Tim Belfall, CTO of Condico, a Modile Device Management Solution company, talks to us about the concept of security in the Mobile segment and more.
1. Tim - Let's start off with an overview of Condico Mobile and what is your role inside the company?
I am the founder and CTO of Condico (opens in new tab).
Condico was established in response to an international bank’s requirement for a method of extending control and security to their employees mobile phones, irrespective of location, network or type of device.
I based the company on my previous experience of being Nokia’s mobile middleware product manager (SMS, WAP, mobile portals data enhancers etc), and from my experience of dealing with the NHS and large companies when I was COO of OpenHand Software (a mobile email & application company).
I could see that although most organisations had security and control policies for their laptops and desktops, mobile phones were not controlled, nor was there any appreciation that they should be.
Until a couple of years ago many companies still relied on either their telecoms department or senior PA to handle mobile contracts.
These are busy people who are bombarded by the mobile networks and B2B mobile independents with a bewildering array of tariffs and handsets. Cost to them is the first order of the day; whilst security considerations have been a mere after thought.
The landscape has changed. Efficiency is measured by how customer facing staff are, how flexible working can readdress the work life balance, and how green the company can be seen to be.
One answer is to allow employees to work closer to home, but with full access to all the usual IT applications.
By so doing this instantly allows the health visitor, sales person and engineer to use their time to help their customer, reduce the time spent going back to an office to log a report or pick up emails, and be closer to home to help with child care or just to get back at a reasonable time. This invariable saves petrol and energy going to and from a regional office.
To support this, a combination of connected mobile devices may be required. This could be a simple laptop, Ultra mobile laptop such as the OQO, a PDA such as those from HTC, a smartphone from Nokia, Blackberry, Apple or Sony Ericsson, or a feature phone with Java from many different manufacturers.
Modern devices have a plethora of connectivity options from HSPA, 3G, EDGE, GPRS, WiFi, Bluetooth and USB cable.
Each device will also have proprietary software to access email systems, ERP, MRP, CRM, patient records, and a host of other information services.
Combine this access with the latest memory cards holding up to 8GB of information and it is quite easily seen that an individual employee could access and hold on their mobile entire organisations or companies extremely confidential information.
Yet, unlike desktop or laptops, most mobile devices are left unsecured. Unfortunately they are also the most prone devices to be lost or stolen.
Once stolen it take but a matter of seconds to remove the SIM card, or switch off the connectivity, allowing the remote kill function of some devices to be rendered useless.
The SIM’s are then sold on quickly and the device lands on ebay or sold elsewhere, leaving information on the device open to misuse.
The other threat is user misuse. This can be from using the mobile to access a VoIP service, a supermarket website, a blog, or a video web site, thereby chewing up valuable data (although with more flat rate services this is becoming less of a problem); or a trusted employee copying valuable information prior to joining another organisation then deleting it from the company’s mobile.
They may also download inappropriate software such as games or gambling programs.
Further problems arise from using the video camera or internet browser to take inappropriate photographs, or downloading a cross over virus that could infect the corporate network via the connection back to the office.
It takes an extremely sophisticated system to control all of these scenarios, and update the legitimate software on the device, and ensure that the device can be maintained in the field rather than returned to the office. Especially in the fast moving, and buggy, field of mobile phones.
This is where Condico comes in. Condico provides the ability to maintain and control hundred of thousands of devices (or 100), from cradle to grave, all type of mobile phones and smart devices, where ever they maybe regardless of network.
All without the company worrying about supporting the complicated technology behind this or being trapped by a single network contract.
2. Your company delivers Mobile Device Management Solutions, could you elaborate more about those?
In my experience, IT departments do not have the resources to support mobile phones as well as the regular IT desktop & server support services.
At any one time there are in excess of a thousand different handsets available and new ones coming out daily, plus numerous carriers, operating systems, firmware versions and capabilities. An IT manager can not hope to support the infrastructure to control such a disparate range of devices.
This is where Condico’s SaaS comes in. The idea is that all the technology is wrapped up in a secure, fault tolerant location, which is constantly updated with the latest devices and firmware versions.
The service can be switched on immediately to allow training of the first line support team within the company, and corporate software and security policies to be established.
Once established the service can be pushed out to the users with little or no involvement from the end user.
Condico’s SaaS gives an added advantage in that an organisation is independent of the carrier allowing a company’s telecom’s team to negotiate the best tariff’s without having to worry about being technically locked into a single network.
3. Condico means to fix in Latin, is your company more a "fixer" or a "preventer"?
Both in fact.
If there is a problem, it can be automatically identified and fixed, or highlighted. For instance the system can detect if an unauthorised SIM is installed in a handset and appropriate action taken, such as an automated wipe.
