Mobile Device Management: What is it and Why You Need it?
Now more than ever, organizations must implement cyber security and corporate data protection for a broadly distributed workforce. During the COVID-19 pandemic, millions of employees globally have quickly made the shift from corporate offices to working from home. Working from home is the new normal. The immediate need to lock down offices and send employees to work from home made thoughts of cyber security take a backseat as businesses tried to adjust.
Not only are more employees working from home than ever before, they are also working across a broad range of devices, including smartphones and tablets. Employees have requested anytime, anywhere access to corporate data and applications. This access creates a unique security risk to corporate data whether employees are accessing the data through devices that are company issued or BYOD (Bring Your Own Device). It is now vital for organizations of all sizes to implement mobile device management (MDM).
What is mobile device management (MDM)?
Mobile device management enables organizations to securely manage mobile access to corporate data, services, and applications across a range of devices, including smartphones and tablets. All advanced MDM platforms support iOS, Android, and Windows Phone operating systems.
Protek supports two levels of MDM. Basic MDM capabilities, including the ability to remove company data from the mobile device, are available in the core Microsoft 365 subscription. For more advanced requirements, Protek recommends Microsoft enterprise licensing, which unlocks the capabilities of Microsoft Intune, their top of the line MDM and mobile application management platform.
MDM will help organizations defend against intellectual property loss or theft and unauthorized access to corporate resources and data. MDM works in concert with other security practices, such as requiring a PIN to access a mobile device with company data, strong passwords, multi-factor authentication, and geofencing or location tracking to prevent access from foreign countries or potentially hostile locations.
Five Common MDM Use Cases:
1. Enforced mobile security
MDM gives admins the ability to enforce block access to mobile applications with corporate data, if the mobile device is out of compliance the company’s mobile security policies. For instance, common policies require a standard mobile password and password length. Managers can also control how long a device can sit idle before it locks. Access to company data can be blocked until the device is in compliance with these passwords and time out policies. Additionally, if the user fails the password challenge after a number tries, the MDM service can automatically remotely wipe the device. Although, this setting should be used with caution as children could accidentally get the device wiped.
2. Remote data wipe for lost devices
Corporate email contains tons of sensitive intellectual property, trade secrets and other company private information. In the event a mobile device is lost or stolen, admins need the ability to remotely and selectively wipe corporate data from a mobile device. MDM gives admins the ability to wipe the entire device or selective data, such as an email profile along with all the cached email. Obviously, remote wipe functions need to be deployed transparently with users and carefully configured so users are not adversely impacted by personal data loss on their device.
For corporate issued devices, MDM can be used to track the geolocation of the device and block access or remotely wipe the device if it attempts access outside a prescribed geographical boundary. Many companies have field based employees who work within a well defined geographical radius and geofencing can be a critical tool for blocking rogue access from a lost or stolen device.
4. Prevent data leakage and IP theft
MDM also gives admins the ability to prevent the leakage or theft of sensitive corporate data through common copy/paste and local save functions to the device. This function requires the more advanced Microsoft Intune capability, but admins can block users from copy/paste functions from corporate apps to personal apps on the device, thereby protecting sensitive corporate data.
5. Device management, en masse
MDM enables organizations to do automatic device enrollment and configuration for large numbers of devices. For instance, a user can be given a brand new iPhone and instructed to install the Intune Company Portal from the Apple AppStore and with a few clicks and a single login, the company’s device management policies can be rolled out to the user’s phone. The company benefits from automated deployment and enforcement, while the user is able to gain access and be compliant through a simple, self service excercise.
MDM requires expert guidance and advice, before being deployed. Protek clients who wish to learn more about MDM should reach out to Michelle Lawson for a consultation.