“I can’t find my phone. It’s either inside a Hogwarts backpack at my son’s school, Penn Station in New York or traveling at 30,000 feet and accruing a ton of frequent flier miles.”

How does a support call like this still account for 32 percent of mobile security incidents in 2015? Aren’t we in the age of apps? Isn’t the wearable employees’ next frontier in working from wherever, whenever and off whatever limb they please? Hasn’t the bring-your-own-device triage been brought up in every tech conversation since chief executive officers first swiped a tablet? Wasn’t mobile device management (MDM) decreed dead and buried for the more data-encompassing and deep dive-enabling powers of enterprise mobility management (EMM)?

Yes, all of that happened. However, human evolution and technological revolution don’t walk in tandem. This fact of tech outpacing our ability to master it isn’t a new concept, but when it was recently and so starkly displayed before me in “The State of Mobile Security Maturity,” a report by Information Security Media Group, I realized perhaps all of us bits and bytes pundits needed to breathe for a second and reflect on the basics of unprotected devices.

With oops-a-daisies still beleaguering support queues, cloud MDM for device-level security actually demands another glance. With the right solution choice, your MDM is not just a security standard for now — it’s a platform for mobile productivity choices later.

Enterprise Mobility Management and Mobile Device Management: Different, Yet the Same

Sixty-four percent of companies are using some combination of EMM and MDM technology to mitigate data loss when the inevitable leave-behind occurs. However, that still leaves a wide-open field of app security or content-only security for many large organizations. Sure, you might keep corporate emails safe if they’re inside the chief financial officer’s email container, but every bit of personal information is now sitting in the finder’s hands. When 98 percent of your workforce can leave the company between the seat cushions on a train, why leave any part of their device and ultimately themselves exposed to exploitation, bother or even a trifle such as personal embarrassment?

I liken EMM to the current thoughts on universal expansion. MDM was the Big Bang explosion of mobile security that gave idea and then form to EMM essentials such as separate passcodes for email, intranet gateways, secure Web browsing and file share management. IT must remember that users like to save things, and rarely where recommended by IT. Information can leave your more archaic email containers faster than you can say “cut and paste.”

With mobile device management as your foundation, the passcode security policies are in the same pane of mobile management glass as your corporate app store. Your EMM then burgeons into separating email, Web browsing, content and all work into a consolidated IT permissions center and privacy safety center for employees. When 19 percent of companies still sidestep device-level control because of “my device privacy paradigm” shifts, I shake my head and dust off a little piece we came up with years ago called “Bring Your Own Device: Ten Commandments.” I have seen many companies distribute this cartoon tale to assuage fears of IT being a voyeur as opposed to merely a watcher with an eye on the whole flock, focusing on the individual lamb only when it gets lost.

At the end of the day, MDM is EMM, just as EMM is MDM (simply with a better public relations agent right now). When you hear soothsayers decrying down the lane to “bring out your dead solutions,” remember that while your first MDM might be on its last legs, not all MDMs rested on their initial option sets. If you skipped MDM or are first entering the mobile security conversation, make sure you know exactly what device control means and how much EMM can be leveraged in the same portal. Device security shouldn’t be shunned, especially when it can offer much more than just device security.

More from Endpoint

The Evolution of Antivirus Software to Face Modern Threats

Over the years, endpoint security has evolved from primitive antivirus software to more sophisticated next-generation platforms employing advanced technology and better endpoint detection and response. Because of the increased threat that modern cyberattacks pose, experts are exploring more elegant ways of keeping data safe from threats. Signature-Based Antivirus Software Signature-based detection is the use of footprints to identify malware. All programs, applications, software and files have a digital footprint. Buried within their code, these digital footprints or signatures are unique…

Contain Breaches and Gain Visibility With Microsegmentation

Organizations must grapple with challenges from various market forces. Digital transformation, cloud adoption, hybrid work environments and geopolitical and economic challenges all have a part to play. These forces have especially manifested in more significant security threats to expanding IT attack surfaces. Breach containment is essential, and zero trust security principles can be applied to curtail attacks across IT environments, minimizing business disruption proactively. Microsegmentation has emerged as a viable solution through its continuous visualization of workload and device communications…

Self-Checkout This Discord C2

This post was made possible through the contributions of James Kainth, Joseph Lozowski, and Philip Pedersen. In November 2022, during an incident investigation involving a self-checkout point-of-sale (POS) system in Europe, IBM Security X-Force identified a novel technique employed by an attacker to introduce a command and control (C2) channel built upon Discord channel messages. Discord is a chat, voice, and video service enabling users to join and create communities associated with their interests. While Discord and its related software…

3 Reasons to Make EDR Part of Your Incident Response Plan

As threat actors grow in number, the frequency of attacks witnessed globally will continue to rise exponentially. The numerous cases headlining the news today demonstrate that no organization is immune from the risks of a breach. What is an Incident Response Plan? Incident response (IR) refers to an organization’s approach, processes and technologies to detect and respond to cyber breaches. An IR plan specifies how cyberattacks should be identified, contained and remediated. It enables organizations to act quickly and effectively…