For many enterprises, their mobile security strategy starts and ends with MDM (Mobile Device Management). Realizing the shortcomings of MDM in a BYOD environment, some organizations are dabbling with MAMs (Mobile Application Management solutions). For those of you who are not familiar, MAMs are solutions that use containerization techniques such as app-wrapping, file virtualization, etc., to isolate and protect corporate applications from personal ones. MAMs take a more BYOD-friendly approach by focusing on the data/applications versus the device. MAMs have their own set of challenges, but that’s probably a topic for another blog post.
My point here is that many organizations believe (or are led to believe) that implementing an MDM/MAM solution is the end game to mobile security and BYOD strategy. If only this were true. Don’t get me wrong, these solutions do play a significant role towards enabling security, but there is one important aspect that people are missing. Despite these measures, a device can get compromised while it’s on the enterprise network outside the span of control of these MDM/MAM solutions, leading to a security breach.
“How?” you may ask.
Think of a scenario where a user is connected to the corporate network from a MAM-enabled BYOD device. Let’s assume the user intentionally or unintentionally ends up downloading malicious software (e.g., a malware app) to the device. The security controls of the MAM solution would not extend to the malicious application. The malicious application could spread malware on the network or potentially attack other nodes on the network.
This may sound a bit exaggerated, but it’s not impossible. And just because something hasn’t happened yet doesn’t mean it won’t. Don’t you agree? If you do, then put on your thinking cap and ask, “What could be a solution for this?” And feel free to chime in with your thoughts.