Embrace freedom: Forget about securing your employees' smartphones
Mobile device management or MDM was a hot topic a year or two ago, but IT pros are beginning to recognize there's more to mobile security than the device.
You need basic device-level control like password resetting, VPN support, and perhaps even remote wiping capability, but that is only part of the mobile security equation -- and as employees increasingly bring their own devices, they don't necessarily want IT having that much control over their phones.
Perhaps that's why, last week when I was hosting a Twitter chat on mobile security, an interesting point came up about MDM. Brian Katz, who is a frequent contributor to these chats and head of mobility engineering at Sanofi, came straight out and said MDM as a product is dead and it's become just a feature set -- part of a broader mobile security strategy.
Walter Paley, who is marketing manager at Bitzer Mobile, makers of a secure workspace for mobile devices, says that device management is part of an overall security approach now, and suggests we look at the mobile security issue more comprehensively. To him, enterprise mobile management (EMM) starts with the data and works its way up to apps and finally the device.
In this context the device is the least important. As a phone owner, you probably want to be able to track your phone if you lose it or somebody steals it. You also want to be able to be able to prevent people from accessing any content stored on the phone, but what you probably don't want is IT wiping your device and all your personal content in the name of enterprise security --Ah, excuse me, but you just wiped out my vacation pictures from last summer.
But users are accessing work content on that phone. So how do companies secure that content and ensure that outsiders can't gain entry to the work-related content on your phone?
That would mean securing the apps themselves and you can see that would involve a comprehensive strategy that moves beyond the device.
Let's look briefly at the components of a mobile security strategy in order of importance.
There seems to be near universal acceptance now that the device is the least important part of the equation. What you want to make sure is that your data is secure at the back end. If you do that, it doesn't matter what device a user has: It could be a tablet, smartphone, wearable, or something we haven't considered yet. If you secure your enterprise data, you are protecting the most important piece of the equation from the enterprise perspective.
Traditional MDM vendors like AirWatch are working on this problem. AirWatch encrypts the data on the way to the app. You can only unencrypt the data inside the app by providing proper credentials in the form of a user name and password.
Another angle is relying on the companies who provide cloud-based data storage and sharing to encrypt and protect the data stored in those services. For instance, Box encrypts the data in transit and at rest using SSL encryption on transit and 256-bit AES encryption at rest, while cloud storage vendor Copy.com provides 256-bit AES encryption at rest and in motion. Some providers, like Watchdox, go even farther, wrapping files in encryption that travels with the file regardless of where it ends up -- even if it's taken outside the cloud service. The right solution depends on how you want to balance usability versus data protection.
The next layer to protect is the app itself. This involves building a container around the app, so that IT can update the app or remove it. In this scenario, if the phone is lost or stolen, or you leave the company with your BYOD phone, your company can simply unplug you from the enterprise by deleting the app or shutting down your access to it.
This week, a National Transportation Safety Board judge dismissed a $10,000 fine that the U.S. Federal Aviation Administration had lodged against a photographer who had used a drone to take aerial photos for the University of Virginia. The judge found that the FAA hadn't actually issued any enforceable rules regarding the use of commercial drones.
If you've got a Windows XP machine -- either at home or in the office -- consider yourself lucky. In the past, you'd upgrade to a more recent Windows operating system without a thought. Today, you have many options.
It's designed for the 3.5 billion people who have feature phones today. It solves technical problems Google is not interested in and is a better fit for the pre-paid phones popular in developing countries. The only trick is getting developers on board.
The cloud has overcome a lot of its technical challenges, especially when it comes to security. But the biggest problems in cloud computing now are cultural.