Free Download
Download the latest issue of CW Europe - July 2013 Renegotiating services contracts
Download Email Address
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
You are logged in as: George Pluimakers
Edit your Profile Logout
RSS
Part of the TechTarget network SearchConsumerization.com
News
Latest Headlines
Mobile application development platforms mature, market
consolidates Staples shares its mobile
e-commerce Web development lessons learned VMware vows not to make vaporware announcements at VMworld 2013 View All News Premium
Editorial
E-Books
Corporate data in the consumer cloud Data loss prevention strategies in the cloud era Integrating and managing MDM products View all E-Books
Modern Infrastructure View All E-Zines
E-Handbooks
State of the art endpoint management Solving the challenges of BYOD
Mobile application delivery: The next frontier View All E-Handbooks
Consumerization Topics
Topics
Enterprise mobility management
Mobile desktop virtualization, Mobile device management, Managing Windows desktops, Software licensing,
Managing Windows mobile devices, Mobile apps and MAM
Cloud and social software
Cloud apps, Cloud storage, Social collaboration
Securing mobile devices and data
Mobile client security, Data protection and authentication, Mobile policy enforcement, Network Access Control, Network Security
Smartphone and tablet hardware
iPad and iPhone, Android devices, Windows mobile devices , Mobile service providers , BlackBerry , Mobile phone reviews , Mobile device comparisons, Tablet reviews
Mobile device OSes and apps
iOS, Emerging consumer technology, Android and Chrome OS, Windows and Windows Phone, Mobile application development, BlackBerry OS, email and management
Hot Topics
Consumerization Strategies for the CIO iPad and iPhone
Mobile device management Data protection and authentication Tutorials
Advice & Tutorials
Consumer cloud storage and collaboration guide Securing data: An Apple and Android security guide
Consumerization and the cloud: How mobile cloud apps are changing IT
BlackBerry World 2012 conference coverage Consumerization Nation podcast archive Guide to mobile device management software How to get a BYOPC program up and running Guide to enterprise mobile management FAQs Enterprise mobile device management software guide
Mastering the BYOD trend: The ultimate guide Enterprise mobile application management guide
Cloud file sharing and business services guide Guide to consumer mobile operating system features
A guide to VMware's end-user computing products
Desktop virtualization challenges in the BYOD era
Emerging tech trends and enterprise IT’s future A guide to mobile software licensing issues How mobile device policies make IT's job easier Comparing tablets, smartphones and mobile OSes Guide to consumer and enterprise mobile apps An IT manager's guide to BYOD benefits and risks
Protecting data: An IT guide
BlackBerry Live 2013 conference coverage Guide to Samsung devices, products and services
Technology Dictionary
Find definitions and links to technical resources Powered by WhatIs.com
Expert Advice
Tips
Are MDM tools as secure as you think? A technical deep dive on iOS app distribution How to configure CA certificates for iPad and iPhone
Ask a Question
Get help from our technical community Powered By ITKnowledgeExchange.com Vendor
Content
Research Library
White Papers Business Webcasts Downloads Powered by Bitpipe.com Blogs
Blogs
Taking Back IT ConsumerizeIT Brighthand Bytes Powered By
ITKnowledgeExchange.com Product
Reviews
Product Reviews
Smartphone reviews
Virtualization Events
Conferences
BriForum
Seminars
Desktop Virtualization Consumerization of IT
Search this site SEARCH Search
Home Topics
Enterprise mobility management strategy Enterprise mobile device management Are MDM tools as secure as you think?
Tip
Are MDM tools as secure as you think?
Robert Sheldon E-Mail Print A AA AAA LinkedIn Facebook Twitter Share This RSS
Reprints
IT managers turn to mobile device management to protect corporate assets, but MDM tools might not provide the protection that IT pros are counting on.
Mobile device management (MDM) software helps reduce some of the risks associated with mobile devices in the enterprise, such as corporate data leaks and mobile malware infecting the network. But relying on MDM tools alone to secure smartphones and tablets is like assuming a house with a smoke alarm can't catch fire.
MDM security
For many in IT, the ability to secure smartphones and tablets is the primary reason for investing in MDM. IT administrators can centrally enforce security policies on all mobile devices supported by the software, controlling settings such as password restrictions, data encryption and feature selection. For example, IT can require that all corporate data be encrypted and cameras be disabled on users' mobile devices.
