Modernizing Authentication — What It Takes to Transform Secure Access
Mobile device management was big news a few years ago, with Gartner predicting that 65 percent of enterprises would adopt an MDM solution by 2017. Now, however, mobile device management is morphing into the more sophisticated practice of enterprise mobility management (EMM).
"EMM takes MDM to the next level by utilizing more robust application and content management suites in addition to device management," said Dan Ortman, an analyst at SoftwareOne. "EMM leverages policy and configuration management tools through a mobile application management console."
How EMM Differs from MDM
Terrence Cosgrove, an analyst at Gartner, explained that earlier MDM products lacked these application and content management elements. Enterprise mobility management packages consist of mobile security, policy management, configuration management and a management overlay for applications and content intended for mobile devices based on smartphones, he said.
EMM offers a broad range of IT support to mobile end users and provides an easy way to maintain security policies. This includes the maintenance of hardware and application inventories, and ways to manage OS configuration, deploy mobile apps, set policy and perform remote troubleshooting and wipe of mobile devices, among other functions.https://o1.qnsr.com/log/p.gif?;n=203;c=204634421;s=15939;x=7936;f=201702151714490;u=j;z=TIMESTAMP;a=20304455;e=i
Operating systems such as iOS, Android and Windows Phone do not provide robust enough management capabilities. EMM provides a centralized platform that can be used to enforce authentication policies, police file sharing and place restrictions on copy and paste, as well as downloads while roaming. Audit capabilities enable organizations to track which employees have been accessing and downloading files.
Enterprise mobility management tools vary in their specific functionality, Cosgrove pointed out. Some come with file share and sync capabilities, some are tied to a specific mobile platform or application, and others are deeply integrated with endpoint protection tools. Companies should establish their specific requirements and priorities before selecting an EMM tool, he recommended.
EMM is moving from a back-end IT function right into the heart of end-user computing, thanks to the growing emphasis given to enterprise mobility. Mobile devices are becoming the preferred computing platform for enterprise and mobile apps, with users demanding to use these devices to get their work done.
This shift to mobile is the biggest transformation IT has seen since the rise of the PC, said Ojas Rege, vice president of Strategy, MobileIron, and it is requiring the CIO to consider a new approach to securing corporate data and mitigating risk.
"As mobile becomes strategic, the security and management requirements of the organization are becoming much more sophisticated," said Rege. "Top of mind today are the separation of personal and professional data to protect privacy, the deployment and security of enterprise apps, breaking the traditional compromise between security and user experience, and the emerging mobile model of threats and countermeasures."
Mobile technology is consumer technology that changes at a pace outside of IT¹s traditional comfort zone. It has led to more and more devices and apps entering the enterprise, and including new wearables like the Apple Watch.
While this trend is one driver of EMM, another is the fact that the data center is being blown up into a broader information fabric in which information flows continuously between mobile devices, business cloud, personal cloud and the traditional data center. This makes it difficult to guarantee that all information is secure.
Rege said this architectural shift requires education within IT on mobile operating system architectures and evolving threat landscapes for Android, iOS and Windows 10. The security framework, therefore, needs to shift to one that is more iterative and assumes ongoing migration between technologies. It will also require more than just technology.
"Mobile strategy is decentralized and IT must gain the skills to partner with the business and end user and effectively design, disseminate and enforce policy through partnership instead of edict," Rege said.
EMM More than Technology
Recent high-profile hacks have revealed that all organizations are susceptible to attack, and that all information has value. Instead of IT convincing CEOs they should probably have an enterprise mobility solution in place, C-level staff now sometimes drive discussions as they consider their mobility strategies, said Nicko van Someren, CTO of Good Technology.
"The key to keeping personal and corporate data securely on a single device is to be able to maintain a strong and clear separation without interfering with the user experience," he said. "If a corporate security model is too cumbersome, then employees will find a workaround, incurring a huge risk for their company."
The right mobile security solution should allow a company to control the flow of corporate information between applications and data in and out of the device without impacting users. Separating and containerizing sensitive data allows one device to do both of these jobs, while also balancing usability and security.
"Designing security strategies with a consistent end-user policy around how corporate devices or corporate apps get utilized on personal devices ensures employees adhere to these policies," said van Someren.
Manoj Raisinghani, vice president of Product Marketing, Mobile Platforms group at Citrix, cites the biggest driver for EMM as the fact that the average employee uses multiple devices a day on work-related tasks and owns at least one of them. He said effective EMM requires:
- underlying security for access across all hops in the network;
- reliable authentication of the device and the user (identity management) across secure zones or domains;
- the security of applications in the mobile environment with wrapping or containers;
- encryption of data at rest on the device or on premise and over the air;
- and policies that enable reasonable governance of device(s), users and apps
"EMM is as much about experience as it is about management of devices, apps, data and its users, as it leads to more productivity in the enterprise," Raisinghani said.
Enterprise Mobility Management's Next Wave
Beyond that, EMM is evolving further. The next wave could well be the move from simple management to enabling an enterprise to "mobilize" its business. This includes easing the creation of new mobile apps and simplifying the use of existing mobile apps, as well as enabling them to connect to back-end business systems such as HCM, CRM and ERP via APIs.
"Employees have come to expect that they can work from anywhere on any device with secure and instant access to corporate information and their favorite business apps," Raisinghani said. "A fully integrated mobile workspace is easier to implement, configure, scale and manage. The best solutions will unite mobility management, virtualization, networking and cloud service technologies into a secure mobile workspace, supporting existing computing and communications infrastructures and applications as well as future mobile opportunities."
Gartner's Cosgrove concurs. He said the next wave of EMM will represent true convergence. He doesn’t see it being fully realized for another five to seven years, however, until a single tool for all endpoints is feasible.
Drew Robb is a freelance writer specializing in technology and engineering. Currently living in Florida, he is originally from Scotland, where he received a degree in geology and geography from the University of Strathclyde. He is the author of Server Disk Management in a Windows Environment (CRC Press).