A more BYOD friendly MDM

If Cisco’s forecasts are accurate, in a couple of months the number of mobile-connected devices will exceed the number of people on the planet, and by 2017 there will be nearly 1.4 mobile devices per each person.

As someone in the business of Mobile Data Protection (MDP), this is an amazing milestone and the trend shows no slowdown in growth for the foreseeable future. Many people own and carry around multiple devices including a smartphone, a tablet, an e-reader and a laptop or ultraportable at the same time. Wearables like smart watches and Google Glass are adding to that list.

IT departments which have been in the process of adopting Bring Your Own Device (BYOD) policies for the past decade or so now face faster growing and more diverse set of challenges. On the topic of data security, Mobile Device Management (MDM) technologies, at least in principle, provide a viable solution to business concerns like data loss, leakage and theft. A well-defined MDM policy installed on employee-owned mobile devices enforces security measures such as: data encryption, strong password protection, multi-factor authentication, data sharing controls, app whitelists, etc. In the unfortunate event that a device is lost, IT could push a remote wipe command to the device that will effectively clear all user data (personal or work) from the device. In theory this all sounds great; however, as usual the devil is in the details.

Arguably the biggest issue with mainstream MDM implementations at the moment is that personal and work data are often mixed together. This raises serious privacy concerns; will the employer have access to my personal data? Furthermore, some critical MDM features such as remotely wiping an employee-owned device are not legal in all jurisdictions. For instance, in Germany it is illegal to wipe an employee-owned device without their explicit permission unless there is complete separation between personal and corporate data – which brings up the topic of sandboxes and the complexity involved in those deployments.

Getting back to the main point, MDM solutions are designed for a BYOD world. One of the earlier and more comprehensive implementations that try to achieve this goal is Blackberry Balance. It basically puts a wall between all personal and work data. It is granular enough that you can technically not paste content from a work email into a personal note taking application. A more recent and exciting platform would be Samsung’s KNOX. KNOX’s primary goal is to protect enterprise data on Android devices and at the same time allow employees to safely use their own devices at work. IT admins would be able to manage enterprise apps and data via their MDM solution of choice. With the remote wipe example, both Balance and KNOX allow an enterprise to remotely wipe all corporate data from an employee-owned device without compromising any of the personal data or apps present on the device.

It seems like MDM has finally caught up with the modern day BYOD requirements.

Previous Post
Encryption only works if you use it
Next Post
Here, there, everywhere

Related Posts

Weak Passwords

We have been using passwords since the 1960’s, where the origins of the internet date back to. Yet with the passing years our passwords have become weaker, and easier for cyber criminals to hack. Don’t think so? Does your password…
Read more

Identity and Access Management

At WinMagic data protection is our strong suit and we often talk about it on this blog. At the same time it’s good to remember that ensuring security of data at rest using encryption and strong key management are just…

Risks Long After Breach

There have been many major retail data breaches in the past few months: Target, Home Depot etc. Those may have come and gone, but the risk has not. Once your information has been stolen, you do not get it back.…
Read more

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu