As the COVID-19 pandemic swept the globe, it increased an already growing remote workforce. According to Gallup, approximately 33% of Americans say they now work remotely, and nearly 70% of those workers would like to keep doing so. Remote work provides benefits to both staff and employers, and companies find that employees are more productive working from home.
The traditional solution for many companies is a Mobile Device Management (MDM) system, giving remote workers the same functionalities as in-office workers. In short, MDM software allows IT administrators to control, secure, and enforce policies on smartphones, tablets, and other endpoints. Because MDM directly manages employee devices, it raises privacy and data loss concerns for end-users and increases employers’ liability issues. An MDM program also has high upfront and ongoing costs, as well as security risks.
Attackers Exploit New Bug in MobileIron MDM
The typical security concern with MDM is that company data resides on employee devices, making every piece of company-managed hardware a possible cybersecurity attack vector. New research and actual attack reports show hackers can infect the MDM servers that control employees’ devices and further penetrate internal company networks.
In October, ZDNet reported vulnerabilities in MDM servers from software maker MobileIron. A security researcher discovered three MobileIron server bugs, used one to hack into Facebook’s MDM server, and then gained access to Facebook’s internal network. This remote code execution vulnerability in the MDM solution allowed attackers to take over remote company servers and was recently listed by the US National Security Agency (NSA) as one of the top 25 vulnerabilities exploited by Chinese hackers.
The NSA said Chinese hackers have been using the MobileIron MDM software bug to access internet-connected systems and then pivot to internal networks. More than 20,000 companies use MobileIron MDM, including many that belong to the Fortune 500.
MDM Solutions, Challenges & Security Risks
Although MobileIron patched the vulnerability, MDM security remains an ongoing issue. There are significant vulnerabilities in all three leading MDMs—MobileIron, AirWatch, and VMWare—adding a new level of concern to traditional MDM security concerns.
According to recent Check Point research, once a corporate MDM server is compromised, it can be used to infect user devices and collect sensitive data, like user credentials or other Personally Identifiable Information (PII). With malware installed on an employee’s device, the only solution may be a remote wipe, which is used to protect company data when a device is lost or stolen. If the company has a Bring Your Own Device (BYOD) program and a remote wipe is used, the employee could lose their personal data, and the employer may be liable for that loss.
In addition to the personal data loss risk, MDM causes BYOD privacy concerns. Because IT controls individual devices, end-users give up certain privacy rights and accept strict rules before locally storing and interacting with enterprise data. Heavy-handed controls can lead to MDM program resistance and lower adoption rates. Company-issued devices can reduce privacy concerns, but they create other issues like lower adoption rates (employees don’t want to carry two phones), increased IT overhead, and hardware costs.
Employees are more satisfied and productive using their own devices for work compared to company-issued devices. By shifting costs to employees, companies with a BYOD policy save an annual average of $350 per employee. However, the hardware is not the only cost factor. Regardless of the device policy, ongoing MDM management requires dedicated administrative staff to maintain and update each user device. Employees often resist an MDM program, whether by circumvention or rejection, incurring additional risks and costs, including data breaches, regulatory violations, and wasted resources.
Virtual Mobility Solutions – A Secure Alternative to MDM
A company’s data is its most valuable asset, and one weak link is all it takes to put enterprise data at risk. Enterprises must establish a mobility management strategy that effectively secures data, enables BYOD, and manages IT resources and other costs. Hypori Virtual Mobility™ is today’s solution and focuses on securing data—not hard-to-secure devices. With Hypori®, enterprise data never resides on the user device.
Data is centrally managed via the Hypori Virtual Device. End-users can see and interact with data via an encrypted data stream, but a physical copy is never sent to their device, reducing the risk of data loss, cyberattacks, and corporate espionage. Hypori also reduces IT costs by eliminating the need for individual device management. The use of personal devices means no corporate hardware costs and higher employee adoption rates.
Hypori delivers employee-friendly, budget-conscious, scalable BYOD to all SMBs and large enterprises in every industry. Your remote workforce is easily empowered and protected with 100% separation of personal and enterprise data and military-grade security. To learn more about how Hypori improves organizational efficiency, reduces BYOD costs, and increases network, device, and workforce performance, click here.