Mobile security – a challenge for IT departments. There are two different concepts to choose from: Focus on the device with mobile device management or focus on data with easy-to-use containers. Both have their strengths. Which approach is the right one?
No mobile company without mobile security
Nowadays, hardly any company can do without mobile devices. A wealth of possible applications and added value increases employee productivity and satisfaction. As a mobile company, companies are positioning themselves for the future.
However, the new advantages and opportunities are – rightly – also accompanied by concerns: Mobile devices expand the attack vectors on the company and create new security risks. For cyber criminals, they represent the new gateway into the company. The protection of devices and company information must therefore be rethought, i.e. mobile. There are various solutions to choose from.
Two approaches with a different focus
The best-known solutions for protecting mobile companies include systems for mobile device management (or their successors Enterprise Mobility Management and Unified Endpoint Management) and container approaches. The two solutions represent different concepts, which are compared here but also complement each other.
Which solution should be favored depends on the respective company situation and the mobile strategy. In addition, the make or buy component, i.e. use as managed services or in-house operation, also plays a central role in the decision towards an approach and who owns the device (keyword: BYOD).
Mobile Device Management
Solutions for mobile device management (MDM) address, as the name suggests, the security of the device. MDM is often supplemented with components for mobile application management (MAM) and mobile content management (MCM). The end device, including data and apps, is secured as a whole. The MDM system allows the administration staff to implement a wide range of mobile security guidelines, regulate access to internal and external data, or set password requirements (such as minimum password length and complexity).
Another crucial functionality: in an emergency, administrators can access mobile devices remotely and delete them if necessary. This option is essential, especially in the event of loss. The specific range of functions, user-friendliness and expandability of individual MDM systems varies from manufacturer to manufacturer. For example, functions for the management of mobile applications are often offered, such as enterprise app stores or sandboxing of apps. Tools for cost management are also sometimes offered.
Container
containers take a different approach to ensuring mobile security. Containers are a “lightweight” concept that does not manage the entire mobile device, but focuses on protecting relevant content for the company, the internal data. The container acts as an additional space within the mobile device. Access to the device itself does not yet allow access to the container. Additional credentials are required for this, business applications such as calendar, email, contacts and Office applications run separately from the public apps within the container, and company data is stored encrypted within the container. Business communication is secure and encrypted from within the container. This strictly separates the business use of the mobile device from private use.
Strengths and weaknesses of the approaches
MDM offers a much wider range of functions and full access to devices and data. However, the wide range of functions also results in a highly complex management suite and high costs. The use of MDM therefore requires appropriately trained personnel resources in the company. Although complete access to the device is desirable from the company’s point of view, it has clear disadvantages for modern mobile deployment and access scenarios such as BYOD, COPE or extended enterprises. The complete control of mobile device users often leads to rejection of the systems (keyword: privacy) and requires extensive discussions with employee representatives in order to conclude suitable company agreements for all sides. In addition, appropriate resources should be provided in IT for the in-house operation of an MDM. However, this challenge can be avoided by using a managed services approach or by purchasing SaaS from the cloud.
All in all, companies should allow at least one year for the introduction of an MDM – because the testing of the system for different end devices and the phased roll-out of complex policies should be sufficiently tested in advance to avoid complications later on. However, companies that want to roll out their own apps will not be able to avoid an MDM.
The “lightness” of containers allows them to be introduced quickly and cost-effectively in the company. They offer increased flexibility compared to MDM systems, as containers adapt seamlessly to existing infrastructures. In the event of changes to the infrastructure, only minimal effort is required to adapt containers to the new framework conditions. In addition, the management of the app only requires minimal effort within IT administration. As with all standardized services, additional project costs should be planned for integration into complex, individual, internal infrastructures.
The use of containers offers great advantages in terms of protecting the privacy of employees. As the IT department only has access to the business container, all private activities of the user actually remain private. This significantly simplifies coordination with works councils. The idea of securing business data, communication and systems also makes it easy to support all modern mixed-use scenarios. Extended Enterprises for the use of temporary external employees, BYOD, COPE & Co. can be easily mapped.
Companies considering the use of MDM should also keep an eye on the topic of containers: MDM systems can only guarantee secure working in conjunction with containers.
Which solution suits which company?
When selecting a mobile security solution, practicality should also be taken into account. In an analysis, Gartner comes to the conclusion that companies that introduce MDM systems generally use a maximum of ten percent of the available functions. Although this provides companies with additional options, it also results in unnecessary costs.
The solution should be based on the mobile strategy, the requirements of the users and the size of the company. Companies with small IT departments in particular also need a lean solution to ensure an appropriate level of security with manageable administrative effort.
In addition to costs, operational effort and flexibility of the solution, companies should not lose sight of another aspect when implementing mobile security: the usability of the solution for the IT department (administration) and end users. It is often user-friendliness that determines the acceptance of a security solution and therefore also the “actual use” and ultimately the prevailing level of security.
The reality is complex: a wide variety of requirements flow into the selection of a solution for mobile security. The good news at the end: there is no either/or; containers and MDM are by no means mutually exclusive, but can be combined into comprehensive solutions to cover the most diverse security aspects of a mobility strategy.
Container app: increase mobile security with just one solution
With a container app like SecurePIM, you avoid the risks of malware and its consequences for your company. SecurePIM secures company data in encrypted form on the mobile device. Unwanted access to company data is prevented when the device is used for private purposes. This eliminates many tedious tasks for the IT department, as company data can only be accessed via the app. No other security solutions are necessary. At the same time, SecurePIM has all the functions that are important for mobile working. For example, users can also send and receive encrypted emails on the move or access company documents via a secure gateway.