Another big plus for most MDM tools is their ability to remotely wipe devices. If a smartphone is lost or stolen, IT can
immediately delete sensitive data from the device without physical access to it. In addition, some MDM tools have added mobile application management capabilities that separate corporate data from users' personal data -- a handy feature for bring your own device (BYOD) scenarios. With this technology, admins can wipe corporate data without touching the user's personal
information.
MDM can also block unauthorized apps from being installed on a device and can detect if a device has been jailbroken or rooted. Jailbreaking an iOS device overrides the operating system's limitations on the types of applications, extensions and themes that can be installed on the system. Rooting an Android device permits privileged control over the Android subsystem. In both cases, the device can become seriously compromised and more vulnerable to malware. Some malware even relies on a device being
jailbroken or rooted in order to inflict real damage.
Mobile device sandboxing
The core security features that most MDM software offers don't vary a great deal. The operating system running on a mobile device dictates which services the MDM tools can provide. For example, MDM software can offer remote wiping because built into an OS is the functionality necessary to allow the device to be wiped remotely. If the OS did not support this functionality, then the MDM software could not offer it as a service.
Many MDM tools require a client app on managed mobile devices. But because mobile apps run in sandboxes, they are separated from each other and from the device's OS. If one app needs to access another app, the user must explicitly permit that
communication. Even with that permission, access from one app to another is limited. As a result, an MDM app cannot control other apps or the OS, regardless of potential security risks that might exist. MDM vendors can create secure containers to isolate, encrypt and protect data, but the vendor's control outside that container is limited by what the OS allows.
Additionally, MDM apps must rely on the mobile device OS to provide a safe environment to operate in. If a device is jailbroken or rooted but doesn't set off the MDM alarms, the MDM app and its data become as vulnerable as any other app or data on the device.
Why rooted devices don't always set off MDM alarms
At a BlackHat conference in Amsterdam, Lacoon Security Ltd. demonstrated how to jailbreak an iOS device and root an Android device without the resident MDM software detecting that there was a problem. Researchers were then able to access secure email on both devices and copy it to a remote location.
Though breaking into a device is no easy task, Lacoon demonstrated that vulnerabilities exist. Other security-related incidents highlight device vulnerabilities as well, such as the 2012 Exynos exploit that gave easy access to an Android device's RAM and made rooting the device easy. In fact, Lacoon used the Exynos exploit to root the Android device without the MDM app ever catching on.
All this leaves MDM vendors trying to perform a tricky balancing act. They rely on a device's sandboxed environment to isolate their own services, yet are prevented by the architecture from being able to better protect that environment or its apps. Yet if the underlying sandbox structure is compromised, the MDM tool can be compromised, undermining its ability to secure the device and its data.
MDM tools in the enterprise
One of the big lessons learned from trying to protect enterprise desktops is that no single tool can safeguard a computer
completely. IT can install antivirus software on a desktop, but that software should not be the sole security layer. Rather, it should be part of a larger security strategy that encompasses the entire network and the people using it.
When planning security for mobile devices, consider the applications and data running on those devices and the infrastructure that supports them. For example, provide users with an alternative to Dropbox to control how files are stored and shared. IT could also implement an intrusion detection system or intrusion prevention system on the network to detect unauthorized access. Another option is to require that mobiles devices use a virtual private network to connect to corporate resources. Regardless of the additional precautions an IT department takes, the security strategy should include an education component that explains how employees can safely use their devices and what their responsibilities are.
Ensuring the security of mobile devices is no small task. Even with MDM tools and a strong security strategy, users might succumb to targeted social engineering attacks. Not only are these on the rise, they're also becoming increasingly sophisticated. And the mobile nature of devices means they're more likely to be used on unsecure networks and be lost or stolen. All IT can do is try to mitigate the threats to devices and the corporate network as well as it can.
