As they’ve become increasingly integral to daily living, mobile devices have slowly but surely transformed the modern-day workplace into a mobile-first landscape. In fact, a recent Clutch study found that more than six in ten employees use company-approved mobile devices—predominantly tablets and phones—to perform their work functions.
While this integration of mobile devices creates various efficiencies and conveniences, the introduction of uncontrolled and insecure devices to a network exposes a business to significant cybersecurity threats.
This is what an MDM policy was created to combat. But what does MDM stand for in technology? Let’s discuss.
What is MDM?
Every piece of business equipment that stores, sends, and receives sensitive data represents a potential cybercrime target.
Regardless of whether or not the foreign mobile device hosts sensitive corporate data, just the simple act of connecting to an internal system or network creates a virtual gateway which hackers can exploit. This is particularly true when the devices are far removed from the office’s firewalls and private wifi network.
A mobile device management (MDM) policy focuses on managing and protecting portable devices, including:
The goal of a MDM policy is to secure the corporate network while optimizing both the security and functionality of all work-related mobile devices—whether at rest, in use, or in transit. This is accomplished via a combination of best practices and software solutions, which empower a business to securely manage a broad range of personal devices without compromising corporate compliance.
Typically, MDM functionality focuses on several interrelated components, including:
- Device and data security
- Device management
- Device software
- Device configurations and services
- Device functionality controls
When you build out an MDM policy, ideally a single interface will be universally applied to all devices that could threaten the corporate network. Doing so allows the MDM team to remotely monitor, control, and manage all mobile devices according to your organizational policies.
Why MDM Matters
These days MDM is no longer optional. It’s necessary to ensure that your business is protected from cyberattacks.
- A laptop is stolen every 53 seconds
- 70 million smartphones are lost every year
- Data breach comprises 80% of the cost of a lost laptop
- 52% of devices are stolen from the workplace
But the cost of this isn’t simply limited to replacing the missing device. The real cost is the potential data loss. If devices aren’t secure, the new owner may be able to gain access to the device and then steal sensitive information.
In addition, devices themselves are extremely vulnerable to external attacks, particularly when they’re outside of the workplace’s firewalls, private wifi, and security configurations. Currently, public wifi is one of the largest mobile security access threats.
An intelligent and implemented cybersecurity policy combined with a viable MDM ensures that both the device and data it contains are secure without sacrificing device functionality and usability.
Essential Elements of an MDM Solution
Although each MDM solution is uniquely tailored to a business’ particular needs and concerns, there are some universal elements to any policy. They include:
- Application management – Involves the prudent management of the entire lifecycle of an application, including:
- Managing licenses, permissions, and configurations
IT teams must remotely manage mobile apps and configure policies as well as blacklist and whitelist apps. Another important aspect of this is the ability to disseminate enterprise apps through an enterprise app store, auto update the applications, and then manage them through a central interface.
- Asset management – Places an emphasis on controlling and monitoring what company and personal devices can be used and how they can be used. Enforcement mechanisms must be put in place to ensure that your company’s policy is universally applied to all devices, platforms, networks, and operating systems.
- Bandwidth optimization – Is centered upon managing bandwidth usage for each device and application. Personal mobile devices can account for a significant portion of your network’s resources, especially if they’re allowed to go unchecked.
- Content management – Also known as mobile information management (MIM), this solution was created to restrict access to corporate resources on any mobile device. When applied correctly, it makes sure that only authorized users can access sensitive corporate data. It reduces the chance of a data breach by preventing data from being:
- Backed up on a third-party cloud service
- Accessible via an unauthorized or unsecured device
- Shared amongst personal and corporate apps
- Configuration management – Involves configuring policies to your business standards and compliance regulations as well as blacklisting and whitelisting of apps. By doing so you can identify, control, and manage settings—both hardware and software—based on user profiles, identity, or physical location.
- Data security – Ensures that all data is stored, sent, or received according to organizational policies and best practices.
- Identify and access management – Acts as a screen that filters access according to the appropriate employee. Device, data, services, and network connection should only be granted to those who’ve been authorized.
- Profile management – Limits control of and access to policies and settings to a specific group of end users with the correct profiles.
- Risk management, audits, and reporting – Secures your defenses by keeping a vigilant watch over mobile device activity as well as any strange behavior. If a red flag appears, it can kick in to prevent access or data transfer.
- Software updates – Allows a business to remotely control software and OS updates and licenses across all work devices.
The Types of Enterprise Mobile Device Policies
When it comes to enterprise mobility there’s a range of approaches to choose from. What you select depends largely on your industry as well as the organization’s specific security needs and concerns. That said, there are four primary types of mobile device policies, including:
- BYOD – Bring your own device
- COPE – Corporate owned, personally enabled
- CYOD – Choose your own device
- COBO – Corporate owned, business only
BYOD and COPE are the most popular, whereas the others are a policy amalgamation that only tend to work in certain circumstances. According to Wired, each policy addresses the following factors:
- “The device – What is it, who picks it, and who pays for the device and cellular connectivity service?
