Is ActiveSync Secure? (part 2)

May 29, 2014 | Gary Gerber, Senior Product Marketing Manager

In my last blog we discussed how people often use the term “ActiveSync” as shorthand to refer to the entire pipeline that is built to move and protect data (such as email, calendar and contact information) from end-to-end – rather than the simple communication protocol that it is – and thereby spread confusion regarding whether or not it’s “secure”.   We observed that security is instead defined by the end-to-end solution, from the mail server all the way to the native email app, including the app itself and the solution’s underlying model for security and management (or lack thereof).


Today we’re going to dig more deeply into some examples where “ActiveSync” is ostensibly “insecure”, and uncover again that, in reality, the key to its security is in how it’s implemented.


“At rest” data encryption

Native mail apps typically rely on the “whole device” password to enable data encryption. Unfortunately, that doesn’t work very well in Bring Your Own Device (“BYOD”) and Company Owned Personally Enabled” (“COPE”) scenarios where users are accessing both corporate information as well as their own personal information on the same device. This is because users strongly resist having sufficiently strong passwords or short password timeout periods on the “whole device”, because those interfere too much with their personal usage.  This typically forces IT into a position where they’re then compelled to use weak “whole device” passcodes and longer timeout periods, which effectively undermines the value of encryption – and not just for the native mail app, but for any and all apps on the device that also rely on the native encryption model. A good rule of thumb is, if you wouldn’t apply a given password strength and timeout policy to a company-owned laptop because it is too “weak”, then it is also too “weak” for the smartphone or tablet. It’s that simple. 


Good resolves this issue by allowing IT to set a separate policy on the Good for Enterprise app and other apps based on our Good Dynamics Secure Mobility platform that then works with Good’s own data encryption to provide strong security that does not interfere in any way with the user’s overall personal experience. It’s worth noting that in this entire section there was no reference to ActiveSync – that’s because ActiveSync itself does not determine how “whole device” encryption and management works on a particular device, nor how its implementation will be received by end users in a particular deployment model such as BYOD or COPE.


Network access to the ActiveSync-enabled mail server infrastructure

Organizations often leave access to ActiveSync ports open to connection from any ActiveSync enabled app. This can clearly create additional security issues which, again, are not inherently an issue with ActiveSync itself. For example, there are apps out there that are purposely designed to support the ActiveSync protocol, but do not consistently enforce encryption or other policy controls that then determine how the data is secured and managed once it leaves the enterprise and reaches the app.  This is one of the reasons that the Good for Enterprise application and other applications based on the Good Dynamics Secure Mobility platform come with an additional “built-in” layer of network access controls that ensure only the specifically authorized users and apps can access the company’s infrastructure. This is further coupled with a model for enabling secure connectivity to the enterprise that eliminates the need for VPN, or any “open” ports through the company’s firewall that can create additional attack points.


These protections are applied not just for messaging apps and infrastructure, but also to any other apps and infrastructure ranging from Intranets, to SharePoint, to LOB apps and systems for CRM, BI, etc.  This is another case where particular protocols, whether ActiveSync for messaging or other protocols for accessing other apps and infrastructure, are not inherently secure or insecure.  It’s much more about the end-to-end approach to how those protocols are exposed to apps and how those apps then handle the data they send and receive through the protocols.


So now you know

Hopefully my two blogs – this one and the last one – have answered any questions you might have regarding ActiveSync and security. Remember, ActiveSync is just a protocol and, as such, is not itself inherently secure or not. Instead, you owe it to yourself and your organization to understand how your secure mobility provider protects your critical content, credentials, and configurations from end-to-end throughout their mobile journey.

App Containers Win: Top 3 Reasons

May 27, 2014 | Nikfar Khaleeli, Director, Product Marketing

It’s no secret that single-purpose mobility solutions, such as mobile device management (MDM), are being rapidly commoditized. Businesses are now looking at mobility with a more holistic perspective Their need? One solution to manage multiple mobile OSs, on a variety of devices, across different device ownership and management models, with goals of securing corporate information without compromising user privacy, and enabling user productivity.


