Conclusiones sobre los resultados de nuestro análisis

Mobile Device Management (MDM) refers to technologies that are an emerging solution for centrally managing and securing both corporate-issued and personally-owned mobile devices by enterprise users. Additionally, the term is used to describe a system or solution for securing, monitoring, managing and supporting mobile devices deployed across mobile operators, service providers and enterprises (Mobile Device Management, 2011; Whatis.com, 2006). The MDM technologies cover mobile devices such as smartphones and tablets from various manufacturers yet often exclude laptops because the security controls available for laptops today are different from those available for smartphones, tablets, and other mobile device types (Souppaya & Karen, 2012). MDM software relies on over-the-air programming (OTA) to distribute updates; configuration and policy settings to a fleet of

31% 29% 22%

19%

Projected Cost Exceeded Target End-user Performance Inadequate Software Licensing Costs Prohibitive Storage Price Requirements Prohibitive

51

mobile devices in a form of Binary SMS message (Gascón, Bielsa, Genicio & Yarza, 2011). These technologies emerged as a response to the implementation drivers described in Section 2.3, as well as the realisation that mobile devices require additional protection as their nature exposes them to a higher threat landscape than desktops and laptops (mostly used within the corporate infrastructure). Worldwide, there are less than 100 vendors providing MDM technologies while the market is quickly evolving with an expected increase in capability and maturity in the next few years (Redman, Girard & Wallin, 2011).

Table 2-6 lists the important security capabilities of MDM solutions that are a differentiator for leading MDM vendors. The list is drawn from the evaluation done by (Redman, Girard & Basso, 2012) and (Kane & Gray, 2012) on the top MDM vendor products.

Table 2-6: Key Security Capabilities of MDM

MDM Capability Description

Enforced Password Enforces strong password policy.

Selective Wipe In an event of a device getting lost or stolen,

the MDM solution deletes corporate information only and leaves personal data untouched.

Jailbreak/rooted Detection Capability to detect Jailbroken and Rooted

devices and prohibit them from connecting to corporate network.

Audit trail/Logging Capability to capture and store events.

Application Verification Capability to verify the origin of the

downloaded application using integrity check.

Encryption Capability to encrypt stored information on a

file-level, OS-level, and device level.

Secure Connection Capability to integrate with VPN solutions

and to manage Certificates.

Application Whitelisting Capability to allow only approved corporate

applications to execute on the device. 2.7.1 Current State of Mobile Device Management

BlackBerry Enterprise Services has set a gold standard in the management and security of mobile devices, and Blackberry mobile devices are still the most supported enterprise devices (Kane & Gray, 2012). Figure 2-6 depicts the prominence of Blackberry as compared to other mobile vendors, especially in South Africa. A mobile device management product provided by a phone manufacturer, such as BlackBerry Enterprise Services, may always have more robust support for its native phones than third party products (Souppaya & Karen, 2012). Despite this, there are still a number of MDM vendors that do not support BlackBerry integration (Redman, Girard & Wallin, 2011). Most companies implement MDM solutions to

52

gain control of the new device types that are connecting to the network, that is, Android and iOS devices. As a result, MDM vendors focus on supporting these devices only with plans to support other platforms at a later stage (Kane & Gray, 2011). The level of security applied to these new platforms has not reached the level of security that has been traditionally applied to BlackBerry. Vendors and companies alike are aware of the security concerns with Android and iOS platforms, consequently companies deliver only basic services (e.g. email, calendar, contacts) to their employees, while vendors offer basic security features (e.g. remote wipe, device lock) with plans to add more functionality as these platforms and MDM solutions mature (Kane & Gray, 2011) .

Allowing IT to support heterogeneous device platforms has cost-savings implications. Currently the employees have to contact their service provider for support when their device breaks instead of contacting IT, thus reducing the amount of time spent supporting these devices.

IT Support staff are not only faced with the challenge of supporting multi-platform mobile devices, but different mobile applications as well. Many IT departments and IT service providers have responded to this challenge by segmenting their workforce and assigning a different service level support (e.g. Platinum, Silver, Gold, and Bronze support) to each various segment (Kane & Gray, 2011). For instance, the segment that uses tablets may have access to different service level support and applications that compare to segments that use workstations, while segments that use corporate-issued devices may enjoy a greater level of support (platinum) than the segment that brings their own devices.

2.7.2 Shortcomings of Mobile Device Management

The Mobile Device Management is currently only focusing on the management of mobile devices and their security, while ignoring the growing pool of mobile applications (Kane & Gray, 2011). Companies have a desire to deliver their own applications as well as device- specific applications (e.g. iTunes) to smartphones and tablets and to be able to manage those applications from a unified portal. The application management capabilities of MDM solutions, especially those supporting Android and iOS, cannot meet organisational application management requirements (Kane & Gray, 2011). As a result, organisations are forced to look at third party tools (such as Apperian, AppCentral, and Partnerpedia) to manage more than just calendar, email, and contacts.

53