CMS Enterprise Edition Wishlist

Hello fellow forum dwellers,

I am your average everyday system administrator in a moderately big company. I recently got reassigned to deal with our mobile devices “division” (featuring two people total, yay) and now am looking for some enterprise level security manageability for our mobile devices. The problem so far is that almost all security measures that I found (whether for android, windows mobile or i*****) are designed for the private sector and none have sufficient management features. The only ones with something remotely akin to central administration I know of are blackberries (which our users loathe).

As a long time comodo user, I immediately turned to CMS on my private phone and am quite happy to have it there. And that got me thinking on what features I’d need in addition to what CMS already can in order to make it a viable solution for the company I work at.

These categories need to be dealt with:

  • Central administration
  • Management
  • Malware protection
  • Theft protection
  • Software control
  • Access control
  • Configuration control

Central Administration
What I’d need is a server to which all md connect to. It distributes updates and configuration changes and in returns collects the desired statistical data or incident events. A management console allows me to set all configurations, change policies or completely deploy CMSE to a connected client.
I need to be able to group devices and be able to select to which group of md which policies apply.
Another feature that would be nice to have, would be an automatic backup function, when connected locally using WiFy, that allows us to backup aspects of the md (data, applications, account configurations, etc.).

Basically gather usage statistics on mds and consolidate them into reports. If we know what people use their devices for, we can optimize device utility towards that end (or at least we know we’ve got some users to educate). These statistics need to be able to be set to anonymous (so we can’t track the activity of a single, specific user), in order to accommodate privacy laws in some countries. An export function into various popular output formats (e.g. Excel or Powerpoint) would be appreciated.

Malware protection
You know what needs to be done on this end, and you know it better than I ever could. Carry on.

Theft protection
You current features for theft protection are really nice, I like them. What we need for an enterprise solution is to change the recipient of alerts and reports to the admin server. Also stronger authentication for remote control features are a must. Maybe certificate based with an encrypted connection would be practical.
The wipe feature is of particular interest to me. Can we automatically receive a backup of some of the wiped contents in order to return them onto the device in case we get it back later? (We get to choose what we want backed up first, balancing network load and time for transfer against time to restore)
Lockout: I’d like to be able to have different kinds of lockout available. The one we already have with password protection of course, but also one that simply displays the Comodo logo, with a custom text of our choice. The last version of a lockout is designed to be even more devious: Make it look like a complete system crash. That way it will be hard to detect whether this was caused by a security measure and make the thief less likely to simply toss the md.
Tracking: Enable real time tracking for the tracking function, maybe even with a captor app that allows us to turn a handy into a “stolen handy detector” (you know, like a navigation system that navigates us t our handy). Either way, the ability to plot the path the handy took would be invaluable both in finding it in the first place, but also in some legal proceedings.
I have been stolen!: The ability to turn the handy remotely into a screamer, telling everybody around it at the height of its volume that it has been stolen.

Software control
I want to be able to configure for my devices which software may be installed at all or which software may run on the mds. The second option is of interest, because I may want to disallow the usage of certain apps during business hour but allow them outside of those. Different security policies that can be applied in overlay with the more restrictive setting active, whose activation can be either permanent or during times of the day or days of the week (or both in combination).
Being able to remotely install software might come in handy as well.

Access Control
Which resources may be used? Which websites visited? Having policies at hand that allow or disallow access to some online resources would be helpful. Again they should be differentiate-able by time and day.

Configuration control
I want to be able to enforce configurations to ensure maximum security. For example locking the option “allow apps from outside the market” to disabled would be a good thing.

One playful, if not strictly important feature might be:
Geotriggers. Making settings and their application dependent on geographical location (e.g.: The policy “No visiting Amazon” only applies within 5 km of the workplace).

Anyway, thanks for keeping reading until this point (or shame on you for skipping, whatever applies :wink: ).
I know that wishlist is not going to magically appear over night in the real product, but if we don’t tell you what we’d like to see, you can hardly make it (or some of it) happen. At least I trust you to not be mindreaders.