Mobility is becoming one of the primary offerings for today’s enterprise IT departments. Simply put, untethered access to company resources is now a must have for most enterprises and their users. However, security concerns are rippling through the stacks of management, and have resulting in melding disparate technologies, such as BYOD (bring your own device) and MDM (mobile device management) into a singular concern commonly referred to as MSM (mobile security management).
MSM brings with it a commonality of best practices and product designs that are used to create a common core of security requirements for enterprise looking to secure mobile devices and the data entrusted to those devices and the associated users. That proves to be a difficult task at best, and usually requires endpoint client security to be incorporated on those mobile devices.
Vendors are attempting to address those mobility concerns by incorporating advanced security technologies into their devices, operating systems and mobility platforms. Ultimately striving to address the concerns of security focused IT managers.
Microsoft and mobile security
Case in point is Microsoft, a company well known for its operating systems and its journey into the world of enterprise mobility. Microsoft’s tablet, the Surface Pro II and its Windows 8.1 operating system is garnering fans in the business world for both those looking to promote BYOD and bring mobility into the enterprise.
Microsoft is bringing attention to the ideology of mobile security with a few unique features that are integrated into Windows 8.1 and the company’s Surface Pro product line, with additional security concerns addressed by the company’s Windows Intune mobile device management product.
For example, Microsoft offers Open MDM support with Windows 8.1 and The Surface Pro II, which allows the devices to be managed by third party MDM products via OMA-DMAPI, such as Mobile Iron, Air Watch and others. Microsoft is also offering its own MDM platform, in the form of Windows Intune management service.
Windows Intune kicks in when a user enrolls their device, which gives them access to a Company Portal. The portal provides a consistent experience for access to their applications, data and to manage their own devices. While that may meet the need of BYOD requirements, the real value comes in the form of security – where Intune gives IT administrators deeper policy management for Windows RT devices as well as devices running Windows 8.1 – all of which can occur without having deploy a full management client. Simply put, IT administrators can manage all Windows 8.1 and all Windows RT devices as if they were mobile devices, even if the devices are stationary PCs.
It is that unification of management and policy control that brings a single point of security administration to desktops, tablets, laptops, smart phones and any other devices running a Windows OS, which delivers the true value.
Both sides of the security coin
However, policy enforcement, access control and user/device registration are only one side of the security coin. Administrators looking to fully secure mobile devices must also deploy technologies such as remote wipe, where the information on a lost device can be wiped out. Other critical capabilities include the ability to implement a VPN to secure communications between a remote device and the host systems; as well as the ability to encrypt storage on the device, prevent access to the data by unauthorized personal.
One often overlooked security element comes in the form of boot control. Many devices have been compromised by using external bootloaders on removable media to access data on the device, bypassing passwords or other security controls. However, devices, such as the Surface II Pro are coming onto the market that use UEFI Firmware, instead of a traditional BIOS based boot system.
UEFI firmware offers features such as Secure Boot Control, which blocks uncertified bootloaders, as well as external boot devices. Also, UEFI incorporates TPM (Trusted Platform Module) capabilities, which allows the device to interact with hardware based security features.
Combining UEFI security options with full MDM capabilities and policy based controls brings a high level of security to mobile devices, BYOD or otherwise and should be the standard to strive foe when extending security to the remote and mobile worker.