Mobile endpoint security: What enterprise infosec pros must know now
A comprehensive collection of articles, videos and more, hand-picked by our editors
With mobility now universally on the front burner at IT shops everywhere, serious investments are being made in
mobile device management (MDM) and other elements of a comprehensive enterprise mobility management (EMM) strategy. MDM was in fact the first approach to mobility management to appear, and this development was easy to predict: MDM is simply an extension of the "element management" methodology that has historically dominated all of IT management, with the atoms of management being easily identified hardware components such as routers, switches and PCs. The management of mobile devices, then, is a simple extension to this model and fits very nicely into a proven IT management doctrine.
But two obvious challenges to the MDM approach have now become clear. The first is that the management of mobility must extend way beyond the mobile device alone. Additional elements -- including the management of applications, data and information, policy and operations, and even operational expenses -- are equally important, but also well beyond the domain of the mobile device. The second is a consequence of the rapid rise of bring your own device (BYOD), wherein the enterprise or organization may not own a given device being used at least partially for corporate purposes, and which likely has access to sensitive information and network resources. Even though this sensitive (as defined in the organization's security policy) information may reside on a user device, brute-force (and often ineffective) MDM capabilities, such as device wiping, are completely inappropriate on handsets, tablets and PCs owned by users.
This situation has thus given rise to solutions that instead manage the other elements noted above: applications, information, network access and security, and policy enforcement. Mobile application management (MAM) involves such functions as application whitelisting and blacklisting, and often such conveniences as enterprise apps stores and end-user help and support. Mobile information management (MIM) implements containerization, sometimes called sandboxing, to isolate, encrypt, monitor and control the distribution and use of sensitive enterprise data without interfering with the fundamental nature of a user-owned device. Mobile policy management (MPM) and mobile expense management (MEM) make sure that operational policies regarding the minimization of mobile telecom expense costs -- an offshoot of telecom expense management (TEM) and managing other usage issues such as network selection -- are in place, effective and in concert with local policies.
Where does this leave MDM? MDM remains a vital component in monitoring key device issues and assuring configuration and compliance with organizational operating policies related to this aspect of management. Firewall settings, antivirus and malware capabilities, and enabling and disabling hardware ports (like USB) with respect to the copying of enterprise data -- those are but a few of the many essential functions of MDM in a BYOD world. We might sum up here by stating that MDM is a necessary, but not sufficient, mobility management capability today. The other management domains noted above will increasingly come into play as mobile operations mature, especially in larger enterprises. MDM and other mobility management vendors are now hard at work building cross-functional roll-ups that merge this wide variety of functions into comprehensive, single-console solutions.
And what about BYOD? As BYOD is really about policy and authentication (not configuration and thus not core MDM capabilities), the field of identify management has rapidly evolved. Driven by the wireless-LAN vendor community, identity management is the future of authentication and network access control -- who can do what, on what device, where and when, on what networks, and with what degree of monitoring and control. Assuring device configuration compliance via MDM remains complementary here, and we can thus expect that at least some future identity management solutions will include MDM capabilities.
So, then, MDM and BYOD are separate and distinct concepts and require complementary management techniques and solutions for success. Fortunately, we're making steady progress as an industry on both. As noted above, roll-ups of enterprise mobility management functionality promise IT management a lessening burden -- and a far greater degree of operational assurance -- over time. We remain, after all, still in the relatively early days of mobility management, but the high demand for mobility seen universally provides a correspondingly high degree of confidence that comprehensive enterprise mobility management solutions will be appearing sooner rather than later.
Craig Mathias is a principal with Farpoint Group, a wireless and mobile advisory firm in Ashland, Mass., and an internationally recognized expert on wireless communications and mobile computing technologies.
More on BYOD strategies
CIO's approach to BYOD puts focus on productivity
Virtualizing mobile devices for better BYOD?
Craig Mathias, Contributor asks:
What is the most difficult aspect of MDM?
0 ResponsesJoin the Discussion