App containerization, if done right, is an absolutely essential part of that solution. Without it, businesses cannot enable enterprise wide mobility while addressing security, privacy and productivity.

1. Enterprise Security.

App containers use encryption to protect business data in the app. However, most containers rely on the device’s native encryption to secure the container and any locally stored data. Compromise the device passcode (which, as this videos demonstrates, is not too difficult) and both the data on the device and in the app container are at risk for breach.


App containerization that is done right will use device independent encryption. So, even if the device passcode is compromised, the data in the app container will stay protected. But it’s not only about ensuring security for the data at rest (i.e., in its stored state). App containers that also provide constant information protection – i.e., when shared between apps (data in use) or between apps and resources behind the enterprise firewall (data in motion) – and easily integrate into an enterprise’s backend infrastructure are the ones that will meet IT requirements.

2. User Privacy.

Making sure that a user’s private information stays private has to be an important consideration when enabling enterprise wide mobility. Users will resist adopting a solution when they know their employer can see what’s on their device, even if it’s in the name of enterprise data security. Lower adoption rate equals lower enterprise productivity and higher enterprise security risk. Plus there are regions such as the EU that have explicit regulations to protect user privacy.


App containerization, if done right, can ensure that security of enterprise data doesn’t have to come at the expense of user privacy. App containers should ensure complete separation of business and personal data and provide IT with visibility and control over only business information and nothing else.


App containers that provide these capabilities will allow IT to confidently sanction the broader use of business data and extend its reach to non-MDM managed devices. So not just to employees but also to that extended enterprise of business partner, distributor, board of directors, etc.


And users will readily adopt app containers as a means to access and use business data because they’ll know that the enterprise (as their employer or a business partner, etc.) has absolutely no visibility into their personal information.


3. Business Productivity

The whole point of enterprise mobility is to let businesses harness user productivity gains from these always-connected, readily available devices. Addressing both IT security needs and user privacy concerns contributes to productivity because (1) IT is willing to allow the broader use of business data in app containers and (2) users are more willing to use the recommended apps.


But making business data available to users in individual apps can contribute only so much to business productivity. If there were some way for users to get more done, perhaps even new ways of doing work, on their mobile devices, that would be a game-changer.


Once again, app containerization can come to the rescue – with the caveat “if done right.”  Secure connected containers allow for the sharing of content (e.g., documents, presentations, images, etc.) and services (e.g., a print service, a calendaring service, an email service, etc.) between apps and enterprise servers. This “connectedness” can allow users to do all of her/his work from a mobile device.


For example, an HVAC contractor takes a picture of a room for use in an augmented reality app to create a virtual representation of that room. From a product catalog, he pulls up a list of different air-conditioning unit models appropriate for that room. For each model that the customer selects, he positions it in the virtual room to give the customer an idea of the finished product (i.e., the room with the air-conditioning unit). Once the customer decides on a model, the contractor uses a quote-generating app that prices the unit with any available discounts and automatically adds in all required accessories needed for a seamless install. The customer signs the quote in a document-signing app. The contractor sends the signed quote to the manufacturer so that the complete package can be shipped. All of this happens without the contractor having to take detailed measurements of the room or lug around heavy paper catalogs or introduce delays in generating the quote by first having to head back to the office.


I really should have titled my blog “App Containers If Done Right Will Win: Top 3 Reasons” but the caveats would have taken away from the title’s catchiness. But, in all seriousness, proper app containers are a necessary part of any serious enterprise mobility management (EMM) solution. With them, the needs of two very important groups of people – IT and end users – can be addressed:

  • For IT, the app containers will ensure constant protection of business information whether on COPE or BYO devices, whether they are MDM-managed or not.
  • And for end users, enterprise apps can coexist alongside personal apps and data and, because of the connected nature of containers, provide users with the ability to complete meaningful business tasks – but without compromising their privacy in any way.

Is ActiveSync Secure?

