Mobile First, Security Second

Top view hands circle using phone in cafe.

As the smartphone continues to push its way to the top of the list of most used tools in the workplace, there are a stream of questions around the security and management of these devices which remain unanswered. With new regulations, such as GDPR and MiFID ll, due to hit next year many of the providers out there are expecting an uplift in interest around MDM (Mobile Device Management) and securing data generally. In this article David Dungay asks the market the trends they are currently seeing in the MDM space.

For many employees, the smartphone has become central to their working day. Email, messaging, calls, social media is all available at the touch of a button no matter where you are. If you want to spend the morning at home because the man from Sky is coming around to fix your dish there is no longer any need to take holiday as getting the job done outside of the office has never been easier.

In a recent Avaya survey, conducted with research company YouGov, findings revealed that the demand for mobile, virtual and cloud- based technologies has risen exponentially. However, where employers are not providing the right equipment, employees are happy to use their own devices (BYOD) to get the job done in a way that suits them.

According to the report, WhatsApp and WeChat groups are now used by an average of 39% of all employees for work purposes without the knowledge of IT, administrative or management teams, exposing companies to security risks.

Rob Foster, Head of Channel Sales, Zest4 commented, “We are seeing that it is no longer the resellers that are pushing the MDM conversation, it is the customer themselves. Whether it be a change in legislation, the need to have the ability to enforce security policies or the simple fact that businesses have moved away from BlackBerry and BES to Android or iOS and need to ensure they have similar security policies in place to protect their business data, MDM is quite simply the product they need.“

Ioan MacRae, UK Managing Director at Avaya, says: “Businesses, especially mid-sized companies, must recognize that workers in every field are becoming more nomadic. Mobility and the internet of things are key contributing factors to a macrotrend in how we all live and communicate. Left to their own devices, employees will use whatever tools they have in their pockets so they can work and stay in touch easily.”

1

SMB – Enterprise Gap
For years MDM was thought of as an enterprise only proposition for those companies with large mobile estates or those who regularly deal with sensitive information like government bodies. This has led to the evolution of cyber criminals going after the SMB as controls on data are quite often whimsically slack. The mobile is also often the favoured route into organisations.
Despite this, adoption levels at the SMB level still seem relatively low.

Todd Carothers, EVP of Marketing and Products at CounterPath commented, “I find there are factors that halt the uptake of MDM solutions, particularly in smaller businesses, such as cost vs. benefit and the lack of a perceived need for the service. But as the proliferation of ransomware and other cyber security attacks takes hold in EMEA, it is more important than ever to be rigorous about protecting business data.
The gap between perceived need and actual need for MDM was too wide for far too long. There was also a common misconception that SMBs were unlikely to be targeted, perhaps believing that it wasn’t worth cybercriminals’ time to target smaller operations. This is certainly not the case when it comes to ransomware. The somewhat haphazard adoption of various cloud apps and comms technologies, coupled with the increase in employees’ using their own devices, has identified SMBs as ‘low-hanging fruit’ for cyber criminals.

To combat this, SMBs are looking for effective MDM solutions to protect data as it passes through a variety of both consumer and business apps and devices, to avoid being targeted with a ransom they can ill-afford.”
Dave Williams, Business Manager – Electronic Markets at 3M added, “Security is understandably one of the main areas of focus within mobile device management and one area that is increasingly in the spotlight is how to address ‘visual hacking’.  This is the ability to inadvertently or deliberately view sensitive or confidential data or content on someone else’s screen and to then use that information for illegal or malicious purposes.”

Foster added, “We provide MDM solutions of all shapes and sizes to companies with thousands of employees to companies with five. For us, the next step in embracing MDM is to introduce it to everybody. We feel that every business of every size will find something with MDM that benefits them and the way they work. Smaller companies are more likely to completely lock down devices and remove non-work related applications, whereas large corporations are more likely to NEED the ability to wipe a device as soon as it goes ‘AWOL’. Whether you use 5% or 95% of an MDM platform, it is providing benefits to you and your business.”

Regulations
There is a lot going on at the regulation level at the moment in the UK. You can’t go anywhere without seeing something about GDPR and if you work, or sell into, the finance markets then MiFID ll will also probably be keeping you up at night. The problem with GDPR is that no one really knows how closely they will be monitored but they do know if they happen to get caught out then they could be up for a fine worth 4% of their annual revenue.

Voxsmart CEO, Oliver Blower, commented “At present, we mainly operate within the financial markets and as of January 3rd 2018 when MiFID II comes into force, every FCA regulated business will have to comply, big or small. But the associated cost associated with MDM and also storage are definitely hold back. Also, many of the SMB organisations don’t have the internal IT resource to manage an MDM platform and its users. I think unless users need to be managed by regulation or law, most SMB’s will see an MDM as unnecessary.”
He continued, “MiFID II, and other similar regulatory market reforms (such as GDPR, SMCR and MAR), will substantially increase the number of enterprise users requiring their mobile devices to be ‘managed’, secured and, in our instance, recorded. Due to the breadth of the definition of ‘communication’ and implementation application within MiFID II all communication, whether telephone or electronic, ‘…related to or intended to result in a transaction, even where one does not occur…’ will need to be captured and recorded for at least five years. Due to our globally distributed, cloud managed, omnichannel communication recording platform VSmart we are well positioned to assist global organisations impacted by such regulation ensure they are compliant and secure.”

2
Over the next year Carothers says we will see more vertically integrated solutions hit the market. He said, “Security and the protection that MDM provides will always drive increased usage. However, we will see vertically integrated solutions increase via vendors that expand their current offerings by providing MDM capabilities. This will come in the form of partnerships and OEM deals that accelerate the inclusion of these technologies. Also the next evolution of MDM — EMM — will continue to grow. Enterprise Mobility Management (EMM) builds upon MDM but focuses on the management of content on mobile devices. This means SMBs can actually manage how content is shared (or not shared) from the mobile device. This is important to help end users avoid mistakenly (or knowingly) copying and distributing content not permitted by policy.”
Foster continued, “I think in the next 12 months we are going to see Apple’s DEP and Android Enterprise become essential solutions to businesses, both of which need an MDM solution to deploy. MobiControl is perfectly placed for this and we are looking forward to seeing more and more opportunities coming through. Our resellers have been introducing MDM to their clients for the past 18-24 months, meaning these conversations are easier to have and now we are finding that it is the clients themselves that are pushing this through.”

Ed Says…

Perhaps not the road to riches but with the advent of GDPR and other regulations coming into force there is definitely an opportunity here for the Channel. It may not be instant as regulations don’t come in until May 2018 but after a few high profile fines hit the headlines I would expect the business world to be on their toes ready to spend money on protecting themselves.