The ever-expanding number of mobile devices, operating systems and applications – as well as the fact that many employees are likely to resist efforts to impose mobile device management (MDM) strictures on them – mean traditional MDM is dead, Symantec executives have warned.
Diversity in mobile devices has quickly changed the nature of bring-your-own-device (BYOD) policies that were initially implemented to appease gadget-loving users and, theoretically at least, to reduce organisations' costs.
But IT managers cannot count on complete data protection as many staff will bring their own devices and be reluctant to hand them over to the IT department for control, Sean Kopelke, director for strategic solutions with Symantec, told the audience at this week's Symantec Symposium 2012.
"When we spoke with customers about mobility one or two years ago, it was always around mobile device management," Kopelke explained. "The challenge now is that companies aren't actually owning the devices they're giving to employees; employees are bringing devices themselves. So just MDM itself is not good enough. You need to manage not only the device, but the apps and data on them."
Various vendors have been working to introduce virtualisation techniques onto mobile devices: virtualisation giant VMware, for example, recently demonstrated http://www.cso.com.au/article/435212/how_vmware_hacked_ios_security_allegedly_/ an early-release version of technology that will allow app virtualisation despite the normal security controls under iOS.
Symantec has taken a similar approach, with secure 'wrapper' technology in its Symantec Endpoint Management Suite that allows IT managers to set up limited corporate 'app stores' through which staff can download encrypted versions of key corporate apps.
Because the apps are bundled within Symantec code, administrators can set privileges to control the movement of data out of the app. In an on-stage demonstration, presales consultant Mark Shaw showed how selecting a few tickboxes allowed administrators to stop users from copying and pasting information from a sensitive document, or copying the document to their Dropbox cloud account.
"We see some big changes in what organisations are trying to do with their mobile devices," Shaw said. "MDM is very 2011. It's still important, but becomes less relevant as the number of devices connecting to our networks becomes harder and harder to identify and manage. So this is an example of technology we're using to really enable that shift towards more granular application and data protection."
The wrapper technology doesn't modify the app's code in any way, preserving Apple's security controls. However, it can force users to enter their passwords to even load particular apps, and then allows the management and tracking of their activities throughout the session.
This approach will help companies stem the flow of information past corporate boundaries, Shaw said, and will help MDM strategies mature to account for the reality of BYOD as it's being implemented.
"IT need to be the enabler," he said. "We can't be the 'no' organisation anymore – we need to be positive and proactive in enabling this change to take place."