Mobile Device Management (MDM) was a great first response by an Information Security industry caught on its heels by the overwhelming speed of mobile device adoption.It emerged at a time when Enterprises used to buy and give Blackberries to employees(some of them still do it ). MDM used to provide a mechanism to manage those devices, ensure that rogue devices weren’t being introduced onto the network, and enforce security policies on those devices. Although it was effective for Enterprises but it was intrusive to employees in the sense the control of the device was with Organization rather than user. Enterprises knew what was getting installed or how and for what the device is being used. They had 100% control and could wipe out the device remotely resulting in personal data loss. As a result, employees started using 2 devices(1 for personal and another one for official use). As the time progressed, mobile devices got better and user friendly and people started using Personal device for official communication also and hence sometimes end up insecurely sending official documents/mails to personal id – just for convenience which increased the risk of data loss and theft.
For Oracle Mobile Security Solutions (OMSS) Overview, please refer here.
Here are the main differences between OMSS and MDM.
|Features/Requirements||MDM Solution||OMSS solution|
|Device Pin||Requires a device PIN to access any APP.||No Device PIN required. Personal APPS are not affected.|
|Certificate Protection||NONE||PIN protected inside secure container.|
|Rogue APP Security||NONE. All application on the device have access to device level VPN.||APP TUNNEL is not accessible by Personal APPS.|
|Kerberos Security||Risky gateway trust with constrained delegations.||Device trust with PKINIT|
|Kerberos Maintenance||Must maintain duplicate list of all Internal Servers.||No Duplicate list of servers needs to be maintained.|
|Remote LOCK/WIPE||It locks/wipe user's entire device including the personal data.||Only locks/wipes data inside container.|
|Compromised Platform Detection||Only for Some Vendors.||Yes.|
|Aplication Authentication||None||Windows SSO|
|Data-Leakage-Protection (DLP)||Limited to device control which hampers user experience severely.||It does not allow backups to PC or Cloud. Only share containerized APPS.|
|Data in transit encryption||None, depend on device level VPN ie vulnerable to rogue apps.||FIPS 140-2 certified APP Tunnel via SSL.|
|Data at reset encryption||None, depends on device manufacturer to provide this.||FIPS 140-2 certified . Key derived from user credentials that are never stored on client side.|