May 22, 2014 | Gary Gerber, Senior Product Marketing Manager

In a recent blog, Michael Khalili took a look at Exchange ActiveSync (commonly referred to as EAS or just “ActiveSync”), the common problems of EAS environments, and some solutions. 

Here at Good, as the innovation leader in secure mobility solutions, we are often asked security-related questions about Microsoft’s popular Exchange ActiveSync protocol. “How does your solution compare with ActiveSync?” “Is ActiveSync secure or not, and why?” “Why can’t I just use ActiveSync to protect my mobile data?” And others like these.


What is ActiveSync

For those who don’t know, EAS is a protocol designed to synchronize email, contacts, calendar, tasks, and notes from a messaging server (such as Exchange) to a smartphone or other mobile device. The protocol also provides some basic mobile device management (MDM) and policy controls.


But people often use the term “ActiveSync” as shorthand to refer to something much bigger than that – the entire pipeline that is built to move and protect data (such as email, calendar and contact information) from end-to-end – and thereby spread confusion regarding whether or not it’s “secure”. Rather than focus on ActiveSync in isolation, they should look deeper and examine the end-to-end solution, from the mail server all the way to the native email app, including the app itself and the solution’s underlying model for security and management (or lack thereof).


This deeper look is critical because ActiveSync itself is really nothing more than a communication protocol. And while a poorly designed protocol may have inherent security issues, there is nothing about the use of communication protocols in general that make them inherently secure or insecure.


What really makes a mobile system secure

For example, Good for Enterprise also uses a communication protocol, which we invented several years before Microsoft first made ActiveSync available. It is helpful to think of our protocol and ActiveSync as two different “languages” for communicating the same sorts of information; for example in the same way that an English speaker and a German speaker can use different languages to communicate what still turns out to be the exact same information. And just as with a spoken conversation, there is nothing inherently more or less secure about one protocol versus the other.


Instead, what really matters is what happens to the data as it is transmitted to and from the app using the protocol, and then how the app itself handles the data it receives. In Good’s experience, the biggest security issue with “ActiveSync” is not the protocol; it’s much more an issue with the apps that support the protocol on the mobile device itself. These apps typically do not have the same degree of “application-level control” over the data sent to them that, for example, Good for Enterprise does. Examples include the ability to control copy and paste functions, and to control how much data is synchronized with native Address Book apps.


This latter case of Address Book sync may not seem especially important unless you understand that entire email threads are often contained in the ‘Notes’ field of an Outlook contact. And if that data is synchronized to a native Address Book app, it is then accessible to any number of apps that can then move that data off the device.  If it is synced to the cloud, it remains there even if you wipe the device.


These types of data loss have absolutely nothing to do with the ActiveSync protocol. Rather they reflect a weakness in the native mail app, or a lack of understanding of how that app may interact with other apps on the device or with cloud services that may be designed for the express purpose of moving data off the device so that it can be freely shared with other devices, users, and services. Such an app could in theory even use Good’s proprietary sync protocol and it would still be just as insecure; conversely, Good could use the ActiveSync protocol in its apps and remain extremely secure because of our end-to-end, data-focused approach to security and compliance.


Returning to our language analogy, the equivalent to this would be trying to have a private conversation with someone in a public space. Use of English or German isn’t what makes that conversation private (or “secure”) or not (someone clever might argue that the German conversation actually is more secure because fewer people understand the language – but what if the conversation is happening in a beer hall in Munich?). No, if you want that conversation to be private and ensure it remains that way, you’d best move it to a private room. That is sound-proofed. And de-bugged. And has a strong lock that only you have the key to. Maybe throw in some armed guards for good measure to make sure the other party doesn’t relay the conversation to others. But do not expect the language (or “protocol”) on its own to protect you.


Next Time

In my next blog, we will dig more deeply into some more examples where “ActiveSync” is ostensibly “insecure”, and uncover again that, in reality, the key to its security is in how it’s implemented.

