Mobile Device Management (MDM)
While the transition of mobile phones into computers has been a long time coming, the sea change in the past two years is dramatic: Consumer smartphones and tablets have become so compelling that enterprise executives are willing to upend traditional IT practices to allow them to be used in the workplace. But what has become a powerful medium for learning, transacting, sharing, presenting – even transforming business – also brings serious enterprise risk.
Wherever they are, whatever time of day, employees can potentially gain access to entire enterprise – the corporate network, proprietary business applications, and sensitive data – from a device small enough to fit in their pocket.
As IT and security professionals know all too well, the risks associated with this are many, with employee habits or behaviours that can lead to data loss, exposure of the corporate network, and compliance breaches.
IT and security professionals are largely turning to mobile device management (MDM) solutions to help them get mobile devices under control and secured in their workplaces.
MDM software secures, monitors, manages and supports mobile devices deployed across mobile operators, service providers and enterprises. MDM functionality typically includes over-the-air distribution of applications, data and configuration settings for all types of mobile devices, including mobile phones, smartphones, tablet computers, ruggedized mobile computers, mobile printers, mobile POS devices, etc. This applies to both company-owned and employee-owned (BYOD) devices across the enterprise or mobile devices owned by consumers.
By controlling and protecting the data and configuration settings for all mobile devices in the network, MDM can greatly reduce support costs and business risks. The intent of MDM is to optimize the functionality and security of a mobile communications network while minimizing cost and downtime.
With mobile devices becoming ubiquitous and applications flooding the market, mobile monitoring is growing in importance. Numerous vendors help mobile device manufacturers, content portals and developers, test and monitor the delivery of their mobile content, applications and services. This testing of content is done real time by simulating the action of thousands of customers and detecting and correcting bugs in the applications.
However, this range of mobile challenges requires a new, more comprehensive security framework; one that goes beyond the basic “lock and block? capabilities of most mobile device management (MDM) solutions. For far too long MDM solutions have been reactive in nature, focusing almost exclusively on the device and, consequently, leaving wide gaps in mobile enterprise security. Today’s enterprises need an MDM solution that arms them with tools to proactively monitor, control, and protect the enterprise end-to-end – across the device, application, network, and data layers.
Besides providing end-to-end security, MDM solutions should integrate those layers so that each acts as a series of checks and balances. For instance, an MDM solution’s device layer security should prevent users from downloading blacklisted applications. And if the MDM solution is unable to block a user from downloading a blacklisted app, the network layer – using a Mobile Security Gateway – should step-in to block that device from accessing the network.
Mobile security needs to be proactive, not reactive, that is to say, the MDM should stop threats before they happen rather than attempt to contain them once they occur. Proactive security is possible if the MDM solution has processes designed to monitor the mobile enterprise (e.g., Mobile Security Intelligence) as well as execute specific actions in response to both user behaviour (e.g., “context-aware?) and the types of data that employees seek to access (e.g. ”content-aware?).
Due to consumerisation of IT and bring your own device (BYOD) trends, enterprises need an MDM solution that supports a hybrid security model that accommodates both company-issued and personally-owned devices. In addition to disabling and re-enabling apps such as Facebook, the MDM solution should enable IT to lock and wipe company-issued devices if they’re lost or stolen, and selectively wipe personally-owned devices of enterprise data once the employee leaves the company.