Sunday, January 16, 2011

10 Technologies for 2011: 2. Mobile Device Management Software

2. Mobile Device Management Software
   As the trickle of new mobile devices allowed to access Enterprise Data sources has swelled into a flood in the past few years, the management of these devices has become a major challenge for those responsible for provisioning, auditing, usage tracking and security of these devices. It used to be that the software for managing these devices fell neatly into two camps: Blackberry Enterprise Server from (BES) from RIM and ActiveSync from Microsoft. While RIM took care of its own devices, the rest of the world was typically managed through ActiveSync. Microsoft provided for a set of policies that could be enforced to varying degrees on different mobile devices. 

As the amount of data that can be stored on these mobile devices go up, the challenge of keeping that data secure requires enforcing specific policies such as requiring that all data stored is encrypted, that there is a password required on the device, that the device can be remotely wiped in the event of loss etc.

 Apple licensed ActiveSync technologies from Microsoft and this allowed iPhone users to access resources such as Microsoft Exchange without too much trouble. In fact iPhones self enrolled in ActiveSync in more user friendly ways than Microsoft's own Windows Mobile devices. The advent of Android has changed all of that. With a veritable explosion of devices on multiple carriers driven by Google's Android, tracking the specific capabilities of individual devices became an impossible task.  

To start with, there are so many flavors of Android from 1.6 to 2.3 already available, with many more in the wings. Tracking and enforcing policies on these various flavors is no small task.  For example a particular information resource in the Enterprise may require that any mobile device that is authorized to access it must support remote wipe of the device. ActiveSync may dictate that if a device does not support this policy it cannot connect. However this depends on the device telling the truth.

It is unclear whether the various stock Android flavors and OEM variations actually report the true capabilities of the devices it runs on. To make matters more complicated, Android as an operating system is famously open and allows users to change settings more than other platforms do.  Finally, there are known ways to bypass these restrictions by means of software that ensure the expected responses are sent back to ActiveSync regardless of the true posture of the platform. As a result ActiveSync in its current form has a hard time managing these devices.

Into this brave new world of rapidly shifting capabilities, policies and devices, 3rd party mobile device platforms such as Good Technology has stepped in with specific defenses against the subterfuge of software bypasses and promising to keep pace with the relentless progression of devices in the Enterprise. We can expect Microsoft to also step up its game with newer versions of ActiveSync and potentially a stable of third party plugins. 








No comments:

Post a Comment