Freely subscribe to our NEWSLETTER

I admit it; I am a security guy, and I like engineering-style precision, especially in rapidly emerging security disciplines such as the Perfect Storm of Mobility. I am not going to criticize specific companies; rather I hope to offer clarification and a much needed more accurate alternative term – MDSM – Mobile Device Security Management.

First of all, MDM, in both iOS and Android, offers a compact set of tools for a fairly basic level of device management. However, despite the repeated erroneous claims to the contrary, MDM is a not a mobile security solution. If it were, your laptop security posture would be as follows:

• Password length, complexity & duration controls.
• Block adult materials.
• Block browser and five Browser controls
• Erase laptop within 24 hrs using native Active Sync.

That’s it. That’s all you get with MDM. Thus, MDSM.

What I argue is that the industry should explicitly refer to comprehensive mobile security as MDSM - Mobile Device Security Management, wholly independent of and distinct from MDM. At last count there were around 80 MDM-only vendors, some of whom, more so than others, position MDM as an adequate mobile security solution.

Ask yourself a simple question: Would you (or your security sensitive organization) ever deploy laptops with the anemic list of capabilities above and call it security? Of course not. MDM is not security.

Many organizations, initially under the belief that MDM tools alone would meet their security needs, are now discovering the cost and pain of dismantling their inadequate MDM approach in favor of deploying more comprehensive mobile MDSM suites.

Who today would deploy corporate laptops without… at least some of the following controls in place?

• Anti-virus, anti-malware detection for email and downloads.
• Wireless and company communications over a non-SSL VPN the user cannot bypass.
• Force all, or some defined subset, of traffic over corporate resources.
• IPS and hostile activity detection and remediation.
• Firewalls with highly granular controls.
• Content filtering.
• Hidden IP address of the device
• Corporate DLP and SIEM enforcement

All of the above are crucial components of MDSM - Mobile Device Security Management.

Of course the native MDM controls are one piece of a total mobile enterprise security architecture. But as many companies have discovered, MDM alone is not up to the task. As you examine MDSM in your shop, let me add a couple of additional ‘foods for thought’ that should be considered in all mobile device deployment plans.

• Should your mobile population be secured with the same amount of care and diligence you take in your fixed enterprise?
• Does your existing policy sufficiently address mobile security and the added risks they present?
• Should a mobile device be treated as a ‘dumb terminal’?
• How does data in transit and data at rest on mobile devices differ and affect your organization’s ability to maintain compliance?
• Are you going to attempt to work out an acceptable security-functionality balance for a BYOD (Bring Your Own Device) policy?
• Or, will you only allow devices under company control to touch your networks, much as you do with BlackBerry today?

Admittedly, proper Mobile Device Security Management is not easy. Yet because MDSM includes many specialized security controls and processes, vastly different than MDM, MDSM is deserved of independent recognition and identity – wholly separate from MDM.