As organisations continue to innovate to realise efficiencies through the use of increasingly sophisticated and pervasive mobile technologies, many are continually challenged by the risks associated with managing an ever growing device estate. Successfully managing the complexity of multiple software and hardware mobile platforms necessitates a practical, secure and cost-effective way to manage, monitor and track devices.
This is best achieved through implementing an end-to-end Mobile Device Management (MDM) strategy, that can sometimes require consideration of the entire software and hardware stack, to ensure valuable time and resources are used effectively in securing and monitoring mobile devices that accesses business-critical data.
I have summarised four of the themes we believe are important for organisations to consider when implementing a robust MDM strategy, much of which is based on work we have undertaken with UK Government.
Choose a device manufacturer committed to security patching
It is important that you take into consideration that Android and iOS have fundamentally different approaches to the phone ecosystem. Apple has a closed eco-system, whereas Android is an open platform, and phone manufacturers are supported to build their own devices using Android. Google releases updates and patches to its Pixel phones, at the same time as it releases patches to the wider Android community. It inevitably takes time for the individual manufacturers to integrate, test and release the patch to their handsets. Consequently, this can result in a period of time where publicly known vulnerabilities exist that may be exploited, for a period that depends on the responsiveness of the manufacturer. This situation is not directly mirrored in the Apple ecosystem.
It is worth also investigating the patch lifetime to which a manufacturer has committed, as this often correlates with patch responsiveness. Organisations with long-term projects may wish to consider specialist manufacturers such as Bittium that will commit to extended device lifecycles.
Plan your application lifecycle management
From an application provisioning platform perspective, the Apple App Store and Google Play Store perform the same functions. While there are some differences in approach, both no longer favour users’ side-loading applications.
Since its inception, the Apple App Store has implemented a quality and compliance gateway process, through which apps must pass before they appear on the store front. App developers can still sign their own apps and push them to devices, via some MDMs that offer private app stores. However, if an app developer’s certificate is revoked, the apps will no longer work.
A safer method is to get your developer to submit the app to the actual App Store, where apps are vetted to ensure they work and don’t affect the functionality and security of the device. For enterprise customers, Apple created the Volume Purchase Program (VPP) for businesses. This allows organisations to submit apps only for themselves or for specific customers to access.
It’s important to note that apps are not always delivered from Apple servers. They are in fact often provided by a Content Delivery Network middle man. All iOS devices have the App Store function built in; this can be switched off from an MDM server. Organisations can also push mandated apps and updates from the MDM server.
Google also has a vetting process for apps, subject to a review process that can be somewhat slow. While there is no dedicated business-only Play Store, Google offers a ‘Private Apps’ concept, allowing the user to differentiate between work and personal applications. MDM administrators can remove business apps from a managed phone. Similar to ‘Bring Your Own Device’, the organisation sets the rules and locks down the device, while allowing the user some freedom to adapt it for personal use. The user feels there is some degree of privacy afforded, but this is not a security feature per se.
Consider a ‘split proxy’ architecture for high-threat environments
Organisations that are considered high-value targets and are subject to sophisticated cyber-attacks have become increasingly concerned about the consequences of an MDM server compromise. Attackers that breach an MDM server can easily locate and unlock a device posing a serious threat to an organisation’s security. Compromised servers can also be used for subsequent lateral movement, or act as the ideal data egress point.
The data security challenges associated with managing mobile devices result from the characteristics imposed by the smartphone ecosystem. Such concerns apply regardless of whether an organisation’s MDM is on premise or consumed as a cloud service. MDM servers have complex communication protocols that interact with several internet-based services, such as push notification systems and online app stores. Usually, these communication channels are authenticated and encrypted end-to-end, preventing them from being inspected for threats.
Therefore, an organisation or its service provider can either open its firewall ports to an MDM server hosted in their most trusted network segment or host the MDM server in a less trusted segment – a ‘DMZ’ of sorts. Ultimately, this equates to either compromising a secure network, or sacrificing the MDM server.
One way to mitigate the risks of such a compromise is to choose a solution that employs a ‘split-proxy’ architecture. Utilising a series of proxy servers residing in a DMZ, these fulfil the range of encrypted communications with the smartphone ecosystem, which are required of an MDM server. MDM traffic is rendered inspectable by the proxies and is subjected to a web application firewall to test for anomalies.
The MDM server may be hosted within the secure network, with appropriately secured and managed communication with the proxy servers. This type of solution can provide a significantly improved level of defence, whilst being completely transparent to the end user.
Consider the business objectives before implementation
Ultimately, organisations that prioritise data and employee protection as part of their MDM strategy should assess what they need from their mobile devices, and how they intend to be used. A multi-functional work device that requires access to multiple back-end systems including sensitive customer data will almost certainly demand a large budget spend, in addition to robust risk analysis capabilities.
On the other hand, a small business continuity project, that keeps employees informed of out-of-hours actions in certain circumstances, may be achievable without any MDM implementation at all.
Regardless of whether an organisation is operating in a high or low-threat environment, it needs to select an MDM solution that is resilient enough to protect its data from increasingly sophisticated and well-funded threat actors, who are intent on infiltrating the mobile ecosystem to compromise company data.
The opinions expressed in this post belongs to the individual contributors and do not necessarily reflect the views of Information Security Buzz.