MDM and the Corporate Shield

The corporate environment of today is reliant on the mobility of the team members. By mobility I mean the team must be attached to every member all the time, at a moments notice. In order to maintain this connectivity the team must use devices that can allow them to be untethered and unhooked from the standard ethernet cable and out in the invisible land of cellular. In doing so they take with them mobile devices ranging from the iPad to the Galaxy Tab to the iPhone to the Motorola Droid.

These mobile devices are so powerful and versatile that companies are no longer issuing laptops to take into the field but a mobile cellular device. Gartner, Forbes and Business Wire all have published studies on mobile devices vs laptops/PC in todays work environment. All studies point to the demise of the outdated PC and in with the new mobile device. This blog is being generated, created and edited on a mobile device with a portable keyboard.

With power should also come responsibility correct? What does power, mobile device distribution, allowance and governance have to do with responsibility? It should come as no surprise that a mobile device of today is not the antiquated device of yesterday. Today’s mobile device can send, transmit or otherwise take a company to bankruptcy from any part of the world or universe with a single tweet, post or attachment via their 10 megapixel mobile device camera. What are companies doing about it? BYOD aside, companies are using Mobile Device Management software, also known as MDM, in an effort to deter, monitor and maintain data breaches, leaks and breaks. Is MDM the answer to the investigation of a data breach?

MDM was first seen in applications, or wrappers, that allowed the user to enter into this application and conduct the work via the mobile device and all “work” would be safe within the MDM application. This allowed the user and corporation to feel safe that data leakage of important company information was not being transmitted using built in applications for email, SMS etc where data leakage may occur. The next step in the evolution of MDM was a full administrative tool. When the MDM software application was installed it would monitor the device for approved applications, reset the device should it be lost or stolen, and monitor the device and capture data to the administrative server. This is not an exhaustive list of all of the features of MDM software, but as you can see this mimics what a BES (Blackberry Enterprise Server) has always done with Blackberry devices. The problem with the onslaught of MDM software in the corporate environment is the false sense of security it may bring if a critical incident occurs. MDM companies will be the first to admit their tool is not made for investigations, but at a reported 16 billion dollar industry by 2016 why rush it..

Should a data breach occur and a company is requested to produce ESI from a custodian a tool utilized for forensic investigations should fill the bill, not a Mobile Device Management tool. Past precedent has been laid by many companies using Blackberry Enterprise Severs. While data residing on a server is very important to a possible ESI event; data living in the now on a mobile device is paramount.

Lee Reiber

About Lee Reiber

Pioneering mobile device forensic examiner, consultant and trainer, software development innovator and former LE officer with the Boise Police Department
This entry was posted in Information and tagged , , , , , , , . Bookmark the permalink.