This page contains a Flash digital edition of a book.
MDM IS NOT MOBILE SECURITY!


by Winn Schwartau


After almost thirty years in security, I guess I get a little finicky when I see terminology misused, misapplied and all too often, used to mislead. And so I take to task the unfortunate catch-all mobile acronym, MDM (Mobile Device Management) that is the current leader in misunderstanding, inaccuracy and false promises.


I admit it; I am a security guy, and I like engineering-style precision, especially in rapidly emerging security disciplines such as the Perfect Storm of Mobility. I am not going to criticize specific companies; rather I hope to offer clarification and a much needed more accurate alternative term – MDSM – Mobile Device Security Management.


First of all, MDM, in both iOS and Android, offers a compact set of tools for a fairly basic level of device management. However, despite the repeated erroneous claims to the contrary, MDM is a not a mobile security solution. If it were, your laptop security posture would be as follows: · Password length, complexity & duration controls · Block adult materials


· Block browser and five Browser controls · Erase laptop within 24 hrs using native Active Sync


That’s it. That’s all you get with MDM. Thus, MDSM.


What I argue is that the industry should explicitly refer to comprehensive mobile security as MDSM - Mobile Device Security Management, wholly independent of and distinct from MDM. At last count there were around 80 MDM-only vendors, some of whom, more so than others, position MDM as an adequate mobile security solution.


Ask yourself a simple question: Would you (or your security sensitive organization) ever deploy laptops with the anemic list of capabilities above and call it security? Of course not. MDM is not security.


Many organizations, initially under the belief that MDM tools alone would meet their security needs, are now discovering the cost and pain of dismantling their inadequate MDM approach in favor of deploying more comprehensive mobile MDSM suites.


Who today would deploy corporate laptops without… at least some of the following controls in place? · Anti-virus, anti-malware detection for email and downloads. · Wireless and company communications over a non-SSL VPN the user cannot bypass. · Force all, or some defined subset, of traffic over corporate resources. · IPS and hostile activity detection and remediation. · Firewalls with highly granular controls. · Content filtering. · Hidden IP address of the device · Corporate DLP and SIEM enforcement


All of the above are crucial components of MDSM - Mobile Device Security Management.


Of course the native MDM controls are one piece of a total mobile enterprise security architecture. But as many companies have discovered, MDM alone is not up to the task.


Admittedly, proper Mobile Device Security Management is not easy. Yet because MDSM includes many specialized security controls and processes, vastly different than MDM, MDSM is deserved of independent recognition and identity – wholly separate from MDM.


P!


Provocative, informed, challenging, he's on the leading edge of thinking, writing and speaking. Highly technical security subjects are made understandable, entertaining, engaging and thought-provoking. Audiences find themselves challenged with original ideas which are related through historical analogy and metaphor and made relevant to the present and future world.


www.pingzine.com 031


SECURITY


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40