MDM vs. MTD: What Most Companies Get Wrong About Mobile Security Artwork

Frontline Mobility Edge

Frontline Mobility Edge takes a look at mobility in the enterprise, focusing on workforce devices, business applications, and the technology behind them.

All Episodes

Frontline Mobility Edge

MDM vs. MTD: What Most Companies Get Wrong About Mobile Security

June 11, 2026 • BlueFletch

0:00 | 39:16

Most companies manage their mobile devices. Far fewer actually secure them. There's a difference, and it matters more than ever.

Brett Cooper sits down with Paul Troisi, founder of Troy Mobility, to break down the gap between mobile device management (MDM) and mobile threat defense (MTD), why device count isn't the same as risk, and what a real mobile security strategy looks like from day one through day two and beyond.

In this episode:
→ MDM vs. MTD vs. UEM: What the acronyms actually mean and where they fall short
→ The mobile threat landscape in 2025: phishing, smishing, quishing, and app vulnerabilities
→ BYOD vs. corporate-owned: The privacy policies most IT teams don't fully understand
→ Why "set it and forget it" is the most dangerous approach to mobile security
→ Zero trust and why mobile devices need the same security parity as laptops
→ How Troy Mobility runs a mobility assessment (and what it reveals)

Whether you're running 50 devices or 5,000, risk drives the strategy, not fleet size.

━━━━━━━━━━━━━━━━━━━━━━━
The Frontline Mobility Edge is hosted by Brett Cooper, COO of BlueFletch. New episodes explore how enterprise mobility, security, and identity are reshaping the frontline workforce.

Welcome And Guest Introduction

SPEAKER_00 0:04

I'm Brett Cooper and this is the Frontline Mobility Edge, where we discuss the latest in mobile device technologies and how they're shaping the frontline landscape business. Thank you for joining us. Let's get started. Hello, welcome to another episode of the Frontline Mobility Edge. I'm Brett Cooper, joined today by Paul Triosi. Dice, did I get it right this time? Troisi. This is why you don't let the dyslexic guy uh pronounce names. Uh today, Paul, thank you for joining me. Today we're going to talk about the um a bit about what I'm going to call and describe as Paul's expertise, which is MDM plus MTD. So really thinking about not just locking down and managing devices, but also how do you secure devices at the edge, which is something that Paul's company has a lot of expertise around.

Starting A Mobility Company In 2008

SPEAKER_00 0:48

So Paul, you you started a company called Troy Mobility and right around the time when myself and my partner started Blue Flash 2008. I'm going to call it the uh the last Great Depression. Hopefully not the not the uh not the current one is is gonna be bad. But I guess can you talk a little bit about what was the impetus for starting Troy at that time? I know you were doing some work in the, I believe, telecom space with uh some of the was it Erickson or the other ones out out there?

SPEAKER_01 1:13

I was actually mostly in the hosted voice over IP space back then, um, you know, sort of carrier stuff for a little bit, then transitioned into hosted voice over IP way before its time. Um you know, as far as I I could tell. But, you know, like a lot of people got jammed up in that 2008 recession. Um, you know, at the time, you know, father of four children, two sets of twins, had to try and keep a roof over my head. So, you know, trying to figure it all out, um, kind of stepped back from what I was doing and said, you know, let's go ahead and put a an air on the ground here and let's try and figure out, you know, what's going on in the industry. And, you know, at the time, if we think back to 2008, we were talking about, you know, iPhone time, and and really the only ones that were really rolling, you know, ruling supreme was, you know, the blackberries of the world. They were the only ones that were working in the enterprise. And, you know, all of a sudden we saw this little shiny new gadget called the iPhone coming into the enterprise. And many people had no idea how to manage it, control it, get any visibility on it. So, um, you know, I started doing some research and mobility and and came across this little known industry that was just starting to bloom, which was called MDM. And um, you know, I was fortunate I was able to partner with one of the leaders in the space called Mobile Iron at the time. And, you know, fortunately, uh the cards aligned and read the tea leaves correctly and you know started a business in 2009. Um, and then from there, you know, just hired a couple engineers and and just continue to, you know, try and support the types of customers that we wanted to. And and I think the real key, pardon me, the real key for us was, you know, at that time, the only companies that were really out there were taking care of the real big dogs because they were the only ones out there that really found that they had the need. Um, and my approach was, well, guess what? You know, the smaller companies, the mid-sized companies, mid-market type companies, they had the same exact needs, but nobody's, you know, giving them the love and the attention that they need. So I said, well, let's just let's build a company around taking care of SMB and mid-market, because same needs as the large enterprise. The only difference is they've they've got smaller teams, they don't have as much industrial knowledge, and and they have smaller budgets. So they need a company like us that could come in and you know and help support them in their endeavors in the mobile security and at the time MDM endeavors.

