As enterprise mobile security has matured, it has became evident that managing devices is not as important as managing the data and applications on them.
The release of the first iPhone in June 2007 marked the beginning of the "modern" mobile market; users started pressuring IT departments to drop their BlackBerry devices so they could use their exciting new touchscreen devices to access corporate email and other systems.
IT departments generally nixed those requests because of security concerns. When requests started coming from the executive suite, CIOs and IT directors had to respond, and the bring your own device (BYOD) movement was born.
Enterprise mobile security and management were still core IT concerns in BYOD environments, and CIOs began searching for tools that would provide the same type of functionality as the BlackBerry Enterprise Server. This marked the advent of the mobile device management (MDM) industry.
Initially, MDM demands were rather rudimentary, primarily focusing on cataloging the devices in use, ensuring that they had basic security measures (typically on-device encryption and an adequate power-on password), and providing the ability to remotely wipe the device if the employee left the organization or it was lost or stolen.
Security-sensitive companies began investing in MDM systems, which had varying capabilities based on the given operating system. In some cases, enterprise features such as on-device encryption simply weren't available, and the OS manufacturers offered application programming interfaces to provide access to different capabilities.
For example, Apple first offered on-device encryption in iOS 3, which was released in 2009, while Google did not implement it in the Android OS until two years later. As a result, Apple devices were typically supported in enterprise environments, unlike Android units. Fortunately, iOS, Android and Windows Phone have all come to virtual parity today in the levels of security they provide.
The focus of enterprise mobile security shifted from MDM to mobile information management (MIM) and mobile application management. With the addition of those two functions, many of the traditional MDM manufacturers have adopted the term "enterprise mobility management" (EMM).
Where the first wave of MDM products looked to enforce encryption on the device, MIM takes a more holistic approach to securing data. The typical configuration involves creating a secure container or "sandbox" on the device, essentially dividing it into enterprise and personal regions. All data and applications within the secure container are encrypted and password-protected.
BlackBerry had actually pioneered the secure container idea with its BlackBerry Balance capability in BlackBerry 10; that implementation is still one of the "slickest" secure container capabilities, delivering a stellar user experience in switching between enterprise and personal modes. Virtually every EMM/MDM supplier offers secure containers today that work on iOS, Android and, in some cases, Windows Phone as well.
Dig deeper on Enterprise mobile device management
Michael Finneran asks:
What technologies do you use for enterprise mobile security?
1 ResponseJoin the Discussion