Articles
Integrating MDM tools with enterprise data and applications MDM software: Why it’s important and what it should include Mobile device management vs. mobile application management
Five MDM products for managing mobile devices in corporate environments Choosing an MDM system: Fundamental features for success
Sponsored Articles
Top Storage Trends for 2013
Sponsored by NetApp
Improving Security With a Multilayered Defense
The Benefits of Caching Software for Server-Side Flash Storage
Sponsored by NetApp
Enterprise Private Clouds and Scale-Out NAS Benefit From Clustered Storage
Sponsored by NetApp
Storage Automation, Self-Service and Provisioning for a Microsoft Private Cloud
Sponsored by NetApp
Related glossary terms
Terms for Whatis.com - the technology online dictionary Android Factory Reset
Samsung for Enterprise (SAFE) AT&T Toggle
BlackBerry Balance endpoint device
configuration profile (CP) bring your own network (BYON) Google Apps for Business
dual persona (mobile device management) battery life
This was first published in August 2013 Join the conversationComment
Tweet
Tweet 9 ShareShare 8 3 1
Comments
Post 46519025 Aug 20131:53 PM zReport
MDM is only one aspect of BYOD management. But what about helping IT staff support a wide range of devices, or ensuring that employees can connect to their work applications?
What's needed is a way to deliver applications to all types of devices while minimizing hassles for IT. For example, Ericom's AccessNow HTML5 RDP client enables remote users to securely connect from iPads, iPhones, Android devices, Chromebooks and more traditional laptops and PCs to any RDP host, including Terminal Server and VDI virtual desktops, and run their applications and desktops in a browser. AccessNow doesn't require any software installation on the end user device – just an HTML5 browser, connection and login credentials. An employee that brings in their own device merely opens their HTML5-compatible browser and connects to the URL given them by the IT admin.
Visit http://www.ericom.com/BYOD_Workplace.asp?URL_ID=708 for more info. Please note that I work for Ericom
1.
Results
Contribute to the conversation
All fields are required. Comments will appear at the bottom of the article.
Comment: 1.
2. Submit
Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
Back to top
You May Also Be Interested In... More Background
IT pros to makers of EMM tools: Time to pony up
Mobile device management vs. mobile application management
More Details
Integrating MDM tools with enterprise data and applications Fitting MDM products into your existing infrastructure News
Latest Headlines
Mobile application development platforms mature, market
consolidates Staples shares its mobile
e-commerce Web development lessons learned VMware vows not to make vaporware announcements at VMworld 2013 View All News Premium
Editorial
E-Books
Corporate data in the consumer cloud Data loss prevention strategies in the cloud era Integrating and managing MDM products View all E-Books
E-Zines
Modern Infrastructure View All E-Zines
E-Handbooks
State of the art endpoint management Solving the challenges of BYOD
Mobile application delivery: The next frontier View All E-Handbooks
Consumerization Topics
Topics
Enterprise mobility management
Mobile desktop virtualization, Mobile device management, Managing Windows desktops, Software licensing,
Cloud and social software
Cloud apps, Cloud storage, Social collaboration
Securing mobile devices and data
Mobile client security, Data protection and authentication, Mobile policy enforcement, Network Access Control, Network Security
Smartphone and tablet hardware
iPad and iPhone, Android devices, Windows mobile devices , Mobile service providers , BlackBerry , Mobile phone reviews , Mobile device comparisons, Tablet reviews
Mobile device OSes and apps
iOS, Emerging consumer technology, Android and Chrome OS, Windows and Windows Phone, Mobile application development, BlackBerry OS, email and management
Hot Topics
Consumerization Strategies for the CIO iPad and iPhone
Mobile device management Data protection and authentication Tutorials
Advice & Tutorials
Consumer cloud storage and collaboration guide Securing data: An Apple and Android security guide
Consumerization and the cloud: How mobile cloud apps are changing IT
BlackBerry World 2012 conference coverage Consumerization Nation podcast archive Guide to mobile device management software How to get a BYOPC program up and running Guide to enterprise mobile management FAQs Enterprise mobile device management software guide
Mastering the BYOD trend: The ultimate guide Enterprise mobile application management guide Cloud file sharing and business services guide Guide to consumer mobile operating system features
A guide to VMware's end-user computing products
Desktop virtualization challenges in the BYOD era
Emerging tech trends and enterprise IT’s future A guide to mobile software licensing issues How mobile device policies make IT's job easier Comparing tablets, smartphones and mobile OSes Guide to consumer and enterprise mobile apps An IT manager's guide to BYOD benefits and risks
Protecting data: An IT guide
BlackBerry Live 2013 conference coverage Guide to Samsung devices, products and services
Find definitions and links to technical resources Powered by WhatIs.com
Expert Advice
Tips
Are MDM tools as secure as you think? A technical deep dive on iOS app distribution How to configure CA certificates for iPad and iPhone
Ask a Question
Get help from our technical community Powered By ITKnowledgeExchange.com Vendor
Content
Research Library
White Papers Business Webcasts Downloads Powered by Bitpipe.com Blogs
Blogs
Taking Back IT ConsumerizeIT Brighthand Bytes Powered By
ITKnowledgeExchange.com Product
Reviews
Product Reviews
Smartphone reviews
Tablet PC reviews Virtualization
Events
Conferences
BriForum
Seminars
Desktop Virtualization Consumerization of IT
Search this site SEARCH Search
More from Related TechTarget Sites
Enterprise Desktop CIO
Networking VMware Security CRM
Enterprise Desktop
Windows Phone 8 deployment flies high at Delta Air
Delta has completed a Nokia 820 Windows Phone 8 deployment to 19,000 flight attendants -- a much-needed endorsement for Microsoft's mobile phone.