In last week's article, “The HealthCheck: EAS Meets OMG”, I wrote about the Exchange ActiveSync HealthCheck we’ve been doing with organizations. The results have been pretty scary. Almost every environment had devices that had essentially gone crazy and were thrashing at the Exchange Client Access Server (CAS). Many had issues with load balancing or severe backend issues. Shockingly, almost none of these organizations knew the issues were lurking under the surface. As we all learned a year ago when iOS 6.1 and Exchange combined to create havoc, those issues can quickly grow from lurking gremlins to serious outages.


So what do you do? Owing to the heterogeneity of its clients, EAS plays by a different rulebook than tightly integrated systems like Good for Enterprise, legacy BlackBerry systems or the classic Exchange-Outlook solution for email. You need a new playbook as well.


Always Be HealthChecking


The first rule of thumb is while we were thrilled to do health checks for a lot of organizations, health checks can’t be a one-off. New devices and new clients are constantly being released. As the iOS 6.1 issue demonstrated, problems creep up when certain esoteric sets of events happen in particular orders. There’s no one-off way to make an environment clean. You have to keep it clean, day in and day out.


Luckily, Good Technology has a solution for this. Good Mobile Service Management for Exchange ActiveSync was used as a core engine of the HealthCheck. It can constantly detect and report on these issues. If a device suddenly goes rogue, Good Mobile Service Management can quickly alert you so you can respond. Good MSM puts your finger on the pulse of your mobile environment.


Correlate and Find the Patterns


Playing whack-a-mole with your users is no way to live though. It’s key to find commonalities between users that are having issues. Sometimes they may be on a single CAS. We’ve seen that on occasion. Sometimes they may be using a single gateway, carrier or connection path. Sometimes they may be running a common device or client. You need to correlate and find those commonalities so you can address particular issues once and for all.


Good Mobile Service Management does just this type of correlation. It looks across all the users to find common root causes. While this is quite difficult to do by hand, with Good MSM it’s actually quite simple.


Take Action on New Issues


For three weeks, I’ve delivered nothing but bad news (HealthCheck series part 1 and part 2). Now I finally have some good news. A lot of the issues we found are actually amazingly simple to fix once you isolate them. In some cases, a device can get in a bad state. Deleting and re-creating the pairing between device and Exchange server can often fix the problem. This takes less than a minute and works reliably 90% of the time.


Where there is a more systemic issue, the fix often isn’t much harder. In a lot of cases, we found issues that were caused by versions of the mobile OS that were quite old. A simple device upgrade fixed a huge percentage of these issues. A quick email or call to a user to get them upgraded can often nip system degradation in the bud.


I hope this look at EAS, our HealthCheck, the common problems of EAS environments and some solutions has proven helpful. We’d love to do a personalized health check for you. Find out if you have any of these issues. We at Good Technology might even learn a thing or two. If we do, expect to see it in a later blog post.


Get your free Exchange ActiveSync HealthCheck today!

With a roster of global clients spanning a myriad of industries, Good Technology has been able to gather, analyze and develop insights into the ways businesses are adopting new mobile apps, platforms and devices. And each quarter, we accumulate this data to produce a high level view of our findings. Our most recent Q1 2014 Mobility Index Report provided some interesting insight around the upward trending adoption of secure mobile applications, a sign that organizations are realizing the importance of data security in the mobile age.


Security is a Must When it comes to Mobile


One reality in particular that’s causing organizations to reassess their security protocols is the increasing frequency of BYOD among employees. The Ponemon Institute’s 2014 State of Endpoint Risk Report surveyed hundreds of IT security professionals and found that 60% of respondents felt the most pressing threat to enterprise security is the large number of employees using multiple devices and the increase of personal devices being connected to the network. With an increasing demographic of personal devices being introduced to the network and private company data being transmitted along with personal information, this is a major cause for concern.


However, the evolving risk of security breaches has not caused Good’s customer base to pull the fire alarm. Rather, they are whole-heartedly embracing the need for secure mobility. A sign of this trend — the staggering 2900% increase in secure browsing app activations quarter over quarter. This increase was directly related to the release of our secure browsing app, Good Access, into the Good-secured ecosystem; Good Access allows users to access corporate intranets and servers from their personal device of choice while maintaining the required levels of security and compliance.


