WLAN Vendors "Discover" BYOD
No one solution is hands-down best at all of the various components, so in the near term we can expect a security complex to involve a number of "piece parts".
The combined topics of mobility and BYOD have now reached the status of a bandwagon that simply must be jumped on. In the past week I've seen an unrelenting stream of press releases and white papers cross my desk from a seemingly endless array of newly minted "mobility experts", and I'm starting to think we should change "BYOD" to "MYOB". Two of the more interesting introductions of late have come from the wireless LAN camp in the way of Cisco and Aruba Networks.
Mobile security and management represents a many-faceted problem, and we have a rapidly expanding range of suppliers addressing different parts of it. While vendors may like to simplify the problem, enterprise security managers need to have a clear idea about the whole realm of mobile security before venturing out to acquire the various piece parts of their security solution. As we have seen no one solution that is hands-down best at all of the various components, in the near term we can expect a security complex to involve a number of "piece parts".
At the most basic level we need to ensure that we can enforce security policies on devices, like the requirement to have a strong power-on password and the ability to remotely lock and wipe the device if it is lost or stolen, or if an employee is terminated. Those issues can be addressed with push email solutions like Microsoft's Exchange Active Sync and IBM's Lotus Notes Traveler.
More comprehensive management solutions come in the way of mobile device management (MDM) systems like those from Sybase, MobileIron, AirWatch, Zenprise, and Good Technology as well as the ever-present Research In Motion (RIM). With their recently delivered Mobile Fusion solution, RIM can now provide MDM services for Apple iOS and Android devices as well as BlackBerry. Odyssey Software adds MDM capabilities to Microsoft's System Device Center, allowing it to manage mobile devices along with desktop and laptops, and IBM is in beta with the same capability on the Tivoli End Point Manager. In their 2011 Magic Quadrant for Mobile Device Management Software, Gartner found more than 60 different vendors--and that number has grown since then.
Those solutions typically involve installing a client on the mobile device (tablet or smartphone) that can then be monitored from a premises or cloud-based management platform. Capabilities vary from product to product but will typically include the ability to enforce policies (e.g. require strong power-on passwords); push configuration settings and certificates to devices; provide asset tracking, remote wipe and lock, along with tools for service monitoring and diagnostic support.
The other growing area in mobility management is applications management. Many organizations are looking to take direct control of applications delivery and support, rather than depending on public app stores like iTunes or the Android market. That starts with the ability to detect "jailbroken" (iOS) or "rooted" (Android) devices that could allow malware infected mobile apps to gain access to the corporate network. Users can be limited to the internal app store, which would provide distribution with automatic update flagging and application whitelisting/blacklisting capabilities. Many of the MDM solutions have incorporated these capabilities and there are specialist solutions like Apperian and AppCentral, and one with particularly strong security hooks from Nukona.