Mobile endpoint security: What enterprise infosec pros must know now
A comprehensive collection of articles, videos and more, hand-picked by our editors
Mobile management has to extend beyond devices if IT pros are to ensure data security.
Mobile device management (MDM) vendors have worked hard to keep up with the constant stream of new devices and feature sets. But for IT administrators who have to manage mobility, the challenge is still daunting. Controlling data in the cloud, dealing with multiple operating systems and accommodating employees who use multiple devices all remain hurdles.
Controlling data in the cloud
Data leaks have been a concern for the enterprise ever since the days of floppy disks and Internet-connected email. Now cloud applications and storage are changing the magnitude of data leaks.
Admins cannot just use MDM to lock data on smartphones. An overall strategy to manage mobility must control access to corporate data that mobile apps may use and that employees may store in the cloud. It's not unusual for corporate data to end up on a Google Calendar or in Dropbox. Some cloud storage services, such as Google Drive and Apple iCloud, are so integrated into mobile OSes that they are hard for users to avoid. In fact, employees may not even realize they are storing data in a potentially risky way.
There are two ways to manage data leaks. The first is to limit all corporate data to a specific application or set of applications. Doing so can limit file access and cut, copy and paste actions to an encrypted portion of the device. It is an effective course of action, but it can prevent employees from using apps they need for work.
The second way you can manage data leaks is to centrally manage users' accounts. For example, if employees want to use Evernote, which has its own storage, admins will want control over the use of that account and what happens to it when the user changes positions or leaves the company. Managing these accounts centrally can be beneficial because admins can integrate accounts with role-based management via services such as Active Directory. As the list of useful mobile applications continues to grow, MDM systems need to provide a way to manage account access and data protection in those apps.
It's not a two-horse race
Although Apple and Android dominate the mobile device market, that doesn't mean that the devices users bring to work will standardize. Other manufacturers still see the potential in the market and are pushing new operating systems and offshoots that will keep IT departments hopping.
The next tier of competitors includes Microsoft, with its Windows Phone, and BlackBerry, which is fighting for consumer relevancy with BlackBerry 10. Several lesser-known OSes are also in the works. Canonical, which is popular for its Ubuntu Linux desktop and server OSes, intends to ship a smartphone by year's end, for example.
The latest hot device can come and go in a flash -- remember Palm WebOS? -- but consumers are often locked into their devices for two to three years under wireless contracts. Any strategy to manage mobility has to take these factors into consideration.
IT pros should also consider that many employees are using more and more mobile devices. It's not unusual for an employee to have a smartphone and a tablet in addition to a laptop or desktop. Certain use cases demand that some professionals be able to move easily among multiple devices.
More ways to manage mobility
Best practices for managing mobile users
Mobile enterprise application management quiz
MDM, MAM and MIM: Your enterprise mobility management options
But the device itself is not what guarantees users' productivity. Employees know how to get what they need from almost any device. Mobility management software needs to treat these seemingly disparate devices as a single entity for the end user, forming user profiles and providing data access and role-based management that are compatible across devices.
Many MDM products are already headed in this direction. But the role-based access that administrators provide via authentication and identity systems, such as Active Directory, and push to domain-joined resources on the network through Group Policy are not feasible, even though they're still necessary for bread-and-butter network resources.
Some MDM vendors are starting to realize that they need to integrate with these big configuration tools and extend that functionality to mobile devices and into the cloud. Taking advantage of federated directory services, such as Microsoft's Active Directory Federation Services, vendors can even set up shop in the cloud and sidestep the internal network altogether.
Mobility management of the future has to embrace change. MDM and other technologies need to adapt to IT's needs as new devices, new requirements for cloud and new regulations emerge.