More than half of the US population is now working from home due to the Covid-19 Virus pandemic. Cybercriminals are taking advantage of the situation to compromise critical data and cart away valuable information. Therefore, every company needs to pay attention to data protection and ensure employees are secure using the internet while working from home.
RSI Security, the nation’s premier cybersecurity company headquartered in San Diego, California hosted a webinar to educate employers on how today’s remote work is accomplished with Mobile Device Management (MDM). Read on to learn more.
What’s MDM and Why’s It Needed?
MDM gives an organization control over the devices — laptops, tablets, smartphones, etc. — used in an organization. MDM makes teamwork easier over the air and enables almost all administration to be done remotely for the smooth running of a company once its devices are enrolled.
It’s essential that MDM supports both Corporate Owned, Personally Enabled (COPE) devices used by large corporations and Bring Your Own Device (BYOD) devices recommended for smaller organizations.
Here are some crucial reasons for the use of MDM:
- Today’s compliance standards require you to have full administrative control and audit capabilities over your devices.
- Endpoint security enforcement on employees and its remote administration is impossible without the use of an MDM platform.
- When everything is set up correctly with the necessary training given, it enables employees to operate efficiently. Employees are also able to focus on their work with increased confidence, knowing they are protected against cyber-threats.
- MDM is the prerequisite for a truly mobile workforce that’s effective, accountable and secure.
Are All MDM Solutions Equal?
The answer is no. All MDM solutions are not the same even if they are manufactured by the same company. No MDM platform or solution is all-inclusive. Each has its pros and cons.
For a product to qualify for inclusion into MDM, it must scale the following criteria:
- It must be compatible with all common or company-issued mobile devices, i.e. laptop, phones, and equally support necessary operating systems and platforms.
- It must function through/with multiple service providers to enable organizations to choose what suits them best.
- It must be able to customize according to the company’s policy and/or requirements.
- Integration with the already existing IT, administrative control, and application systems is important.
- It must enable remote configuration, locking, wiping, detection, and encryption of devices.
- Lastly, it should be able to give an accurate report on the registered device’s activity.
Software and Services Related to the MDM Platform
Understanding the various system software available can be confusing for some organizations that are trying to enter into the MDM space. There are some software and services related to MDM that are either included in MDM or not. Here are some of the main services:
Mobile Application Management (MAM) Software
MAM solutions pair well with MDM tools and focus on the actual device applications as opposed to the overall device. These tools let companies deliver and manage necessary applications to mobile devices, helping to secure any company data that might flow through those applications. Companies determine the apps and devices that are used. They can also determine restrictions on which device is not permitted.
Enterprise Mobility Management (EMM) Software
EMM solutions cover the basic needs of organizing and tracking a company’s mobile devices. These tools work best for smaller businesses that might not have many endpoints but heavily utilize mobile devices as a part of their daily workflow. It works better for small businesses because it is cost-effective.
Endpoint Management Software
This is another useful partner for MDM tools. Endpoint Management solutions help companies secure mobile devices and other endpoints. Businesses use endpoint management and MDM solutions together to achieve a more comprehensive view of their mobile devices.
Unified Endpoint Management (UEM) Software
UEM encompasses the whole of MAM, MDM, and endpoint management functions under a single platform. These products are typically utilized at the enterprise level, where the number of individual endpoints numbers in their thousands.
Main Players in the MDM Space
Essentially, there are third-party vendors in major tech companies in the MDM space. Third-party vendors come in place to provide services that major tech companies don’t necessarily have.
Some major tech company enterprise management systems are:
- Microsoft InTune
- Apple configurator 2
- Google Android Enterprise Management
- IBM MaaS 360 w/ Watson
- VMWare Airwatch
- Cisco Meraki Systems Manager
Some third-party MDM vendors are:
- Jamf (for Apple)
- Quest KACE (formerly Dell KACE)
- Sophos MDM
COPE Versus BYOD
Each of these MDM solutions is unique in its own way. Because they all differ in strengths and weaknesses, it’s important to consider both their advantages and disadvantages.
Advantages of COPE and BYOD
|Corporate Owned, Personally Enabled (COPE)||Bring Your Own Device (BYOD)|
|1.||Allows for “supervision” w/Mobile and Device Vendors||Cost-effective (no need to purchase devices and plans)|
|2.||End-To-End Control (Apps, Policies, etc.)||Decreased Device Adoption Barriers|
|3.||Efficient Large Scale Deployments||Efficient Small Scale Deployments|
|4.||Decreased Employee Adoption Barriers|
Disadvantages of COPE and BYOD
|1.||Devices costs for Corporate Mobile Fleet||Inefficient large-scale deployments|
|2.||Mobile Fleet Lifecycle Considerations||Technical Support Challenge|
|3.||Increased Device Adoption Barriers||Limited Endpoint Supervision & Application Controls|
|4.||Legal and Human Resources Challenges|
|5.||Increased Employee Adoption|
Best Practices and Security Considerations for Remote Work
Some of the best practices and security considerations for remote work include:
- Publish/Refresh “Acceptable use” and “Authorized Applications” policies and procedures specific to working remotely.
- Leverage a centralized policy & user account database, e.g., windows server AD or Azure Active Directory. Third-Party tools also exist for non-windows domain environments.
- Ensure antivirus and personal firewalls are enabled on laptops.
- Use VPN’s Terminal Services for remote access. In doing that, avoid split tunneling (selective VPN traffic routing), don’t download company data through VPN, and use encrypted RDP connections for Terminal Services.
- Enable Multi-Factor Authentication (MFA) for all applicable corporate services like email.
- Use encrypted email for sensitive information.
- Enable secure video conferencing by using passwords.
- Establish an MDM platform and appropriate security policies by implementing the laid down compliance standard.
Advice and Recommendations for Effective MDM
Although MDM is necessary for effective remote work, it’ll not produce the best results without certain conditions. Below are recommendations for effective MDM:
- Implement Mobile Application Management (MAM), especially for BYOD scenarios.
- Set up “Secure Containers” to store corporate data that is accessed and/or downloaded from the network to the phone.
- Diligently maintain OS updates and a mobile fleet lifecycle.
- Institute a Security Awareness & Training Program for staff because they need to understand how MDM works, always keep devices fully charged, and immediately report a stolen device.
- Contact a professional cybersecurity company like RSI Security for consultation and project execution involving MDM.
Mobile devices are not leaving the workplace environment any time soon. In fact, with the increased sophistication of technology, smartphones are becoming more integral parts of office work. The Covid-19 Virus pandemic has made it even more necessary to put adequate security infrastructure in place to protect both individuals and the companies at large.
Some of the necessary steps to take to mitigate the activities of malicious actors while working from home are:
For COPE (with supervision)
- Contact your cellular carrier and inquire about manufacturer supervision options. Cellular carriers include network providers like Verizon, AT & T and others, while manufacturers include Apple, Google, and others.
- Set up an appropriate MDM solution based on the supervision method, device type, and authentication model.
- Establish supervision with your carrier and manufacturer.
- Register your MDM platform with the manufacturer.
- Poll your employees to know the most common device types they use, i.e., iPhone or Android.
- Set up an appropriate MDM solution that supports employees’ device types and corporate user authentication model.
- Establish a reimbursement model (i.e., incentives)
However, you can always ensure that you have an effective security architecture by consulting cybersecurity experts who can help you stay above cyber threats. RSI security will help you stay on top of your security worries. Get the right help to ensure your remote workforce stays on top of all cybersecurity challenges. Speak with a mobile security expert today!