Some governments have laws regulating a certain maximum level of encryption in their territories. For example, China is a difficult environment for cryptography use and regulation. Importation and exportation of cryptography products are both highly regulated. Encryption is regulated primarily by the National Commission on Encryption Code Regulations (NCECR). Encryption products cannot be sold or imported in China without prior approval by NCECR. Furthermore, individuals and firms in China can only use cryptography products approved by the NCECR. This also applies to foreign individuals and firms operating in China, who must report details of their encryption systems to the NCECR.
The international standard for wireless connectivity, used worldwide, is the 802.11 standard of the Institute of Electrical and Electronics Engineers (IEEE). However, in 2003, the Chinese government announced the creation of a new Chinese standard for wireless LAN security (the WLAN Authentication and Privacy Infrastructure (WAPI)) and stated that wireless LAN (or Wi-Fi) systems sold in China would have to conform to the WAPI, not the 802.11, standard. Further, foreign companies that wished to sell Wi-Fi devices in China would have to co-produce their products with designated Chinese firms.
The WAPI standard was opposed by international IT firms, which viewed it as a protectionist tool used by the Chinese government. Another reason for opposing WAPI, however, was the fear that the domestic cryptography standard would create a functional key escrow system that would allow the Chinese government access to encrypted communications.
Restrictions on cryptography can affect companies operating in international markets that want to use cryptography to protect their data and communications; and also individuals in countries with restrictions on use of cryptography. Also, varying cryptography regulations worldwide place substantial burdens on information technology and security firms looking to move into new markets.
Restrictions on importation and use of cryptography can affect the operations of multinational firms in various ways. Network managers for firms in the West often design encryption technologies into their voice and data networks to protect the contents of their telephone calls, emails, documents, etc. When they use these same technologies abroad, they must tailor their systems to the restrictions of each country in which they operate, or they may violate local laws and regulations. This challenge is amplified when laws are unclear or inconsistently enforced, which is common in many developing countries.
For example, Chinese encryption regulations are often vague. Companies can expect the Chinese government to ask for details about the encryption that is being used—in addition to requiring them to appoint an encryption contact who will give the government the encryption keys when asked. Also, if a user encrypts data in China, the user has to provide the Chinese government the ability to access the keys. Because of such restrictions, many businesses do not use encryption in China, even if cryptography is a normal component of their IT infrastructure elsewhere. Also, in Russia the Federal Agency of Governmental Communications and Information has issued regulations requiring government approval to use encryption.
Restrictions on the import and use of cryptography affect businesses in several ways. If firms cannot use encryption devices to secure their data and communications in a given country, then their data in that country is put at risk. The situation is worse where regulations are unclear and inconsistently applied.
In addition to using cryptography to protect data as described above, mobile phones also are often managed using mobile application management to regulate some aspects of phone operation. For example, a user may be an employee of a firm that manages operations on the user's mobile phone using mobile application management implemented by a firm server.
Mobile application management (MAM) generally relates to software and services for provisioning and controlling access to internally developed and commercially available mobile apps used in business settings on both company-provided and “bring your own” smartphones and tablet computers.
Enterprise mobile application management is increasingly important due to the widespread adoption and use of mobile applications in business settings. The “bring your own device” (BYOD) phenomenon makes mobile application management more important, with personal PC, smartphone and tablet use in business settings (vs. business-owned devices) significantly increasing. Mobile application management enables corporate IT staff to download required applications, control access to business data, and remove locally-cached business data from the device if it is lost, or when its owner no longer works with the company. A growing demand for mobile apps from employees is prompting organizations to broaden beyond mobile device management to managing a growing number of mobile applications.
An end-to-end MAM solution can provide the ability to control the provisioning, updating and removal of mobile applications via an enterprise app store, monitor application performance and usage, and remotely wipe data from managed applications.
Mobile device management (MDM) is an industry term for the administration of mobile devices, such as smartphones, tablets, laptops and desktop computers. MDM is usually implemented with the use of a third party product that has management features for particular vendors of mobile devices.
MDM functionality can include over-the-air distribution of applications, data and configuration settings for all types of mobile devices, including mobile phones, smartphones, tablet computers, mobile printers, mobile POS devices, etc. Most recently laptops and desktops have been added to the list of systems supported. MDM tools are used for both company-owned and employee-owned (BYOD) devices across the enterprise or mobile devices owned by consumers. Consumer demand for BYOD is now requiring a greater effort for MDM and increased security for both the devices and the enterprise to which they connect. By controlling and protecting the data and configuration settings for all mobile devices in a network, MDM can reduce support costs and business risks.
With mobile devices becoming commonplace and increased numbers of applications becoming available for mobile devices, mobile monitoring is growing in importance. Numerous vendors help mobile device manufacturers, content portals and developers test and monitor the delivery of their mobile applications. This testing is done in real-time by simulating the action of thousands of customers and detecting and correcting bugs in the applications.
Typical solutions include a server component, which sends out the management commands to the mobile devices, and a client component, which runs on the mobile device and implements the management commands.
Central remote management uses commands sent over the air to mobile device handsets. An administrator at a mobile operator, an enterprise IT data center or a handset OEM can use an administrative console to update or configure any one handset, group or groups of handsets. The Open Mobile Alliance (OMA) has specified a platform-independent device management protocol called OMA Device Management. It is supported by several mobile devices, such as PDAs and mobile phones.
Over-the-air programming (OTA) capabilities are a component of mobile network operator and enterprise-grade mobile device management software. These include the ability to remotely configure a single mobile device, an entire fleet of mobile devices or any IT-defined set of mobile devices; send software and OS updates; remotely lock and wipe a device; and do remote troubleshooting. OTA commands are sent as binary messages, which are messages including binary data.
Mobile device management software enables corporate IT departments to manage the many mobile devices used across the enterprise; consequently, over-the-air capabilities are in high demand. Enterprises using OTA as part of their MDM infrastructure demand high quality in the sending of OTA messages. Present day MDM solutions offer both Software as a Service (SaaS) and on-premises models.
Mobile device management software can provide some degree of control and visibility for an administrator of mobile devices. IT managers ensure that mobile devices comply with their organization-specific IT policies and that the correct configuration is pushed to devices. Mobile device management software can permit users to self-enroll over-the-air. In addition to automatically configuring corporate policies and controls, IT can automatically setup WiFi, VPN and Exchange ActiveSync configurations on mobile devices.
An administrator (admin) defines and deploys policies for an organization. The admin may choose from a set of policy controls over password, device encryption, camera, Wi-Fi, VPN, etc. If a device is lost, stolen, retired or replaced, the admin can wipe data from the device to reduce the chance of data loss.
The admin can control and manage various devices from a single console. In some cases, MDM software can support a wide array of mobile devices, operating systems and technologies including Apple iOS, Apple Watch, Android, Windows Pro, Window Phone and Samsung KNOX. Whether Bring Your Own Device (BYOD), Corporate-Owned, Personally-Enabled (COPE) devices or a combination of both are utilized, customizable policies ensure the right policies are applied to the right device.
In one example, MDM software can support use cases including business users, remote workers, highly-sensitive users, shared devices, and kiosks. The MDM software can be deployed using a fully cloud-based deployment.