May 22, 2018

The Shape of Data Protection: Mobile Device Management Intersects the Security Dome

6 minute read



The explosion in wireless technology and applications, smart portable devices, and the Internet of Things (IoT) has made our lives easier, businesses more productive, and access to data and each other ubiquitous. But, that same explosion brought with it increased opportunities for hacks, malware, data leakage, skimming, shimming, and eavesdropping at levels never seen before, leaving enterprises looking for ways to protect themselves.

On the Road from BYOD to MDM

One approach to safeguarding data is to adopt a mobile device management (MDM) solution, like Mobile Iron, AirWatch, or MaaS 360. MDM solutions emerged to address the increasing need to manage mobile devices and the desire by users to use their device of choice. It is not an approach that was initially embraced by corporate IT security, but, in this case, the users won the battle. It’s tough to say “no” to the executive suite when they insist on using their device of choice. From there, the trickledown effect came into play.

Many organizations have implemented MDM solutions to manage mobile device usage in a world where “bring your own device” (BYOD) no longer refers to only a smart phone but a plethora of wireless personal devices. Once highly proprietary and device-specific, MDM solutions have evolved to be more device neutral and have expanded into more of an enterprise mobility management solution.

Managing the Internet of Vulnerabilities

While MDM solutions provide an effective tool for managing smart wireless devices, once those devices are taken into a building, they can’t tell you where those devices are, and can only manage devices on which the MDM app has been loaded. Welcome to the early days of the Internet of Things.

IoT will be pervasive. Embedded devices, things that contain computing systems that you wouldn't necessarily think of as computers, are already in our everyday lives, including office equipment, and it's all vulnerable to hacking.

“It took 20 years to reach two million malware samples on the PC. It took just five years to do the same on mobile.” McAfee Mobile Threat Report Q1 2018

“Companies take an average of 100 to 120 days to patch vulnerabilities.” Tara Seals, Info Security Magazine

That Big Screen TV in Your Boardroom May Be Listening

In this new and expanding environment, things are happening so quickly that every organization is vulnerable. It has been said that if you haven’t been hacked, you just don’t know it yet.

“’The device itself is one reason the mobile threat landscape is changing directions,’ said Josh Shaul, vice president of web security at Akamai. ‘How does that thing in the conference room turn into a covert listening device accessing my intellectual property and everything else?’” Kacy Zurkus, Protecting the Enterprise Against Mobile Threats, CSO

Most workers routinely access corporate data from smartphones, making the task of keeping sensitive data out of the wrong hands increasingly more difficult and complex.  Office visitors and employees bring devices in that are able to record video and voice and take photos. If infected with certain malware, a malicious third party can control the device applications.

“Ang Cui, who heads up Red Balloon Security in New York City, has a particularly innovative way of hacking these devices. Using a piece of malware called ‘funtenna,’ he's able to make devices transmit data over radio (RF) signals, and then pick them up with an antenna. He's basically using software to turn this equipment into bugging devices.” The Hacker Who Turns Office Equipment into Bugging Devices, Motherboard

Eavesdropping devices are so small they are not noticeable. A wireless camera or recording device can be disguised in many ways. The small phone charger plugged into the outlet could also be uploading live video. How do we manage and secure what we can’t even see?

When Security at the Perimeter Is Not Enough

The Inpixon Indoor Positioning Analytics (IPA) platform allows organizations to implement a layered approach to wireless security to identify, locate, and position wireless cellular, Wi-Fi, and Bluetooth devices. The IPA Security solution provides wireless intrusion detection that will “see” any and all fixed and mobile RF emissions, locate the source, and position the device on a floor plan, providing full visibility into wireless environments.

As a wireless situational awareness tool, ALL devices (including access points) will be identified and displayed. That device pinging out to someone else will be seen and will be identified as rogue or unknown. If that big screen is accessing a network wirelessly, IPA will see that as well.

Integration with MDM/EMM takes it a step further. Create multiple geo-fenced zones within an environment and allow the MDM to push policy out to known devices based on location, such as turning off a browser or camera when in a board room. This approach allows policy to drive capability and takes some of the decision out of the hands of the user.

The nature of the threats we face change as rapidly as technology advances, and the measures organizations must take to protect themselves must keep pace. The old concept of security at the perimeter is no longer enough. When it comes to the connected world, organizations need more than a wall to protect themselves — they need a security dome. Inpixon IPA can provide that dome of threat detection, and MDM can provide the tools to respond to those threats.

Topic(s): Security

Bob Koblovsky

Bob Koblovsky is a leader in providing security technology solutions to the private and public sector for over 30 years. When he's not making the world a safer place through indoor intelligence, Bob can be found volunteering in his community and training in martial arts.

Subscribe to Blog Updates