This content is part of the Essential Guide: Tackle endpoint defense issues to obtain the best endpoint security
News Stay informed about the latest enterprise technology news and product updates.

Evolving mobile security management thwarts unified endpoint management

Experts say unified endpoint management for mobile devices, laptops and desktops will take more time due to the complex, evolving demands of mobile security management.

At a technological level, laptops and mobile devices are not that different -- both are computer systems running an operating system and applications.

Yet the way workers use the two categories of systems is surprisingly different. Employees expect to be able to access data from their smartphones and tablets anywhere, regardless of location; they tend to consume information on the devices rather than produce it; and, researchers say, they tend to place more trust in the security of their smartphone and its applications than the security of traditional computing devices.

For those reasons, managing the security of smartphones and tablets has remained separate from managing the security of laptop and desktop systems, said John Herrema, senior vice president of product management at Sunnyvale, Calif.-based mobile security vendor Good Technology Inc.

"Mobile, by its very nature, brings a new set of user requirements, and that actually also brings a new set of security considerations," Herrema said, "especially because data lives on these devices, and it can live there forever."

Enterprises will manage the two stacks separately for the near future, say security professionals, largely because of the unique security challenges posed by mobile devices.

Case in point, the mobile application ecosystem: App stores have given workers greater oversight of the software installed on their mobile devices, but attackers have found ways to circumvent those defenses. To be effective, enterprises require security tools that don't unnecessarily restrict the advantages of the mobile app stores, while dealing with users' penchant for downloading a plethora of apps.

Considered a novelty not many years ago, a diverse ecosystem of robust mobile apps has transformed the mobile-device landscape. According to Domingo Guerra, co-founder and president of San Francisco-based mobile application reputation service provider Appthority Inc., mobile users tend to install between 50 to 200 applications on their devices, compared to the approximately 20 installed on most laptops and desktops.

Compared to the desktop, where a limited number of applications can be offered to workers, Guerra said the frequent downloading of mobile applications needs to be more closely vetted.

"Users think the phones are magically protected, safer and pose less of a risk than laptops and desktops," Guerra said. "Yet, the apps are not being built by big software companies, but small innovative firms, and they are building for the consumer, but the apps are making their way into the enterprise."

Mobile security management: Separate, for now

Securing smartphones and tablets has meant moving beyond mobile device management (MDM), an early class of products designed to keep track of company-owned devices, and toward a new product category known as enterprise mobility management (EMM), which adds necessary security features.

EMM systems are rapidly maturing, but remain separate from traditional security processes. Instead, today's information security professionals must manage two stacks of networking, hardware and software products: one for their mobile device infrastructure, and another for their more traditional information systems.

Regardless of their mobile management technology, companies can simplify their security efforts by first focusing on policy, said Good's Herrema. While the security systems and processes will be different from what organizations use for mobile devices with more traditional information systems, he said the policies should be the same.

If you have a policy for your laptop, and don't have the same policy for, say, a tablet, then you have a problem.
John HerremaSVP, product management, Good Technology

"While mobile bring in different aspects to policy, customers are working on creating the same policies for both," Herrema said. "If you have a policy for your laptop, and don't have the same policy for say, a tablet, then you have a problem."

Because companies are clamoring for the greater simplicity of a single way to manage all devices and protect all data, the chasm between the methods of managing the two sets of information technology is narrowing, even if it has not yet closed. The desire for fewer, but better options has driven a rash of consolidation in the industry, leaving just a few main players in the enterprise mobility management (EMM) market. Good Technology bought Boxtone, IBM bought Fiberlink, and VMware Inc. bought AirWatch LLC.

In 2014, the number of acquisitions of mobile device management and security companies was greater than the previous three years combined, said Tyler Shields, senior analyst for mobile and application security at Cambridge, Mass.-based Forrester Research Inc.

"The pace of acquisition and the pace of market consolidation is going through the roof right now," Shields said. "In the mobile security space in general, we are talking about a market that had well over 100 players in it three years ago, and now there are only four of consequence."

Evolving toward unified endpoint management

Where the mobile management market will go, according to Forrester, will be determined by who can deliver security with the best user experience for mobile users.

There are currently three approaches: MDM and now EMM have focused on technologies such as app wrapping and containerization; the antimalware companies have focused on technologies to keep infections and malicious activities away from devices; and, the third approach is around content security and data security, such as data wrapping.

These various "centers of gravity" are all pulling at the market, said Shields.

"I don't think we are far enough along to say which of those centers of gravity will win, but we are far enough to see that, in the last two years, we have gone from a single center of gravity of MDM, to two or three centers of gravity, which could win over the long term," he said. "It is just a matter of which one is going to deliver on the best user experience."

To bring together security management across the mobile and traditional stacks, companies will likely focus on protecting their sensitive data. Data wrapping, where the security is made part of the data, is the most likely way of protecting information -- whether on a mobile device or inside a system sitting inside the corporate firewall.

While companies should continue to focus on hardening the endpoints and restricting access to unmanaged devices, the most important function is to protect data, said Blake Brannon, lead solutions engineer with Atlanta-based AirWatch.

"You will not have to worry about whether the data is in the datacenter, is it in the cloud, or are employees sharing it with someone," Brannon said. "All of that will be enforced because the security policy will live with data."

Yet the solution poses its own issues. Data wrapping requires extensive support -- and support for standards -- to be successful, said Forrester's Shields.

"Everything has to understand how that data wrapping works," he said. "It has to be integrated into the entire management and security stack."

Next Steps

Learn about MDM vs. MAM in this comparison of mobile device security options.

SearchEnterpriseDesktop analyzes the evolution of enterprise endpoint and mobile security management.

Dig Deeper on BYOD and mobile device security best practices