SPEAKER_00 3:46

Yeah, I remember actually talking to a one of the larger MDM companies, and I think one of their sales guys said that if they have less than 5,000 devices, we won't talk to them. So there's just there's definitely a white space in the market for SMBs and mid-size, so the 100 to 500, or even sometimes 5,000 devices in that case. For your your landscape of companies you support, your team support, is there certain industries you guys focus on? And then then is there anything that's that's common across them?

SPEAKER_01 4:15

Um we don't necessarily cater to any particular vertical, Brett. Um, just only because when you think about where we're at today with mobility, um, every company has the challenge. There's there's really not too many companies out there that aren't trying to figure out how do we manage these devices, how do we get visibility? Are there particular regulatory compliances we need to be aware of? How does mobile fit into our stack? Do we have mobile parity, you know, with our regular traditional endpoints? Everybody has that same problem. It's just varying degrees and levels of depth that they're in that really kind of dictate which way and how we can actually help them um achieve some level of success with mobile security.

SPEAKER_00 5:01

Yeah, it's a I know you guys work across, I think, banking, healthcare, yeah, retail. Definitely a wide, wide breadth of customers, and it's different, different security landscapes and footprints across all of

MDM Versus MTD Explained Clearly

SPEAKER_00 5:12

those. Hopping to topics, the first topic I had is just the definition of I'm gonna call it MDM versus MTD. For those out there that aren't familiar with MTB, MTD, can you articulate what that is and then how it's different than the mobile device management space? Sure. Absolutely.

SPEAKER_01 5:30

So, you know, if you think about the iterations of the acronyms that we use in mobile, you know, it started with MDM, and then off of MDM came MAM for mobile application management, mobile identity management, mobile content management. So MDM sort of started as how do we gain some level of management and visibility over our devices? Um, and then they piled on the additional uh levels of functionality, which then morphed into EMM, Enterprise Mobility Management, where we incorporated all of the device identity, content, applications all into one level of platform. And now we we sit at what we call UEN, which is unified endpoint management, where ultimately what we're trying to do is achieve a level of parity on your devices across a single pane of glass. Okay, so this is where we're at today. But at the heart of it, it's still about management and visibility. It's not about mobile security, it's about being able to distribute applications, manage applications, manage configurations. So you have a level of control and visibility over the devices. When we start talking about MTD, mobile threat defense, we start talking about a few different pillars there, okay? And that is the protection of device, network, application, phishing, submission, quishing, okay, all of the security layers that we want to be looking at on the device. So when we talk about device being able to protect against devices that might be jailbroken or rooted, network capabilities where we're protecting against man-in-the-middle attacks, we're protecting against your users attaching to unsecured Wi-Fi environments and the remediation we can take on that. Um applications. You know, for years, companies have been putting out applications. Some are good, some are bad. Um, you know, and although Google and Apple do a really great job of vetting the initial applications, there are times that code gets through on the updates of those applications that could potentially leave you vulnerable. Um, and then, you know, clearly over the last uh probably five, seven years, we've now seen this incredible uh uptick in phishing campaigns and how threat actors are using now, you know, business email. They're using um, you know, text messaging uh for you know smishing attacks. Think about 2020 when we went through COVID. Nobody had menus on the restaurant tables, right? Everything was a QR code. So let's go ahead and scan that. My least favorite invention of COVID.

