Back in January, AirWatch announced that they are collaborating with Intel on security, and both companies became members of each other's security partner programs.
The press release talked about things like a “bi-directional fabric that can resolve mobile threats more quickly” and “addressing data protection, threat detection and prevention and security management with integrated workflows.”
The announcement got a lot of praise on Twitter, so I wanted to know more about it—what data was flowing where, what they were doing with it, and so on. I reached out to AirWatch and had a conversation with Colin Minihan, Joseph Razavian, and Amit Sharma.
As it turns out, besides the details of the Intel partnership, I got very interesting look at how AirWatch handles security.
The problem with implementing mobile security
There’s no shortage of old and new mobile security vendors. The issue with this is that in order to have the best visibility and control over a device, you need a mobile device management connection. As a result, many security vendors have gone down the road of building their own MDM platform in addition to their core security product.
But there are all sorts of problems with this: Building an MDM platform adds to the barrier to entry; it’s a lot of time for a vendor to spend on something that isn’t their core IP; and these individual MDM platforms usually aren’t as good as ones from established EMM vendors. And on top of that most devices—especially iPhones and iPads—can only connect to one MDM server at a time. You can see that this is a problem—customers might have to choose between using a unique security product and using a best of breed EMM offering.
Fortunately, AirWatch offers APIs to security partners. AirWatch can take care of the privileged visibility and control using MDM and enforce policies; and security partners can do whatever it is that they do with their unique IP. This levels the playing field and makes sense for everyone involved.
The AirWatch Mobile Security Alliance, which was announced last September at AirWatch Connect, is a more formal program to work with security partners. Instead of just offering up the APIs and letting partners consume them as they wish, they get together to talk about what they could do to make the products work better together. Of course other major EMM and security vendors have these programs, too, but for today I’ll concentrate on AirWatch since I wanted to hear examples of what they’re doing with their collaborations.
So what do the APIs for partners actually do?
One example is app reputation. App reputation vendors provide services that can look at apps to see which ones are malware, which ones could accidentally leak data, examine how well built apps are, and so on. For this information to be useful to a company, the app reputation service needs to know what apps are on all the devices. AirWatch can use MDM to collect this information, and then use APIs to send it over to an app reputation partner. The partner works its magic, and then sends a list of good and bad apps back to AirWatch. From there, AirWatch can use the list to build device compliance policies.
Another example of integration is with next-generation firewall vendors. AirWatch can pass them information about whether a device is compliant with MDM policies, what type of device it is, or what OS version it has, and then they can use that information to determine what to do with traffic from that device.
(Speaking of device compliance, this can mean all sorts of things. For example: Is the device rooted or jailbroken? Is it encrypted? Does the user have blacklisted apps on the device?)
A third example would be anti-malware vendors. Anti-malware vendors often have their own agent apps the run on devices (they might look at things like location or network security) and their own cloud services. The anti-malware service might flag a device as being risky, and pass that information over to the AirWatch console, which could use the information to deem a device non-compliant.
Besides the integrations, AirWatch told me about a few future ideas that have come out of collaborations with Mobile Security Alliance partners. One example is that they’re considering adding more granularity to the information that gets passed back and forth with app reputation vendors. Another is making sure that admins that have to go back and forth between AirWatch and other security products to build policies have a good user experience.
AirWatch and Intel
Now let’s get back to the AirWatch and Intel partnership. AirWatch became a member of the Intel Security Innovation Alliance, which includes data sharing via the McAfee Data Exchange Layer; and Intel Security joined the AirWatch Mobile Security Alliance.
Like some other security vendors, Intel was working on their own EMM platform (under the McAfee brand), but now it makes more sense for them to partner with established EMM vendors instead.
AirWatch told me that they recently met and identified four things they will work on integrating:
- Integrate the McAfee ICAP content scanning service with AirWatch Secure Content Locker.
- Set up Intel’s security gateway via a VPN profile in AirWatch.
- Have Intel’s security information and event management service consume AirWatch’s syslogs.
- Share data from Intel’s malware service into AirWatch.
Again, I’ll say that the great thing about these partnerships is that by having AirWatch take care of the EMM policies and letting security vendors concentrate on their own unique IP, the playing field is leveled, and the market can evaluate security vendors on what really matters.
This is especially important since we’re still in the early days of EMM, relatively speaking. Mobile security is very different from desktop security in a lot of ways, so it will take some time for the industry to sort out what works best. The level playing field will help.