The London Summer Olympics have gotten off to a smashing start, but along with the games and spectacle comes a warning about smartphone security. Security experts at Venafi estimate that around 67,000 mobile phones will be lost or stolen during the 2012 London Olympics. Of this number, about 40 percent, or 26,800 devices, are likely to be smartphones, but note that the overall number doesn't take into account other types of mobile devices, such as tablets and laptops. Nonetheless, there's clearly the potential for significant data loss of sensitive information from this level of mobile device loss.
Venafi's logic seems fairly sound as far as how they arrived at these numbers, taking into account the typical loss rate of mobile phones and adding a third, which is the expected population increase for London during the 2-week period of the games. I always wonder, however, when I see such reports what percentage of the devices reported "lost or stolen" could actually pose a risk.
For instance, something that's not shown here is what percentage of reported lost devices end up being found or returned. I know that number might be small. Still, it might be interesting to see. Also, I suspect a large percentage of lost devices are purely personal -- let's face it, not all smartphone addicts have their devices linked to corporate servers or use them for any business-related purposes.
But on the other side, these numbers also don't address the possibility of increased theft due to the large crowds and opportunity. For Olympic event attendees and regular London residents, distractions are everywhere during this period. Undoubtedly, this environment will have attracted a nefarious element along with the athletes and tourists. (Who remembers The Devil in the White City? And if you don't, you should totally check it out.) I'm sure security throughout London will be exceptional, but stealing unattended smartphones is much simpler than building a hotel/abattoir to lure in the unwary.
The key thing to take away from Venafi's warning is simply this: If users are accessing corporate data on mobile devices (smartphones, tablets, whatever), the company must have policies and management practices in place to protect its network and those devices. Venafi recommends encryption and certificate-based authentication, which is the company's area of specialization.
The mobile device management (MDM) space overall seems to be going strong and continuing to expand its capabilities. For instance, SOTI recently announced an improvement to its MobiControl that allows it to fully manage any Android mobile device. Typically, MDM products are limited by whatever APIs the device manufacturers include, which can be fairly limited.
To get around this problem, SOTI developed what company CEO Carl Rodrigues described as "a portable OEM layer that runs on any Android device from any manufacturer." This solution lets MobiControl provide a consistent and complete level of control, getting around the Android fragmentation that has plagued enterprise IT departments. MobiControl also works with the other major mobile platforms, of course.
Another key feature offered by SOTI is what the company refers to as geo-fencing, which is the ability to define a geographic area, such as a sensitive work location, and use the mobile device's GPS to trigger certain actions upon entering or leaving that area. As Rodriques explained it to me, this feature can be used, for instance, to make a smartphone or tablet switch into a kiosk mode with limited functionality within the specified area, but then revert to full functionality as soon as the user removed the device from that location. This level of control could really help alleviate the stress of managing devices in a bring your own device (BYOD) scenario -- not to mention when workers travel with devices (e.g., to the Olympics), whether the device is their own or corporate-issued.
Probably one of the big reasons companies don't deploy comprehensive MDM solutions is the cost and complexity of managing these products on top of all their other IT concerns. In answer to customer concerns along these lines, managed services provider Azaleos has just entered the MDM space with its Managed MDM Service, joining the company's already successful managed services for Microsoft Exchange Server, SharePoint, and Lync.
The MDM solution Azaleos provides with its managed service comes from AirWatch and will include all the expected device management features: policy enforcement for data leak protection (DLP) and lost or noncompliant devices; inventory management and software distribution; and you can choose from a variety of cloud or on-premises deployment options. Because the service is managed by Azaleos, Azaleos also picks up first and second level tech support, and you get the convenience of simple per-user pricing.
If you're interested in getting some more insight on the MDM and mobile application management (MAM) space, MAM vendor Apperian has put together The Paradox of Enterprise Mobility, where you'll get "Twenty Questions, Twenty Speakers, in Twenty Minutes." Each expert speaker takes a question on enterprise mobility and answers it in an audio clip in about a minute -- certainly worth the name and email registration.
I know most of us aren't at the Olympics in London, but you or your employees might still be planning some trip or other before summer comes to an end. And it's always a good idea to think about what you're doing for mobile device security in your environment -- and to keep in mind that there are many options and multiple approaches available to consider.