SPEAKER_00 8:14

Yeah. You know,

The Main MTD Vendors Today

SPEAKER_00 8:16

um, I guess with the the MTD landscape, what is the are there key vendors out there? So I know in MDM, it's the the SOTI's, the Workspace Ones, the Intunes, the mobile irons, like in the MTD, are there like three or four that you you have the majority of the market right now?

SPEAKER_01 8:32

Yeah, so so clearly Lookout um is one of the leaders. We actually in line with them back in 2016 when they were first coming to market with their enterprise product. They were primarily a personally owned, not personally owned, but more of a free application for consumers, um, early stages. Then they've, you know, um moved up more into the enterprise space. You've got the Zimperium out there. Uh Checkpoint has a platform called Checkpoint Harmony. You have a new upcomer called iVerify that's really doing a lot with their platform that's really based on AI and and machine learning and and what's happening on that device so that we can now start to gain insight into how is that user using that device? And can we recognize any anomalies that are going on with that device that might trigger what is happening? You know, do we have uh a malicious attack? Do we have a bad, you know, uh text message coming through? Are we being you know infiltrated with a phishing attack? Um, are we going to bad links? Are we going to bad um, you know, websites that we shouldn't be going to? So, you know, we are now starting to see, we're now starting to see more vendors in the MTD space coming in, just like we saw back in the 2010s in that 2010-2020 area, where you saw a lot of MDM vendors coming in, and you saw the AirWatches, the Mobile Irons, the Mass 360s, then you saw a whole new batch of new guys coming in, like HexNode and ScaleFusion and Esper. These guys are now, you know, sort of the, I like to call them the young bucks in the industry. Um, even though they've been around for a long time, they're really starting to make more impact on the on the enterprise. So the MTD vendors that we're seeing

Will MDM And MTD Merge

SPEAKER_01 10:21

out there.

SPEAKER_00 10:21

Those vendors, the MTD side versus the MBM side. Do you see a consolidation of those coming together? So I I feel like they're they're pretty spread apart right now. Like I don't see like maybe Ivanti is the closest where they brought in, they bought mobile air and they have their other some other MTD pieces. Is there gonna be a consolidation or do you think they're gonna continue to stay as as separate tools? Any any thoughts on why they should or should they?

SPEAKER_01 10:42

Hold on, let me shake up my Magic 8 ball. My Magic 8 ball says they're gonna stay separate. Okay. And the reason I say they're gonna stay separate is because MDM can live alone and MTD can live alone. The question then becomes is how do we coexist together? And um you'll you've already started to see uh the the AirWatches, the Intunes, the Avanties already integrating an MTD SDK into their onboard agent for the for the device. So now what you have is if you've already deployed an MDM agent to those devices, all you have to do is turn on the capabilities. By turning on that capabilities, you don't have to distribute another application. You don't need to worry about that user saying, hey, what application is this? Why is this coming on my device? Why is this being pushed down to it? You have um incredible adoption out of the gates because it's already embedded. The SDK is already embedded in the agent. Now, not to say it's 100% parity to parity, because there may be features and functions that your MTD might provide as a standalone MTD compared to the integrated SDK, but I think it really all depends upon what level of uh integration the MTD and the MDM vendors want to play together.

SPEAKER_00 12:02

So I'll take your magic ape off for it. We'll go from there.

Cloud Access Changes The Threat Model

SPEAKER_00 12:07

Shifting gears topics is the landscape. And you mentioned this a bit, like with a lot of the phishing changes, phishing smishing, uh, quishing all these different like new threats out there. You know, 20 years ago, it was Windows CE and Blackberry, like you said. So you have your Bez server or you have your SECM server on the window side. And there wasn't a ton of stuff on there. It was green screens or maybe some email. How is the threat landscape evolving? And what are the the I guess what are the things and blind spots that companies are missing as they're as this is changing?