Microsoft omits DVDs from Windows 8 media player, but it's fixable
There is no DVD playback capability included standard in the Windows 8 media player, so our expert suggests some alternatives.
Three ways Windows Sysinternals Process Explorer reveals system usage
Windows Sysinternals Process Explorer not only is free, but it can also help users understand the need for desktop security.
CIO
IT business outcomes prioritized in IT service delivery discussion
In this tweet jam recap, learn why CIOs and their IT departments are making business outcomes a top IT service delivery priority.
Zipcar CMO taps data-driven marketing to personalize the business
Zipcar CMO banks on a data-driven business model to develop new services and personalize the customer experience.
Community cloud could fix data crunching dilemma for cancer research
Building a community cloud for cancer research, make-it-yourself data and a new report on emerging tech: The Data Mill reports.
Virtual Desktop
New DaaS options emerge ahead of IT demand
DaaS hasn’t caught on in enterprises yet. Could new options from VMware and other large vendors kick start the cloud hosted virtual desktop movement?
Not a Mirage: VMware Horizon View updates absent from VMworld 2013
VMworld went in a surprising direction for IT pros with respect to EUC announcements by making none during its annual user conference.
Latest HP, Dell Wyse thin clients improve virtual desktop experience
Latest HP, Dell Wyse thin clients can enhance the virtual desktop user experience with new thin client options delivered this month.
Networking
Networking blogs: Are all VM backup solutions created equal?
In this week's blog roundup, learn about VM backup solutions and whether a Separate or Unified protection solution is right for you.
Upgrading the network? Don't forget the network security tools
Network security tools -- like firewalls-- must be upgraded when moving to a high-speed enterprise network in order to prevent bottlenecks.
Video: Cloud networking solutions and bridging gaps between clouds
In this video, Kris Bliesner, CEO of 2nd Watch, discusses cloud networking solutions, including tools that bridge the gaps in a hybrid-cloud scenario.
VMware
VMware User Group president shares members' cloud challenges
At VMworld 2013, VMware tried to help customers solve their cloud computing problems. The VMware User Group president explains what those issues are.
VMFS vs. RDM: Which cluster file system should you use?
Choosing either the VMFS or RDM cluster file system depends on whether there are special circumstances in your virtual infrastructure.
Comparing differences in vSphere Data Protection versions
The free version of vSphere Data Protection (VDP) has some limitations and lacks some features of the advanced version.
Security
NYT cyberattack neatly sidestepped by big data
Big data analysis of IP addresses performed by OpenDNS kept some 50 million users from falling prey to the hijacking of The New York Times website.
How does steganography work and does it threaten enterprise data?
Expert Joe Granneman explains how steganography works, and the ways it can both protect and threaten enterprise data.
How to make a good first impression when presenting to executives
Explaining an information security program to C-suite executives can be nerve-racking. Here's how to make a good first impression.
CRM
Help yourself: Self-service CRM questions answered
Is self-service CRM the opposite of customer service? Read this Q&A with Amanda Kleha to learn why some think it gets a bad rap.
Dayna Steele: Let customer service representatives be people
Scripting and strict rules won't help customer service reps provide good service -- letting them be human will, says consultant Dayna Steele.
CRM metrics: Why it's time to get innovative
For CRM metrics to be meaningful and work for different business units, resist the impulse to over-measure. Justin Robbins explains why.
All Rights Reserved,Copyright 2011 - 2013, TechTarget
About Us Contact Us Site Index Privacy policy Advertisers Business partners Events
Media kit
TechTarget Corporate site
Reprints
Archive Site map
