The enormous popularity of mobile devices and the rich app ecosystems to which they give access has opened up tremendous opportunities for businesses. Merchants can now use their mobile phones to collect credit card payments. Customer service support can be streamlined using iPads, and owners can respond to email queries after hours. Field agents can be more efficient and responsive, using their mobile devices to connect back to the rest of the office and keep up to date. However, these great abilities come with a corresponding great challenge: How can a business manage the security of all the devices on which their data can live?
Consider the Challenge
The business has to figure out how to address the myriad security concerns accompanying these mobile devices with an overworked IT staff and a constrained budget. Greater mobility means correspondingly higher risks for data theft and leakage, especially if the device is lost or stolen. A compromised device can also act as a backdoor to the corporate network. Considering the amount of information being accessed and saved on personal devices, it’s clear that some level of management is absolutely critical. Even if a business doesn’t support personal devices, employees are likely accessing their corporate webmail on their own personal phones. That can’t be ignored. And if the business owns all mobile devices intended for employee use, the IT staff still has to be able to keep track of who has the device, what is installed on it, and how it is being used—a daunting task.
Even given all those challenges, however, it doesn’t make sense financially or productivity-wise for businesses to lock down their networks and tell employees they cannot use their personal devices at all. In fact, Gartner predicted that by 2017, half of all employers will require employees to supply their own devices.
Businesses have to define bring-your-own-device policies, as well as selecting and deploying a mobile device management (MDM) platform. A bit of judicious planning can simplify mobile management and give IT control over what devices and apps are being used—without breaking the budget.
Understand the Scope
An all-encompassing mobile strategy includes not just smartphones and tablets, but also laptops, USB devices, and consumer-based cloud storage services such as Dropbox. And practically every organization, no matter what size, is at risk of having sensitive data stored on unsecured USB devices. USB drives are among the most commonly permitted mobile devices within an organization, and also among the easiest to lose. If an employee loses a phone, tablet, or laptop, it is reported to IT—so that devices can be remotely wiped or tracked, and passwords changed. If a USB drive is lost, it is quietly replaced without IT even knowing about the potential data leak. If there is any chance that data might be saved on USB drives, employees need to be issued with encrypted USB drives—such as the ones from Kingston and others—and taught how to use them appropriately.
It’s important to think through what makes sense for the business. Don’t just open up the network and applications to everyone “just because.” If it makes sense for users to be able to check emails, or use a screen-sharing application, then open up the capability to only the users who need it. Figure out how many devices, users, and apps there are, and what operating systems are in use. Having this information handy helps make decisions based on what is in use. If everyone except one person in the company uses an iPhone, then it may be cheaper and simpler to figure out a workaround for that one holdout than to spend more on an MDM platform from giants such as MobileIron and Good Technology that handles multiple operating systems and devices.
Regardless of the policy that is in place, businesses have to think about the entire lifetime of the device. If the employee replaces a device with a newer one, there needs to be a policy in place for collection of the older device, and removal of corporate data from it.
Select an MDM Platform
There are plenty of mobile device management platforms in the marketplace, at a variety of prices. It’s tempting to try free software, such as Spiceworks, or to just use Android’s built-in Device Policy, but consider the support perils. Would such a platform be flexible enough, and easy enough to troubleshoot if something goes wrong? Self-service can wind up forcing users to spend far too much time figuring things out for themselves. Should you decide to take the paid-service plunge, here is a quick checklist of questions to ask:
What am I supporting? MDM systems should have a centralized management console that can handle at least the major operating systems, including Apple iOS, Google Android, Symbian, and Microsoft Windows Phone and Windows Phone 8. This is where knowing your users and environment helps. Knowing what OSes you have to support makes the selection criteria easier.
- To cloud or not to cloud? That is the question. Many large MDM vendors such as AirWatch (recently acquired by VMware) and Citrix now offer cloud versions of their products as a way to break into the SMB market. The cloud versions may be limited in the number of devices supported, which actually helps the smallest businesses get access to management capabilities at an affordable price.
- Can I remotely manage my devices? With location-tracking available on many mobile devices, it doesn’t make sense to not use it for remote tracking. If the smartphone is lost or stolen, remote tracking can help track it down. “Find My Phone” is popular—it’s a built-in feature for iPhones and even mobile security apps like the one from Lookout Security offer the capability.
- Can I protect my data when the device is lost or stolen? The ability to remotely lock the stolen device so that someone else can’t get in to the contact lists, email, or other saved documents is critical. But it’s also essential that IT can selectively wipe the device so that personal data remains unaffected when corporate data is removed. Users may be willing to have IT install security software or have some control over their personal devices, but they would be irate if the company has to brick their entire device when removing company-related data.
- How do I create my own policies? There should be some kind of a policy engine to define company-wide access settings, monitor usage patterns, and enforce baseline security features. Granular policies are nice, such as being able to specify that use cannot, for example, use theirs iPhones to check mail or to open files when they are roaming.
Invest in IT
Finally, it’s important to keep in mind that businesses can’t solve the mobile problem, or have a clear understanding of their mobile usage, without investing in IT. If your IT staff doesn’t have the capability to support the influx of devices, then it’s important to outsource support so that users have someone to turn to when the inevitable happens and something goes wrong. Having an MDM with well-defined policies in place is a critical first step to reining in your company’s mobile devices, but it’s not the entire story.
Share this Story
Everyone has a Story to Tell Register now to Write Your Story