The influx of smart devices into the workforce about 10 years ago forever changed the way business worked. All of a sudden, the once portable – ultra-mobile ‘laptop’ became an unwieldy relic of the past and everyone sort to downsize to their smartphones and tablets.
The iPhone was still considered a consumer device as incumbents like Blackberry, Palm and Nokia dominated the markets. Along came the battle of the Androids – who in their right minds would use one of those for business purposes?
Everyone wanted two phones – one for business and the other for work. Organizations gave away ‘corporate phones’, initially to field workers and executives, but soon enough everyone had one. Organizations were faced with the headache of managing so many ‘mobile’ devices as corporate endpoint solutions were not able to manage the myriad of operating systems. One organization stood out from all the rest – Research in Motion (now Blackberry), with their Blackberry Enterprise Server (BES) technology. The Mobile Device Management (MDM) platform was born. Other players like Nokia entered the fray with their acquisition of the Intellisync Mobile Suite. Soon after that, other MDM vendors such as MobileIron, AirWatch and Good for Enterprise added to the list of growing MDM vendors and service provides.
MDM: Phase I – Device Management
MDM started off with the intent of managing the mobile device rather than applications or data. Technical controls such as remote lock, wipe, de-provisioning were key features of the early wave of MDM solutions.
MDM: Phase II – Application Management
Basic device management controls soon developed into ‘App Centric’ controls focused on granting or restricting access to corporate applications. The ability to wrap or tag enterprise applications to create a corporate profile made managing the applications easier especially as it relates to provisioning and de-provisioning.
MDM Phase III – BYOD
Users eventually got tired of having two or more devices and the need to consolidate into a single smart device able to manage both personal and corporate use cases became the norm rather than the exception. The introduction of Blackberry’s dual persona devices and Android for Work, allowed the enterprise mobile workforce to keep business and personal information together securely without data co-mingling. The business data portion is segmented, encrypted and inaccessible to personal applications creating a virtual ring-fence.
MDM Phase IV – Beyond BYOD
Most users today spend increasingly more time on their mobile devices during the course of their working day. Businesses are reaping the benefits of an increasingly mobile, remote, geographically spread out workforce and leverage mobile applications, adaptive security controls based on the user profile, location, connection type, etc. is redefining the traditional architecture and boundaries of an enterprise network.
Here are a few areas that would see the traditional MDM industry transform over the next few years.
A. Integration with AI Voice-Controlled IoT Devices
Integrating MDM platforms with a voice-controlled smart IoT platform such as Amazon Alexa or Google’s Assistant to simplify navigation and access. AI-driven voice ‘assistants’ can perform MDM tasks such as switching between applications, reading and sending emails, etc. This not only makes tasks easier but also faster, reduces operational complexity and drives adoption.
B. AI-Powered – Password Less Authentication
AI devices are built to understand user behavior such as typing style, tone of voice, ascent and even body temperature to make a fairly accurate identification of the user rather than require a user to enter a traditional user credential (username/password). AI-powered platforms are perhaps best known for anomaly detection – being able to spot unusual user behavior like logging into a particular application, system or at a certain time that is deemed unusual. The user can be prompted for a secondary level of authentication to verify their identity.
C. IAM Alignment
A growing number of SaaS applications such as Google Drive, Skype, O365, Box, etc. that have both commercial and personal versions. Organizations struggle to manage these applications using a standard MDM application as most users are able to download these apps from the various app stores and configured them easily. This issue is further complicated by the Federal Fair Labor Standards Act (FLSA) and certain State Labor Laws concerning ‘unreasonable’ working hours for non – exempt employees. How do you restrict a ‘corporate’ app that a user can download and configure themselves, but used for business purposes?
Identity & Access Management (IAM) solutions will increasingly be used in place of or in tandem with MDM to restrict access based on user role, job type. IAM solutions can provision / de-provision access, apply adaptive multi-factor authentication better than most MDM solutions. IAM vendors now choose MDM as their preferred multi-factor authentication solution. This can also be used to enforce security policy, perform device integrity checks, and mobile threat analysis & prevention.
D. Total Device | Endpoint Management
Traditional MDM applications will continue to evolve to become a consolidated endpoint management platform able to manage both mobile devices and standard computing devices such as laptops and desktops. Microsoft’s Intune, AirWatch, IBM’s MaaS360 are all examples of a blended device management platform.
But certainly the most significant change in the opportunity and elegance that the ‘enterprise cloud’ introduces. Leveraging the benefits of SaaS applications, Cloud-Centric IAM tools and controls such as DLP, CASB, it is easy to imagine a world without traditional MDM. Why worry about the device if the two most important things are the user | their identity and the data they access?
By 2020, most business applications will be delivered ‘cloud-native’ – either as a SaaS application, Cloud Hosted or delivered by a virtual desktop environment e.g. Citrix. The makes a device – first security approach redundant. If nothing is stored on the mobile device, then there is nothing to manage on the device itself.
The next wave of mobility will see data move seamlessly from application to application using access token validation techniques. An access token will encapsulate the security configurations, identity and privileges required for access.
Nemi George
Nemi is the current Senior Director of Information Security and Service Operations at Pacific Dental Services. It is one of the country’s leading dental support organizations (DSO) providing supported autonomy to more than 650 dental practices. Before moving to the USA, Nemi worked with Vodafone for more than 9 years in a number of roles across architecture,managed service operations, information security, and compliance security and risk. Nemi is a member of the ISACA, British Computer Society, and holds the following professional qualifications: CISM– Certified Information Security Manager, EC Council’s C|CISO– Certified Chief Information Security Officer; CISA - Certified Information Systems Auditor; ITIL V3 Foundation and Intermediate. Also, Nemi serves as an Executive Consultant helping businesses strike the right balance between managing Information Security risks and implementing additional security controls. Nemi also serves as Vice President for ISACA Orange County. He is an accomplished speaker and writer.