Custom Apps on the Rise


Each organization has its own needs and restrictions when it comes to security. Unfortunately, there is no ‘one size fits all’ solution. As a result of this, custom app development saw significant traction that resulted in 77% growth quarter over quarter in Q4. This is noticeably larger than the 55% growth reported from Q3 to Q4 of last year. Utilizing the customizable containerization provided in our Good Dynamics Secure Mobility Platform allows organizations to maintain a flexible response when adapting to the rapidly changing secure mobility landscape.


Other Notable Takeaways


  • iOS dominated total device activations at 72%
  • Tablets received more than twice the total number of activations when compared to smartphones.
  • The mot popular apps for both smartphones and tablets were custom apps and those that provided document management.
  • Business and Professional Services continues to lead all industries with 20% of all activations. A new emerging market is the Insurance sector which grabbed a 12% share of the industry market.


Screen Shot 2014-05-08 at 9.57.06 AM.png


For more secure mobility trends, check out the full Q1 2014 Mobility Index Report here.

The HealthCheck: EAS meets OMG

May 13, 2014 | Michael Khalili, Product Marketing Director

Last week I wrote an article titled, “Giving Exchange ActiveSync a Health Check”. In that article I talked a little about the history of EAS and how some engineering and business decisions made EAS pervasive but also made clients especially heterogeneous in their behavior and (ab)use of the protocol. I also talked a bit about how issues can grow under the surface and explained an especially damaging one that hit about a year ago.


Good has been running HealthChecks at our customers and a handful of other volunteer organizations. The results have been very interesting.  After several dozen health checks we’ve observed some definite patterns in the issues many organizations run into with Exchange ActiveSync, allowing us to better manage large mobile deployments.

Check this Out. I’m Going Rogue

In almost every organization we found at least a few devices that were badly misbehaving. Microsoft suggests that a device probably should not hit the Exchange Server more than about 1,500 times a day. When you think about messages coming in, heartbeat intervals and other plumbing, that works out about right. We almost never found an organization that did not have at least a few devices that went well over this threshold. In fact we found a lot of devices that were interacting tens or even hundreds of thousands of times a day!


What does this mean? Well, a couple of things. First is life sure stinks for that user. With that many syncs or pings, the battery of their device will drain extremely quickly. Their snazzy new device with battery life supposedly measured in days may well be drained in a couple of hours. Oh, and I hope you weren’t paying for the data, because the bill may be more than you expected.


Perhaps more seriously, all those commands are thrashing at your Exchange server, affecting other users with perfectly well-behaved devices. In some cases we found as much as 20% of all traffic was coming from 2-5 users. This wasn’t in small environments either. Those environments had between 5,000 and 10,000 users. Now, hopefully you’ve built some extra capacity into your Exchange environment so the problem may not appear acute. However, lose a Client Access Server (CAS) or two, and suddenly the couple of users mentioned above are hogging enough resources to do some serious damage.


Load Balancing…or maybe not

Another interesting thing we found was how environments were load balancing in the real world. Those rogue users can really throw things off. When it comes to EAS a lot of load balancers will try to balance connections or users. That seems reasonable. But when you’ve got a couple of users who disproportionately are banging at your CAS, that doesn’t really mean things are actually balanced when it comes to resource utilization.


In a couple of cases we found situations where organizations had 4-5 CAS servers, and by user count they appeared more or less balanced at any given point. But measure by traffic or commands issued by the device against the CAS, and it told a different story. In one case, 80% of all EAS traffic was utilizing a single CAS. Did you build enough extra capacity to avoid a failure of that CAS? Do you want to find out?

Ping, ping, ping


It wasn’t just syncs gone wrong that caused all of these problems. In a number of cases, we found devices that weren’t syncing at all. They were simply pinging the server. Now, if you know how EAS works, it utilizes a heartbeat and a dynamic algorithm to find out how often it has to heartbeat to keep the carrier from dropping its connection back to Exchange. These devices had apparently concluded the right interval was a couple of seconds or even fraction of a second. They didn’t actually send or receive an email during the whole time they were running. They seemed pleasantly content to drain their own batteries and slam your servers. Their owners and IT departments probably were less thrilled.


