Policy of the Week June 20: A Simple Yet Dynamic PolicyOptio Labs
Working together, OptioInsight authors and OptioCore enforces sophisticated security policies that are unlike anything available today. The comprehensive solution enables context-dependent features that control, monitor and modify most communications in the Android framework. This allows an enterprise to define precise behaviors for their devices that will change during the day depending on time, location, applications running, phone calls active, networks seen or connected, etc.
For example, let’s say an enterprise wants to ensure their COPE (Corporate Owned Personally Enabled) devices won’t accidentally reveal corporate data over unsecured WiFi networks, while at the same time not locking down the phones to the point where they are inconvenient or unusable for employees after hours. OptioInsight makes this traditionally complex policy very easy to implement.
The picture below shows the OptioInsight policy editor being used to create the above mentioned policy. On the left side is a list of all the policies being applied to the devices, while the panel on the right shows the contextual editor.
At the top is the If statement, which states: “If one of these Apps is running” (i.e. Outlook, Slack, OrderProcess, Square, ShippingApp and TimeSheet) to indicate the enterprise apps we want to protect. At the bottom are the actions OptioCore will take: “Then permit only these WiFi networks to be used” and lists CorpWifi, Warehouse1, Shipping, Receiving and Reception as the permitted networks.
It also shows a second action, which is to FilterWiFiSecurity. When we select that action (below) we see the additional control that allows only the use of WPA2 secured connections when using those corporate apps.
If required, OptioInsight can go even further to add additional protections with a few simple clicks. For example, we could require a VPN to be used, disable some root certificates, kill or prevent suspicious apps from running, and even disable the camera.
The significance of OptioInsight policies is that they are dynamic – changing to optimize both enterprise and user experience. This policy ensures that whenever the sensitive corporate apps are running, the device enforces the controls the enterprise has deemed necessary to protect their data. When the user closes these apps the security policies are no longer enforced, allowing the user to connect to home or hotspot networks, play games, use social media or browse the web.
Coming Soon: A look at a significant challenge facing high security environments, such as government facilities, and how OptioCore can protect them