How Corporations Efficiently Manage Mobile Devices?
The spread of iPhone/iPad and Android devices to companies is in full swing. At the same time, Mobile Device Management (MDM) is being considered as an essential solution for using these new devices safely and efficiently. The biggest issues in using the smartphone/tablet devices are the protection of data in the device and the management of the device and application. In the past, there were companies that used data in mobile environments with mobile phones and smartphones such as Windows Mobile/BlackBerry, but only a small number. So far for IT/network administrators, mobile devices that should be fully implemented in accordance with information leakage and other risk measures and security policies have been mostly limited to notebook PCs.
The situation is changing rapidly now. The number of mobile devices to be managed increases dramatically as well as the type of OS. It is an urgent task for companies to hold down the increase in management load while maintaining a system that responds to this. In response to these needs, MDMs that support iOS and Android devices have also begun to appear in 2008, and the number continues to increase since. What can you do with MDM? To put it simply, this means centralized management of multiple devices remotely under a unified policy. There are various functions to be installed, but can be roughly divided into the following three in the light of the problems in using smart devices for business.
Prevention of unauthorized use
Smart devices are inherently multifunctional, and their use can be further extended by adding applications. This advantage is also very annoying for administrators. If left to the end user’s discretion and used for release, the security risk will increase, and using it outside of business may result in a loss of productivity. Device control and application usage restrictions are functions to prevent such unauthorized use. Device control is a function to disable the camera, Bluetooth, wireless LAN, SD card, etc. that are unnecessary for business.The usage restriction of the application is performed by the white list method in which only the application permitted by the administrator is made available, and, conversely, the blacklist method in which the application not to be used is registered. With regard to pre-installed apps, the blacklist method restricts the use of unnecessary apps, and whitelists only business apps developed in-house and recommended apps that the administrator has confirmed that there is no problem in using safety. In addition, there are also MDMs equipped with functions such as monitoring the inside of the device periodically to add or delete applications, obtain information on usage status, and forcibly delete a broken application.
Efficient management through the collection of device information and simultaneous application of policies
MDM can collect and centrally manage information on devices distributed to employees (device ID, OS version, application status of security policy, etc.). If you update the policy, apply the settings remotely. It is possible to manage with different policies for each department or post. Also, recently, there are more MDMs equipped with a mechanism to streamline the delivery and installation of business applications and files.
Measures to prevent information leakage at the time of loss or a theft
The measures to prevent information leakage are the enforcement of password lock and the function of remote lock/wipe to prevent malicious third parties from operating the device. Password lock is a basic function of the device itself, but it is essential to make it end-user thorough. It is difficult just to notify by verbal. The administrator can not only apply the lock function by remote instruction from the management screen of MDM but also can use the number of digits of the password and the use of the mixed character string of alphanumeric characters.
The basic configuration of MDM is that the administrator sends instructions from the MDM server, and the device receiving this communicates with the MDM server to execute the command. The command issued by the administrator reaches the device and executes the policies in the participating mobile device (usually mobile devices of employees, also known as BYOD devices).
For iOS devices, execute commands using the management API provided by Apple. Therefore, there is no big functional difference in MDM of each vendor. On the other hand, in the case of Android, OS standard management functions and APIs are not enough yet. Therefore, client software (agent) linked with the MDM server is installed on the device, and this executes the command. Android will gradually have more management functions, but for the time being this method will become mainstream.
As vendors develop their own functions and agents, the MDM for Android naturally has a functional difference compared to iOS. Therefore it is the corresponding model that should be kept in mind. In addition to the widespread distribution of various devices with different OS versions, Android devices are creating and customizing their own functions even if the OS is the same. Therefore, the correspondence situation of MDM changes with each model. There are devices that can use the full functionality of MDM, some that do not support some functions, or some that do not support it at all.
For users of Android devices, it will be important in MDM selection how quickly they can respond to new models that will appear one after another. Due to the difference in management functions between iOS and Android, and the difference in the way MDM works, in the past, most MDMs were compatible with either iOS or Android. But now, MDM for iOS supports Android, and MDM for Android supports iOS. An integrated platform that centrally manages various mobile devices used by companies.
Julia Sowells960 Posts
Julia Sowells has been a technology and security professional. For a decade of experience in technology, she has worked on dozens of large-scale enterprise security projects, and even writing technical articles and has worked as a technical editor for Rural Press Magazine. She now lives and works in New York, where she maintains her own consulting firm with her role as security consultant while continuing to write for Hacker Combat in her limited spare time.