Addressing Mobile Device Management Security Concerns
The introduction of personal devices (or Bring Your Own Device) into the workplace brings about issues about control and data protection. BYOD has not only blurred the lines between corporate and personal data but it has also ushered in risks, such as lost or stolen devices or data breaches via employee-owned devices.
Enter mobile device management (MDM). Mobile device management allows IT administrators to secure and monitor corporate data and apps found in personal devices. And yet, MDM is not without some drawbacks.
Cause for Concern
One of the major concerns for mobile device management remains to be security. A Black Hat conference presentation this year highlighted some of the possible security risks associated with MDM. Their demonstration revealed that vulnerabilities were present in these security tools. Some of these include “ignoring authentication” and “sending login tokens without encryption.” The researchers even found that it was possible to launch an attack that can mimic a phone’s identity on the attacker’s device.
This isn’t the first time this concern has been raised over MDM. Last year’s Black Hat Europe conference also featured a presentation about attacks against MDM. This presentation focused on the ways an attacker can extract sensitive information, specifically through the use of “spyphones.”
These attack scenarios show that rather than becoming a method of security, MDM has the potential to become yet another attack surface. This is the very reason why companies need to be discerning when it comes to selecting the right tools and interfaces to protect their devices. Enterprises looking to utilize a MDM-type of environment should look for the following features.
Simplified User Experience. Employees should be able to install the necessary programs or apps easily into their devices. The MDM apps should be available for different platforms like Android and iOS. The apps should provide a familiar and fluid experience for both smartphones and tablets, ensuring that employees can easily navigate within the apps.
Using apps that provide a familiar experience for employees addresses the problem that often arises with the use of container technology, a technique often used in BYOD environments. Container technology allows the IT department to manage a specific, “cordoned off” section of the employee’s device. This container has all the corporate apps and data.
Unfortunately, most apps in the container have a different user interface (UI) that employees, which might put off employees. Additionally, “secure” containers depend on the integrity of the host system. This means that once the host system has been compromised, the contained portion becomes less secure. It should be noted that the corporate data and the apps are still located in the employee’s device; these aren’t fully controlled and hosted by the company’s IT team. This set-up may pose a severe problem should the device be stolen or lost by the employee.
Simplified Management. IT admins should be able to centrally manage all users from a single console, allowing for ease and visibility. Options such as managing by profile are highly advantageous. Of course, one feature that IT administrators should look for is easy deployment of the system.
Security. Security should be the top concern for enterprises. They need to look for solutions and options that prioritize securing the work-related apps and data. They can even look into options that stores the apps and data in separate, secured corporate, to be managed by the company’s IT administrators. This can address the issue of stolen or lost devices, as the apps and data are stored on the servers and not on the device. Employees should be provided a secured environment within their device—often a virtual workspace—to ensure that data remains protected from possible attackers.
Building Blocks of Security
Of course, no two enterprises are alike. They may require MDM configurations or set-ups that are unique to their environment. However, all businesses can use the features mentioned in this entry as the building blocks for creating a secure and safe BYOD environment. Once these “blocks” are in place, IT administrators will have an easier time monitoring and protecting the corporate data and apps that can be found in the employees’ devices.
Enterprises looking to secure employee devices may consider Trend Micro™ Safe Mobile Workforce™. Safe Mobile Workforce allows IT administrators complete control of corporate data assets without being obtrusive to employees.