Hang On…You said what’s Connecting to my System?


Another real surprise for many admins was discovering what and who were actually connecting. A couple of organizations had fronted their CAS with a mobile device management (MDM) proxy. All traffic was supposed to go via that proxy. That MDM product had a minimum version of iOS supported. Imagine their surprise when they found that there were older versions of iOS that could not possibly be using the proxy connecting directly. Someone had found a workaround that violated their security baselines.


Errors, Errors, Everywhere Errors


As we did more HealthChecks, we actually were somewhat surprised at how many EAS errors we saw. In some cases these were heavily weighted towards AccessDenied errors. One of the issues with a mobile client is sometimes if auth fails, perhaps because a user’s password has changed, it fails silently and then simply tries again….and again…and again. We saw that in almost every environment we analyzed.


More concerning were errors like the OverBudget error. Exchange allows an admin to set a resource budget for each user. It determines how many connections a user may have, how much backend resource they can consume, etc. In some, but not all environments, these errors were cropping up frequently. Where it was occurring, the OverBudget error tended to be concentrated on just one or a few users. Again, this indicates misbehaving devices.


The HealthCheck and Your Get-Well Plan


Are you experiencing any of these issues with your Exchange environment?  Do you know?


Good is offering the EAS HealthCheck at no cost. We’ll look at your logs and see which of these issues, or what other issues are popping up. We’d love to do one for you.


Get your free Exchange ActiveSync HealthCheck today!

We’re excited to share that this year, the Computer Weekly Security Awards judging panel recognized Good Technology and our private sector project with SThree, a world leader in the recruitment industry


The highly respected online technology publication has just announced its winners, all of whom have shown innovation in information security and IT risk management. The competition’s victors were decided by key decision-makers from within the industry including:

  • Andrew Rose, Principal Analyst, Security and Risk at Forrester Research
  • Spencer Izard, IDC Research Manager


Good’s relationship with SThree got recognition from the judges as a project that demonstrated a best practice use of innovative technology and a solution that improved efficiency and reduced cost. The project managed all this, whilst also delivering measurable business benefits.


SThree rolled out Good for Enterprise to all of its 1,300 employees as a solution to ensure all data is securely managed across mobile devices, as well as accelerating employee productivity. Good for Enterprise was chosen as it provides end-to-end mobile security with FIPS certified encryption for data in transit as well as on users’ devices. Within the growing culture of BYOD, the solution is helping to ensure the security of workplace data, whilst allowing employees to use the device of their choice. A win-win situation for all involved.


Garry Lengthorn, Director of IT Services at SThree said, “Good Technology’s approach solved our growing dilemma. All we are concerned about is securing and managing SThree’s data within a container, allowing employees to use their devices as they normally would within their personal lives.”

We’re proud to have our product and services recognized by such a highly respected technology publication and thankful to the thought-leaders and customers that endorse us.

Giving Exchange ActiveSync a HealthCheck

May 6, 2014 | Michael Khalili, Product Marketing Director

With the acquisition of BoxTone, Good Technology now offers a comprehensive cross-platform Mobile Service Management solution. Many organizations have expressed real excitement of Good’s ability to monitor Exchange ActiveSync (EAS) environments. But is it right for you?


Well, we’d love to find out. Good is pleased to offer a free HealthCheck for Exchange ActiveSync. In essence we’re saying “bring us your Exchange logs and we’ll make sense of them. Help you see the trees through the forest, as it were.”


That begs the question: why would anyone need a health check for EAS?


The Elephant in the Room


To answer that question we have to jump in the way back machine and go back a decade or so. Arnold Schwarzenegger was about to try his hand at politics, Google was about to IPO and Microsoft was getting serious about mobile email. The Exchange ActiveSync protocol was in its infancy. Direct Push was still a couple of years away. However, important decisions that would radically change the many organizations use and interact with email were being made.