SPEAKER_01 12:46

I mean, that's that's a big long question. That could be a standalone topic in and of itself, Brett. I mean, there are so many different blind spots that companies are trying to be aware of and try and cover off on. You know, back when it was BES, it was easy. It was an inline platform, and that was the only single point of failure you had was your BES server. These days, now with you know, uh email being served up on O365 or Google Workspaces, not many companies are still on-prem with their exchange. So, you know, now we're dealing with cloud services. And clearly after 2020, you saw this incredible rise of digital transformation. How do we move from our on-prem processes into cloud services? So now that requires a whole different level of security because, you know, before we had it hardened, you had to go through the VPN. You want to get behind the firewall, you have to go through our VPN. Period, end of statement. Okay. But now where things are so much more open in the cloud, now we have to start thinking about can we simplify our user experience by implementing a single sign-on solution? Can we strengthen our overall security posture by implementing an identity platform, federating those cloud services so those users can't gain access to those cloud services unless they actually authenticate against our IDP, you know, an Okta or an Entra or Pink Federate, whatever. So what you find is now this whole revolutionary change on how are we securing access to our applications and to our content. Um, it doesn't always need to be just about the device, but think about the intellectual property that might be sitting in these cloud services. These are, you know, uh platforms that are running businesses, multinational, multi-billion dollar businesses, and we're putting all of that data in the cloud. And we're saying to our employees, you have access to that. There's a lot of difference.

SPEAKER_00 14:42

How is it different than what we've historically done with laptops? When you think of a mobile device versus a laptop, it seems like what you're saying, these are the problems that we've dealt with on a mobile laptop that you know an executive or a field worker has taken out to the field. How is it different or more challenging or structurally or technically different in how you guys deal with it?

Device Parity Between Phone And Laptop

SPEAKER_01 15:07

For years, I have been saying this very simple uh philosophy, Brett. There needs to be device parity. Okay? You cannot continue to treat a mobile device differently than a laptop. It's accessing the same content, it's getting the same email on your device, um, it's going to the same cloud services to the laptop. But go ahead and go to a conference and you see so many people walking around with a backpack on their back. Most of those have a laptop that probably has three or four different levels of technology and security on it. Might have a VPN, it might have an EDR XDR, it has, you know, before uh, you know, anti-malware, spyware, et cetera, on that device. That thing never comes out of the backpack. Everybody's walking around with this in their hand. And now all of a sudden, all you see is everybody with thumbs. They responding to email, they're responding, you know, they're they're getting quotes out the door on a tablet, they're they're doing their job. This is making life a little bit easier for them. Companies need to be looking at that and saying, how are we achieving a level of device parity where we have that same level of security on our mobile enterprise as we do as our traditional enterprise? So you that's the big challenge because we we hear it all the time. Ah, it's it's just a mobile device. This is a small version of a computer, except in your back pocket, that is so much easier to leave in the back pocket of an airplane, of a taxi cab, um, at an event. You know, next thing you know, you get sidetracked, you're in a conversation, you have your phone on the table on the desk. Where's my phone?

SPEAKER_00 16:50

Yeah.

SPEAKER_01 16:50

Right? Most people can't go without this device in their handful of anything more than 90 seconds before they start going, where's my device? It's a big difference.

SPEAKER_00 17:00

Um it brings me to my next topic I had a question on.

BYOD Privacy Limits And Zero Trust

SPEAKER_00 17:03

The and this is, I feel like a lot of companies, your the phones people use are their personal phones. It's BYOD, so bring your own device, and then their laptops are corporate owned. In the mobility landscape, it's you know, a lot of bigger enterprises have dedicated mobile devices, they'll private those employees versus BYOD. How are how do you perceive the gotchas or the things that people miss around the BYOD versus the corporate-owned?

