As more business processes are either pushed to or accessed on mobile devices (phones, tablets, laptops, etc.), organizations need to be able to secure both the device itself and the data which the device accesses. Colden Company’s Mobile Device Management (MDM) service provides affordable protection for the most common security scenarios.
Since these devices leave the office and may be left intentionally in vehicles, homes and hotel rooms, unintentionally in locations like restaurants or stores, or completely misplaced or stolen, the first concern is to be able to locate the device. With the MDM agent installed on the device, it will periodically check in with its physical location which can be tracked on a map allowing for retrieval.
Protection From Unauthorized Access
The agent can configure the device with a screen lock passcode (and change it) and remotely lock the device. The data on the device can be encrypted and, if there is a concern that the device’s security has been compromised, the entire device can be remotely wiped.
Protection From Malware
While the overall risk of malware is reduced on iOS (Apple) and Android phones and tablets compared to desktop and laptop computers, it is still a very real concern that needs to be addressed. Even though users have permissions to do things like configure the device settings, connect to wireless networks, and add or remove apps, while they are actually using an app on the device, they are not doing so using those permissions. After apps are installed, what they can do is limited to the permissions they were given at installation. For example, it is not possible to run an executable program from a web browser or email app in the same way that a user can on a PC. While running those apps, the user is not acting as an administrator of the device.
So the most critical level of protection against malware is to ensure that the apps are installed from a trusted source that verifies they do not contain malware. For iOS, the Apple App Store screens all apps offered through the store. For Android devices, the Google Play store has less oversight on what apps are offered, but the Play Protect Service on each device does a background check of each installed app to detect harmful apps. This check is especially important since, unlike Apple devices, it is possible to install apps to Android devices from locations other than Google Play. It’s worth noting that all reports of Android malware to date have come from installing compromised or malicious apps from the Google Play store or from a third party source.
MDM addresses this issue through policies that allow only specific apps to be installed, identify specific apps that cannot be installed, require that specific apps be installed and, for Android devices, disable the ability to install apps from any location other than Google Play. Actively managing what apps can and cannot be installed is the most effective protection from malware.
Mobile users generally have administrative privileges on their devices. In order to ensure protection is active, the MDM agent is enabled with policies and rules that define how the device is to be configured and what actions to take if that configuration is changed (non-compliance). It monitors the device continuously for any configuration changes, compares them to the policies for the device and takes action when the device falls out of compliance. As a minimum, non-compliance will generate an alert and an administrative email which can also be sent to the user. For example, if a lock screen passcode is a required policy item and the user disables the passcode, an alert gets triggered with an associated email message. The administrator then has the option of re-enabling the passcode, changing it or locking the device. For a more security conscious approach, non-compliant devices can be denied access to company resources until the device is back in compliance.
Every survey indicates that employees will continue to use mobile devices more frequently than they do today. The trend is not about to reverse. As a business, you need to be thinking about how you can best manage and secure those devices and the data they access. Give us a call at (888) 600-4560 or email us, or visit us on Facebook or Twitter.