The recent controversy regarding the FBI’s efforts to coerce Apple into writing a universal key to unlock iPhone security has shone new light on the need for mobile device management (MDM) software. As you probably know, the FBI sought a means to access the iPhone of Syed Rizwan Farook, the gunman responsible for killing 14 people in San Bernardino. The FBI argued that Apple had to develop software to access Farook’s iPhone data. Apple argued that the FBI’s request would require them to create a universal skeleton key that could compromise security on any iPhone. While all of this is now a moot point, because the FBI was able to unlock Farook’s phone without the help of Apple, the part of the story that few hear is that the FBI could have easily unlocked Farook’s iPhone if San Bernardino County had installed MDM software.
Farook was a county employee and the iPhone was issued by the county for use on the job. The county has a license to install MDM software on any county-owned mobile phone, but in Farook’s case they failed to do so. If the MDM software had been installed, then law enforcement could easily access any data they wanted.
Government agencies and corporations routinely issue mobile devices such as smartphones to employees. As work-issued hardware, organizations assume responsibility for managing and maintaining smartphone hardware and software, but there is an ongoing question as to how far an agency or company can go in monitoring and controlling smartphone usage.
As with a government-issued laptop, management software is usually installed on the device to facilitate IT management. That means being able to track the device, track usage and even track the kind of usage. For example, downloading adult apps such as Tinder or gambling apps could be viewed in the same way as using company computer equipment to surf Internet porn – it is not an appropriate use of office-issued equipment. At the same time, installing MDM software is not a license to become Big Brother.
There are any number of good reasons to install MDM software on any mobile device. IT managers are responsible for managing mobile hardware, but they can’t always gain physical access to devices for software updates and new configurations. With MDM software, IT gains remote access to mobile devices to manage things such as antivirus protection, software versions and productivity software.
Many government users have access to sensitive data that should be protected. MDM software makes it easier to manage data encryption, track the physical location of hardware and even wipe the memory remotely if a device is lost or stolen. It also gives authorized users, such as Human Resources or the FBI, access to anything stored on government-issued mobile devices.
Services such as NSI’s TotalCare offer MDM services for hire, including features such as:
Remote enrollment of authorized mobile devices via SMS text, email, QR code or other means;
Ability to remotely configure settings of application such as email, Wi-Fi, virtual private networking (VPN) and email;
Ability to enforce agency or corporate policies such as access to specific types of media, software or voice dialing;
Remote configuration and enforcement of security policies, such as passwords, auto lock and number of failed password attempts prior to a systems wipe; and
The ability to instantly lock or wipe a stolen or lost mobile device.
MDM is perhaps most valuable for security. If MDM software had been installed on Farook’s iPhone, as it should have been, then the FBI would have no trouble unlocking the content.
There are innumerable benefits to engaging a remote monitoring and management service, including MDM support. In addition to maintaining the safe and secure use of mobile devices, mobile computing needs to be integrated into the overall networking strategy.
For example, do you want mobile users to be able to access email using their handheld devices? How are you going to handle sensitive information access? What about document access and downloads? How are you going to manage mobile users access to apps and outside software or websites that could infect their smartphone? All of these issues can affect the enterprise as a whole and should be included in your IT service strategy.
Remote monitoring of mobile devices offers other benefits as well. For example, you can monitor cellular phone and mobile data use to determine if the service plan can be made more cost-effective. You also can assess the need for hardware upgrades and other factors that affect the operating budget.
And, of course, there’s security. Using MDM services can provide proactive monitoring for security issues. Beyond blocking malware, you also can monitor for unauthorized or suspicious activity and watch for usage anomalies that may indicate a larger user-related security problem.
If San Bernardino County’s IT department had the foresight to actually install MDM software on Farook’s iPhone, the FBI would not only have ready access to data on that phone, they may even have had a hint something was going to happen in advance. There are still a number of gray areas regarding monitoring mobile activity and personal privacy, but if you are issuing mobile devices as work-related tools, then you also can implement strict policies and procedures as to their use. The right MDM solutions merely ensure security and compliance.
What are your thoughts and opinions on this topic?