SPEAKER_01 17:36

When they get to that point, Brett, they're looking, saying, how do I secure this device as tight as I can and allow my end users the flexibility of using their own device so that they don't need to carry around two devices. The hard reality is most organizations need to understand the privacy policies by Google and Apple govern anything in the mobile security world. If you're dealing with a personally owned device, a BYO, they have to be respectful and cognizant of the fact that Google and Apple have a stronger privacy policy in place in order for them to not invade upon end users' privacy policies, privacies. So when we start talking about the differences between corporate-owned and employee-owned, this is where you need to start more strengthening the processes than the device. Okay, so when we counsel and we speak with our customers around what's the best approach to BYO, you need to strengthen all of the peripheral services that you're looking at. And that can be, you know, MDM and MTD on the security side, but then you really gotta, you really need to start talking with them about ZTA and zero trust. Okay. And by moving them into an environment that says, hey, never trust, always verify. And you're not allowed access to these services unless you're doing it on a security and managed device and you have passed our authentication capabilities. Now we're not invading on their privacy policies. We're not looking at text, we're not looking at camera rolls, we're not looking at call logs, browsing history, or anything of that nature. But what we are seeing is we need to strengthen our overall exterior posture. Unlike a corporate-owned device that is either set up utilizing Apple Business Manager for iOS devices, uh, Android Zero Touch enrollment, where we're able to lock that down or use Android Enterprise dedicated device. Now you have demonstrated that I, as the organization, own these devices, and I am at liberty to put a stronger security posture on those devices and lock down certain features that I do not need or want my employees to use. Many times, for instance, with Android, you cannot put a personally owned device into kiosk mode and lock out certain features. It's going to be frowned upon. Same thing with supervised devices with iOS. You can't lock down certain capabilities, and the MDMs need to validate these all up against Apple and Google before they'll actually go forward and put you know put something out to market. So there is always it's it's been it's been a conversation that we've had for 16 years now, Brad. Do I go BYO? Do I go corporate-owned? Or in many scenarios, it's a combination. You know, you might have a series of frontline workers that need access to shared devices, right? You know, refletch, this is what you guys do. You know, how do we do that? But in the same console, how can we manage a um a set of workers that we are allowing personally owned devices? And can we achieve a level of um clarity and through a single pane of glass, be able to manage all of those assets? So, you know, every organization's different. And oftentimes we will consult with organizations around do you need to fit to a certain level of compliance? Are you bound by a regulatory compliance? Because if you are and you have highly confidential information and PII or PHI that's floating to those devices, you very well may need to bite the bully and go corporate-owned devices. For those workers that maybe aren't accessing that kind of data, you can go BYO.

SPEAKER_00 21:41

And then everyone's carrying two devices and they love it. No, you got you gotta do that. It makes sense. Um on that the note of different different company types, the you know, regulations and I know you work, you mentioned this, the smaller businesses through mid size and large, like in you know, the question everybody wants to know is just.

Risk Matters More Than Device Count

SPEAKER_00 22:00

Size really matter. So device count. You use the phrase device count is not the same as risk. I've seen you use this before when I've seen some of your things. How do you think about smaller companies? It feels like some of the things you've said give give me some anxiety of a small company may be even more exposed than large companies. How do you think about that balance of a corporate size or fleet size versus the risk size?

SPEAKER_01 22:27

We always start really from the risk side, Brett. Okay, because just think about our industry these days, right? We have a lot of small to mid-size financial service firms. We have a lot of small to mid-size healthcare institutions. We have so many different types of companies that need to be bound by regulatory compliances where we need to be evaluating risk versus the size of your deployment. Okay, so size doesn't matter. Risk matters. And how do we mitigate that risk the best we can? So in order for us to be able to say, here, look, what's the most viable solution? Because at the end of the day, we really try to we try and remain in Switzerland. We try and say, look, let's help you evaluate where the risk lies, and let's help you evaluate what's going to be the best solution and the best strategy. Because the best strategy is one that is planned out and started. But when you start thinking about how are we going to look at this strategy, we look at things a couple of different ways. A, look at it as a layered approach to mobile security. B, we look at it as a phased approach because the Big Bang Theory only worked once or twice in our society. All right. So let's go ahead and look at how do we keep our users involved and embrace engage. How do we continue to make it simplistic for them to do their job and be effective and efficient out there? And let's not jam so much technology down their throat on a device that all of a sudden you have a revolt on your hand and they say, I'm not doing any of it, because it's just too much. So being able to take a phased approach, regardless of the size of the organization, and say, How do we best secure, manage, gain visibility, and protect your intellectual property, your confidential information, your customers' data, et cetera, regardless of the size of your organization. We have customers that are 50-100 seats, and they maintain a level of high risk because of the confidential nature of their business. We have customers that are 2,500 that say, hey, we have that same level of risk as that guy that has 100. Only difference is scale. Once it's in place, it's very scalable. So it's it's really more about the risk and the processes than it is about the size.

