When MDM is not enough: Context is key

Don’t get me wrong, MDM (mobile device management) is an important way to get control over some of the important aspects of today’s mobile device explosion. There are many valuable features available from a variety of vendors as well. Many of these can be quite valuable to your organization.

However, MDM falls short in another way. It focuses only on the mobile devices themselves! The problem here is that in today’s world, context is going to be increasingly important.

What do I mean by context? Let’s take an example of a finance employee dealing with sensitive information. While in the office on a managed corporate device, that person likely can access all the required information to do their job. But, what happens when that person steps away from their office? What if they are on a mobile device? What if they are accessing through a Citrix portal? What if they are at an internet café on the other side of the world? Should they get the same level of access in all of these situations?

This is where context is important. Organizations want to give employees access to information. It makes them more productive. It allows them to work more hours and respond more quickly to events. But, it also opens up the organization to risk.

MDM helps to manage a smartphone or tablet device to ensure that device is valid and approved. But, beyond this, many organizations still rely on username and password to determine access privilege. This does not take into account anything about the context of access. Where is the user coming in from? What is the status of their device? Under these circumstances, do we want to allow access to a particular resource? Perhaps we want to allow partial access? The variables are significant, but unaddressed by MDM technologies. Why? They simply focus on the mobile devices themselves. They do not focus on what those devices (or other devices for that matter) are actually trying to access.

That is why Access Control is so important. Having an integrated system that can query and validate the device, the user, the location and more is absolutely critical. Then, being able to use this information in concert with a granular policy engine to determine what should be accessible under those particular circumstances is critical. Combining these two aspects of aspect control provides a much higher level of control and can allow organizations to expand access while simultaneously mitigating risk.

More than this, an Access Control system shouldn’t care about the device that is requesting access. It should be able to make an intelligent query and know that it’s a smartphone or a laptop, that it’s a managed corporate device or an untrusted home PC. It should also be able to control access to resources regardless of where they reside, be it in the local datacenter or in the cloud!

If you can get centralized control over all your access, you also get centralized audit of all traffic crossing your gateways. You can see what’s happening, who accessed what and when, and you can get valuable information about how people are using your resources and from where.

Centralized Access Control is the next step in the evolution of security and risk mitigation. As you will see over the next couple of years, this will also be the place where the successful MDM companies will end up moving (either through their own initiatives, or by being acquired by other organizations who desire to improve their security reach).

Share: