Recently I’ve been thinking a lot about why we do EMM. I wrote about the different stages of adoption; I wrote about when it will be widespread; and last week at BriForum I joined Brian Katz to present a session on the future of EMM.
Today, I’m thinking about yet another angle: there’s still a lot to be said about using EMM for basic mobile security “hygiene.”
The idea came up in conversations I had around two separate announcements that are coming out today. (It was just coincidental that they both made me think of the same idea, and that they’re both today.)
One of the announcements is a new product from VMware called AirWatch Express, an MDM product for small and medium businesses. It costs $2.50 per device with a maximum of 500 devices, and it provides a new user-friendly UI that runs on top of the existing AirWatch cloud platform. It focuses on the basics: pushing public apps; configuring WiFi and Exchange access; and security policies like passcodes, encryption, and dealing with compromised, out of compliance, and missing devices. Besides iOS and Android, it also supports macOS and Windows 10.
I talked to Shawn Bass about the announcement, and I asked him why smaller businesses need MDM. (After all, many organizations this size are still doing mobility on an ad hoc basis, and they’re doing fine without EMM.) Shawn’s answer was that all companies (not just large or regulated ones) need to be aware of data leakage issues. If there’s valuable proprietary information on a device, then it should be protected. Unfortunately, many companies just haven’t thought about this yet. Putting MDM on a device offers a layer of protection to email and other apps; and can safeguard against lost and stolen devices.
The other announcement today is from MobileIron, which is releasing its second Mobile Security Risk and Review report. (Available here, registration required.) The report covers several topics including the latest malware threats (it's definitely worth reading through the whole thing) but the intersting part for this article is what it says about basic mobile security issues: Specifically, it covers the rate of companies that have had incidents involving missing devices; devices with out of date policies; compromised devices; devices out of compliance; and devices where EMM was removed. (They said this mostly happens when someone upgrades their device or does a factory reset for some reason.) It also covers the rate of companies enforcing OS update policies.
I talked to James Plouffe, a lead solutions architect at MobileIron, to learn about conclusions they drew from the report. One of the main points is that doing the right thing for security isn’t as tough as it seems—it’s straightforward and simple "hygiene." (James introduced me to this term, and I love it.) The report makes security recommendations that involve EMM basics like keeping devices up to date, keeping devices in compliance, and dealing promptly with devices that go missing.
We’re a long way from full enterprise mobility adoption, and there are a lot of different things to think about along the way. However, there’s a lot to be said for the value of EMM-based mobile security practices that we can consider basic hygiene. We shouldn’t lose sight of this as we talk about all the more high-concept future stuff.