Bring Your Own Device (BYOD): #4 Managing the Revolution

Quoting straight from Wikipedia, Enterprise Mobility Management (EMM) is “the set of people, processes and technology focused on managing the increasing array of mobile devices, wireless networks, and related services to enable broad use of mobile computing in a business context.” I will focus on the “technology” part in the definition and go a little bit deeper (for the process part, I recommend you to read the previous article in the series).
Enterprise Mobility Management brings a couple of questions that a company should evaluate before it chooses an EMM application. I call them “scopes” of the EMM concept, which I hope will help the IT decision makers analyze their prospective EMM application.
Security tops the list as one would expect. From an EMM perspective, security is about accessing the corporate resources on the mobile devices, whether through accessing corporate network via VPN or through cached data. Due to the very nature of the mobile devices, they can easily be stolen and once compromised can pose an immediate threat to the company. Considering a 360-degree security viewpoint, the EMM solution has to provide solutions to limit and revoke access to corporate systems, wipe data remotely, provide/enforce central security policies and encryption.

EMM Solution has to manage a broad range of devices. With BYOD, IT can never know which device it will have to manage.

Device management is one of the pillars of the EMM. Once devices are secured, they will be managed. Device management has to provide solutions to access to the device’s resources and audit them. This management should include the following:

  • accessing device use, such as status and usage at the very least,
  • location tracking, even if GPS is not present, coarse tracking with cell tower triangulation is acceptable,
  • hardware management, such as blocking camera use when or where necessary,
  • Active Directory integration, if Active Directory is used,
  • profiles for personal and corporate use (there is a demand for encrypting the corporate profile, which can be made possible by certain mobile applications in almost all platforms. However, in a solid EMM infrastructure, this has to be a part of the EMM platform, rather than an enforced application on the device.)

RELATED:   Bring Your Own Device (BYOD): #2 The Swift Revolution

Application management is another pillar of the EMM infrastructure. Although application management is a complicated process, there is no reason why it cannot be divided into its parts and managed so. The must-have elements in the EMM solution is:

  • the ability to inventory the apps that the users have on their devices,
  • the ability to view the app permissions,
  • the ability to offer black, white and grey lists for the users,
  • monitor device use in terms of network activity.

The EMM solution has to be thought of carefully in terms of applications. There has to be clear procedures speed up application evaluations on the corporate side; if the application version is 4.0 and the latest approved version is 1.3, the corporate IT will clearly lose the game. What has happened with the BYOD revolution will happen again: the users will try to find a way to install the latest version. In this example, if the latest approved version is 3.8.5, then the majority of the users will follow the procedures. The EMM infrastructure has to allow this quick response to the users. Although too much to ask today, the corporations will be demanding their own “corporate app stores” from their EMM solutions tomorrow.

RELATED:   Is ISIS a Threat to World Web Security?

In terms of network activity, the EMM solution has to monitor the network use of the device from an intrusion detection perspective. Or rather, the solution has to work together with an intrusion detection/prevention application to detect suspicious activity from the devices, such as requests to access to corporate resources when the device’s status is idle.
Content management is another issue in the EMM infrastructure. More enterprises are deploying content management solutions such as Microsoft SharePoint to allow quick collaboration on the documents and displaying business intelligence results. The EMM solution must ensure that not only the corporate content is synced with the device but also is not accessible if compromised.

RELATED:   Will Web Hosting Companies Ever Be a Target of Cyber Attack?

When the scope is defined clearly, then the stage is set for the EMM solution evaluation. As of the writing of this article, there are about 30 EMM applications in the market. The applications come from a variety of vendors, such as:

The BYOD revolution just happened. Now the IT decision makers need to find a way to manage the revolution. If the IT repeats its past mistakes, it is doomed to be taken down by the revolution. The IT decision makers must remember that the board of directors are also the users of the various systems and they are also a part of the revolutionists.
References