Mobile endpoint security: What enterprise infosec pros must know now
A comprehensive collection of articles, videos and more, hand-picked by our editors
Every company should have some form of mobile device management software, but the technology's drawbacks make it
an incomplete solution to IT's problems.
Mobile device management (MDM) software lets organizations control and secure access to smartphones and tablets. MDM products are typically composed of an agent on the mobile device, a server component that IT administers and usually an intermediary server the MDM vendor runs.
The main purposes of MDM are to:
- allow mobile devices on the corporate infrastructure;
- encourage more productivity by empowering employees to work anytime and anyplace;
- deliver email, calendar and contacts to smartphones and tablets;
- securely manage data on mobile devices; and
- provide a conduit for virtual private network (VPN) connections and Remote Desktop Services.
Increasingly, mobile device management software also provides some mobile application management features, such as an enterprise app store and application sandboxing, as well as mobile expense management.
More on mobile device management software
Defining the need for MDM software
MDM software guide
An MDM checklist for IT
Despite the numerous positive and useful features, some companies don't invest in mobile device management software because it is costly. Large companies could spend a million dollars or more on a cloud-based MDM service, or to have an MDM system installed on a server. Businesses should do a financial analysis of whether a breach would cost more than the total price of an MDM system. Many companies don't understand the cost of the kind of breach that may happen with employee-owned mobile devices, however. It's also important to fully grasp the amount of productivity that workers gain when companies securely enable mobile device use.
Other reasons companies choose to not invest in mobile device management software include a lack of trained IT staff to administer the system and the absence of policies to govern use of company data and devices. Companies may also have investments in current laptop and desktop architecture that prevent them from committing to an MDM system. And some organizations have a fear of the security limitations of MDM tools.
There are also some gaps that mobile device management software cannot address, such as those outlined in a recent PDF from the National Security Agency:
- Companies may have more stringent security requirements than an MDM system can support; for example, some organizations may not want any data to leave their control, but MDM can't always prevent data leakage via cloud services or other means.
- Some VPN implementations only make sure that part of a device's network communications are protected, which means that MDM tools do not protect company data well enough in some VPN implementations.
- The piece of software installed on the mobile device -- the MDM agent -- is not sophisticated enough to fend off all attacks because device and OS manufacturers don't provide MDM vendors with all the code necessary to totally manage devices. And there isn't a one-size-fits-all system; different device and OS makers provide different levels of MDM access.
- MDM providers have a tough time providing support for new operating systems as quickly as those OSes come out.
- App management features can be fairly weak. For example, some MDM products lack a proper test environment for company-developed apps.
How do you fill in the gaps? Companies can request that employees use a secured VPN or Wi-Fi connection and provide data storage applications that the corporation manages. They can also develop policies that encourage productivity, yet provide the proper measures of security. Although I don't recommend it, companies can utilize ActiveSync with the right mixture of security policies to enable corporate devices on the network. If a company does not like the available third-party apps, it can develop homegrown apps that provide the proper level of security.
But the bottom line is that mobile device management software is necessary in the here and now for companies that want to encourage more productivity and provide an appropriate level of security.