Microsoft decided the best way to get EAS adopted was not just to incorporate the technology into Windows Mobile phones, but also to license it broadly. This was a bit of a departure at the time. BlackBerry had won a lot of business with a tightly coupled, end-to-end offering. Initially Microsoft started with a few handset makers: Motorola, Palm, etc. as well as a couple of ISVs. However, when the iPhone and the first Android devices appeared and Microsoft successfully inked licensing deals with them, EAS went from being a bit of a niche offering to something quite pervasive.


It seemed straightforward enough, but I’m not sure everyone appreciated how momentous this was. Previous to this change, most email delivery was pretty tightly integrated between the front-end client and the back-end infrastructure. It didn’t much matter if you were getting your email on your BlackBerry or via Outlook because the people who made the back end and the client were the same and they tested the interactions until the cows came home. Additionally, IT tested each version extensively and the whole environment was highly controlled.


With EAS, that approach goes out the window. Today every mobile phone has a slightly different client. We’re not just taking about one client for iOS and one for Android. There is often a different client for each new version of an OS. Additionally, every OEM of Android can customize their client. Furthermore, in the headlong rush to get EAS out there, Microsoft chose to keep the specs on EAS pretty loose. Licensees had pretty broad latitude to do whatever they wanted. There are pros and cons to that, but regardless it’s the world we now live in.




The Monster Under The Bed


But what does this approach really mean? Well, let’s look at a concrete example. Many of you may be aware of the issue that happened just over a year ago having to do with iOS 6.1 and Exchange. In that instance a single mobile client, the iOS6.1 client, caused excessive logging on Exchange servers. In fact, a single client could place over 10x or more of the typical load of a user on the Client Access Server. It crushed a lot of environments.


Now what happened there? Well, it was a pretty esoteric issue. A user had to have a recurring meeting, get an update for that meeting and accept that update from an iOS 6.1 device. It didn’t surface unless that particular set of events took place in that order. Now anyone who designed a test matrix knows it’s hard to come up with every permutation. Anyone who has tried to do integration testing knows it’s harder still. And if you are doing integration across vendors with multiple versions on each side….Well, have fun. The reality is issues pop up.


The scary thing, with the benefit of hindsight and a bit of forensics, is you saw that this issue had been lurking under the surface for a while before it caused an impact. Some places it took an hour. Some a day. Some even a week. It just depended on a number of factors. How many impacted users? How was the environment sized? Based on dumb luck, where did the load balancer send the users? However, in every case, like a cancer, it quietly grew and multiplied undiscovered until it hit with powerful impact.


That’s why we figured “let’s look at some logs to help customers see what’s lurking under the surface of their Exchange environment.”


To get your free HealthCheck visit here.

When I joined Good Technology 15 months ago, I challenged my team to innovate on the technology and solutions we offer, as well as the way we work with each other, our partners, customers and community.


I am blown away by the response. In this short timeframe, the Good team has not only introduced new features and capabilities to the most secure mobile security platform available for the enterprise, but also made it available via the cloud and more cost-effective.


To keep the Good momentum going, last month we also announced our intent to acquire BoxTone, an innovator of mobile service management. Since then, the team has been working hard to bring the two organizations together and as of April 1, 2014, Good has completed that acquisition. Now, we can offer the most comprehensive end-to-end secure mobility solution to enterprises and businesses of all sizes.


Collectively, both the BoxTone and Good teams worked tirelessly to close this deal and move forward with the plans to roll out a new gamut of integrated solutions. These two teams are complementary in so many respects, both in the vision we have for the future of mobility, but also in our determination to find and work with the best partners to bring the best solutions to our customers. As we continue to work together, we will look to our respective teams to bring innovative technology solutions to market, levering the unique perspective that we will have as a merged organization.


With BoxTone’s mobile service management integrated in the Good platform, we are able to deliver a truly end-to-end secure mobility solution with an open architecture to support customers’ mobile journey to enterprise-scale – reliably and cost efficiently. For our customers, this integration means that Good will now offer a unique platform-based solution that can support the entire mobility lifecycle across a heterogeneous IT landscape. We will do this in a scalable, manageable and flexible manner, all while ensuring enterprise-grade security, and being the only secure mobility provider to achieve Common Criteria EAL-4+ certification for iOS and Android.


