I recently read the Forbes.com Mobile Security: The Fallacy Of Remote Wiping Your Phone column from Thomas Porter and was left strongly shaking my head in disagreement. Let me explain as a security advocate (Fortinet, Mu Security and MobileIron) responsible for marketing and selling products to operators, equipment providers and of course end user businesses. Some assumptions Porter notes are quite correct – number of increasing devices and apps – but his security conclusions around BYOD, App management, Mobile Device Management (MDM) and remote wipe are quite wrong.
Mobility is not just about devices or ownership; it’s about people like you and me using 40+ apps on our multiple mobile devices every day. Between Apple and Google’s respective app stores, there are already more than 1 billion apps available to users. This is the first sign that mobile computing is evolving from conventional business computing. Unlike prior generations of computing, those mobile phones and tablets have varied operating systems and apps based upon our usage profile – school, professional, manufacturing line, doctor or lawyer.
Putting a Lock on BYOD
A true BYOD policy with actionable corporate and end-user guidelines is table stakes today. A policy not only spells out user and IT responsibilities but goes a step further with an actionable plan based upon corporate policies. This is same policy engine Porter failed to recognize that was likely in place for several prior generations of corporate computing when work was far less mobile. Application and device access to corporate information is productivity turbo engine, reining it in based on “fear” not fact as Porter wrote is simply wrong.
Porter further writes how BYOD and remote wipe are doomed to fail. Really? Yes, mobile devices are end points like PCs that Fortinet made its name protecting. However, they are far more intelligent and communicative end points that are “always-on” via wireless and cellular networks. Most users keep their mobile phones, tablets and laptops on all day while they are awake. PC’s never had this much “love” in the prior generation of corporate computing model where Fortinet’s products primarily operate.
Putting the A in App Management
The commercialization of MDM assists BYOD but certainly doesn’t solely solve security issues without a BYOD policy as Porter notes. If enterprise apps and/or 3rd party apps are properly provisioned to devices using advanced MDM enterprise app storefront functionality – regardless of ownership – then the resulting data can be properly secured. SAP and other MDM leaders actively build a secure Mobile Application Management (MAM) feature set into software. BlackBerry was late in building both MAM and MDM and failed to capitalize on its early email application leadership – even though BlackBerry was early to the market in proving the entire device and app payload was secure both in motion and at rest. Sadly, failure to innovate badly stunted BlackBerry’s parent firm Research in Motion (RIM) to become a shadow of its former self in most corporations.
Evolution of Mobile Device Management
Since this is a business blog let’s not bore you with too many technical details other than to say here’s a “MDM Primer”. Vendors, namely Apple and Google, have published far more MDM software hooks overtaking RIM’s place as the mobile computing environments of choice as noted in the 2012 SANS Institute Mobility Survey. Apple has the largest device, app and security lead as Fortune 500 firms and government customers with industrial strength security regulations meet or exceed their needs with iPhones and iPad-based apps. These are the same “consumerized” devices and apps that Porter wrongly notes are inherently insecure. In fact other mobile security providers like Good Technology attempt to overcompensate for supposed iOS insecurities by changing Apple’s consumerized interface and user experience. Thankfully, customers are smarter today and avoid this productivity trap, wasted costs and time while leveraging iOS native device encryption, APIs, App provisioning and yes MDM.
Policy Violations, Now What?
Select lessons from prior computing generation shouldn’t be thrown out like the baby with the bathwater. PC management taught the industry a lot and those same PCs are now quite mobile in a laptop form factor that larger software vendors support quite nicely alongside mobile phones and tablets in the same product. Included here is the ability to detect security policy violations and even jailbreak detection if that’s against a corporate policy. If Porter had a quick discussion with many mobile security users he would know that iOS jailbreak and rooting detection workarounds are reliably defending large production networks today. Using a carrot and stick mentality of removing corporate resources like email, wifi, apps or intranet access is motivation enough for business users to keep their device OS intact. MDM simply is the enforcement agent that’s customized to automate corporate security policy.
In fact, Apple and Samsung have both published APIs to help enterprises secure mobile devices, apps and documents. SAP partnered with Samsung to co-develop and publish a set of more than 100 security “Samsung for Enterprise” (SAFE) APIs including app and security management capabilities.
There is no one “size” fits all for securing mobile computing but in contrast to Porter’s conclusion endpoints have followed a “trust but verify” model for decades. Today’s mobile endpoints simply require an intelligent, multi-os computing approach to secure their next-generation application-aware point of view. Separating out personal and corporate data, securing apps, managing corporate docs are all part of an end to end mobile solution. Users realize this and are increasingly demanding a mobile-savvy approach.