There’s a lot of speculation going on about Apple’s current dispute with the FBI and what the new EMM and MDM capabilities of iOS 9.3 can do. The last few iOS updates from Apple have enhanced their mobile device management capabilities for device enrolled through an enterprise of business. These services are available for any Apple device with iOS 9 in use. An article for PCMag, Rob Marvin touches on a common theme that most EMM vendors were dealing with: Would EMM have access to the San Bernardino shooter’s phone data? The answers is no, and here’s why:
Mobile World Congress too place in Barcelona last week and this issue of the FBI wanting Apple to create a backdoor in their own OS was one of the hottest topics of the night and for good reason. We’ve been reading about bring-your-own-device (BYOD) policies for years and one of the biggest points of contention is: Can IT see the personal data stored on your phone? For security reasons they essentially could because of their need to remotely wipe the phone if it was lost or stolen. It was part of the contract BYOD users would have to sign and it was one of the touchiest subjects. While IT was forbidden to look into anyone’s personal data, the capability was still there which made people nervous.
Naturally that’s where our minds go when there’s this phone with personal data on it the government wants, and a company that doesn’t want to put the data of others at risk: Why not just activate the MDM capabilities that are already there in the OS?
MDM is a component and falls under the umbrella of EMM and works as a function of EMM. It was reveled that the shooters worked for San Bernardino County and San Bernardino County is an enterprise customer of MobileIron. Marvin spoke to Clarissa Horowitz, the Vice President of Communications at MobileIron who clarified that MobileIron EMM was not installed on Farook’s device and even if it was, EMM simply doesn’t work that way.
“There is no backdoor. We do what we can do because Apple has given us APIs [application programming interfaces] to be able to do it,” Horowitz said. “Even if our software had been on the device, the county administrator is the one who would’ve had to send that unlock command. Once they did that, they wouldn’t see anything on the MobileIron console. The FBI agent would have to be physically holding the device to get into it.”
With new innovations in container technology and the general distaste for the employee/employer violation of personal data seeping into work life, one of the most important building blacks of any EMM solutions is that the employer cannot see personal data period. EMM is the dividing line between personal and business data, forming a wall of protection around the corporate data. While MDM is about the device, EMM is not about securing that endpoint, it’s about sectioning off the segment of the OS where corporate needs to have control from the segment of the OS where the user conducts their personal life.
The bottom line is, EMM is not a backdoor and there are a lot of elements in place that prevent it from being a backdoor or being manipulated into being one. Skepticism around EMM and BYOD is already high and this concern is not completely unfounded. There is no standard guide that every solution and every company has to follow so to the employee, they’re putting their trust in the employer to not look into their private life and hold that against them professionally.