If Cisco’s forecasts are accurate, in a couple of months the number of mobile-connected devices will exceed the number of people on the planet, and by 2017 there will be nearly 1.4 mobile devices per each person.

As someone in the business of Mobile Data Protection (MDP), this is an amazing milestone and the trend shows no slowdown in growth for the foreseeable future. Many people own and carry around multiple devices including a smartphone, a tablet, an e-reader and a laptop or ultraportable at the same time. Wearables like smart watches and Google Glass are adding to that list.

IT departments which have been in the process of adopting Bring Your Own Device (BYOD) policies for the past decade or so now face faster growing and more diverse set of challenges. On the topic of data security, Mobile Device Management (MDM) technologies, at least in principle, provide a viable solution to business concerns like data loss, leakage and theft. A well-defined MDM policy installed on employee-owned mobile devices enforces security measures such as: data encryption, strong password protection, multi-factor authentication, data sharing controls, app whitelists, etc. In the unfortunate event that a device is lost, IT could push a remote wipe command to the device that will effectively clear all user data (personal or work) from the device. In theory this all sounds great; however, as usual the devil is in the details.

Arguably the biggest issue with mainstream MDM implementations at the moment is that personal and work data are often mixed together. This raises serious privacy concerns; will the employer have access to my personal data? Furthermore, some critical MDM features such as remotely wiping an employee-owned device are not legal in all jurisdictions. For instance, in Germany it is illegal to wipe an employee-owned device without their explicit permission unless there is complete separation between personal and corporate data – which brings up the topic of sandboxes and the complexity involved in those deployments.

Getting back to the main point, MDM solutions are designed for a BYOD world. One of the earlier and more comprehensive implementations that try to achieve this goal is Blackberry Balance. It basically puts a wall between all personal and work data. It is granular enough that you can technically not paste content from a work email into a personal note taking application. A more recent and exciting platform would be Samsung’s KNOX. KNOX’s primary goal is to protect enterprise data on Android devices and at the same time allow employees to safely use their own devices at work. IT admins would be able to manage enterprise apps and data via their MDM solution of choice. With the remote wipe example, both Balance and KNOX allow an enterprise to remotely wipe all corporate data from an employee-owned device without compromising any of the personal data or apps present on the device.

It seems like MDM has finally caught up with the modern day BYOD requirements.


Leave a Comment


Garry McCracken

About Garry McCracken /

Garry, a CISSP, has more than 30 years of experience in data communications and information security. He has contributed to the development of WinMagic's full-disk encryption solutions for desktops, laptops, and other mobile devices. When he is not saving the world of data encryption, he takes off his cape to relax and enjoy life at the cottage. Garry writes from a position of technical expertise since we first started SecureSpeak, making him the longest running blogger at WinMagic.
Garry McCracken