During a highly charged conference session at last week's Interop trade show in Las Vegas, moderator Philippe Winthrop, managing director of the Enterprise Mobility Foundation, posed what seemed like an innocent enough question: "How do chief security officers handle mobility?"
After panelists from mobile device management (MDM), security and telecom expense management (TEM) suppliers debated the issue for an hour with attendees, the bottom-line takeaway was simply to "start somewhere." The reason was that a show of hands revealed fairly nascent progress with deployments among the enterprises represented by attendees.
TRADE SHOW RELEASE: Google Android, Apple iOS devices corralled by new device manager
About a third of the approximately 100 attendees at the session said they had some form of mobility policy in place but admitted it wasn't necessarily "fully baked." Only a few said their companies had updated their mobility policies in the past year, and still fewer said their enterprises distinguished between individual-liable and corporate-liable devices.
One reason for the lack of progress with MDM and policy enforcement is that the mobility landscape remains in constant flux and is a moving target. One big issue is the fact that all mobile operating systems except BlackBerry have licensed the Microsoft ActiveSync protocol for push email, noted panelist Sunil Marolia, VP of product management at Smith Micro Software.
ActiveSync offers about 50 policies, but the different mobile OSs support different ones -- and which ones they support depend on the OS version number, Marolia pointed out. Meanwhile, the ActiveSync policy support is dwarfed by the 400 policies currently supported by Research In Motion's BlackBerry Enterprise Server (BES) for BlackBerry handsets.
So the situation gets complex fast in enterprises where the bring-your-own-device (BYOD) mantra is in full swing. Because of these inconsistencies, Eric Januszko, CTO at ProfitLine, suggested that "in the short term, the CSO has a choice: Standardize on a few platforms or standardize on a few policies."
He also suggested tackling policies for tablets first, which John Marshall, CEO of AirWatch, seconded.
"The tablet means more content, which means more risk than a smartphone," Marshall said. He quipped that the mobile security situation in enterprises is in its "honeymoon period. With the first class-action lawsuit, things will get more complex."