Office1 Blog

Mobile Device Management for Enterprises | A Beginner's How-to Guide

May 29, 2020 | by Curtis Buhrkuhl

Your morning commute has gone from half an hour sitting in traffic to a trek down the stairs to brew your first cup of joe. You’ve traded your heels for slippers and your ties for tees. These are new elements to the new workplace. From the comfort of your own home, you are one of millions around the world who are working remote. The world around you is slowly coming to a halt, but the reality is, business must go on. And with that, companies like yours must evolve to adapt to the major influx of technology that has become the driving force behind business today. With an alternative workplace becoming the new norm, the flow of company data between in and out of homes and offices is becoming more common.

With this being said, secure company content is not as secure as it once was.

 

Office1_Blog_1

Companies are now not only permitting mobile devices into their practice, but encouraging total digital transformation due to the newly enforced work-from-home policy. This has led businesses to depend on technology now more than ever before to facilitate communication and initiate work tasks between employees, clients, and managers. Businesses are relying on personal devices so much so that the bring-your-own-device market is on course to hit almost $367 billion by 2022, up from just $30 billion in 2014 (BetaNews). As companies introduce more mobile devices into their practice, it is vital that they keep mobile security top of mind. 


The challenge, however, is finding the time and resources to manage each individual device to ensure premium safety, security, and usability. With the vast amount of personal data running through each system, the deployment of a mobile device management system can effectively control the access corporate workers now have from their couch. 

So, what is a mobile device management system (MDM) and why is it essential to implement in your business? MDM is the process of managing mobile devices by defining policies and deploying security controls like mobile application management, mobile content management, and conditional exchange access. Essentially, a MDM allows you to have a bird’s eye view of the mobile inventory of your employees. Without this system in place, you have little control over third party actions on these devices that may be a cyberthreat to your business. With these top five practices, you can effectively deploy a simple and secure device management procedure that will be well-received among your employees. 

 

Establish a BYOD Policy 

First and foremost, with the recent increase in the use of personal devices in the workplace, effectively implementing a BYOD (bring-your-own-device) policy will provide secure protection of the company data that is floating around in remote workers’ pockets.  As you manage an alternative office, it’s vital that you’re transparent with your employees about what devices are and are not permitted to access company data. Without stating which devices are permissible in your home office, employees could be accessing business workspaces on devices that you cannot monitor or control. 

A policy about mobile devices. BYOD

Because of the vast range of makes and models of all different types of digital devices that now exist in the workplace, establishing clear policies regarding what specific devices are acceptable is key to effectively managing each individual device. For instance, if you only want iPhones and iPads, notify your employees specifically. Likewise, if all Android products are not permitted, make this restriction distinct. If there is concern about whether or not employees will abide by these guidelines, you could also hand out company-wide devices paid for by the business. While this may seem like a large expense, the pay-off may be far greater than the worry of not having an accurate inventory of all the devices being used for work purposes. 

A new system in place may cause a surge of questions that you will need to clearly answer for your employees in order to avoid any confusion regarding what they should and should not do to keep compliant with new company practices. Some questions you could receive may include: 

  • What happens if my device is lost or stolen? 
  • Can I use multiple devices, such as my mobile phone and laptop, to access my work?
  • Can I also access personal data on devices that are controlled and monitored by my company? 

As such, establishing clearly defined security policies with your employees to ensure the protection of confidential information is vital to a MDM system working in your favor. With workers able to access company information from their homes, implementing strict security guidelines will curb any potential pitfalls in terms of lost information or unwanted shared data. Establishing an authentication system, for example, means that your system will require a new password for each log-in. While this could get old, it provides an extra layer of security that will benefit your business in the long-run. 


Implement ‘Containerisation’

A whopping 89% of people admit that they use personal devices to access critical work information. Although business applications are becoming more easily accessible on mobile phones and tablets, we know these handheld devices are also overflowing with personal apps unrelated to work content. Even the most cautious employees could potentially be putting their company at risk by downloading personal applications and accessing third party content.

Without complete knowledge of how exactly personal devices are being used to access work information, there is no way for you to have control over potential risks.  

Office1_Blog_3

‘Containerisation’ is a simple solution for this problem where employers like you can establish what the employee can use and see related to company files. Personal data and professional data are separated into their own ‘containers’ on the device, allowing you to have control of the professional data without affecting personal usage. Think of it as ‘work’ vs. ‘play’. This practice is perfect for businesses that have a BYOD policy in place because it allows you to effectively take additional security measures on the business ‘container’ on a personal OR company owned device. Some key benefits of containerisation include: 

  • Device managed wipe-  This allows for a company to completely wipe the work container remotely. Nevertheless the personal data remains untouched.
  • Data flow protection- Through Containerization admins can strictly set security policies to control the data flow from in-outside the container through a mobile device management solution.
  • Isolation- Containers virtualize OS-level CPU, memory, storage, and network resources, providing developers logically isolated from other applications with a sandboxed view of the OS.
  • Run anywhere- You are able to run containers anywhere greatly easing deployment and development. Ranging from Linux, Microsoft, IOS to data centers and public clouds. 

Another benefit of containerization is that there can exist two versions of any app, inside and outside the container if certain apps are meant to be used for both work as well as personal purpose. The flow of data between both versions is restricted in addition to the transfer of data, in and out of the container. 

Two phones, one with personal social apps, and the other with secured documents on it.

