Posts Tagged ‘mobile device management’

Why and How to Secure Mobile Devices

Posted on: August 29th, 2017 by jiml | No Comments

As more business processes are either pushed to or accessed on mobile devices (phones, tablets, laptops, etc.), organizations need to be able to secure both the device itself and the data which the device accesses. Colden Company’s Mobile Device Management (MDM) service provides affordable protection for the most common security scenarios.

Physical Security

Since these devices leave the office and may be left intentionally in vehicles, homes and hotel rooms, unintentionally in locations like restaurants or stores, or completely misplaced or stolen, the first concern is to be able to locate the device. With the MDM agent installed on the device, it will periodically check in with its physical location which can be tracked on a map allowing for retrieval.

Protection From Unauthorized Access

The agent can configure the device with a screen lock passcode (and change it) and remotely lock the device. The data on the device can be encrypted and, if there is a concern that the device’s security has been compromised, the entire device can be remotely wiped.

Protection From Malware

While the overall risk of malware is reduced on iOS (Apple) and Android phones and tablets compared to desktop and laptop computers, it is still a very real concern that needs to be addressed. Even though users have permissions to do things like configure the device settings, connect to wireless networks, and add or remove apps, while they are actually using an app on the device, they are not doing so using those permissions. After apps are installed, what they can do is limited to the permissions they were given at installation. For example, it is not possible to run an executable program from a web browser or email app in the same way that a user can on a PC. While running those apps, the user is not acting as an administrator of the device.

So the most critical level of protection against malware is to ensure that the apps are installed from a trusted source that verifies they do not contain malware. For iOS, the Apple App Store screens all apps offered through the store. For Android devices, the Google Play store has less oversight on what apps are offered, but the Play Protect Service on each device does a background check of each installed app to detect harmful apps. This check is especially important since, unlike Apple devices, it is possible to install apps to Android devices from locations other than Google Play. It’s worth noting that all reports of Android malware to date have come from installing compromised or malicious apps from the Google Play store or from a third party source.
MDM addresses this issue through policies that allow only specific apps to be installed, identify specific apps that cannot be installed, require that specific apps be installed and, for Android devices, disable the ability to install apps from any location other than Google Play. Actively managing what apps can and cannot be installed is the most effective protection from malware.

Monitoring Compliance

Mobile users generally have administrative privileges on their devices. In order to ensure protection is active, the MDM agent is enabled with policies and rules that define how the device is to be configured and what actions to take if that configuration is changed (non-compliance). It monitors the device continuously for any configuration changes, compares them to the policies for the device and takes action when the device falls out of compliance. As a minimum, non-compliance will generate an alert and an administrative email which can also be sent to the user. For example, if a lock screen passcode is a required policy item and the user disables the passcode, an alert gets triggered with an associated email message. The administrator then has the option of re-enabling the passcode, changing it or locking the device. For a more security conscious approach, non-compliant devices can be denied access to company resources until the device is back in compliance.

Every survey indicates that employees will continue to use mobile devices more frequently than they do today. The trend is not about to reverse. As a business, you need to be thinking about how you can best manage and secure those devices and the data they access. Give us a call at (888) 600-4560 or email us, or visit us on Facebook or Twitter.







Ten Commandments for Developing a Mobile Strategy

Posted on: August 28th, 2015 by jiml | No Comments

Over the past few months, Colden Company has held a couple of mobility seminars to help businesses avoid the mistakes that many businesses make when deploying mobile technology. In this blog posting, we will be highlighting our Ten Commandments for developing a successful mobility strategy for your business.

Ten Commandments of Mobile Computing

Ten Commandments for Developing a Mobile Strategy

1. Start with a business problem.

Do not start your mobility strategy with “I want to use my iPad for work”. Identify areas of your business that can benefit from a mobile solution and spend the time to analyze the cost/benefit. Have the business problem you are solving well defined before moving ahead.

