The fascinating world of mobile devices and MDM
Since BYOD (bring-your-own-device) first emerged, there have been some significant changes in the tech and security industries. Companies and mobile devices manufacturers, as well as mobile operating systems developers, have been challenged to step up their game, especially with the constant innovations and security threats.
The incredible evolution of mobile devices technology
In 1983 the first mobile phone was manufactured and approved by the FCC (Federal Communications Commission) – Motorola DynaTAC 8000X (it offered 30 minutes of talk time) – and since then, the mobile devices industry has come a long way. Between 2007 and 2015 there were 1,423.9m units shipped worldwide to end users and for 2017 the number of mobile phone users is expected to reach 4.77 billion. That is more than half of the worldwide population. There are also estimated to be 19 million mobile app developers in the world and will get to 25 million by the year 2020, according to Evans Data Corporation’s statistics. With the plethora of apps and features developed to entertain and make lives easier and employees more productive, it is no wonder how the mobile devices market evolved. The enterprise was dominated by Blackberry six years ago, but their market share quickly dropped due to consumers who adopted Android and iPhones realizing they can have one single device for work and play. The two leading platforms, Google’s Android and Apple’s iOS had a spectacular evolution trying to fulfill the most sophisticated and basic needs at the same time.
If we look at Android, the dominant global mobile platform, we see the most flexible mobile OS which every hardware vendor can adapt, with the downside of less control from Google when it comes to pushing updates and security patches to all smartphone and tablets vendors that use Android. Its latest version, Android 7.0 (Nougat), presents new security features like “work security challenge” and “work mode”. These show how Google is interested in investing more in security to get a better position as a provider for the enterprise and integrate Android mobile devices as secure, user-friendly business devices which can be also used for personal purposes.
Apple’s mobile devices were considered the most secure on the market when they first appeared. They still are because Apple managed to carry on Steve Job’s legacy. The iPhone, iPad, and iPod touch are known for their locked-down nature and secure OS. The recent Pegasus was the first major issue for iOS. Apple mobile devices have also managed to invade the enterprise for this and many other reasons. Not so long ago they were niche devices, with a handful of people proudly owning an iPhone or iPad. However, the number of consumers opting for iOS devices has increased, bringing them also to the workplace and changing entire infrastructures. In September 2016 iOS 10 and iPhone 7 will be released and they are expected to have great enhancements.
So, from the first ever released mobile phone, which only allowed phone calls and had a small LED display for dialing, to nowadays smartphones, which comprise 33 years of innovation and technological progress, allowing complex operations, the worldwide economic, technological and social environments have changed.
Mobile devices’ impact on the enterprise environment
Today’s end user computing is unrecognizable to that of 10 years ago. Employees are carrying multiple mobile devices at the workplace, such as smartphones, tablets, and laptops. This can lead to increased productivity, but also to potential security and data protection risks for the company.
The top threats that can have a big impact on businesses are:
- Lost or stolen devices
While the size of mobile devices makes them perfect travel companions, it also makes them easy to be stolen or lost in public places.
- Malicious apps
The constant Internet connectivity and the increased use of apps represent a favorable factor for data security incidents. Malicious apps, more often on Android than iOS, as well as data that is backed up by these, can lead to data leakage and can jeopardize many aspects of people’s lives or businesses.
The popularity of cloud apps and the lack of proper training for employees is a dangerous combo. Users store sensitive information like contact lists, e-mails, personally identifiable information (PII), and corporate data that usually are not encrypted because users fail to enable or they disable the security features provided by the OS. According to a study conducted by the Ponemon Institute, 52 percent of IT security practitioners say employees circumvent or disable security settings.
- Inconsistent mobile security implementation
Many organizations do not align the security policy to business objectives and employees’ work habits. This translates into either loose policies or too restrictive ones. It is also frequent for IT Administrators to control only mobile devices offered by the company, but not the employees’ personal devices.
How Mobile Device Management evolved
For the enterprise environment, Mobile Device Management solutions have emerged in a period when chaos was about to break loose. Gartner defines MDM as “a range of products and services that enable organizations to deploy and support corporate applications to mobile devices, such as smartphones and tablets, possibly for personal use — enforcing policies and maintaining the desired level of IT control across multiple platforms.” Source: www.webopedia.com. In 2014, Gartner introduced the Enterprise Mobility Management (EMM) term that includes mobile device, identity, content, and application management.
With MDM, the old days when companies and organizations fully restricted the use of mobile devices inside the company network are far gone. If they want to keep their employees happy and keep the business secure at the same time, organizations need strong EMM and BYOD policies to protect sensitive data and also increase mobility for users.
MDM vendors have different approaches. Some vendors offer basic MDM features like tracking and locating mobile devices, remote wiping / locking, mobile devices inventory and secure password management. Usually, these are the antivirus vendors which extend their solution on mobile devices, taking advantage of each mobile platform API. Then, there are the ones that provide additional features like pushing apps (Mobile Application Management), geofencing, e-mail, VPN and WiFi setup, restrictions for apps and built-in features like the camera. Last, vendors that offer also content management and containerization, besides the usual MDM features, are fewer, highly specialized in MDM. Organizations selecting to implement the last type of MDM solution require a great expertise to manage such solution and, for that matter, they often end up as shelfware. Most of the companies are not prepared for advanced mobile devices controls and should start with simpler implementations.
How we see MDM
In the bewildering MDM market, we have a really pragmatic approach. We want to protect all endpoints ranging from desktops, laptops to smartphones, and tablets, which is why we added MDM as an optional module in the Data Loss Prevention product – Endpoint Protector. So, companies that want to protect data on Windows, Macs, and Linux endpoints can extend data security to iOS and Android mobile devices. Instead of having two solutions for DLP and MDM, they get both of them in one management console, benefitting from reduced costs with staff, training, infrastructure, etc.
The mobile devices industry and its implications for data security are fascinating. If we think also about the IoT (Internet of Things) the landscape looks even more complex. We expect increased security for wearables and other Internet-connected devices in the future as well as better and deeper integration with mobile devices. Next generations of mobile devices will have to bring innovations that we cannot even think of to keep up with the demanding consumers, businesses, and regulators. There is a lot of pressure from many directions and we are anxious to see what the next big thing is when it comes to the mobile and IoT world.
Download our free ebook on
Data Loss Prevention Best Practices
Helping IT Managers, IT Administrators and data security staff understand the concept and purpose of DLP and how to easily implement it.