So how exactly can you enact containerisation in your employees’ devices? The good news is that several MDM solutions have an array of management modes, which include: 

  • Device owner (Fully managed device) – The company has full control over the entire device. In the case of corporate-owned devices provisioning the device as Device owner ensures that the device is entirely managed by the organization. Device owner supports all the profile owner supported features along with additional features such as kiosk mode (allowing organizations to set up devices for a specific use) and a set of advanced restrictions.
  • Profile owner (Work profile) – Certain programs create a dedicated work profile that isolates and protects work data. Admins will have complete control over the work apps and data but have no visibility or control over the personal apps and data on the device. Google suggests personal devices to make the MDM agent a profile owner, where they obtain access to both personal and work apps, work apps being marked with a work badge.


Encrypt Sensitive Data  

Once you’ve ‘containerised’ employee devices, you should be sure to encrypt all sensitive data belonging to the company. Encryption acts as an extra layer of protection from theft by reducing delay time in wiping the content from lost or stolen devices. For example, encrypting data prohibits someone from connecting a stolen smartphone to a PC and synchronizing sensitive data from the device to the PC. 

The task of managing that encryption should be handled by your mobile device management (MDM) solution. You want to ensure that encryption is enabled across the entire device, especially for any data downloaded to the device, including files, application data, and so on. Be cautious to ensure that when you enable encryption, you know exactly what is being encrypted and what isn’t. For instance, the default encryption policy on a device might encrypt data on the device disk itself — e-mail, contacts, calendar, and personal documents — but might not encrypt data saved to removable media such as an SD card, for example. If you are not careful, you might not be protecting the desired data. 

A magnifying glass over encrypted text

Depending on the device, it could be possible that encryption is already automatically installed. This is true for the devices with iOS 4, however, not all devices. This is why MDM is necessary to enable encryption capabilities across all devices. It’s nearly impossible to completely lock down a personal mobile device that isn’t owned by the company. By ensuring all company sensitive data is encrypted, you can have ease of mind if this data leaves the business ‘container’ because it will be protected from outside threats. 


Keep an Eye on Apps 

As mentioned previously, mobile applications can be a helpful tool depending how you use them. When used improperly or without regard to company safety, apps can pose a potential risk for leaked company data. For example, apps like Dropbox allow employees to store company information without the business’s knowledge. While this may not seem threatening, what happens if the employee switches companies or misplaces her device? These uncertainties are unsettling for any office manager and must be prevented before it becomes a problem. With this being said, it’s important that you are watching which apps are downloaded on these devices. So how can you keep an eye on this with half of employees working from home and half working from other alternative offices? While this may seem like a cumbersome task, luckily, your MDM platform provides monitoring capabilities in which you can effectively manage application activity on your employees’ devices.  

Mobile Application Management (MAM) lets IT administrators remotely manage mobile apps from the apps already present on the devices to newer apps that are to be installed. IT administrators can manage them all with Mobile Application Management software, over-the-air. IT administrators can also configure policies for each and every app, including the data being handled by the apps. Further, you also get the list of all apps present on all devices accessing corporate data, which can then be used for auditing purposes.

Employee-owned mobile devices are here to stay, so developing a plan to manage them before digital security threats destroy your business is essential.

 

Keep Monitoring Your Devices 

After providing clear guidelines with your employees regarding how to follow in line with the company’s MDM procedures, it’s important that management closely monitors employees and their compliance with the rules.

Remote Device Management tips

Depending on what MDM software you are using, you have the capability of accessing device compliance status charts which illustrates total compliance states of all the devices in your system. Compliance states might looks like this: 

  • Compliant: The device successfully applied one or more device compliance policy settings.
  • In-grace period: The device is targeted with one or more device compliance policy settings. But, the user hasn't applied the policies yet. This means the device is not-compliant, but it's in the grace-period defined by the admin.
  • Not evaluated: An initial state for newly enrolled devices.
  • Not-compliant: The device failed to apply one or more device compliance policy settings. Or, the user hasn't complied with the policies.
  • Device not synced: The device failed to report its device compliance policy status because one of the following reasons:
  • Unknown: The device is offline or failed to communicate with Intune or Azure AD for other reasons.
  • Error: The device failed to communicate with Intune and Azure AD, and received an error message with the reason.

Overall, keeping every employee and their device in check with the procedures will contribute to the safety and security of the company as a whole. 

As an alternative worker, technology is going to become an essential part of your daily operation. Learning how to effectively and efficiently install and operate a mobile device management system could be the make-or-break success of your company in a now mobile-run industry. No longer do you need to waste time, energy, and productivity to individually manage each device. A MDM will provide a smooth operation that allows you remote access to push-down software, notifications to inform you about the compliance of all devices, and the control to lock or delete sensitive data. With this simple solution, you and your workers can be as productive and proactive as possible. Whether or not this ‘new normal’ is temporary or forever, this is the start of businesses revolutionizing a matter that will improve overall corporate functions.

 

Free Data Security Help

Categories: Mobile Device Management

Curtis Buhrkuhl

About Curtis Buhrkuhl

Curtis was born and raised in America's finest city, San Diego, CA. He has been with Office1 since 2015. Curtis has always been intrigued by computers and tech. He started by building computers in middle school and now provides consultation to our clients to organize and build their networks, helping to bring companies, both startups and established businesses, into the cloud. By partnering with Amazon Web Services, we have been able to successfully introduce a new innovative desktop experience.

Asset 1-4

Join the Conversation Around COVID-19 & Your New Work Environment! 

Receive newsletters, an exclusive dark web scan offer, and office best practices straight to your inbox.

blogs related to this

Alternative Workplace Tips: 6 Ways to Adapt to this New Normal

How Mobile Device Management Strategies Have Evolved to Work With Your Document Management