Passcode, Wipe and Device Encryption – The Holy Trinity of Mobile Device Management
In a quest to understand what is important about a certain technology or subject, sometimes it helps to boil things down to the basic, the most important and most seminal elements. This can help to gain an understanding of complex problems and solutions.
Mobile Device Management is a complex problem and there is no doubt that there are a variety of very complex solutions to the problem. So if we were to break Mobile Device Management down to the 3 most important elements, what would they be? I submit they would be Passcode, Wipe and Device Encryption, what I call the “The Holy Trinity of Mobile Device Management.”
When you put Mobile Device Management in its most important threat context, the outside threat and the theft of corporate data, these three relatively simple capabilities provide the biggest bang for the buck.
Let me elaborate.
Think about your CEO attending a conference, a big conference. He is promoting a new set of capabilities for your latest widget, a very interesting widget. His email is chock-full of information related to this widget and future versions of the widget that he will be sharing with business development and finance interests under a strict NDA. Oh, and of course he has a Smartphone in his vest pocket.
Or so he thought….
The alarm bells go off, the CEO cannot find his new shiny Smartphone. Is there cause for concern? Given that approximately 70% of a company’s intellectual property can be found in their email and that the CEO has at least 30 days of email on the Smartphone, you bet.
Let’s take two scenarios.
- The device is an Android that has a Passcode Policy set, is managed by a capable MDM solution that can perform a remote wipe on the device, but the device does not support device encryption.
The worst case scenario is that the device has been lifted by a professional that knows how prevent a wipe by removing network connectivity and not triggering the passcode attempt limit. He will take the device to his evil lair and use hacker tools to remove the unencrypted data from the device. With any luck, this is not the case and that wipe command you sent will get executed, but you will lose a lot of sleep wondering if the email on the device has been compromised. You will never know, until a Chinese company announces a very similar, cheaper widget, that is
You may remember my Blog post “Fear the Droid” from last October where I question the Android’s suitability as an Enterprise ready platform based on its lack of device encryption as a standard capability. I stand by this opinion today as it cannot meet this clearly fundamental requirement.
2. The device is an iPhone, has a Passcode Policy set and is managed by the same MDM solution.
This is a completely different situation. The device data is encrypted. There is little chance that even the most sophisticated hacker could get a copy of the data on the device. The passcode prevents access to the device and the encryption protects the data.
Such a simple thing. Like I said, boil it down to the basics to help understand and figure out where to start.
Don’t get me wrong, there are many other very useful features in leading MDM solutions such as MaaS360 for Mobile Devices, but the important thing is to get started and begin to build sensible polices and capabilities to help lay the foundation for comprehensive mobile device strategy.
I am sure it will help you sleep at night while your execs are out being execs.
MaaS360 exists in the cloud to offer solutions for the cloud. Learn more about MaaS360 Cloud-Based Enterprise Mobility Management.
Download the MDM Data Sheet.
about 6 months ago
Really nice article and there is a need for such steps to secure you mobiles and data