While the transition of mobile phones into computers has been a long time coming, the change over the past few years have been dramatic. Consumer smartphones and tablets have become so compelling that enterprise executives are willing to upend the ‘way we do things around here’ to have them. But what has become a powerful medium for learning, transacting, sharing, presenting – even transforming business – also brings serious enterprise risk.
IT and security professionals are largely turning to mobile device management solutions to help them get mobile devices under control and secured in their workplaces. However, this range of mobile challenges requires a new, more comprehensive security framework; one that goes beyond the basic ‘lock and block’ capabilities of most mobile device management (MDM) solutions. For far too long MDM solutions have been reactive in nature, focusing almost exclusively on the device and, consequently, leaving wide gaps in mobile enterprise security. Today’s enterprises need an MDM solution that arms them with tools to proactively monitor, control, and protect the enterprise end-to-end – across the device, application, network, and data layers.
Mobile security needs to be proactive and not reactive. MDM should stop threats before they happen rather than attempt to contain them once they occur. Proactive security is possible if the MDM solution has processes designed to monitor the mobile enterprise as well as execute specific actions in response to both user behavior and the types of data that employees seek to access.
How do you issue devices to some employees and let others bring-their-own? Employees demand freedom of device choice, and for many organizations, it’s an attractive, cost-saving strategy. But unlike standard-issue, locked-down PCs or tightly controlled BlackBerrys, mobile devices in today’s enterprise are diverse, have varying levels of vulnerability, and offer no consistent way for IT to manage even the most basic security policies. IT is unable to protect enterprise data in the event that an employee’s device is lost or stolen, or when an employee leaves the company. Further, as privacy battles and legal actions play out around the world, it is becoming increasingly clear that wiping all of the content from a departing employee’s device personally-owned is simply unacceptable for many organizations.
Will scaling to all of the devices you’ll need to support incur significant hardware costs and create management complexity? Even though scalability may seem like a distant concern for some enterprises, the explosion of mobile device sales and proliferation of mobile apps will make that concern a reality sooner than later. Enterprises will do well to incorporate long-term scalability requirements into their plans early on. The majority of leading MDM solutions support one to two thousand users per server, which means that scaling can become costly and unwieldy. For global enterprises, or ones with 10,000 employees or more, scale becomes a serious challenge. Some MDM solutions require organizations run multiple servers or appliances, yet require that administrators sign in to multiple consoles, have separate integrations with corporate resources such as Active Directory, and tie high availability to each server. Scaling in this manner can be a time-consuming, error-prone, manual process that creates risky security silos.
Many MDM solutions are not architected with security in mind by keeping sensitive data behind the firewall and brokering access to it via technology residing in the DMZ. Some MDM solutions are architected so that they must make tradeoffs between data availability and security measures, so they side with data availability at the expense of security, rather than thoughtfully optimizing for both. As a result, MDM architectures can end up with choices such as data repositories residing in the DMZ, thus potentially exposing users’ data, or behind-the-firewall data repositories being accessed insecurely from servers in the DMZ.
With the massive growth in smartphones and tablets in the enterprise and the security risks they bring, a comprehensive framework for implementing end-to-end secure mobility is critical.