A first look at Sophos Mobile Control

People are increasingly accessing the internet using a single mobile device.

People are accessing the internet (and their own corporate services) in changing ways, increasingly through a single mobile device. Focus is increasingly placed on smartphones to stay up-to-date socially and professionally, and the blurring of these roles poses new security challenges for all businesses.

The core issue for many businesses remains control; how does the organisation ensure that any phone accessing corporate information meets the required baseline security standard before it connects to the network?

Sophos has released its own solution for this — Sophos Mobile Control (SMC). SMC uses functionality already present in many mainstream devices to help securely and remotely lock down the smart phone. Versions for Apple iOS, Google Android, and Windows Mobile handsets are supported by the product.

SMC is intended to provide an IT administrator with the simple means to enforce corporate security policy on both personal and company issued mobiles. It means a blanket ban on personal devices is unnecessary.

The solution can be installed to new and existing infrastructure and utilises common technologies including Microsoft Windows Server, Microsoft SQL Server, and Java based components. LDAP integration is also an option to help decrease the burden of setting up new users.

The majority of administrators will probably be able to install this product with little effort or learning required. SMC is easily connected to a Sophos-provided SMS messaging hub for device set-up and control tasks, often at no additional impact on the customer (based on usage projections). Policies are set through the SMC console.

It is worth noting that Sophos can also deploy the SMC as a secure, segregated multi-tenant environment that may, in particular, be suited to the needs of service providers.

So, what does it do and how does it work?

SMC allows administrators to setup device policy controls through an easy-to-use web-based management portal, then push them over-the-air to any handset within its inventory. Policies can be fine-grained and tied back to device profiles helping to cater for the individual needs of the most demanding organisations.

Typically, a new device can be fully provisioned and added to the corporate inventory in a matter of minutes. The administrator can either send an SMS message to the end user that prompts a remote software installation, or they can install the software locally without user intervention (depending on preferences, location, and general circumstances).

It is even possible to schedule a profile transfer to begin at a specified future time. Once added to the SMC inventory, the administrator can view the device information (great for audit and asset management purposes), or use one of myriad reporting options to get details about the applications installed on a particular handset. It can also tracks and provide information about the data traffic from individual devices, including Wi-Fi. 3G, and roaming usage.

When we took SMC for a test drive, it was hard not to be impressed by its intuitive, cleanly designed interface. Delving a little deeper, SMC provides a powerful set of features for device management and security.

Other impressive features include its passcode policy options which allow complexity and length to be set and enforced at administrator level; the ability to silently stop access to handset hardware components such as an onboard camera or Bluetooth connectivity; and its ability to revoke screen capture and game capabilities. It can also detect and positively react to tampering (and even identify rooted Android devices) with options to prevent corporate email access from the handset.

Another great feature with obvious business benefits is its ability to enable an administrator to remotely provision consistent VPN, email, and Wi-Fi accounts across the mobile device inventory.

The SMC also has the capability to manage and deploy applications remotely, including pre-configuring and uninstalling applications over-the-air. In fact, the feature set suggests that Sophos is directly tackling compliance, regulation, and productivity, we’d say with a degree of success.

The solution offers an optional ‘self service’ portal, enabling end users to remotely wipe or lock their device in seconds if it was lost or stolen. The administrator can also perform these tasks from the SMC console.

So, what’s lacking?

The most obvious omission is an inbuilt antivirus deployment capability, especially considering Sophos’ widely acknowledged pedigree in that area. We understand that antivirus may be added in the future.

We are also surprised by the absence of BlackBerry and Windows Phone 7 support, although we suspect these will also be added shortly. Capability for the Android tablet might be another contender needing consideration.

How does it stack up?

In summary, very well indeed. It does exactly what it says on the tin, providing an easy-to-install and simple-to-use system which is feature-rich and flexible. It leverages Sophos’ respected security talents really well.

A final point to remind yourself about is that the SMC serves both personal- and company-owned devices equally well. If you’re considering a mobile device management system, we’d recommend you look at SMC.

Join the CSO newsletter!

Error: Please check your email address.

Tags Sophos Mobile Controlsecuritymobile security

More about AppleBlackBerryetworkGoogleMicrosoftmobilesSMCSophos

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Enex Testlab

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place