In looking at where we’ve come from and where we are headed, I can say it’s been quite a journey and I’m excited for what’s ahead. We know our customers are uncovering new challenges each day and we’re excited to be growing our team, and our capabilities, to make sure we can help tackle them.


Follow me on Twitter for more Good updates.

So you think you are BYOD-ready? Think again!

May 1, 2014 | Joranna Ng, Product Marketing Manager

You can’t avoid hearing or reading about the Bring Your Own Device (BYOD) phenomenon these days. And while some enterprises are already riding the BYOD wave, others may just be “getting their feet wet” or waiting for the right moment to jump in. Regardless of where you are today, know that in the very near future, your enterprise will likely need to implement a BYOD program.

Why do you need to be BYOD-ready?

Gartner's top 10 IT predictions for 2014 highlighted the fact that “the unexpected consequence of bring your own device (BYOD) programs is a doubling or even tripling of the size of the mobile workforce.” Think about it. Most of us have 2 or 3 mobile devices, which would suddenly be added to the existing laptop/desktop device population. Although this may not come as a surprise to everyone, the underlying message is that some companies may be unprepared for how quickly mobile device usage will grow. And being “unprepared” in this case is not a good situation to be in.

BYOD is here to stay mainly because enterprises recognize the benefits it brings to the table. With BYOD, employees gain greater freedom (in using the devices of their choice for work), which often leads to increased job satisfaction. And this ultimately benefits the enterprise as employee productivity rises.  But there’s also a flip side to BYOD as it introduces potential threats to corporate data – it becomes a hindrance to enterprises if data loss and unauthorized access to data occurs from mobile devices. The challenge here is how to reap the benefits of BYOD while making sure that compliance (from the enterprise’s standpoint) and security (of corporate data) are maintained. 

Why is MDM not enough for a BYOD program?

If you already have basic enterprise mobility management tools such as mobile device management (MDM) in place, that’s a good start. But MDM alone is not enough for a BYOD program. Gartner predicted that by 2016, 20 percent of enterprise BYOD programs will fail because of overly restrictive enterprise MDM deployments. This comes mainly from IT seeing the use of consumer technologies in the work environment as a threat to its control of endpoint resources. Employees often rebel and work around the MDM restrictions, and even if they don’t, odds are your MDM solution by itself doesn’t have the required security in place to protect your corporate data, increasing the likelihood of a data breach for your enterprise.

Besides, a good BYOD program does not involve just IT alone. It should also include departments such as Finance, Legal, HR, etc. So having an MDM solution alone does not constitute having a complete BYOD program.  

Devising and implementing a BYOD program can get complicated. And as no two enterprises are completely alike, it’s only practical that each enterprise have its own custom BYOD program.

Good’s BYOD Construction Policy Service

Fortunately, Good recognizes how complex developing a custom BYOD program can be. We created our BYOD Construction Policy Service to assist enterprises in creating and implementing a BYOD program quickly and efficiently. Our experts will guide your enterprise as it develops its own BYOD policy (after working cross-functionally within the organization’s various departments) that clearly outlines the expectations and requirements of both the enterprise and employee.

And to ensure the effective implementation of your BYOD policy statement after it is crafted, it’s crucial that your employees are aware and committed to it. So we go a step further to help you build an employee training and communication plan to facilitate the BYOD program.

We also have a significant number of global customers that have successfully embraced BYOD. You might want to read the Top Considerations for BYOD Strategy to gain some insights from their experiences.

So ask yourself again – is your enterprise indeed BYOD-ready? Will you be able to align key cross-functional stakeholders within the organization and ensure effective and consistent communication before, during, and after your BYOD program is roll-out?  If you can’t answer with a definite “yes” to these questions, it's time to seek help and connect with a Good expert.

By date:

Trending Topics