Get started Bring yourself up to speed with our introductory content.

Mobile security systems: Most have them; some sort of do

This blog post is part of our Essential Guide: A CIO's essential guide to mobile business strategy

Earlier this month, I interviewed Gartner analyst Dionisio Zumerle about the trends influencing the mobile device security market and why traditional endpoint security models “just don’t fit mobile.”

Fortunately, organizations today aren’t using those technologies for mobile devices, he said.

“The good thing is that most enterprises started off with mobility as a brand-new thing,” said Zumerle, co-author of the updated report “How Digital Business Reshapes Mobile Security.” So they bought new mobile security systems to manage and secure their employees’ devices.

The most common one organizations use today to enforce mobile security policies is enterprise mobility management (EMM), which monitors mobile devices and controls employee access to applications. Zumerle said the vast majority of Gartner client organizations use an EMM tool.

‘Unmanaged’ devices

A minority of organizations, “for a number of internal reasons — usability, technical reasons — do not want to manage devices,” Zumerle said. “It’s a slightly different approach. Instead of trusting the device, they are trusting parts of the architecture.”

Organizations that choose to “unmanage” devices may pack their email contacts, calendars and business applications into a mobile container and “make sure that container stays safe from any sorts of attacks.”
The personal applications employees use would be outside the container; the advantage is they are isolated from the company-sanctioned business apps, Zumerle said.

Or organizations can set up an enterprise app store. There, employees can browse and download approved applications. Some basic detection programs would be run on the devices workers download apps to — to check whether the devices were “jailbroken,” or had software restrictions removed, or otherwise compromised.

“You would have those sorts of things, but you wouldn’t impose a device-wide enterprise policy,” Zumerle said.

Just the basics

A third category of organizations don’t have proper mobile security systems — but they do impose the most basic security on devices used by their workers. They may use Exchange ActiveSync, a Microsoft protocol that lets users access email and contacts from their employer’s Exchange server. It can be used to impose security on mobile devices, but it’s bare-bones.

“You basically can force a very basic policy onto the device in terms of passcodes encryption and so on,” Zumerle said. “There’s a portion of the industry right now that are still at that stage, where they’re using that basic protocol for some basic management of the device.”

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

We plan to .
Cancel

-ADS BY GOOGLE

SearchCompliance

SearchHealthIT

SearchCloudComputing

SearchMobileComputing

SearchDataCenter

Close