Mobile Device Management: Keeping Your Company Devices Secure

MobileDeviceSecurity-LeadImage.png
Many of us work from different locations, at various times of the day and use an array of devices including laptops, mobile phones and tablets. It's likely that you'll start working on one device and then complete the task later using a different device; typically you might check emails on your phone when out and about, and then respond once you’re in the office. Mobility has become a necessity, but what are the security vulnerabilities?

Many current security setups don’t cover bases when it comes to keeping devices safe. While it’s great to have access to data when you’re out and aboutthere are critical security issues that you need to be aware of.    

  1. What would happen if you or someone on your team loses their mobile phone/it’s stolen?  
  2. Could sensitive data be easily accessed?
  3. Could the accessed data compromise other businesses as well? 
  4. When you get a new device, how easily can you get back up and running again 

The challenge is how to keep your company mobile devices secure, while also giving your team easy access to all the information they need when they’re out of the office.  

 

The problem with most current setups 

As mentioned beforemost current security setups don’t cover all bases.  

Old techniques and tools

The methods and tools that have been relied on for decades to manage, configure and secure devices and users, are becoming less effective as modern work styles evolve. Previously, devices were associated directly with on-premises infrastructure and trust was established between devices and controllers. Specific devices were assigned to users, and applications for users were installed on those devices.  A 4-way paradigm was firmly entrenched between user, device, application and access to information.  This operating model lent itself well to managing access to information and protecting corporate assets, but only if users were operating within the organisational network bounds.  Policies were defined and applied to devices, and users within the network and environments were secured and well managed using mature, well-known processes. This traditional way includes Group Policies, which were applied when necessary and when devices and users were detected on the secured network.

Moving away from central networks

The neat, structured and well-understood information management techniques and tools used in the past are less effective than newer methods.  As users perform activities off the network effectively, if not more effectively, their need to connect to a central network directly diminishes. They can access applications from anywhere and use any device to access information; performing activities when best suited. This operating model challenges the administration, governance and compliance tools used previously. 

Corporate policy challenges

How do corporate policies get applied to devices that never connect to the domain or do so infrequently? Not reliably nor effectively using traditional tools and practices such as Group Policies.  These traditional approaches require users and devices to be present on the company network. 

 

How do you solve this?

  • It would help if you could reach users and the devices that they are operating on, regardless of where they are, and when they are working to apply relevant corporate policies.
  • The distinction between corporate devices and non-corporate devices must be defined. Modern workers use their personal devices to perform work-related activities (BYOD).
  • If someone is using their personal device for work-related activity, it’s important to make it clear how their device will be treated with due consideration but also have the necessary levels of security around accessible company data. Corporate interests need to be protected.
  • There should be a means to remove the specific company from a personal device without compromising personal usage. For example, remote wiping a personal device may not be a suitable course of action. It leaves the entire device reset resulting in the loss of all personal information on the device including the users’ music, photos, contacts and other personal digital assets on the device.

 

Mobile Device Management: The time is now!

Mobile device management (MDM) is a smart option for keeping your company devices secure, inside and outside of the office. If you haven’t already got it, it’s a good time to consider it.

You’ll be able to:

  • Manage the apps that access your company information and what they can do with that information.
  • Manage the mobile devices that are used to access company data (e.g. requiring passwords on all phones, or passwordless using Biometrics - FIDO 2.0).
  • Make sure these devices are compliant with your security requirements such as multi-factor authentication.

Some MDM tools are designed for smart device management, others are designed with application management, and then some offer both device and application management facilities but focus on smart devices.  The ideal MDM tools cater for device management and application management across all devices and device types. The best tools will acknowledge the emergence of digital identities, the security models associated with those, the interaction between digital identities, device, location, risk profile and information type.  A consistent governance framework will ensure that authenticating people is done based on their current risk profile, and at any time, they may be operating multiple digital personas concurrently (which will attract different rights).

A tool like Microsoft Intune will do the job. Microsoft Intune MDM is a component of Enterprise Mobility & Security (EMS).  Unlike other MDM tools, it integrates corporate digital personas associated with Office 365 subscriptions directly and can extend both device and application management controls to Windows 10 devices, iOS device and Android devices based on centralised governance policies, discretely.   

 

Some next steps to consider

It's worth noting that if you have a Microsoft 365, you’ll already have Intune MDM as part of your subscription. If you have Office 365, you can still get Intune MDM - just ask us about how to get it.

For further guidance about the next steps for either scenario or if you’re unsure about your current setup, get in touch and talk to our Continuous Computing team.

We also offer Intune MDM workshops. These are a helpful way to discuss your unique business setup requirements and allow relevant parties to map out the best way forward.  

Written by Mornay Durant, Lead Consultant in Continuous Computing