Why You Should Install Mobile Device Management Software
Polls of corporate security professionals consistently show that the simplest problem is also the worst problem in the BYOD world: Lost or stolen devices (in concert with weak or nonexistent unlock codes). Anyone can have their phone stolen. Most people are unwilling to create and use large and complex passcodes on their own devices, given they have to enter them on a touchscreen with a limited virtual keyboard. There are a few possible compromise solutions for this, but all require installing mobile device management (MDM) software on the user’s device:
Install remote device-wiping software. This can be configured to not wipe the user’s personal information if that is what they want.
Keep all confidential corporate data in an encrypted container. Many phones are now encrypted by default (earlier Android versions being a notable exception), but this is useless if the user’s passcode is easy to guess or assess using brute-force.
The next most likely problem is malware installed via phishing or other means. Android is becoming the “new Windows” in this regard, with many malware writers now focusing on this platform. This will also require help from MDM software. Controls that may help include:
Blacklist software and services that are insecure, and data-sharing apps (e.g., Dropbox)
Prohibit installation of software via non-standard means (rooted phones and the Android “Allow installation of non-Market apps” option).
Limit corporate network connectivity of devices based on device and OS version
The biggest problem with BYOD security is that people don’t want too a large corporate footprint and restrictions on their own devices, and most people do not want the corporate IT staff to have visibility into their personal communications and data. Modern MDM software allows far greater granularity of control than the earlier versions, so these concerns can be addressed.
Mark Huss is a Senior Consultant with SystemExperts and is based near Philadelphia, Pennsylvania. Mark has been working in Information Security since 2005, performing security reviews, conducting penetration testing, and educating development staff. He has worked extensively with web-based, client-server, and mobile applications. His expertise covers both Linux and Windows environments.