MDM, MAM and the Security and Management of Mobile Devices

    This week, Sophos released Mobile Control 2.5, the latest version of its mobile device management (MDM) product.

    The details are at the Sophos site and this story in eWeek. Here is the bottom line from eWeek:

    The release offers integration with existing IT infrastructure by supporting the use of directories, such as Active Directory, to automatically assign newly registered devices to existing groups and apply the associated policies to them. The enhanced interface offers detailed graphical reports to assist IT administrators in managing all aspects of mobile devices, while ensuring security across all devices and information as to which devices require updating.

    While the attributes of the updated Sophos platform are important, IT departments should look at the big picture of how to secure and manage mobile devices. In other words, where does the entire MDM category fit in?

    There is an even bigger context into which the question fits. The Rubicon that the industry has faced during the past couple of years is the advent of bring your own device (BYOD). That changes the variables that control the security and management question. Even before the trend took off, however, IT departments were dealing with an explosion of mobile devices. The difference was that in that earlier “era” — I put it in quotation marks simply because it seems silly to refer to something as recent as 2010 as a different time — IT departments had far greater control than they do today.

    The original set of pre-BYOD questions dealt with where security was best located: Was it in the corporate network? In the outside telecom on the device? Everywhere? There was — and still is — a profusion of security and management techniques available. The question seemed to be the best way to organize and structure these systems. They could overlap both in terms of the data they used internally and the results they generated. Creating a holistic platform made sense, but didn’t happen.

    BYOD complicates matters immensely. It is likely that MDM platforms of the future will grow far more functional. For instance, future MDM platforms will be able to automatically switch policies based on where a handset is.

    For example, if a signal is received by the device indicating that the device owner is entering a certain zone (i.e., arriving at the office), the levels of permissions, such as the websites that can be visited, would change. The challenge will be determining how to most efficiently use these tools in the context of the organization’s entire security and management profile. To continue with the example: If the person entering a work zone is a clerk and he is doing so at 3 a.m., should the MDM system change his permissions and also alert the security staff, which may not be directly linked to the MDM platform?

    More immediately, MDM is growing in what it covers. Infoworld reports that MobileIron has joined AirWatch in managing devices using the new MAC OS X Mountain Lion. That’s a big deal in the world of MDM, since the OS will be used extensively in MacBook Pros.

    Cult of the Mac notes the growth of a new approach, mobile application management (MAM). The bottom line, according to the story, is that MDM conceptually protects devices and networks. MDM, as the name implies, is more interested in what folks load onto those smartphones, tablets and other mobile gear than where they go.

    At the end of the day, however, MDM and MAM will work together:

    Despite the shift in mobile management to a focus on app and content management, this isn’t the end of the road for MDM. The ability to secure and manage hardware and OS features of iPhones, iPads, and other devices should still be a part of any organization’s approach to mobility. Layering as much security as possible is always an advantage and, because MDM and MAM come at mobile management and security from such different angles, the two approaches complement each other. Neither really functions as a replacement for the other and both should be part of a plan for BYOD programs as well as traditional company-owned mobility models.

    The core challenge hasn’t changed since before BYOD hit the scene: There are a lot of worthwhile security and management technologies in play. The next big job is creating a framework to knit them together most effectively.

    Carl Weinschenk
    Carl Weinschenk
    Carl Weinschenk Carl Weinschenk Carl Weinschenk is a long-time IT and telecom journalist. His coverage areas include the IoT, artificial intelligence, artificial intelligence, drones, 3D printing LTE and 5G, SDN, NFV, net neutrality, municipal broadband, unified communications and business continuity/disaster recovery. Weinschenk has written about wireless and phone companies, cable operators and their vendor ecosystems. He also has written about alternative energy and runs a website, The Daily Music Break, as a hobby.

    Latest Articles