In a recent study by Apperian Inc., over 50% of employees have access to two or more mobile devices, such as a smartphone and a tablet. The BYOD revolution has created a corporate information security headache, since personal devices are more likely to be lost or stolen without the effective IT compliant password policies in place to secure their contents.
How can a business protect its corporate intellectual property on employee-owned assets while managing the device apps and information?
In the early days, smartphone vendors tried to implement the BES (Blackberry Enterprise Server) security approach. The problems with this approach was that 1) there were rarely apps running on BlackBerrys — other than email, contacts, and calendar, and 2) individuals owned the smartphones, while companies owned the BlackBerrys, so applying the BES approach to the smartphone evolution was flawed from the start.
Companies needed more granular security and seamless control. This is when Mobile Device Management (MDM) entered the scene. Early players looked to leverage the access the phone and OS provider enabled via a defined MDM protocol. However, they were (and still are) governed by what’s made available to them.
MDM vendors emerged with enterprise solutions that allowed IT to create and control mobile device policies to ensure device compliance. This allowed IT to support and manage devices within the IT infrastructure, log and track them through IT asset inventory, and secure corporate information. For most companies, this was all that was available and as far as that approach would take them.
But MDM doesn’t take into account how an enterprise should handle the development, deployment, management, and maintenance of in-house and third-party apps or information.
According to Apperian’s survey, over 65% of respondents use mobile apps in the enterprise, 35% said that they’d developed between one and three in-house mobile applications, and 51% said all were third-party apps. Without effective policies in place to monitor and control access, these apps represent a massive corporate data security risk. So, how can a business ensure that this risk is mitigated and removed entirely?
MDM solutions don’t take into account security and deployment considerations on an application level. This has brought about the need for an app-centric (vs. device-centric) approach for managing access and the distribution of approved apps, which has given rise to the growing trend known as Mobile Application Management (MAM).
Mobile security and management focused on the apps
Until recently, the primary method available for securing the contents of a mobile device was to focus only on the device as a whole. MDM vendors worked within the confines of what the device and/or operating system made available. In practical terms, this permitted IT organizations to lock down or wipe the entire contents of a device — intentionally after device theft or accidentally during routine system maintenance. It’s essentially an all-or-nothing approach to securing the mobile device. The device and all of its contents are either under IT control or not. This may not be an issue for company-owned mobile devices, but the practice has set off a backlash from users in BYOD settings.
The second significant challenge emerging, while demand for mobile apps and content in the enterprise increase, is the need to manage the full lifecycle of apps. Years ago, IT organizations and software vendors realized the value of having system management frameworks to help manage software versions, desktop images, and more. What the industry has lacked is a systematic and purpose-built approach to managing mobile apps.
This problem cannot simply be seen as an extension of desktop computing. Mobile apps run at vastly different cycles. There are incalculable combinations of devices, mobile OS versions, and app versions available at any one point in time. Imagine the nightmare for today’s CIOs when they’re expected to not only secure this world, but also embrace it, when they don’t have control over the underlying asset!
I believe it’s these two major streams of demand that have driven innovation in the industry and led to the emergence of platforms built purposely for MAM. This includes platforms that place their primary focus on the apps themselves — securing, managing, onboarding, and retiring them. For an example, check out Apperian, App47 or Nukona.
MAM lets IT manage internal development, distribution, and control of in-house and third-party mobile applications within the corporate infrastructure. This helps create an effective solution to support and deliver apps to consumer and enterprise mobile devices. MAM also helps in the following ways:
- It gives the CIOs the ability to develop, test, and deploy their own enterprise apps and third-party consumer-based apps
- It gives employees a mechanism for downloading and using mobile apps (similar to the Apple App Store) that have been approved for use and provisioned by an IT policy
- It lets IT manage access to the apps, depending on factors like an employee’s job role
There are many questions to ask when you’re thinking about implementing an enterprise-wide mobile strategy and allowing employees to bring personal devices into the workplace. Ultimately, how you rate the importance of device security, corporate data protection, and application development will drive the choices you make.
When it comes to BYOD in your organization, should you manage just the devices or everything on them? Share your opinions in the discussion thread below.