2. Create your policy before procuring technology.

To effectively leverage mobile device management (MDM) technology particularly for employee owned devices, you still need to decide on policies. These policies affect more than just IT; they have implications for HR, legal, and security—any part of the business that uses mobile devices in the name of productivity. Since all lines of business are affected by BYOD (Bring Your Own Device) policy, it can’t be created in an IT vacuum. With the diverse needs of users, IT must ensure they are all part of policy creation. Some questions to consider…

• Devices: What mobile devices will be supported? Only certain devices or whatever the employee wants? According to Forrester, 70% of smartphones belong to users, 12% are chosen from an approved list, and 16% are corporate-issued. Some 65% of tablets belong to users, 15% are chosen from a list, and 16% are corporate issued. In other words, users in most cases bring their own devices.
• Data Plans: Will the organization pay for the data plan at all? Will you issue a stipend, or will the employee submit expense reports? Who pays for these devices? For smartphones, 70% paid the full price, 12% got a discount, 3% paid a partial amount, and in 15% of cases, the company covered the full price. With tablets, 58% bought their own, 17% got a corporate discount, 7% shared the cost, and 18% were issued and paid for by their companies. (Source: Forrester, 2011)
• Compliance: What regulations govern the data your organization needs to protect? For instance, the Health Insurance Portability and Accountability Act (HIPAA) require native / encryption on any device that holds data subject to the act.
• Security: What security measures are needed (passcode protection, jailbroken/rooted devices, anti-malware apps, encryption, device restrictions, iCloud backup)?
• Applications: What apps are forbidden? IP scanning, data sharing, Dropbox?
• Agreements: Is there an Acceptable Usage Agreement (AUA) for employee devices with corporate data?
• Services: What kinds of resources can employees access—email? Certain wireless networks or VPNs? CRM?
• Privacy: What data is collected from employees’ devices? What personal data is never collected?

No questions are off limits when it comes to BYOD. There must be frank and honest dialog about how devices will be used and how IT can realistically meet those needs.

3. Never put sensitive business data on a mobile device that you don’t manage.

Once data is moved from your corporate network to a mobile device that is not corporately managed, you lose control over that what happens to that data. Make sure you have a policy and security measures in place that dictate sensitive data never ends up unmanaged. Unmanaged data leads to security breaches.

4. Hold personal data sacred.

Some mobile device management (MDM) solutions have features to wipe a lost or stolen mobile device. If your company allows BYOD your business needs to make sure you understand your legal limitations. Businesses cannot wipe employees’ personal data off their phones. Employee’s personal data belongs to the employee in a BYOD situation.

5. Keep personal and business data separate.

Choose an MDM solution that can containerize your business data. That way, when the time comes to wipe your business data from a BYOD phone, your business can do that and not affect the employees’ personal data.

6. Pilot a mobile solution before deployment.

Mobile solutions have more variables that a traditional PC solution.
• What is the mobile user experience like?
• What is the impact on battery life for mobile devices that are already power-constrained?
• What is the security impact of the solution?
• Does the solution truly allow employees to be mobile, or is the solution more of a stop-gap solution that still requires access to the office or a PC? In other words, can your employee be fully mobile – are all necessary features present?
• What platform(s) does the solution run on?
• How are you going to manage that platform?
• What is data usage like? Will the solution send your carrier data bill through the roof?

7. Regulations matter!

Does your business work in an industry that has regulatory concerns? Make sure you are fully aware of your obligations before going forward with your mobile strategy.

8. Have a support plan in place for your mobile users.

Think BYOD means businesses no longer have to provide tech support to employees who use their own devices? Once you bring mobile devices into your business network, employees will expect support – BYOD or COD. In fact, you will probably have more mobile devices (tablets, smartphones, etc.) that you expect once you open the flood gates. Know what you’re going to support, define what you’ll support, or be ready for anything.

9. Make employees accountable.

Have employees review the BYOD policy and require a signature as acknowledgement of the rules and their required compliance to participate in the program. Training sessions may also be necessary to help employees understand their obligations under the acceptable use policy. Make sure employees know who to contact with support needs and questions.

10. Gain the expertise before making decisions or partner with an expert.

Building a successful mobility strategy takes time, effort and expertise. If you do not have the time or expertise, consider partnering with an expert who can make sure your mobility strategy is a success. Mobile technology is only going to increase in the future. Create a good mobility strategy now and reap the benefits later!

Does your business have a proper mobile strategy? Call us at (888) 600-4560, email us, or see us on Facebook or Twitter and let our experts help your business create a solid foundation for your mobile technology.