Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


10:14 AM
Kurt Marko
Kurt Marko
Connect Directly

What Sophos Brings To MDM Table

Security vendors are rushing to fill gaping holes in IT's ability to manage mobile devices. But if you expect perfection, you'll wait too long.

The invasion of personal smartphones into the enterprise, whether through the front door of an official BYOD program or back door of I'll see how much I can get away with is by now so well established that the IT discussion is no longer about whether it's a good idea, but rather how to cope with the onslaught of unmanaged devices from a hodge-podge of manufactures and running several different OSs. For IT, standing at the rampart and yelling stop is about as effective building a sand berm in the face of an onrushing tsunami.

It's a situation not dissimilar to that faced a couple decades ago as PCs began flooding into offices while IT was still ensconced in its raised floor lairs tending to "real" computers. Gradually, a software ecosystem developed to automate and centralize the management of inherently personal and distributed devices. Today, many of those same companies, including endpoint security specialists like McAfee, Symantec and Sophos, are rushing to fill gaping holes in IT's ability to manage mobile devices.

As our MDM research report and survey found last year, fully 65% of respondents anticipate an increase in employee-owned mobile devices. To no one's surprise, as we outline in a recent report on mobile application development, the vast majority of those phones and tablets will be running iOS and Android. MDM software is the industry's solution to the vexing problem of making order out of chaos, but so far it's been greeted with a lukewarm response by enterprise IT. Our survey finds under a third of organizations have implemented these all-in-one management suites.

Sophos, a firm better known for PC anti-malware and data encryption than mobile security seems determined not to miss the post-PC market. The firm, which built its Sophos Mobile Control product upon technology licensed from Dialogs, a German firm specializing in mobile and communications software, clearly felt that developing MDM technology is far too important and strategic to remain an outsourced function and acquired the company earlier this year. The first fruits of this union were announced this week with a point upgrade to Sophos' MDM product. On the surface, there's not a lot new in Mobile Control 2.5, which already boasted a solid, if not extraordinary, set of MDM features; the complete litany of which you can actually see in more detail by looking at Dialogs' smartMan feature list [PDF] rather than the vague marketing speak pervading Sophos' own data sheet. The big additions are improvements to its management interface and enterprise integration, notably the ability to link devices and security policies to Active Directory groups.

[ Doing nothing is not an option. Read 6 Keys To A Flexible MDM Strategy. ]

Mobile Control's AD integration allows tying users to specific devices and groups to sets of configuration policies. For example, marketing employees might be allowed to use the Facebook app on the corporate WLAN while everyone else is blocked, or executives may be configured to use an exclusive remote VPN gateway when traveling not available to other employees. The ability to automatically map policies and configurations to existing users and groups is a big boost to administrator efficiency.

Another enhancement in 2.5 is support for app distribution and control on iOS. Previous versions allowed installing and removing apps on Android and Windows Phone, but Apple's tight control over app distribution can complicate life for enterprises. The new version enables IT to push or delete iOS apps installed from either the App Store or an in-house portal. The update also features improvements to device compliance checking and reporting. Mobile Control features a handy client-side app that gives users an overview of the device's compliance status including any resolution steps they must take to rectify the problems. IT gets the same data for all devices on a central management console.

Although Sophos didn't participate in our MDM Buyer's Guide, when comparing its feature list to the 20 or so categories we asked about, Mobile Control could check almost all of the boxes. No, it can't remotely control a device (at least not the ones that matter: Apple and Android), nor remotely upgrade the OS, but when it comes to app management, policy enforcement, device inventory, usage tracking, geolocation, and remote wipe, Sophos has you covered. One area that Sophos doesn't address--again, for the smartphones people care about--and in all fairness, few MDM products do--is data backup. With the proper configuration and usage guidelines, mobile device backup shouldn't be a critical feature since, as I point out in an earlier column, it's best to keep company data off of mobile devices. But as I point out in a forthcoming report on e-discovery in the age of cloud services and smartphones, there are certain types of important company information that invariably end up being either generated or inadvertently stored on mobile devices; things like text message conversations, call logs, audio recordings, camera snapshots--all of it potentially valuable information if the phone is lost or its owner is pertinent to pending litigation.

The MDM market is rapidly evolving, resembling the state of anti-virus and PC security products a decade ago; meaning every product has flaws and a widely accepted, de facto standard feature set has yet to emerge. But in IT, perfection can never be the enemy of the good, since the good is always getting better. When it comes to getting a handle on mobile devices within your organization, Sophos' updated Mobile Control is emphatically better than nothing and at least as good as most of its competitors. IT shops already using Sophos for PC endpoint management should start their MDM evaluation here.

Android and Apple devices make backup a challenge for IT. Look to smart policy, cloud services, and MDM for answers. Also in the new, all-digital Mobile Device Backup issue of InformationWeek: Take advantage of advances that simplify the process of backing up virtual machines. (Free with registration.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
FluBot Malware's Rapid Spread May Soon Hit US Phones
Kelly Sheridan, Staff Editor, Dark Reading,  4/28/2021
7 Modern-Day Cybersecurity Realities
Steve Zurier, Contributing Writer,  4/30/2021
How to Secure Employees' Home Wi-Fi Networks
Bert Kashyap, CEO and Co-Founder at SecureW2,  4/28/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-06
An SSRF issue in Open Distro for Elasticsearch (ODFE) before allows an existing privileged user to enumerate listening services or interact with configured resources via HTTP requests exceeding the Alerting plugin's intended scope.
PUBLISHED: 2021-05-06
Arbitrary File Deletion vulnerability in puppyCMS v5.1 allows remote malicious attackers to delete the file/folder via /admin/functions.php.
PUBLISHED: 2021-05-06
Rmote Code Execution (RCE) vulnerability in puppyCMS v5.1 due to insecure permissions, which could let a remote malicious user getshell via /admin/functions.php.
PUBLISHED: 2021-05-06
An issue exists on NightOwl WDB-20-V2 WDB-20-V2_20190314 devices that allows an unauthenticated user to gain access to snapshots and video streams from the doorbell. The binary app offers a web server on port 80 that allows an unauthenticated user to take a snapshot from the doorbell camera via the ...
PUBLISHED: 2021-05-06
An out-of-bounds (OOB) memory write flaw was found in list_devices in drivers/md/dm-ioctl.c in the Multi-device driver module in the Linux kernel before 5.12. A bound check failure allows an attacker with special user (CAP_SYS_ADMIN) privilege to gain access to out-of-bounds memory leading to a syst...