Mobile Device Management – MDM
With an ever increasing amount corporate data being accessed and consumed on mobile devices by the employees, there is a clear and growing risk for data security. The solution to this for enterprises is to introduce an Enterprise Mobility Management (EMM) solution, a combination of MDM, MAM, MSM and MCM, to help them secure corporate data on mobile devices without impacting employee productivity.
The benefits of having an EMM solution in place and how it helps with practical steps to secure data on mobile devices and implement BYOD are discussed here.
Core EMM Components
Enterprise Mobility Management enables businesses to manage and secure anything and everything related to mobile devices like users, data, applications, devices, etc. The EMM solutions are aimed at smartphone and tablet devices supporting multiple operating systems like Android, iOS and Windows. Core components of EMM are as below:
- Mobile Device Management (MDM)
- Mobile Application Management (MAM)
- Mobile Security Management (MSM)
- Mobile Content Management (MCM)
Typical Enterprise Mobility Management Platform
Various Factors of EMM Strategy
Each and every organization should build the EMM solution based on below factors to secure corporate data.
Manage users and devices to protect:
Here’s how an EMM solution can help you keep the users and their mobile devices secure:
- Implement strong password policies: The employee’s mobile devices may have corporate data on the move and an unprotected or unlocked mobile device is like an open door, providing access to the sensitive information. Strong security policies will help to enable strong security policies from corporate MDM admin panel.
- Find lost devices or do selective/full wipe of data on lost/stolen devices: When employees leave or lose devices (or if devices are stolen), the missing mobile devices need to be centrally locked or wiped to secure the corporate data from potential security breaches and compliance risks.
- Ensure updated antivirus/mobile security: Protect the mobile users from malicious apps, websites and other threats by adding effective antivirus and web protection securities.
2. Manage the enterprise network to protect:
The organisations must ensure that their enterprise network connections are secured and are accessed only through the secured defined network resources.
- Wi-Fi network access policy established and enforces from EMM: Block non-compliant mobile devices from accessing your corporate network through Wi-Fi to reduce the risk of data breaches and regulatory non-compliance.
- App restriction from EMM admin panel: The apps are restricted which is not relevant to the job. E.g. blocking the access to social networking website like Facebook, Twitter, YouTube, etc.
- Enforced Safe Browsing: Safe browsing using web browser with added security layer for employees in the workplace.
3. Manage corporate data to protect:
Data moving to and from mobile devices, as well as data on the devices themselves creates risk and it must be managed. The sensitive data passes through the mobile devices through usage of email apps or other collaboration services such as file sharing and discussions. Many users also move confidential files to public file sharing sites like Google Drive and Dropbox.
To protect sensitive data:
- Ensure that email, file sharing, collaboration and the exchange of information take place in application’s secured containers and the respective workspaces.
- Protect applications that support key business processes like order management, customer support, finance, sales & marketing and product development.
- EMM will enable encryption of important files when they are accessed and shared on cloud storage services like Box, Dropbox and Google.
MDM – Best Practices
The MDM solution establishes a set of best practices to help the customers implement a successful enterprise MDM strategy which includes:
- Multi-platform supported devices: Even so, enterprises should only allow the mobile devices that are controlled and have security built in.
- Strong security policies: Enterprises must employ good encryption methodology to build a strong and effective security policy. The device encryption methods help encrypt the device’s storage and secure the data.
- Maintaining devices registry: Periodically taking an inventory of all the devices that are connected to the corporate network.
- Over-the-air updates: To identify unusual situations such as jail breaks, lost devices, device theft, failed login attempts, failure to connect to the network. Also enabling those mobile devices for wiping, automatic padlocking and account locks remotely.
- Maintain white-list of applications: The White-listing of all the applications allows only the authorized software to be installed on the mobile devices. It prevents any malicious software from entering into the corporate network.
- Connectivity: Enterprises should employ VPNs to access the secured shared network. This will address any security issues in transmission of sensitive data.
- Regular security updates and patches: Enterprises should ensure regular security updates along with new upgrades and patches for the mobile operating systems like iOS, Android, etc.
MDM – Security Mechanisms
Addressing security is a critical component of an effective MDM strategy. Security for MDM involves encryption algorithms such as RSA, MD5, and AES. It also involves token services like HOTP, OATH, and TOTP along with protocols such as HTTPS, LDAPS and other secures transmissions. There are session handlers, two factors authentication services, secure delete and device management capabilities including remote wipe, lock and install features.
The three major components of a strong MDM security framework must include:
Security Mechanisms for data access
- User and Device authentication
- Authorization and enforcement of policies
- Integration with other services to leverage any existing identity management systems to access other services.
2. Security Mechanisms for data storage
- Encrypt data both on the device as well as on the server
- Secure deletion and overwrite of the existing data
- Keys credentials and token protection to decrypt the data and make is available for use
3. Security Mechanisms to Data Transmission
- Establishing a secure connection between the device and the company’s infrastructure
Creation & management of transaction sessions
- Effective handling of HTTP/HTTPS requests
- Data encryption over the transmitted channel