A more BYOD friendly MDM

If Cisco’s forecasts are accurate, in a couple of months the number of mobile-connected devices will exceed the number of people on the planet, and by 2017 there will be nearly 1.4 mobile devices per each person.

As someone in the business of Mobile Data Protection (MDP), this is an amazing milestone and the trend shows no slowdown in growth for the foreseeable future. Many people own and carry around multiple devices including a smartphone, a tablet, an e-reader and a laptop or ultraportable at the same time. Wearables like smart watches and Google Glass are adding to that list.

IT departments which have been in the process of adopting Bring Your Own Device (BYOD) policies for the past decade or so now face faster growing and more diverse set of challenges. On the topic of data security, Mobile Device Management (MDM) technologies, at least in principle, provide a viable solution to business concerns like data loss, leakage and theft. A well-defined MDM policy installed on employee-owned mobile devices enforces security measures such as: data encryption, strong password protection, multi-factor authentication, data sharing controls, app whitelists, etc. In the unfortunate event that a device is lost, IT could push a remote wipe command to the device that will effectively clear all user data (personal or work) from the device. In theory this all sounds great; however, as usual the devil is in the details.

Arguably the biggest issue with mainstream MDM implementations at the moment is that personal and work data are often mixed together. This raises serious privacy concerns; will the employer have access to my personal data? Furthermore, some critical MDM features such as remotely wiping an employee-owned device are not legal in all jurisdictions. For instance, in Germany it is illegal to wipe an employee-owned device without their explicit permission unless there is complete separation between personal and corporate data – which brings up the topic of sandboxes and the complexity involved in those deployments.

Getting back to the main point, MDM solutions are designed for a BYOD world. One of the earlier and more comprehensive implementations that try to achieve this goal is Blackberry Balance. It basically puts a wall between all personal and work data. It is granular enough that you can technically not paste content from a work email into a personal note taking application. A more recent and exciting platform would be Samsung’s KNOX. KNOX’s primary goal is to protect enterprise data on Android devices and at the same time allow employees to safely use their own devices at work. IT admins would be able to manage enterprise apps and data via their MDM solution of choice. With the remote wipe example, both Balance and KNOX allow an enterprise to remotely wipe all corporate data from an employee-owned device without compromising any of the personal data or apps present on the device.

It seems like MDM has finally caught up with the modern day BYOD requirements.

Previous Post
Encryption only works if you use it
Next Post
Here, there, everywhere

Related Posts

An offer you can’t refuse

This post is going to be a lot of shameless self-promotion for WinMagic but it’s something we think is important as it’s tied directly to the recent launch of SecureDoc 6.1. (more…)
Enterprise Encryption for Linux

Enterprise Encryption for Linux

Linux has built in encryption for several years now, yet enterprises still struggle with encryption on Linux laptops.  Why is that? To answer this question, let’s first review the disk encryption capabilities that are built into Linux: (more…)

7 Myths of Encryption

We get a lot of questions and concerns around encryption and how the implementation will affect the organization. Although people recognize the benefits of encryption, there are a lot of misconceptions around the notion of encryption and its impact within…

Leave a Reply

Your email address will not be published. Required fields are marked *

Fill out this field
Fill out this field
Please enter a valid email address.

Menu