Features Opinion Technology
Keeping a leash on mobile devices

In the original iteration of the “technologybased” mobile office, companies issued Black- Berrys and laptops to a few key executives and employees and only these devices could access corporate systems and information.

It was all tightly controlled by the Information Technology (IT) department and the equipment and software belonged to the company. It was generally quite expensive to equip and connect each user, which restricted how many could benefit from connecting remotely.

Evolution
The dramatic change began with the introduction of the original Apple iPhone, which began the smartphone revolution. Numerous Google Android smartphones, championed by Samsung and many others, soon followed. The revolution was completed with the advent of true 4th generation high-speed Internet data, particularly LTE, giving mobile devices near wired connection speed.

As the price per user for equipment and communications dropped substantially, many more people could be given remote access to corporate networks without increasing the budget. Hardware choices and users’ needs and wants also changed and the Bring Your Own Device (BYOD) business model eventually developed.

Users could connect to corporate networks with their own personal devices and use them for work, ending the need to carry both a work and personal phone. There are numerous permutations of the BYOD model, often involving some kind of cost sharing or other individual arrangement.

Access
Moving from the small-scale, tightly controlled mobile office model to a multi-device, often BYOD setup presented numerous technical and security challenges for corporations and employees.

Many new access points into corporate networks and the wide distribution of often confidential data on hundreds or even thousands of small easy to lose devices made security a major challenge.

Different communications technologies also presented security challenges. While digital cell networks are relatively secure, free Wi-Fi access points, such as coffee shops, airport terminals and elsewhere, are questionable.

Variety
Managing mobile devices, especially under BYOD, also became more complex. IT departments suddenly needed to manage not just a few Windows or Mac computers and BlackBerrys but numerous other smartphones running iOS, Android and Windows – and tablets and computers running Windows, Apple OSX and Android. Each operating system and device has its own native security levels and must be kept up to date to stay secure. Some, such as Android smartphones and tablets, are notoriously insecure and vulnerable to data leakage and hacking because of apps with poor security levels.

Security on individual devices relies heavily on the diligent use of good, up to date anti-virus/anti-malware software, regular and consistent OS updates and patches and the weakest link of all, the individual user.

A solution
This all led to a class of software and services known as Enterprise Mobility Management (EMM). In the broadest sense EMM allows companies to securely and efficiently manage all mobile devices with access to the company’s network systems and information

It’s a more complete solution than the earlier Mobile Device Management (MDM) systems. EMM includes MDM and also generally includes a mobile application management solution and at least one mobile identity, containment or content management technology.

Encryption of data on devices and while in transit is an important feature, as is device security through the use of strong passwords.

In the 2016 Gartner’s Magic Quadrant for EMM suites, the leaders included Black- Berry’s Good Secure EMM Suites, VMware AirWatch, MobileIron, Citrix XenMobile, IBM, SOTI MobiControl, Sophos Mobile Control and Microsoft InTune. There are numerous other small and often specialized EMM service providers catering to niche markets or customers.

EMM products offer a wide range of features, services and varying levels of hardware support.

Choices
Choosing the right EMM is a complex process that often starts with an assessment of an agency’s systems and technologies and where it wants or needs to go in the short and long-term. Not all products support every mobile device or computer operating system.

As the EMM market expanded, there has been acquisitions and consolidations as vendors try to expand the capabilities of their products by picking up specialized competitors.

Controls
EMM vendors typically offer a central control panel, allowing corporate customers to quickly and easily manage all devices, the applications run on them and the data and files that can be accessed.

Certain functionality and behaviours are often controlled by a common policy automatically applied to certain classes of devices and/ or users. Functionality can be customized for individual users. Adding and deleting users, such as contractors, is quick and easy, as is suspending users in the event of lost equipment, security breaches or other problems.

Full auditing of device activity should be included for accountability and security, especially in law enforcement where security measures are typically more stringent. Two factor authentication may be required for some types of systems.

Lost, stolen or missing devices need to be easy to de-authorize and wipe clean of data and corporate network access functionality. Some devices have this built in and/or available through an app or operating system itself.

Allowing even trusted people to use company owned or personal portable devices to access corporate networks is fraught with many dangers. Correctly implementing and using an EMM product/service is a critical step in ensuring security, accountability and integrity of systems and data.

Tom Rataj is Blue Line’s editor and technology columnist and can be reached at tom@blueline.ca.