Mobile Device Management (MDM) solutions are falling short in protecting companies’ Bring Your Own Device (BYOD) programme, new research has found.
Context Information Security, a UK-based independent security consultancy, found common security and usability faults in BYOD environments after looking at three MDM solutions for Android and iOS mobile devices.
However, Alex Chapman, senior consultant at Context, said organisations can mitigate security risks if they combine technical security controls with "clearly defined" policies.
Context researchers looked at three MDM solutions from Airwatch, Blackberry Universal Device Service and Good for Enterprise for Android and iOS mobile devices.
Although they found good levels of BYOD security, they were unable to prevent unknown malicious applications from recording sound through the phone’s microphone or tracking user location using the built in GPS.
In particular, the Airwatch solution had no dedicated corporate email application or separate document viewer on iOS devices and relied heavily on external applications for viewing documents.
The BlackBerry Universal Device Service solution included only basic management features in the operating systems, while the Good for Enterprise solution required that all traffic to traverse a Good NOC, which could expose enterprise data to regulatory requirements.
"To fully lock down these devices, a combination of fully restrictive MDM policies and network controls such as corporate firewalls and web proxies need to be implemented and enforced. But MDM solutions can only lock down mobile devices to the extent that underlying operating systems will permit and BYOD implementations can only lock down devices to a level that users are willing to accept," explained Chapman
The research also found that the implementation of MDM solutions could inadvertently leak sensitive information, while users can also compromise security by downloading apps.
