Some companies are adding geofencing to their mobile device management products to improve security. How does this...
work? Is it something that enterprises should look for in an MDM product, or are there alternatives for limiting the effective usage range of a device?
Geofencing technology has been around for quite some time. It uses a combination of GPS and cellular triangulation to define geographical boundaries -- a virtual fence -- and then combines awareness of a user's current location with awareness of the user's proximity to these predefined locations. Apps on location-aware devices can make use of geofences to trigger different types of actions as the user enters or exits a geofenced location. There are already a host of applications and services that make use of geofencing to alert users when they are close to a point of interest, send them location-based ads and so on.
Geofencing can also be used to provide an additional layer of access control to company resources and help simplify managing BYODs by automatically changing app and data access rights based on the device's location. For example, apps can appear or disappear based on the GPS location of enrolled mobile devices relative to geofence boundaries, while presentations or sensitive documents can have access locked to designated conference or meeting rooms. More granular security could be added by combining timing restrictions with geofencing, which would be ideal for sensitive board meetings, stock price sensitive press announcements or during business negotiations. Smartphone features that represent a security risk -- such as a camera or microphone -- could also be disabled to ensure visitors can't take pictures or record meetings when they enter particular secured areas, for example.
Geofencing can also be used as part of a data loss prevention strategy. Administrators could receive alerts, for example, if a company-owned device leaves the building, or it could automatically get bricked if it contains sensitive data -- such as a tablet that holds warehouse inventory data or patient records.
While geofencing can add innovative access control, it isn't perfect, and there are some downsides to its use. On certain devices, the GPS lock can be spoofed; this means to be reliable as an enterprise security strategy, geofencing can't rely solely on GPS location data, but must use local Wi-Fi and Bluetooth beacons that cannot be spoofed. At least these last two are not a huge drain on a device's battery -- which GPS is.
There is, of course, a big privacy issue with tracking people's whereabouts. By its very nature, location data is difficult to anonymize. Employees and contractors may be okay with having a geofencing security app installed on their mobile devices, but clients and suppliers may not be so keen. It also requires informed consent by employees with the option to disable GPS tracking outside of work locations.
Geofencing is starting to appear in mobile device management software to help improve the BYOD enterprise security strategy, but it can be tremendously intrusive -- which means that its introduction has to be carefully managed.
Ask the Expert:
Want to ask Michael Cobb a question about application security? Submit your question now via email. (All questions are anonymous.)
Learn more about geofencing in mobile device management products
Dig Deeper on BYOD and mobile device security best practices
Related Q&A from Michael Cobb
Explore the differences between symmetric vs. asymmetric encryption algorithms, including common uses and examples of both, as well as their pros and... Continue Reading
Pirated software is still a major concern nowadays. Uncover how to prevent software piracy and protect your organization's intellectual property. Continue Reading
Shellcode is a set of instructions that executes a command in software to take control of or exploit a compromised machine. Read up on the malware ... Continue Reading