With some commentators labeling the BYOD trend as unstoppable, organisations are now turning to mobile device management (MDM) to ensure the security of their networks. But how should MDM be tackled? We have the ultimate guide.
“Remember when IT planned corporate-wide end-user technology roll-outs? Distributing company-owned, IT-managed devices was a very controlled process. Employees had to get IT approval to use an unauthorised device, even if it was useful and increased productivity. IT was the gatekeeper of everything enterprise and it ruled the network with a combination of strict policies, purpose-built technologies, and a fully contained ecosystem. Those days are long gone.”
So says Ammar Enaya, Regional Director, Middle East, Aruba Networks. And indeed, it would be difficult to disagree with him. As smart mobile devices have proliferated over the past five years, organisations are finding it harder and harder to stop employees from accessing corporate networks with personal smartphones, tablets and even laptops. Some commentators call the bring-your-own-device (BYOD) trend “unstoppable”, and predict that, before long, most employees will be demanding to use their own, often top-of-the-range, devices for work purposes.
This has led to a problem for CIOs, though. After all, end-users can’t always be trusted to keep their devices safe from malware. What’s more, with so many people now using the Android operating system on their smartphones and tablets, and the alarming increase of malware being made for the OS, CIOs are right to be wary about these devices interacting with their networks.
“It is very important to have a clear view and control over devices accessing enterprise networks. Pre-BYOD, IT departments had more control over what devices are connected to the network, thus better control over security at end points. With the explosion of personal devices entering enterprise networks, it is crucial that corporate data remains secure as ever. With BYOD, every user device becomes critical and requires equal attention to ensure protection from mobile malware and data leak prevention,” says Mathew Pirlson, Head of Business Support, Momenta Global.
To gain the sort of visibility they need into networks now supporting BYOD—by choice or not—CIOs are now turning to mobile device management (MDM) solutions. The point of most of these solutions is to allow employees to use whatever device they want, but to control what data these devices can access, and how they interact with the network. Many solutions can also provide information, through a centralised dashboard, on how much data devices are consuming or uploading, what sort of data this is, and whether or not the device is likely to be compromised.
It sounds like a no-brainer, but according to Prilson, MDM penetration in the Middle East is still low, despite the high device penetration. However, he adds that Momenta Global expects to see increasing numbers of MDM deployments over the coming years, as mobile access and workflow become more important.
Indeed, it seems like companies need to wise up to emerging MDM technologies as more and more employees demand to access corporate networks with personal devices. That’s how Jatin Sahni, Vice President, Large Enterprise and Business Solutions, du, sees things, anyway.
“2013 has been a period of change and consolidation in the MDM market, and the trends emerging now will continue to shape it in 2014. Organisations of all kinds will continue to look for ways to negotiate the challenges of mobile consumerisation and BYOD, which are creating high demand for MDM services. In particular, they are pushing the ability to manage and secure data at the app level,” he says.
Indeed, Sahni claims that the threats facing organisations are very real when it comes to BYOD. He says that, while some companies might view MDM solutions as a bonus capability, very soon, more will view them as a necessity. “The risk of losing data via a personally owned device is very real, and data loss could be very damaging from financial, reputational, and legal perspectives,” he explains.
However, MDM isn’t simply a way to reel in BYOD and to change things back to the way they were, as Enaya recalls. Organisations now need to tread a fine line between guaranteeing network safety and still providing employees with the freedom of working with their own devices.
“CIOs are worries about protecting their corporate information and enterprise network, not about the personal use of devices. A very clear boundary must be drawn while introducing MDM and BYOD into corporate culture. Separating personal data from corporate data is the key. Secure container is a way to go forward which helps movement of corporate data in a secure and controlled space within the devices. Corporates should have all the rights to control the secure container and leave everything behind,” explains Prilson.
Already, there are consumer devices that support the compartmentalisation of data. For example, when it launched its new range of BlackBerry 10 devices earlier this year, BlackBerry made a lot of noise about the ability to separate personal and corporate data from each other with the help of BlackBerry Enterprise Service. Meanwhile, a horde of iPhone and Android apps are also available to users wanting to separate their personal and work lives, though some are more effective than others.
Ethics also play a large part in the argument over MDM. What if corporate and personal data gets mixed up on a personal device? Does the employee have the right to move corporate data from one personal device to another? And does the organisation have the right to remotely wipe a personal device? These are all questions that CIOs—and their companies’ lawyers—are wrangling with, simply because MDM solutions can control the outcome of any of these scenarios. But according Sahni, the right balance can be found, so long as appropriate and easy-to-understand guidelines are drawn up for both the company and its employees.
“IT should aim to use an appropriate level of management to ensure that data is secured without degrading the user experience for employees prepared to work in this flexible manner. Full mobile device management (MDM) solutions offer a lot of control over device activity, and are the most effective ways to secure data on multiple platforms, but for some users they can be seen as being too invasive. A lighter-touch approach, such as managing data at the application level rather than the device level, can also be considered as a way of managing BYOD behaviour in emerging markets, and, given the preference for strong privacy controls in certain mature markets, may offer an easier way to manage BYOD there, too,” he says.
“For businesses, particularly those operating in multiple markets, the challenge is to set the right levels of governance and manage BYOD behavior wherever it is happening.”
Aruba’s Enuya echoes the same sentiments, and explains that this is why Aruba has been working hard to produce solutions that help to fix the problem. He points to the vendor’s WorkSpace function, which he says is designed to simplify the process of securing, distributing and managing work apps on mobile devices.
“In addition to automatically pushing work apps to mobile devices, Aruba WorkSpace lets IT enforce contextual policies that control how the apps are used and data is secured. A VPN session is initiated automatically whenever work apps are launched on a public network,” he says.
“On a personal note, WorkSpace eliminates liability issues related to privacy by preventing IT from accessing or viewing a user’s personal information. IT can only wipe or lock work apps and data—anything controlled by WorkSpace—while personal information stays private.”
Whether a CIO goes with Aruba for its MDM solutions or not, the experts stress that MDM need not involve an entire network redesign. According to Mike Goedeker, Director of Pre-Sales, ESG, CEEMEA, Sophos, all that’s needed to support BYOD and consequently MDM is a “rethink”.
“Smartphones and tablets are the new endpoints of the next century so we need to recognise that fact and secure access as well as devices correctly,” he says.
“We suggest creating an awareness campaign and security policy that helps secure and define what usage of data and security is appropriate for the company and its employees while accessing sensitive data on the go or in transit. Least privilege, auditing and monitoring are also a good start to general security processes. Lastly, many companies in the past have seen security as a non-revenue generating function. We believe (as others do, like Forester and Gartner) that security is a business- and revenue-critical process that needs the attention it deserves.”
That said, as ever, what works well with one company might not always work at another organisation. Certainly, the time to consider MDM as a suitable response to the BYOD trend is now. But how to go about implementing MDM must be decided on by the business itself.
“Decision-makers should evaluate the business needs and identify a suitable road map,” says Prilson.