Mobile Device Management commonly referred to as MDM is an industry term for the administration of mobile devices and focuses on the deployment, security and integration of mobile devices into the workplace infrastructure.
What is the point of Mobile Device Management?
The aim of Mobile Device Management systems is to give companies the ability to open their networks to a set of users in an attempt to allow users access to the company infrastructure without being in a designated place but also to allow or at least facilitate the mobility of this access across many platforms. In theory this sounds like a good principle, however there are inherent risks associated with this. There is already a common perception that Mobile Devices bring Cloud storage and Security risks, so why would a company let these devices access their network? Because of the risks involved it is critical for these companies thinking about opening their network to implement a Mobile Device Management policy.
Mobile Device Management is seen to address the unique needs of a growing computing platform and is feeding a major transformation in the enterprise software market. Traditionally, company IT policies were focused on security, legal liability and hardware costs; there has now been a move away from these to a more device-agnostic user-centered computing model. Certainly the growth of Bring Your Own Device (BYOD) has propelled the focus of security and management around devices.
What is the Purpose of Mobile Device Management?
The primary purpose of Mobile Device Management is to optimise the functionality and security of mobile devices within an enterprise and at the same time protect the corporate network but in practice what does this mean?
For a Mobile Device Management to be successful a mobile device management system should include the following features:
- Be compatible with all common handheld devices as this gives the widest range of acceptance.
- Be implemented directly over the internet
- Be deployable quickly
- Should have the ability to add or remove devices from the system
If a Mobile Device Management system doesn’t have these elements then it is likely to fail in terms of both user acceptance and IT infrastructure agreement.
To help facilitate this movement Mobile Device Management systems should include the following tools:
- Application management
- File synchronization
- Sharing capabilities
- Data security tools
- Support for personal devices or corporate ones
MDM has many benefits for both company infrastructure teams and the employee themselves.
For the user there are these benefits:
- Bring Your Own Devices – can be used for cost savings and productivity
- Automated Device Registration – Users can download the application and get personal access
- Simplified configuration by automatically configuring a bundle of settings including email, calendar, contacts etc.
For the company these benefits would be obtained:
- Enhanced privacy and protection as Mobile Device Management can provide secure access on your mobile device to non public data and it can help set the ‘best practices’ controls on the device
- Compliance – the biggest compliance risk with mobile devices is data leakage. Controlling devices via an MDM help overcome this.
- Remote management of devices – giving the IT support team the capability to remotely take control of devices can be critical for companies
Other security benefits could include:
- Remote lock
- Data wipe functionality
- Automatically block intruders
It is clear that there are many benefits with Mobile Device Management systems but it is highly recommended that companies implement policies to govern and manage MDM.
Best Practices for implementing Mobile Device Management!
- Ensure you implement a strong security policy
- Maintain a device registry to keep a record of all the devices connected to the network
- Enable remote over the air updates allowing the MDM to identify unusual or dangerous behaviour on the device such as jail breaks, repeated failed login attempts or failure to connect to the network for long periods of time.
- Maintaining an application whitelist allows only those approved devices access to network and helps prevent malicious software from breaching the network infrastructure.
- Companies should encrypt the data in transit
- Regular security updates and patches should be implemented
- Deploy intrusion detection and prevention systems to help deter risks associated with remote attack.
- Employ a phased approach to deployment
The main concern for Mobile Device Management systems is how to ensure the data is held securely both on the device and on the network.
So how do we address Security?
Addressing security is a critical component of an effective MDM strategy. The three major components for a strong MDM security framework are:
- Data Access Mechanisms
- User and Device authentication
- Authorization and policy enforcement
- Integration with other third party services like Salesforce etc.
- Data Storage Security
- Device data should be encrypted both on the server but also on the device
- Remote deletion of data should be standard on all mobile app development projects
- There should also be protection of the keys used to secure the data
- Data Transmission Security Protocols
- A secure connection should be made between device and company infrastructure
- All data sent to device and returned to network should be encrypted
Bringing it all together
Mobile devices need a solution to monitor, control and protect the company infrastructure across devices, apps, data and the network. By managing the risk, it should be possible to expand and enhance the level of Mobility working at a company. Companies thinking of allowing enhanced access to their networks either by deploying their own mobile devices or facilitating Bring Your Own Device (BYOD) devices it is critical that they have a security and usage policy that goes beyond mere rhetoric. At Gravity, we work with MDM providers to enhance app security as we recognise that security and piece of mind are at the forefront of any app solution that accesses sensitive company information.