Employees can't get enough of the cool new mobile devices handheld vendors are churning out with surprising alacrity. For IT security managers, however, these devices pose quite a few challenging data security and privacy problems. That's where mobile device management (MDM) technology comes in. MDM products allow enterprises to cope and secure numerous corporate- and employee-owned mobile device platforms, essentially allowing enterprises IT administrators to supervise and control the manner smartphones, tablets etc are utilized in the company environment.
Enterprises desire a strategy to allow mobile devices to soundly integrate with their corporate infrastructure corresponding to directory services, email, Wi-Fi, VPN
 John Marshall, CEO, AirWatch
"Enterprises desire a strategy to allow mobile devices to safely integrate with their corporate infrastructure together with directory services, email, Wi-Fi, VPN," said John Marshall, CEO for Atlanta-based MDM vendor AirWatch LLC.
Ojas Rege, vp of goods and marketing for Mountain View, Calif.-based mobile management vendor MobileIron Inc., said MDM products are designed to deal with five key challenges that include managing security for a number of consumer-oriented mobile devices.
Rege said MDM products offer asset management to maintain track of smartphone and tablet inventory and ownership; configuration management to manage mobile device settings for enterprise connectivity, privacy, security and applications; data protection for both data at rest at the device and information in motion flowing to and from the device; enterprise application management, often enabling an enterprise to give its own "app store" to distribute mobile applications and make sure the protection of application data; and troubleshooting and help desk functions to support end users.
MDM use cases, pain points
According to Marshall, MDM products are best for midsize or large enterprises that desire to allow corporate or employee-liable devices to access internal resources inclusive of email, VPNs, Wi-Fi, mobile applications, or enterprise applications along with Microsoft SharePoint, ERP or other proprietary systems.
Rege said MDM works well when a company has permitted or supports just one form of device, equivalent to a BlackBerry, but desires to allow using other mobile devices and desires to secure corporate data on these additional mobile platforms. Or, if the organization is moving beyond mobile email to mobile apps and wishes to supply mechanisms for distribution, end-user discovery and app data security.
"A pain point for a lot of enterprises is the BYOD (bring your personal device) pressure from employees," said Lisa Pittenger, product manager for enterprise mobility at Santa Clara, Calif.-based security vendor McAffee Inc.Â
"As more personal devices begin accessing corporate data, there's still some pain surrounding governance and privacy concerns if an employee were to go away on the subject of wiping the device," Pittenger  said. "It is crucial for the enterprise to have a BYOD policy in place and clear guidance on what is going to happen to the information in that sort of event."
According to Kevin Johnson, a SANS instructor and security consultant with Jacksonville, Fla.-based consultancy Secure Ideas, MDM pain points include designing the policies and getting approval from key players to confine the functionality to the selected mobile device features. Johnson also said managing what devices are subscribed to the MDM within the light of ongoing mobile device turnovers is really a pain point.
According to Rege, designing a brand new class of mobile device security and privacy policies can challenge staff because MDM is fundamentally different than desktop / laptop norms for technology, behavior and user requirements where the user experience sometimes suffers to enrich security or remote management. Rege said MDM should allow user collection of device and apps, and never interfere with device performance or user experience.
To succeed, Rege said, MDM products must support at the very least three or more mobile device operating systems, comparable to iOS and Android, feature baseline and advanced security settings, and an inline proxy for securing data in motion.
Rege said other must-have features should include tight integration with Active Directory and Lightweight Directory Access Protocol (LDAP), in addition other identity management (IM) and security systems, together with end-to-end mobile application management.
According to Marshall, you must consider whether a product is in a position to advanced grouping or multi-tenancy for autonomy across regions or P&Ls, but offers some level of centralized control and asset management.
"We're seeing quite a few point solutions or distributed decisions from large multinationals, primarily because of a way of urgency to start quickly," Marshall said.
Johnson said MDM products should be ready to group users and devices to precise configurations. He also emphasized the will for solid reporting capabilities so organizations can see what is going on with the devices and the configurations.
Multiple stakeholders is known as a pain point, in keeping with Vizay Kotikalapudi, senior manager of endpoint management and mobility with vendor Symantec Corp.
"Who manages mobility within the organizations remains unclear, and there are multiple teams that experience interest in mobility," Kotikalapudi said. "As an example, the messaging team for mobile email, the infrastructure team for mobile apps, the protection team for security, the operations/help desk team for day-to-day tasks.
"There's guaranteed to be some organizational friction because the needs of those different teams evolve," Kotikalapudi added. "Having clear goals, shared teams and end-user buy-in might actually help alleviate these pains."
Near-term MDM change agents
According to the Gartner's April 2011 magic quadrant report for the mobile device management market, current market leaders include AirWatch, Good Technology, MobileIron and Sybase. However, the research firm has stated that no single vendor offers a comprehensive product for management of applications, services, policy, devices and security, meaning the feature-sets of today's MDM products are inclined to expand further as a way to cover these gaps.
Yet there are other change agents driving the expansion and evolution of the MDM product market. McAfee's Pittenger said the expansion of dangerous mobile malware has increased the significance of providing comprehensive safeguards for mobile devices before allowing them access to corporate networks and their resources.
"App distribution, app compliance and app-level security becomes increasingly important over the subsequent several months," Marshall said.  "To be fully productive, mobile workers expect to apply not just the most recent mobile devices, but in addition a set of complementary apps. Additionally, mobile apps are becoming a strategic initiative across many organizations, making a competitive differentiator of their marketplace."
"The safety/compliance requirements during this new context are going to be more complex," Kotikalapudi noted. "Having a knowledge-centric approach, vs. a tool-centric approach, is going to work best for the longer term."
About the writer:
Bill Hayes is a contract security writer and consultant based in Nebraska.
Nessun commento:
Posta un commento
Comments links could be nofollow free