BYOD (Bring Your Own Device) policies have been evolving over the last decade as companies try to balance the benefits of increased productivity and decreased equipment cost with the menagerie of security considerations that come with covering a host of mobile devices. Employees work best (and happiest) on equipment they’re accustomed to, but an open mobile device policy can poke holes in a company’s network security and provide leak points for sensitive data.
So how to allow employees to bring devices to work and still protect your network security? The answer for many is device and application settings that allow users the freedom to get work done without compromising security (or freedom).
Mobile Device Management (MDM) minimizes risk for companies by keeping close tabs on what happens on each device, and is the more intrusive of the device management strategies. MDM systems allow IT departments to track information about mobile assets such as their owners, their current condition, their usage, service and support requests made for them. Basically, MDM allows the company to see everything happening on a particular smartphone or tablet.
While some applications of this concept can appear totalitarian in practice, everything is geared toward maintaining the security and integrity of a mobile asset. Users must have their mobile devices password protected to prevent unauthorized use by other employees. The IT department may also install remote wiping software so they can ensure deletion of all the data contained on devices that are reported lost or stolen. GPS may also be installed on devices to help track their movement. MDM can also block users from downloading apps that are not on the company’s list of allowed programs. It’s rare that this method is implemented in entirety without complaint from employees who own the monitored devices.
The tricky part is balancing the capabilities of your MDM solution with the privacy and personal interest of the mobile asset owner. Going too far may go against one of the goals of BYOD which is to promote convenience for your employees. This is where Mobile Application Management (MAM) comes in.
MAM focuses more on enabling employees to access company data and applications on their private devices without intrusively securing the entire device. Instead, MAM systems impose control and restrictions only to specific areas/functions or applications. By distinguishing between personal data and company-related data, MAM systems allow IT departments to track and view only what it needs to. If a device is reported lost or stolen, only data the system recognizes as company-related can be remotely erased. MAM also does not fully restrict the download and installation of unlisted programs. It just prevents such programs from accessing corporate data.
The primary drawback of MAM is that it uses a unique code for each type of mobile device, which can require more IT setup time, effort, and resources before it is able to cover all devices.
Integrating an MAM system to your MDM system can be the best solution to finding the right balance between security and enablement. You can let your MDM system handle basic security and integrity while MAM handles advanced and specialized controls. This way, the minimum required level of security can be achieved while still allowing employees to do more work using their mobile devices.
Instead of using a list of allowed programs, you can instead make a list of unwanted programs or a blacklist. You can then set the MDM to handle the blacklisted applications while the MAM handles the rest. This way, employees can still download and install apps that they want without compromising the network with known malware.
Mobile devices offer challenges for business security. But with a thoughtful MDM/MAM policy, you can keep things secure and convenient for employees and guests. Don’t be hasty. Make sure you take your time in determining what elements and functionalities your MDM/MAM solution will possess. With so many options available, it is highly advised that you study each alternative so that you can find the best combination that will work best for your business.
70% of SMBs reported suffering a security breach during the previous 12 months – and companies with fewer than 500 employees were the most vulnerable, with a 75% breach rate.
71% of SMBs are outsourcing their IT needs to a managed service provider.
More than 90% of businesses are either evaluating, adopting or embracing the cloud.
93% of businesses file for bankruptcy after losing data for 10 or more days.
“We believe our success is due to the strength of our team, the breadth of our services, our flexibility in responding to clients, and our focus on strategic support.”
Javier Gomez, CEO
$500 billion will be spent in the greater cloud market by 2020.
Billions of devices will be connected to the Internet of Things by 2025, exponentially increasing demand for MSPs to back up growing companies.
The average price of a data breach now stands at about $4 million.