- Management and support – Who manages the device and is responsible for support?
- Integration and applications – How closely integrated and important is the device with everyday workflow?”
Bring Your Own Device
With a BYOD policy the device owner and user is charged with the purchase and maintenance of their personal device. Work can be conducted on the device—in fact it may be required—but security controls are restricted.
This trend has become increasingly more prevalent within the workplace primarily due to convenience and flexibility. It allows employees to connect to their work-related networks and systems on the go. While this can improve employee productivity and morale, a BYOD policy also exposes a business to new security issues.
User-owned devices are inherently vulnerable to cyberattacks, but when you add human error and ineptitude to the mix, they can create even more data liability issues. A MDM for BYOD is designed to counteract that by:
- Segregating corporate data and restricting access to authorized users
- Separating user profiles according to personal and work use
- Enforcing corporate policies
- Limiting the types of approved devices
- Restricting security and data ownership rights
- Integrating and managing mobile devices and applications
For any BYOD MDM to work, restrictions and best practices must be clearly defined from the outset. Then they must be rigorously applied and enforced.
Corporate Owned, Personally Enabled (COPE)
In contrast to BYOD a COPE policy gives your business greater control over all mobile devices.
With COPE the organization supplies the devices, manages them, and pays for the billing. This grants them greater control over the device’s security profiles and configurations via their MDM policies.
For employees a COPE strategy has tradeoffs.
On one hand, it provides employees with a free new smartphone, which they can use for voice calls, messaging, and some personal applications. On the other, many complain about the inconvenience of having to carry around two phones and the restrictions placed on the work device. Per Wired: “the balance is weighted towards the enterprise’s needs for applications, integration and security, and the end user is allowed to use the device for non-enterprise functions as well.”
For larger enterprises a COPE MDM policy provides flexibility and convenience for employees but doesn’t sacrifice the company’s security.
Benefits of MDM
There are a host of reasons why a business stands to benefit from an effective MDM, including:
- Easy remote management of users and devices – System admins exert control over the actions of all users and devices from a remote location. This type of software makes it simple to provide remote management and change configurations in case something happens to the device or user. If threatened, they can be disabled even if they’re not on-site.
- Improved regulatory compliance – Most industries have specific rules, regulations, and stipulations relating to cybersecurity practices, especially for sensitive information like PCI or HIPAA. A MDM ensures that workers are following the best practices and that the business is complying with industry regulations.
- Greater application control – Admins can block or restrict blacklisted applications from being downloaded or executed, which can save a company from data loss or a system crash.
- Increased network security – Naturally, MDMs are created to bolster your network’s cybersecurity capabilities. Part of this is accomplished via automatic updates, which can be applied across all company devices. Also, if a device is stolen or lost, a MDM platform can find the device, lock it, and then wipe the data remotely before sensitive information is stolen.
- Lower IT requirements – A MDM automates several labor-intensive cybersecurity processes required to monitor all enterprise devices. This frees up your IT bandwidth and resources to focus on other issues that require their attention.
Challenges of a MDM Policy
Although there are several challenges to any MDM policy, there are three in particular that enterprises must consider before they tailor their own strategy:
- Keeping personal and corporate data separate – If employees use their phone for both work and personal purposes, it’s important that these two data categories are segregated from one another. A way that many businesses address this issue is by having all company-related data stored in the cloud or a private server instead of on the device itself.
- Making sure that remote control of data is done ethically – It can become unclear whether certain data is private or corporate. Remote control must be carefully applied so as not to infringe upon the privacy of an employee. If there is data that has unclear ownership, consider encrypting that information until ownership can be determined, instead of automatically deleting or altering the data.
- How to best protect employee data confidentiality – Employees are rightfully concerned about the privacy of their data and usage of their mobile device. Whether its geolocation tracking or web browsing, they worry about the business keeping tabs on them outside of business hours. Ideally, your MDM policy should set strict time limits for monitoring or data encryption that occur once work is done.
Cybersecurity and MDM Policies
A detailed MDM policy was created to keep your corporate network safe by improving the security and functionality of any work-related mobile device.
But creating the policy and then successfully applying it takes preplanning, daily management, and real-time monitoring. And this is just one essential aspect of ensuring that your business is secure from cyberattacks.
So what do you do if you lack the IT resources or bandwidth to pay MDM the attention it deserves?
This is where RSI Security can help.
With more than a decade of experience our managed security services can help you prepare for the ever evolving threat of information security breaches, lending industry-leading tech and expertise to your enterprise.
Need help protecting your business’ mobile devices? Reach out to RSI Security for a free consultation today.