Thanks to their native security and management capabilities, as well as a wide selection of mobile device management tools, most businesses now let employees choose among several smartphones -- typically iPhones, Androids, and BlackBerrys -- in addition to iPads and emerging Android tablets. IT concerns over locking or wiping stolen or lost devices, ensuring that data is ecrypted at rest, and requiring a password to use a device are addressed by iOS 4, Android 2.2 and 3.0, BlackBerry OS 5 and 6 (but not the tablet version), and WebOS 3, even if you use Microsoft Exchange instead of a more sophisticated mobile device management (MDM) tool.
So mobile management is now a checkoff item, right? Buy a tool, set a policy, and you're done. Well, not quite.
[ See why iOS is the most secure OS today. | Learn how to manage iPhones, Androids, BlackBerrys, and other smartphones in InfoWorld's 20-page Mobile Management Deep Dive PDF special report. | Keep up on key mobile developments and insights via Twitter and with the Mobile Edge blog and Mobilize newsletter. ]
One of the major shifts in the last year was the acceptance by businesses that mobile devices are both personal and work tools used for both purposes. That means more than running personal and business apps -- an issue that has increased interest in so-called mobile application management tools.
That very shared-ownership nature can lead to awkward results when a business (rightfully) manages devices -- whether owned by the company or the employee -- that connect to its network, email, and so on. Take the case of the mobile camera; iOS, Android 3, and BlackBerry OS all let you disable the camera on a managed device, so companies concerned about sensitive facilities or whiteboards being photographed can reduce the risk of that occuring. But once you turn off the camera, it's out of operation -- and the employee can't take pictures of her kids at the park. IT has no worries about such photography, but it can't distinguish that kind of innocent photography from worrisome spying.
Or can it?
The promise of contextual MDM
An emerging concept in MDM is the idea of contextual MDM. For example, rather than turn the camera off as a binary activity, an MDM tool could turn it off only when the user is in a sensitive facility and reenable it the rest of the time. That way, the camera is available for personal and nonsensitive work purposes, and employees will be happier -- and the business will remain secure.
There are examples of such contextual MDM already in place. Zenprise, for example, acts on the concept of geofencing, which correlates current location information from a device to a database of proscribed locations. When the device enters a proscribed area, the camera is turned off. (To avoid user location privacy concerns, such detection does not record users' locations but simply detects when the device is in range of a sensitive location, then applies the appropriate security policy.)