SPEAKER_00 25:02

So a risk, risk-driven mobile strategy.

Balancing Security With User Experience

SPEAKER_00 25:04

And with that, I I know one of the things the with the guys on the team is like, yeah, CISOs are the hardest buyer because they never want to change and they don't want to give users access to anything, which creates a terrible user experience. How do you manage or think about managing when you're working with customers the end user experience versus the you know being able to have security at the same time? How do you balance those two opposing forces?

SPEAKER_01 25:31

Well, I think the easiest way to do it is make sure that you have a cross-functional uh group that's in in charge of evaluating the solutions. Clearly, CIO or CISO has has their strategy and has their, you know, um, their wherewithal around what they want to be doing and how they want to be doing it. But you know, the best counsel we often make is have a cross-functional set of users across your organization that is part of your test user group. Um and in doing so, you now are pressure testing everything that you're gonna try and roll out, you're pressure testing up against those particular business units or users within those particular groups. This way it also lends validity and verification up through the C-suite that says, hey, we down here, guys, us people, we believe that this is the best path forward for us to move. So, you know, CIOs and CISOs are under tremendous pressure these days to make sure they get it right. Um, you know, where we come in again is agnostic, objective, bring in some expertise and experience with helping them evaluate and figure out what's the best. We often take our customers through a mobility assessment. Okay. And that's that's one of the easiest ways for us to deal with it is let's do a mobility assessment. Let's assess what that risk looks like for you. And then from there, then we might be able to make appropriate recommendations as to what might be the best solutions forward or what the best strategy is going to be to move forward.

The Assessment And POC Approach

SPEAKER_00 27:07

Can you talk a bit more about like your process? So when Troy Mobility gets hired by somebody, what is like what is that project, what do those phases look like? So I'm assuming you don't just come in and be like, use this MDM, use this MTD. Like you go through a process. What is the process you work with? And you mentioned a couple stakeholders. Like, how do you operate and get from point A to point B where you actually have a good security policy without having that bad user experience?

SPEAKER_01 27:35

I think the first thing that we always start with is that assessment, Brett. Um, especially when we're dealing with sort of a greenfield environment where they're saying, well, we don't know what we don't know. Okay, that's why we're hiring you. So we will come in, we'll do an assessment, we'll spend a few hours, we'll speak to different user groups to understand who's going to be engaged, what their critical uh success factors are of the project, kind of lay that all out. Once we take that, we digest it back, then we're able to come back to the customer and say, look, you know, based upon this assessment, based upon what our findings are and our conversations, we may suggest this path. And that path may include this vendor, this vendor, and this vendor. Okay, let's go ahead and, you know, if this sounds right to you, let's do a small POC of a couple of different vendors to make sure that that use case actually fits the technology. Because the one thing that we are not fond of is banging a square peg into a round hole. So let's make sure that that peg fits in perfectly. And there's enough options and enough choices out there to say, here, based upon what we may consider to be your three to five year strategy, this is a good direction. This might not be a great direction because what we don't ever want to be doing is getting into a situation where we're putting a user into a technology that doesn't fit, and in two years we have to rip and replace. It's disruptive, it's costly, it's ineffective. So instead of us coming to the table and saying we're a product company, we're a consulting company. We're consulting with our customers to make sure that they understand what is the best strategy for us to move forward and then leverage years of experience and working with these various vendors to say, here's what we consider to be a best-of-breed stack that you can drive towards. And it doesn't need to be in 12 months, but it might be over a 24 or 36 month period. But then off of that, once we get through that, then we provide our customers options. And those options might be looked, if you want to just have support from the vendor, feel free. Do you want to leverage our team for professional services for implementation support? And do you want to be able to leverage us in post-sale and post-implementation support? Now that we've gone ahead, we've implemented your strategy, we've implemented your technology. Do you want to have a managed mobility services company that's your tier one organization? Do you want to be able to call us and talk to the engineers that just did your implementation? So, you know, for us, we try and consider ourselves to be full service from the ground to the sky, okay, and sort of everything in between. But it's not standard for everybody. Every organization is going to be a little bit different. So we have to adjust our strategy to fit their strategy. And that's that's the benefit of Tor Mobility's kind of like to say our small company is we're nimble. And and that's that's beneficial to many organizations that we work with.

