Managing Mobile Devices for the Real World

BYOD can pose a challenge to organisations, but by mixing models of device and data management, companies go mobile while staying secure, says Noman Qadir, Acting Regional Director, MENA and Turkey, Citrix

Tags: Citrix Systems Incorporation
  • E-Mail
Managing Mobile Devices for the Real World (ITP Images)
By  Noman Qadir Published  March 10, 2013

Beginning with a hardened operating system and MDM, governments specify configuration settings that require device encryption and strong passwords for device access. Cameras, removable storage, and Bluetooth are disabled. Siri and other dictation services are forbidden. Devices are also protected by security suites to thwart malware.

In addition to device aspects, networks are carefully controlled, including approved carriers, secured wireless settings, IPSec VPNs tied to a specific network, and certificates for mutual SSL authentication.

Strong mobile security, right? The problem is that device-level security is often over-restrictive and doesn’t allow employees to use these devices in the right ways in the right situations. What if the worker needs to get on someone else’s network or requires an external application? A more granular set of security measures would greatly improve the user experience and provide for more specific security measures.

To optimise for mobile productivity and security, devices, applications, and capabilities are provisioned and managed based on role. MDX Policy Orchestration provides granular policy-based control over native mobile and HTML5 apps based on factors such as the type of device, type of network, user passcode, login frequency, and whether or not a device has been jail-broken. Location-based access is enabled, allowing for usage of sensitive applications only in secured locations.

Network separation must be much more granular than IPSec VPN to support multiple concurrent applications with different network security requirements.

App-specific secure access through Citrix MDX Micro VPN lets IT create a secure VPN tunnel for mobile and web apps accessing the company’s internal network from mobile devices. Apps are wrapped and managed for online and offline usage (if approved), with these apps delivered through an enterprise application store. In the near future, a secure native email app (Mobile Mail) will provide assurance that corporate email and user data is secured within the MDX App Vault and can get remote wiped when concerns of loss or compromise arise. Apps are specifically chosen, vetted and wrapped by IT so there’s no malware in the government appstore.

For those use cases that require hardened mission-grade security, IT departments should consider the XenClient XT mobile hypervisor, a multi-level secure local virtual desktop solution with the highest levels of isolation and security.


The above examples show that tools are available to benefit workers and IT by simplifying the provisioning, lifecycle account management, delivery and visibility into the usage of both internal and external applications on personal mobile devices. Security features provide for single sign on (SSO) across application boundaries, password management, role-based provisioning/de-provisioning and cross-provider visibility. These features combine to increase security effectiveness and give IT management and control needed in the Cloud Era.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code