The lines between various mobile devices are blurring. As real world applicable mobile technology has just taken flight, many enterprises host a myriad of different platforms. A policy that supports all platforms is a must, especially for companies with non sequitur hardware.
This can help you cut down on infrastructure cost and improve operational efficiency. The need to have consistency in devices is not always necessary.
Take advantage of your software as more security applications are being designed for cohesion between multiple platforms.
One aspect of a good MDM plan is a provision for commands to be sent remotely via the server to all mobile devices. Mobile Device Management has evolved over time and will continually change. In the beginning, devices had to be updated in house. However, it is now possible to complete updates remotely. This provides scalability by making management of a fleet of mobile devices quick and efficient. Some of the benefits of central device management are:
- Firmware updates
- Lock and wipe capabilities
- Internal network access and support
- Software installation
- Policy application
- Logging and Auditing
- GPS tracking and ‘breadcrumb’ mapping
Your policy must be realistic. You must support multiple mobile device platforms and also allow pliability for personal devices that have access to your internal network. Flexibility should be maintained so long as it does not compromise security. Most enterprises have gone mobile, even if it just means employees are checking their work e-mail on their mobile phones. Reporting and tracking what mobile devices have access to your network is important.
You may find that a terminated employee with a corporate mobile device is still able to access the network. It should be a policy to deny access for both the employee’s user account(s) and mobile device. This kind of preventive maintenance is crucial to preserving the integrity of sensitive information. Deactivating a device before a disgruntled employ wrecks havoc should be commonplace. Do not wait until all devices are relinquished, because in some cases they are never returned.
Part of the Mobile Device Management policy is the enforcement of basic security precautions – passwords and file encryption are the frontrunners for such policies. Implement a strong password policy by requiring a complex password consisting of capital and lower-case letters, numbers and symbols. Require mobile devices auto-lock after a certain set time of inactivity. Generally, anywhere from 5-15 minutes will suffice depending on the scope of work the employee performs. Mobile devices should be configured to wipe all data after a certain number of failed log-in attempts. Remote wipe will allow your IT staff to wipe any mobile devices that are reported lost so having an easily accessible hot-line for a missing device is essential. This comes in handy if you have to comply with either the HIPAA Act or HITECH. You should also group your workforce, much like the corporate domain, so that only certain people may access to specific areas of the internal network.
Managing Bluetooth policies is important for security as well. Make Bluetooth hidden or non-discoverable. Bluetooth’s conveniences do come with a price as the technology can be used to compromise the device. Fortunately, Bluetooth has only so much range. Someone traveling alone in a vehicle is generally safe and should be allowed to use these features as it makes for safer travel. Bluetooth should be deactivated when around the general public. Generally, a device will be hacked only because the opportunity existed so if that opportunity is eliminated, it is not a concern.
The lines between various mobile devices are blurring. As real world applicable mobile technology has just taken flight, many enterprises host a myriad of different platforms. A policy that supports all platforms is a must, especially for companies with non sequitur hardware. This can help you cut down on infrastructure cost and improve operational efficiency. The need to have consistency in devices is not always necessary. Take advantage of your software as more security applications are being designed for cohesion between multiple platforms.
Once the basic foundation of your MDM plan is in place you can consider more advanced topics. One of these features beneficial for a multinational enterprise is the capability to monitor and limit international data roaming across various cellular and 3G/4G networks. You should limit the types of applications allowed on a corporate approved device. Though fun, should Angry Birds really be considered an appropriate use of a corporate mobile device? Enterprises may set up their own enterprise app stores to restrict access of apps to only approved apps. Successful execution will prevent users from downloading new apps that are not yet restricted by the software policies currently in effect.
You need to determine the levels of service and support options for each segment of your workforce. Feel free to reserve the right to manage all mobile devices with access to corporate resources. Limit or eliminate the mixing of private corporate data with personal employee data. This will protect the integrity and privacy of internal corporate data. Ideally, centralizing disaster support makes it much easier for an employee to comply with company protocol in case of catastrophe. This also saves frustration for those that would lose personal information in such event.
Your Mobile Device Management plan should create a trusted approach that checks for policy compliance whether you are hosting your environment in a data center or public cloud. Your MDM should keep corporate data secure, employees productive, happy, and able to operate their mobile devices effectively. This is the core of a well thought out MDM Policy. Organizations should embrace what technology has to offer, but should do so in an intelligent, thoughtful and careful way.
- Write a Mobile Device Management Policy
- Establish capability to update mobile devices remotely, via a central server
- Establish a system for tracking and reporting mobile devices with network access
- Immediately deactivate devices of separated employees
- Establish a password policy
- Establish a lost device hotline and protocol, including remote data wipe as appropriate
- Establish a Bluetooth protocol that includes deactivating Bluetooth in public places
- Limit the types of applications allowed on devices with network access
- Limit or eliminate mixing of private corporate data with employee personal data
- Enable centralized disaster support
- If applicable, monitor and limit international data roaming.