Sophos Mobile Control Upgrade Monitors BYOD, iOS Apps

Security software provider Sophos has introduced an enhanced version of its Mobile Control product, which it says provides improved risk mitigation features, including the ability for IT to remotely wipe a corporate device if an employee leaves a company or does not comply with its security policies.

It's no surprise that IT wants to rein in control of consumer devices as the BYOD phenomenon continues to sweep across enterprises.

The Sophos Mobile Control 2.5 version also provides support for iOS-managed apps to give IT the ability to connect corporate or mandated apps to their MDM product and then push them to the employee's device.

"It is no longer enough for businesses to just control their own devices," said Matthias Pankert, VP of product management, mobile data protection, at Sophos, in a statement.

"They must now make sure that all devices, regardless of whether they are corporate or personal, are protected and secured and meet the corporation's security standards," he said.

The software's admin console enables such apps as well as any related data to be deleted. For example, if an employee becomes non-compliant, the product will alert IT so the administrator can send messages to the user for minor violations, according to Sophos.

The administrator can configure a set of tasks for more serious incidents that can be applied automatically, such as wipes or policy changes to avoid any risk to corporate data.

The 2.5 version also has optimized workflows so many common tasks can be completed with one click, the company said. Integration with the existing IT infrastructure is simple because the new version supports the use of directories including Microsoft's Active Directory, so newly registered devices can be automatically assigned to existing groups and associated policies can be applied, according to Sophos.

Today's MDM products must take BYOD devices into consideration and be able to support multiple OS types.

"From a security perspective, BYOD devices present new threats because end users are using them for both corporate use and personal use and some of the things they do as a consumer can have an effect on their company," said Stacy K. Crook, a senior analyst at IDC's Mobile Enterprise Research.

For example, an employee who downloads a consumer app containing malware to his device infects not only the device itself but can compromise information in their business applications, Crook said. Therefore, it's critical for MDM products to be able to whitelist or blacklist applications so that end users aren't allowed to download certain apps the company deems as risky, Crook said.

"As a company, I need a way to ensure that only devices that are compliant with company policy can connect to the network," said Crook. "Perhaps a jailbroken device is considered out of compliance, so an MDM solution can detect that and block access."

Earlier MDM products were more focused on basic features such as asset/inventory management, remote control, configuration management, some software distribution, and remote wipe and lock, Crook said.

By comparison, today's MDM products also have those features but add a heavy focus on security. "Things such as compliance management, password/encryption management, identity and access management, and granular application management have become must-haves for Mobile Enterprise Management vendors," said Crook.

The mobile enterprise management space is a crowded one, she said. Sophos Mobile Control competes against system management vendors such as IBM, BMC and Microsoft; security vendors such as Symantec, Trend Micro, and McAfee; MDM vendors such as MobileIron and AirWatch; and mobility vendors such as Good Technology, SAP, RIM, and Motorola.