SPEAKER_00 30:40

I want to pull the thread

Day Two Support And Monitoring Reality

SPEAKER_00 30:41

on one of the things. You you had mentioned the there's no big bang projects. And I feel like there's so many companies that they want to do, you know, pull it in day one and then just leave it for the next four or five years. You alluded there to a lot of things that happen. I'll call I think one of my old managers called this day two. So day two is every day after day one, which you know is the next like 10,000 days. What are the things you see people miss with that day two strategy and the ongoing support, run the business type of activities for mobility?

SPEAKER_01 31:14

I think a lot of organizations do come away once they're implemented and say, yeah, we got this. Okay. Um, and and in particular, the markets that we service and support Brett and the SMB and the mid-market, is that they're wearing so many hats on their heads from an IT perspective and a security perspective. See, yeah, we got this. But when you're not looking at it on a daily basis, things can slide through the cracks. When you don't know how to take appropriate actions on devices or processes when they break, and then they sit there and stall, and the break continues to get bigger and bigger instead of having somebody say, Time out, we've got a little bit of a problem over here. Okay. So what we see oftentimes is companies say, We got it. Day two, we're good, we're implemented, we're in a support mode. Guess what? Mobile security is not a Ronko oven. We can't just put the chicken in it and check it four hours later and expect our rotisserie chicken to be perfect because it constantly requires um a little bit of diligence, a little bit of oversight. It continues a little bit more of monitoring and management around what's going on with your overall enterprise strategy, that it's not just let's just set it and forget it, and we're done, and everything is great. So it's a it's it's a little bit of a problem that we do see. Um, but it also depends upon the institutional knowledge of the organization. Do they understand mobile or are they just saying, hey, look, we got it.

SPEAKER_00 32:52

Yeah. It's also maybe a prize for the first person to mention Ronco oven. No, it's been a good 10 years since I've heard that one. Are they still around?

SPEAKER_01 33:00

I I have no idea. I don't have one. But you know, that was their big pitch. You know, set it and forget it.

SPEAKER_00 33:06

Yeah. No.

SPEAKER_01 33:06

Just put it in. You know?

SPEAKER_00 33:08

Yeah, it's good to go. Just come back after work and your thing's done. It's like the crock pot. It's like the crock pot of it.

SPEAKER_01 33:13

No, it's not a Ronco oven, it's a crock pot. I love my crock pot.

SPEAKER_00 33:16

It's awesome. Uh so last topic to close this out.

AI Driven Threats Over Next Years

SPEAKER_00 33:19

And this is uh, you might have pulled magic eight ball back out and do the thing again, but where do you see the threat landscape and mobile security heading over the next three to five years? So I you you know you and I talked previously about AI, just some of the how easy it is for you know in the 90s and early 2000s script kitties, now it's the AI kitties that are just able to leverage these tools very, very quickly. Where do you see both the the threat landscape evolving and the security landscape evolving?

