Research by independent security consultancy Context Information Security has revealed limitations in current Mobile Device Management (MDM) solutions for Bring Your Own Device (BYOD) implementations. The report published today also concludes that BYOD will always be a trade-off between convenience and security as devices can only be locked down so much before users chose not to opt-in to the scheme.
Context researchers looked at three leading MDM solutions, Airwatch, Blackberry Universal Device Service and Good for Enterprise, when used with Android and iOS mobile devices. While they were all found to provide good levels of BYOD security, like all MDMs they are limited in what they can achieve by the underlying operating systems.
For example, MDM solutions in a BYOD environment cannot prevent unknown malicious applications from recording sound via the phone's microphone or tracking user location using the built in GPS. And while Jailbreak/Root detection is implemented by all the MDM solutions reviewed, they work in very much the same way as antivirus, only detecting known Jailbreak/Root methods and applications, which are often trivial to bypass by technical users or malicious hackers. Implementation weaknesses of MDM solutions may also inadvertently leak sensitive information and users can compromise security by downloading apps and disregarding operating system permissions requested by the applications.
"There is no realistic way to guarantee the security of a workable BYOD environment, but organisations can take significant steps towards mitigation of security risks if they combine technical security controls with clearly defined acceptable use policies," said
The Context White Paper, available to download at www.contextis.co.uk/research/white-papers details the assessment of the three MDMs investigated and summarised below:
The Airwatch MDM solution provides access to corporate email via Exchange Active Sync and corporate documents, and MDM management via a dedicated MDM server within an organisation.
Pros: Provides advanced security settings on Android devices which support manufacturer extended APIs along with MDM management features over and above the built-in operating system features
Cons: No dedicated corporate email application on iOS devices; separate document viewer, email client and MDM applications; and relies heavily on external applications for viewing documents which can lead to data leakage
A number of encryption implementation and data leakage weaknesses were identified by Context during the review of the Airwatch MDM solution, which have been reported to Airwatch for remediation.
Blackberry Universal Device Service
Most Popular Stories
- NSA Defends Global Cellphone Tracking Legality
- Top Websites for U.S. Hispanics
- Ad Counts Rise in 2013 for Hispanic Magazines
- Networks Vie for U.S. Hispanic TV Viewers
- Saab Gets Back into the Game; U.S. Auto Sales Soar
- Apple Activates Customer-Tracking iBeacon
- Dell Offers Undisclosed Number of Employee Buyouts
- 2013 Tech Gift Guide: iPad Mini Still Hot; Chromecast a Great Low-Cost Option
- A Biography of Jonathan Ive, Apple's Creative Chief
- Authorities Close to Deal with JPMorgan Chase over Madoff Response