. The
FAMOC administrator creates and
distributes the SSO configurations
through the EMM console which is
later used by the device for ongoing
authentication by applications.
FAMOC MyDevice
The FAMOC MyDevice end-user
self-care portal enables users to
help themselves. Your employees
will now be able to remotely locate,
lock or wipe their device and verify
app reputation. If necessary, they
can also perform backup or restore
lost data.
This ensures that the number of
calls placed at the help desk is kept
to a minimum, and improves the
overall productivity and efficiency of
both the IT and the end user.
16. www.fancyfon.com
Step #4
Engage & Educate
Done right, mobile enterprise strategy enables companies to move quickly on new opportunities. Done
wrong, it results in employee’s rebellion and distrust. Unless you involve your employees in the process of
choosing the right technology and explain the reasons behind company policy, you risk the complete failure
of your mobility program.
People will vote with their feet and simply not use your mobile service or, worse, find insecure workarounds.
17. www.fancyfon.com
Step #4
Engage & Educate
Enabling mobile working is about taking an employee-
centric approach. You don’t want to patronize your co-
workers but at the same time you need to make them
aware of potentially risky behavior. Try discussing possi-
ble consequences of using unsecured networks, trans-
ferring data to personal email and storage accounts or
granting apps widespread permissions. Focus on best
practices for password protection, WiFi network usage
and safe Internet use.
Your mobile policy should describe what employees can
and can’t do with their mobile device and how they
should access the corporate network. Employees
should understand that data access comes with a
responsibility to comply with corporate mobility policy.
Your actions should be transparent too. Consider pre-
paring a written contract that will clearly describe on
what terms you allow BYOD devices. Clear communica-
tion over sensitive issues such as privacy is critical for
establishing employee trust. End users need to know
what policies are applied to the device, what is being
monitored and what is the reaction to a security breach.
73%of employees want to get involved in decisions regarding what kind
of software or security is put into their personal devices
of employees would stop using personal devices for work if company-
mandated security app was added to their personal device
Nearly five in ten
74%
of employees agreed that involving employees is a good way
to improve security compliance
18. www.fancyfon.com
What can you expect to achieve?
By opening your organization up
to mobility, and involving every-
one in the process, you will begin
a journey to transformation and
enhance your chances of success,
now and into the future.
None of us can predict all the
ways mobility will transform your
business one or five years from
now, still you need to develop the
right strategy to get ready for
what’s to come.
Remember:
- involve management and em-
ployees in the process
- decide how to protect your most
sensitive data and users’ privacy
- choose a vendor you can grow
with
- trust but verify – it’s one thing to
develop a strategy, but another to
monitor it once set up