Brown’s Bytes – Mobile Patching – Check Before You Buy
Welcome to Brown’s Bytes! Your weekly insight from Mobliciti’s CTO Andy Brown. Follow #brownsbytes
25th January 2019
As touched upon by the “Old Phone Challenge”, there is an area that sometimes gets overlooked upon in the rush to get the best deal on handsets in the Enterprise – how long updates are going to be available for. This was one of the main reasons I chose an Apple iPhone 6S as it is still supported by Apple and getting updates for the foreseeable future.
As regular readers will doubtless know, OS Updates are an area that I come back to quite a bit because many roads in mobile lead back here. These monolithic updates to the phone operating system contain a mixture of feature upgrades/changes, bug fixes and most crucially SECURITY FIXES.
I can’t emphasise enough that running the latest security fixes on mobile is vital. These devices are particularly at risk because:
- People use them a LOT (all day in some cases)
- They are connected to the Internet by default – all the time
- There is very sensitive data on them (email alone ensures that)
- Users will use them on a variety of networks
- Users have a history of just clicking yes to stuff on mobile in a way they don’t on a PC (a whole topic for another day)
- Bad actors are increasingly targeting mobile users and devices – they are simply going where the users are
Putting aside Mobile Threat Defence for a minute (although you really should be deploying this now), it is the bare minimum to check and make sure that devices are:
a. Up-to-date with available updates
b. Actually, still getting updates from the manufacturer
Option b is quite often getting missed at present and sweating phone assets for longer increases the risk of something important getting missed.
Now if you’re running an Apple estate then it’s pretty easy to stay on top of this. Apple has a good track record for updates as stated above and have been fairly consistent over the years about when devices drop off the update path.
Step outside Apple, however, and you need to check much more carefully. Many manufacturers will say that they will provide updates for x years (let’s say it’s 3 years). That doesn’t sound too bad really, but remember it’s often the case that the clock starts when the device is launched.
Now consider that Enterprises have a habit of ranging a device and then wanting to stay the same for as long as possible – and for good reason… ranging multiple devices creates extra work for IT. It’s therefore often business customers who’ll be the ones using up the stock of older models across all kinds of IT kit (not just phones).
So, let’s say you’ve checked and found out there is a 3-year window for updates, but you just bought the last of the devices 2 years after it was launched… that’s not only a problem but potentially a security risk (and should probably be tracked as such).
Unfortunately, this mess is just something that needs to be managed and it really needs to be part of the criteria for ranging phones going forward. And, it needs to be considered throughout the life of the device also – it’s not unheard of for the goalposts to move in this area!
We can help with this, or even take the problem off your hands. Get in touch if you’d like to know more about our range of managed services and device sourcing options.