Government // Mobile & Wireless
News
11/20/2012
06:00 PM
Connect Directly
LinkedIn
Twitter
Google+
RSS
E-Mail
50%
50%

BYOD: Why Mobile Device Management Isn't Enough

Here's what to look for in MDM software and what limitations IT still faces in letting employees use personal devices for work.

Security Is Pretty Much The Same

The main reason companies are turning to MDM software is security, cited by 72% of the respondents to our survey. The other three reasons we provided are greater mobile spending efficiency (12%), inventory/audit (8%) and cost savings (7%).

The security controls for MDM software all do pretty much the same thing, because each mobile device's operating system limits what MDM vendors can do to a device.

Some MDM vendors (including Good) require the user to access email within their application or a partner's application, rather than from the email application provided with the device. This setup lets the MDM vendor enforce certain policies the device's email application doesn't support, particularly encryption and selective email data wiping. All device vendors now allow encryption and wiping, but those features are controlled at the device level. What if you want to wipe company data only and not the phone user's personal pictures? You can do that only if all of the company data is isolated within the MDM vendor's application.

The big limitation of MDM technology has to do with the fact that mobile applications, unlike PC applications, run in sandboxes. For the most part, each mobile application has to specifically request, at install time, the ability to access shared parts of the phone, such as contacts, phone records and other data. If the application doesn't request that type of access at install time, the application is denied access to those areas. It can't be altered later.

The upside to this approach is that it greatly increases mobile device security. Most PC malware and security problems involve an application being compromised by an attacker, and the attacker using that application to access data or another application on the system. It's called "lateral movement" in the security world, and mobile operating systems were architected to prevent those attacks.

This is why most malware needs to jailbreak, or root, the phone to cause real havoc. Without breaking out of the application jail or becoming root, the malware wouldn't be able to access anything on the device.

MDM vendors have the same problem. They can't root or jailbreak your device, but they would like to control the security of the apps on the device. So when they want to add a capability, like remotely wiping data, they have to wait until the mobile operating system allows it. MDM vendors are at the mercy of mobile OS makers such as Apple and Google.

This state of affairs doesn't mean MDM is useless -- quite the contrary. But IT leaders must understand MDM software's inherent limitations. MDM vendors are governed by the same policies and rules as all of your other mobile apps. So those vendors must think of creative ways to get around the mobile operating system security model to improve your phone's security. Kind of odd, isn't it?

There's precedent for such a business model. Antivirus software, for example, uses the same techniques as many kernel malware and rootkits, and it completely violates the Windows kernel architecture, which is why in the early days of antivirus software it was so unstable and caused so many incompatibility problems.

chart: What's the status ofmobile device management software deployment at your company?

Previous
2 of 4
Next
Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Leo Regulus
50%
50%
Leo Regulus,
User Rank: Apprentice
11/28/2012 | 6:43:00 PM
re: BYOD: Why Mobile Device Management Isn't Enough
Soldiers don't bring their own rifle, Cops don't bring their own squad car, firemen don't bring their own firetruck. Someplace along the line, management got 'neutered'.
Greg MacSweeney
50%
50%
Greg MacSweeney,
User Rank: Apprentice
11/29/2012 | 1:37:01 PM
re: BYOD: Why Mobile Device Management Isn't Enough
Enterprises have a choice: either pony up and buy most of their workers mobile devices, or go the BYOD route. Both have costs, and BYOD isn't necessarily cheaper or better.
AustinIT
50%
50%
AustinIT,
User Rank: Apprentice
11/29/2012 | 3:36:30 PM
re: BYOD: Why Mobile Device Management Isn't Enough
That's exactly the same thing I have argued. One has to look hard at TCO when considering BYOD vs. Enterprise supplied mobile devices. Companies that think pure BYOD will work in the long term would do well to visualize the little boy in front of the leaking Dike...
Michael A. Davis
50%
50%
Michael A. Davis,
User Rank: Apprentice
11/30/2012 | 2:53:42 AM
re: BYOD: Why Mobile Device Management Isn't Enough
Greg,

You are right, It isn't about costs all the time but when all you have is a Hammer in IT.....

I have another piece I am writing about that focuses around what we should be discussing, Mobility in the true sense. Mobility where companies are using mobile to innovate and advance rather then just provide another form of access to corporate resources. I have worked with some companies that have transformed their business because of mobile such as banks performing mortgages in your house, to hospice nurses giving real-time drug interactions from mobile apps.

We need to talk more about mobility and less about managing mobile devices. Hopefully I got that point across in terms of technology. All MDM is the same, lets move on.
AustinIT
50%
50%
AustinIT,
User Rank: Apprentice
12/1/2012 | 3:31:01 PM
re: BYOD: Why Mobile Device Management Isn't Enough
While there is a huge upside to what mobile technology can provide... vis-a-vis an enabler... one cannot ignore the prerequisite to devise a concrete solution for securely managing those devices. Once we get control of that aspect, then we can move on to the use cases.
jabberwolf
50%
50%
jabberwolf,
User Rank: Apprentice
12/3/2012 | 5:59:54 PM
re: BYOD: Why Mobile Device Management Isn't Enough
I hate to tout one technology over another but thats why RT or Citrix has been taking off. Now we in IT dont care what device you have (we specifically say we wont support personal devices BUT - we just say you'll need a client on it to access our infrastructure).
And they access the same thing from within the organization which is just using thin clients. So we keep the entry way limited and locked with less management. The actual build isnt exactly less expensive - as its around the same when done with all the licensing and backend server needs in lieu of actual PCs. But the TCM is way lower. And seeing as people get to mess around with their personal toys - they are happy too.
Senai
50%
50%
Senai,
User Rank: Apprentice
12/4/2012 | 4:35:22 AM
re: BYOD: Why Mobile Device Management Isn't Enough
Michael - You make a very good point. MDM is not enough, you need a better MDM that has app wrapping and analyzer to protect data. I would love to show you a what we have built at Better MDM(bettermdm.com).
NucleusResearchHP
50%
50%
NucleusResearchHP,
User Rank: Apprentice
12/4/2012 | 9:07:43 PM
re: BYOD: Why Mobile Device Management Isn't Enough
Any consultant who says "A big reason for BYOD is to get out of the equipment business. If you implement MDM, you are back in the equipment business" is taking an enterprise security approach of "if I don't see it, it didn't happen." BYOD only changes the mechanics of device sourcing and nothing else.
ASMTIH948
50%
50%
ASMTIH948,
User Rank: Apprentice
12/5/2012 | 1:47:02 AM
re: BYOD: Why Mobile Device Management Isn't Enough
MDM does not cover access to resources behind the firewall and mobile VPNs are not the answer. Additionally as the number of business apps increase, single sign on will be come the next big mobile need... I HATE logging in on my device.
altaf.hk
50%
50%
altaf.hk,
User Rank: Apprentice
12/6/2012 | 8:30:32 AM
re: BYOD: Why Mobile Device Management Isn't Enough
I have not researched much about BYOD. In my understanding, the use of mobile devices as business workstation, will be benefited for organizations in very low TCO. But, for those, who like to install that feature. Vendors of all operating systems and security software providers will, in the near future, compete to provide optimized and integrated solution of MDM, as MDM should be a baby of operating systems. Let see how technology turns itself for client/mobile phone end.
Register for InformationWeek Newsletters
White Papers
Current Issue
InformationWeek Tech Digest September 23, 2014
Intrigued by the concept of a converged infrastructure but worry you lack the expertise to DIY? Dell, HP, IBM, VMware, and other vendors want to help.
Flash Poll
Video
Slideshows
Twitter Feed
InformationWeek Radio
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.