Alternatively there may be a firmware or software upgrade to the handset, this can be sent at predetermined times to groups, or individual handsets for silent install.
Another fixer is automated backup and recovery. This is especially important if a device is being upgraded as the old one can be backed up over the air, wiped and the new device provisioned with all the information from the backup.
Alternatively, if a device has been just issued, a complete suite of services and configurations can be sent to the handset such as device encryption, hardware profile (eg camera off, Bluetooth discovery off etc), software applications, VPN configuration email profile, and security settings.
In addition, if a mobile has been left in a hotel room, cab or car at the train station, it can be locked remotely from either the company’s help desk or via a self service portal.
When the device is retrieved it can be unlocked using a short cut key that only allows access to the office or emergency services.
4. Without giving out names, could you provide us with some real life examples of how MDMs are used by your client based?
Unfortunately we are under NDA’s however the type of scenarios include many pharmaceutical and banking organisations who have extensive sales forces.
When there are thousands of employees over many locations throughout the world device security and application control become primary concerns.
Without this many ERP roll outs have been delayed reducing the potential effectiveness of employees, wasting time with manual documentation and not having information to hand.
By ensuring device security, and having the ability to deploy and update software and services in the field, the companies, and their personnel, can enjoy the benefits of full remote access to information, and at the same time not have to travel back to their respective offices wasting time and resources giving them back a much needed work life balance.
5. How does MDM solve/alleviate the Virus/Malware problem?
FSecure have identified a number of viruses including the proof of concept crossover virus Cxover.A, one that can infect.
It is only a matter of time before more subtle attacks are made on mobile devices as a way of extracting sensitive information from an insecure mobile.
The use of Condico’s service can firstly enforce the use mobile AV products such as f-secure and keep them updated.
Secondly the Condico service can monitor the software residing on the device against a fixed profile and so restrict installation or raise discrepancies for manual or automatic intervention.
Thirdly by controlling the hardware of the device, the service can lock down Bluetooth settings, such as device discovery, so that the device is not open to various sort range attacks.
6. I've noticed on your website that Linux is not in your list of supported OS, is there a particular reason why this is so?
Although there are many Linux handsets, there are actually very few mainstream Linux handsets in the European market at the moment.
At a low level, if a handset uses the OMA DM standards Condico can control it, but like with most smartphone OS we can enable some more specialized control functions.
Unfortunately for Motorola, Linux has had little market impact yet. Saying that in the future, I would expect many more devices with a Linux from Palm and Google by the end of 2008/2009
7. Will the iPhone be supported by Condico mobile?
In theory, yes. However it does depend on iPhone’s support of open industry standard’s or, preferably, opening up the OS for more direct functional control. With the pressure coming from users and governments like France, I would imagine this is only a matter of time, and according to Apple, Q1 2008.
8. What philosophy rules the way you work at Condico?
It’s all about the buzz. We are a small but entrepreneurial company who are passionate about the mobile industry. Trying to predict what will be the next big thing in a highly cyclical, fast moving, inventive and demanding environment provides us with the energy to stretch our imaginations and business acumen to the full.
9. What sites/tools do you consider as vital for your job?
There are a fantastic number of handsets available in the market, new handsets arriving daily, as well as older devices that are still in use.
All the mobile phone manufacturers, software producers and networks websites.
Open Mobile Alliance (opens in new tab), For background information
GSM Arena (opens in new tab), For new and old handsets in the European, Middle East and African markets
INTOmobile (opens in new tab), For daily news
All about Symbian (opens in new tab), For Symbian news
Plus a wide variety of blogs.
We use a variety of presentation tools and mobile technology to be able to demonstrate the abilities of our product anywhere in the world.
10. What are your customers' most sought-after features (i.e. the next thing on your list)?
Condico has a highly capable, scalable and reliable product. We are looking at how we can enhance ease of use, and add much finer control of device functionality. We are putting a lot of effort into these areas and at the same time working with third party software vendors to allow us to control their software within our service. For example CRM/ERP management.
11. How do you envision Condico's future in the next few years?
Our aim is to be a major independent provider of mobile device management, that users respect for not only it’s core abilities such as functionality, security etc, but the way we react quickly to changing market demands.
12. What technology, service or product has impressed you the most in the past few months?
Having worked for Nokia I know that the concept of the Apple iPhone is quite old hat. What has impressed me though is that, imperfect as it is, Apple have actually made part of the concept flesh and for that I applaud them.
The most interesting service will, for a variety of reasons, be Nokia’s Ovi as this will create a truly new global brand and will separate Nokia once and from all from the carrier networks, which are rapidly evolving into bit pipes.