While Mobile Device Management Software (MDM) has become one of the fastest growing IT segment with 100 vendors offering containerization, FIPS-validated encryption and features with even more obscure technical terms, why do we need it all this new security stuff? We have been carrying laptops for decades and we didn’t need a mobile security management strategy. So why do we need it now?
What are the new security risks which have been introduced by the new smartphones and tablets?
1) Frequent Losses
Our compact devices are a lot more subject to loss than laptops. A 2012 survey, reveals that more than 8,000 devices were lost or forgotten in airplanes in 7 major US airports during a 12-months period. At the Chicago O’Hare airport, lost smartphones and tablets topped laptops by a factor of 20:1. The data and documents residing on these lost devices are at risk. Mobile operating systems attempt to mitigate this risk by providing the ability to locate a remote device even when a device run-out of battery and to remotely wipe-out the data on the device.
2) Public Networks
The data which is being sent from our devices is transiting on public Wi-Fi and cellular networks which can be compromised with simple equipment. The rapidly increasing usage of public networks put the data in transit at risk. That’s where data encryption provided by VPNs’ and the SSL protocol come-in by protecting the data while in transit.
3) App Stores
The flexibility to freely download apps and content has fueled the explosive growth of smartphones and mobile applications but it has also introduced a new risk factor. Malware can mimic popular applications and transfer contacts, photos and documents to unknown destination servers. There is no way to disable the application stores on mobile operating systems. Fortunately for end-users, our smartphone are fundamentally open devices however they can quite easily be hacked. MDM platforms offer application validation services to ensure that the approved applications are protecting the application data. They also prevent screen capture, cut and paste operation to prevent data loss.
Most enterprise have reacted to the proliferation of mobile devices by allowing employees to bring their own device. Enterprises now provide business applications on these devices. As a result, confidential business information reside on employee-owned device. Once an employee quits, the mobile operating system wipe-out is not an optimal solution as it will delete both business and personal data (Ouch! South of France family vacation’s pics are gone!)
MDMs’ offer a finer grained solution with application or work space specific data wipe-out.
In a next post, we will look into how you can define an effective Mobile Strategy. Stay tuned!