SPEAKER_01 33:48

Well, I think if you if we take a look back, right, everybody wants to go AI, AI, AI, AI, AI, AI, right? AI is the biggest catchphrase out there right now. But the hard reality is, Brett, is that the threat actors and the bad actors out there have been using this kind of technology for phishing attacks for years. Um, I did a conversation, um, I led a key, not a keynote, but a breakout session, I don't know, about seven, eight months back at one of our vendors. And we really talked about the fact that AI is making things way easier for the threat actors to be able to find better opportunities, make them way more personalized than ever before, okay, and way more authentic than they were before. So, where that's leading to is the technologies that we need to be deploying on mobile, regardless if they're personally owned or corporate-owned devices, needs to be built on AI framework. Okay, it needs to be built such a way that it understands AI characteristics, that understand what are the what are the types of of problems that we're encountering? Why is it happening? And by leveraging things like machine learning and understanding a user's behavior on the device and being able to recognize is this an AI threat and is this being originated out of an AI threat? But more importantly, how can we proactively address that so that it's not a reactive remediation, it's a proactive remediation. How do we prevent it from even getting to this device? How do we anticipate what could happen? Um, you know, the hard reality is, you know, things like UPS and US Postal Service and FedEx are all making it not easier, but you know, that's the biggest smishing attack out there is hey, your package is delayed. Amazon is sending you a text message with the adoption of so much shipping that most people are utilizing online services. So they say, Whoa I want to see where my package is. I just got a text from from Amazon. I gotta see what's going on. And without any thought or forethought, they're immediately clicking. Okay. So, you know, my sense is we need to be building platforms that are way more reactive, uh way more proactive these days. They're built on AI frameworks so that we can anticipate what those threats are going to look like. And overall, companies really need to be looking at what are the processes and platforms we can be putting in place to help strengthen our overall security posture and not being viewed as being invasive to the employee, but being viewed as being very responsible, even if they are working on their personally owned devices. Because at the end of the day, there needs to be a social contract between the employee and the employer, that the employer is not going to do anything malicious to those devices, and that they really are just looking out for the best interests of the business and protecting their corporate assets.

SPEAKER_00 37:08

Yep. It'll be it'd be interesting in the next couple of years. All right, so just to wrap it up,

Key Takeaways And How To Connect

SPEAKER_00 37:12

a couple key things. Uh my my key takeaways I'm coming away. I think the MTD is very important. It is different than MDM. So really the mobile threat defense is thinking through, like you said, the zero-day, the reactive um security, proactive security on devices as opposed to just device software and um postures. The BYOD thing you mentioned around you know, it is that balance between privacy and security is incredibly important, making sure that we get that right, just something people need to do. And then I think the the phrase you had around the risk-driven mobile strategy, really balancing the risk. You know, for small companies, big companies, the risk is going to be the same. You just need to make sure you have strategies that are aligned to it. So there are a couple of key takeaways I have. Paul, if somebody wanted to find out more about Troy Mobility, where would they reach out to you? At is there a website? Are you um I know you're active on LinkedIn because I follow you and you have a lot of good posts, but um maybe uh throw out your your the Troy Mobility website if it's Yep.

SPEAKER_01 38:15

Um Troymobility.com. We do have a contact us form right there. Um if you just wanted to reach out via email, you could easily reach out to info at Troymobility.com or sales at Troymobility.com. Um those aliases will get uh populated within the organization. Um, yeah, please I invite you to follow me on on LinkedIn. Um I think I'm only one of two Paul Troices out there. Um, or if you just look up Troy Mobility, we've we we have our own uh company page out there, and you can find me via via that link as well.

SPEAKER_00 38:50

Excellent. Paul, thanks for being on today. Appreciate it, and uh have a good one. Brett, thank you. I appreciate the opportunity. Have a wonderful weekend. Thank you for tuning in to Frontline Mobility Edge. If you enjoyed this episode, make sure to subscribe for more content every month. If you'd like to learn more about Blue Fletch, check out the link in the description or visit us at bluefletch.com. See you next time.