blackberry

  • warning: Creating default object from empty value in /var/sites/e/enterpriseios.com/public_html/modules/taxonomy/taxonomy.pages.inc on line 33.
  • strict warning: Only variables should be passed by reference in /var/sites/e/enterpriseios.com/public_html/sites/all/modules/contrib/captcha/captcha.inc on line 61.
  • strict warning: Declaration of views_handler_field_user_name::init() should be compatible with views_handler_field_user::init(&$view, $data) in /var/sites/e/enterpriseios.com/public_html/sites/all/modules/contrib/views/modules/user/views_handler_field_user_name.inc on line 61.

Open Letter to MDM Companies

Your rating: None (5 votes)

[Editor's note: This letter from a member of our community brings up some interesting points. But as noted in the comments, the MDM providers are simply using the APIs provided by the device manufacturers.]

You all have it wrong. All of your products are good don't get me wrong! You enable us to protect our networks, provide our users with ease of use and ease of setup. You allow us to block or allow anything we feel is harmful (separate opinion about that). The thing you have wrong is wiping the phone after failed attempts at the password!

Why is this wrong?

  • Whoever steals the phone knows this so they just enter random passwords and then have a usable phone to sell. That is until you figure it out or it is reported to you.
  • If the end user forgets a lot of times the phone will wipe and they will continue to use it. Then a couple weeks later they bring you the phone saying that it isn't working right.
  • While the user is using the phone unprotected they install their personal email or just text company information leaving your company at risk.

What the is the "right" way?

  • After 10 (or whatever your specified time would be) wrong password attempts you lock the device with an alternate password that only the administrator knows.
  • Each phone could have a different admin password that auto populates when you register the device.
  • The password is only viewable in the MDM console.
  • The phone can be unlocked with this passcode or through the MDM provided the end user answers the appropriate questions correctly.
  • Also there should be a notification on the MDM and an email sent to the MDM admin. This would allow them to be a bit more proactive and give the admin some visibility to what is happening in their world.

I think this method is more secure for our data and protects the assets we place in the field mischief better. What are your thoughts?
http://redd.it/1xzxd2

Recent Activity