Administration: Managing smartphones and tablets

On a leash

Moritz Förster

In all companies, every employee uses at least one smartphone, and more and more private cell phones are being added to company devices. In order to keep such a flood of clients under control, the use of an MDM system is recommended. Many offer the same basic functions, but differ in details.

Although the modern smartphone is celebrating its tenth anniversary this year, too many people in charge are still sticking to the laissez-faire principle when it comes to managing and controlling the ongoing mobile flood. Others focused on the iPhone with iOS introduced in 2007 and are now finding that users are increasingly switching to Google’s Android. The market for mobile device management (MDM) systems remains correspondingly large and confusing. There is no consolidation yet; in addition to the top dogs, small companies can still survive. The twelve services presented – many providers failed to provide answers – already show how the software is similar and different.

No company can afford to ignore Apple’s iOS. The fact that all providers can manage iPhones and iPads is at least partly due to the earlier launch of the system. In addition, many company devices come from Cupertino. While there used to be a BlackBerry in briefcases, many companies changed the system early on. The Canadians, on the other hand, are only on the agenda at VMware – especially since the manufacturer has now switched to Android itself. With the exception of SimpleMDM, all MDM systems have the latter in their range. While Google has been increasingly wooing professional users in recent versions, for a long time it was primarily private smartphones that brought the operating system into the company.

Table: MDM system providers

Microsoft’s Windows 10 Mobile has been on the decline in terms of sales figures for a long time, but this is not reflected in the MDM systems. This is all the more astonishing since the Redmond company was able to score points primarily with inexpensive smartphones – which are rarely intended for companies. However, especially with Windows, the proximity to the classic PC must be taken into account. More and more providers are also integrating desktops into their software. This doesn’t just apply to Windows, macOS can also be found in many systems. The direction is clearly set: If all clients increasingly perform similar functions, the majority of applications and data come from the cloud and they are based on the same technical basis, administrators should be able to bundle and manage everything in one place.

Mobile systems, desktops and soon the IoT

With Sophos Mobile Control you can manage not only smartphones, but also, for example, a Raspberry Pi with Android Things (Fig. 1).
Source: Sophos

A further step would be the Internet of Things (IoT). Google in particular wants to focus Android more on this. So far, only a few developers have gotten involved in embedded management, even though attackers are already enslaving networked light bulbs for DDoS attacks without security updates. Only a few users are likely to be interested in the fact that VMware still has Symbian and S60 in its range. However, no provider has Linux and BSD computers on their radar.

One of the fundamental features of any MDM system is that administrators can remotely update applications such as operating systems. Almost all providers can handle both functions – only Citrix, MicroNova and Sophos have to give up here. While the latter concentrates on Samsung devices for Android, the other two smartphones have to do without updates from Android or iOS. On the longer-lived desktop – Windows 7 is barely younger than the first iPhone – operating system upgrades may not be available all that often, but Apple and Google often only give important features to their latest versions, especially in the area of ​​security. At least apps can always be kept up to date.

Lock smartphones and delete data

To the box Google instead of third parties

After all, all providers without exception offer a lockdown and a wipe of the devices. These are also elementary tasks of an MDM system that are particularly effective in the event of attacks on smartphones, theft of the device or the loss of it. During a lockdown, the administrator remotely stops all communication from the client – users can no longer transmit or receive data on the Internet. This not only prevents important information from leaking out, but can also ensure that a virus does not spread within the internal network. A wipe is more drastic: With a click of the mouse, the administrator deletes all data on the smartphone. This means that no information can be lost to third parties. This doesn’t just apply to attackers from outside – after all, former employees should also have no access to internal information. Some systems can also differentiate between private and work applications and, if desired, only remove the latter.

AppTec provides administrators with important information on devices, systems and applications in use at a glance (Fig. 2).
Source: AppTec

Logs and reports can also be created with all systems. As with other systems, such as desktops, administrators can either manually detect unusual activity by users or devices or make the data available to a third-party tool. Such a service should be able to use machine learning to create a baseline of normal behavior and then automatically respond to deviations to real and potential threats. As a rule, however, these are services from the public cloud, which means that those responsible receive the necessary computing power from a giant such as Amazon or Microsoft, but at the same time feed it with extensive information about their own company. …

Source: https://www.heise.de/ix/heft/Angeleint-3780427.html