One of the greatest burdens for IT staff is securing mobile devices despite the buffet of offerings on the market today. Numerous attempts have been made to provide security controls on the mobile platform that are no longer feasible or even possible today. Nevertheless, it is important to explore these technologies so we can understand why they are no longer used and furthermore, what alternatives exist.

Hardened devices

Organizations used to look at devices that could be secured at the hardware level in a similar manner to traditional security controls, like Blackberry for example. Very few individuals were buying Blackberry (or RIM) devices for personal use, and the Nokia devices of the early 2000s did not have email or VPN clients that could connect to an organization’s internal resources. Even the President is moving away from the hardened devices issued by the White house option for his personal device instead.

App Wrapping

As a hold-over from Blackberry days, organizations looked to control the installation and use of apps from public app stores in a manner that didn’t require securing the entire device.

App wrapping applies security policies to a mobile application to protect corporate data by controlling who can download a mobile app and whether corporate data accessed by that app can be copied and pasted, for example.

MAM vendors offer business “wrapped” apps developed by the MAM vendor or app developers with built-in security controls. These apps typically include a browser, email and calendar apps. Alternatively, organizations can wrap their own apps by integrating code from the MAM vendor’s SDKs into their app.

App wrapping solutions attempted to offer hardening of consumer devices but generally fell foul of the end-user license agreement required on Apple and Google devices. Over time, app wrapping fell out of favor as app developers offered their own enterprise versions in a raw binary format (APK or IPA) for organizations to harden without the need for a container.

Mobile Application Management

MAM is an offshoot of app wrapping and its functionality has generally been entirely absorbed by EMMs. MAM vendors that offer pre-wrapped apps only support a minuscule fraction of all the apps available on official app stores, so organizations aren’t able to support the business apps they need. Some MAM vendors offer their own browser, email and calendar apps. Unfortunately, these apps are not as feature rich as the mainstream versions offered by Google, Apple and Microsoft, for example.

The most popular historic use of MAM was to configure devices with access to only corporate email but nowadays an EMM is mostly used for this function as some security control is required. End-users are more accepting of EMM profile installation and control and therefore there is a lack of demand for a MAM only solution.

What’s the alternative?

With these shortcomings in mind, organizations may want to consider alternative approaches to mobile security before plowing ahead with an investment in hardened devices, app wrapping or MAM.

Organizations are advised to migrate to modern mobility approaches that are supported by leading EMMs while adding specific services depending on your organization’s needs and device ownership model (COPE, BYOD, CYOD, etc) adopted by your organization.

A guide to incorporating mobile into your IT security systems

Mobile security is a relatively new area of enterprise IT and there are many new challenges that arise when managing a mobile fleet. No single strategy works for every business, but this guide contains some key observations and recommendations for appropriate mobile security control.

Download now