Enterprise Mobility Management: Not Just Blacklisting Apps
Despite security concerns, a surprisingly small number of companies blacklist or whitelist applications on mobile devices.
It's the rare RFP for mobile device management that does not list a requirement for software to offer the ability to blacklist and whitelist applications, says Jonathan Dale, director of marketing for Fiberlink, a provider of mobile device management (MDM) and mobile application management (MAM) solutions.
So it was a "big surprise," he says, when an examination of its customers' policies found that only about 5 percent of them whitelist and blacklist apps on Android devices. The number rises to 10 percent for companies doing so for iOS devices.
Among companies with such policies, they blacklist 16 apps on average and whitelist five apps for iOS devices. For Android devices, it's an average of 10 whitelisted apps and seven blacklisted ones.
"It's a requirement for all companies, but when it comes to actual implementation they are not doing it much," Dale says. "But companies always want to know they have the ability to do it in use cases where it is warranted."
Why Blacklist Apps?
Fiberlink finds that most of its customers that employ blacklisting do it in instances where there is a targeted use case for devices and/or users require access to only a small number of applications to perform their jobs, Dale says.
One client, for example, is a large telecommunications company with thousands of service technicians. The techs are outfitted with Android tablets to interact with customers, to access order information and for assistance with troubleshooting issues. The same customer whitelists Google Maps on the devices.
"Anywhere there is customer interaction, you often see mobile apps being limited," he says. "The apps are built to access corporate data for functions like order fulfillment, and the company is typically not going to allow personal apps on those devices."
Top Blacklisted Apps
Apps are often blacklisted due to concerns about lost productivity and data security. File sharing services Dropbox and SugarSync show up on the list of top 10 most blacklisted apps for both iOS and Android devices. Facebook, Angry Birds and Netflix are also found on both lists.
Despite its presence on both lists of top blacklisted apps, Dropbox is also one of the most frequently whitelisted apps on iOS devices. This is not as counterintuitive as it seems, Dale says.
"We've talked to IT organizations that realized they did not have a good way to allow employees to share data. They decided to allow Dropbox and disallow all others," he says. "It's not ideal for them; they realize data could leak, but they are educating their employees and limiting the file-sharing apps they can use so it's easier to manage."
Enterprise Mobility Management
Mobile device management and mobile application management are evolving, Dale says, into a more cohesive approach that many experts call enterprise mobility management.
This approach typically involves application wrapping, in which security administrators can apply security policies to specific apps. Thus, corporate applications and personal applications can coexist on a single device, with only the corporate apps subject to security policies such as authentication and data wiping.
"We're seeing fewer application restrictions being applied to devices because there is a better separation between corporate data and personal data," Dale says. "It's becoming easier for IT to manage just what they need to manage and not the whole device. Users get the privacy they want, and they can put any app they want on a device without causing problems with company data."
Ann All is the editor of eSecurity Planet and Enterprise Apps Today. She has covered business and technology for more than a decade, writing about everything from business intelligence to virtualization.
By Jeff Goldman
August 27, 2013
Still, mobile devices were the source of more confidential data leaks over the past year than phishing attacks, employee fraud or corporate espionage.