iPads, Tablets and iPhones
Voice Over Internet Protocol
Windows Mobile Devices
Mobile Device Management / MDM
How to Create a Mobile Device Management Policy
It’s hard to go anywhere today without seeing a mobile device in someone’s hand. The future of technology is in devices that everyone will use to communicate, collaborate and create. Mobile devices like tablets and smartphones aren’t the future of technology — they’re quickly becoming the present. Users are allowed to install any apps they want on their personal devices, and can access content that sometimes may be inappropriate for the workplace.
As more and more mobile devices find their way onto your network, you need a way to ensure security, to remain efficient, and to guarantee acceptable use. Mobile Device Management (MDM) is the solution to manage the use of mobile devices and maintain the integrity of your network.
The most basic MDM enforces password policies and allows a device to be wiped remotely in the case of loss, theft, or employee termination. More complex solutions are available, and vary by platform. Whether your devices use iOS, Android, Windows Phone, Windows Mobile, or a combination of these platforms, there are MDM solutions to help manage them. MDM services include:
MDM can be used to configure multiple devices at once when setting up devices for the first time, or reconfiguring them for new users. This can result in a great deal of time savings. Parameters for security, WiFi, proxy filters, and VPN can all be deployed with a single click. Settings for organization email, calendars, and contacts can also be managed. This feature can also be useful for ensuring quick standard configuration, even when adding a single device at a time.
Restrictions allow administrators to prevent unacceptable use of managed devices. These restrictions include preventing use of the device’s camera or taking screenshots, blocking the installation, removal, or use of third-party apps, and enforcing backup policies. They can also restrict the playback of purchased media by MPAA/TV rating and forbid the use of account-draining in-app purchases.
USER, DEVICE, AND GROUP POLICIES
Policies can be set by user, device, user group, or device group. In an educational environment, for example, different restrictions can be set for staff and student devices. In a business environment, administrative staff can be pushed settings that would not apply to other users, or vice versa.
OVER-THE-AIR (OTA) UPDATES
Once enrolled with an MDM server, managed devices can be reconfigured remotely. Changes in policy are implemented almost immediately, with no end-user interaction, as long as the device is connected to the internet.
MDM solutions can be used to make inventory a breeze. Upon enrollment, devices report their serial number, software versions, model number, and a plethora of additional information that can be used to keep track of your devices and their use. Net56 has deployed MDM solutions from multiple vendors in many locations, and is ready to help you navigate. Contact Net56 today to help determine the MDM solution that’s right for you.
1. A company security policy should be outlined for each user. Do not assume they understand the security policy, but hold employees accountable for abiding by them.
2. Don’t use a “one size fits all” approach. This creates a bad user experience. A better solution is to identify the needs of each user group, and implement multiple levels of security.
3. Never store sensitive data on the device, and always store as little data as possible.
4. Security should be built into every application and every device.
5. Go beyond MDM. Use technologies that offer more sophisticated capabilities than mobile device management systems. Possibilities include wrapping applications and secure network gateways. Applying security as close to the data as possible will improve the user experience.
6. Risk-based mobile management systems will determine what employees can and cannot access, and lock down the system if questionable downloads are attempted.
7. Enterprise mobility management should be controlled at the application layer. This makes it easier for the company to control data without locking down the mobile device.
8. Finger-print authentication should be used whenever possible.
9. Don’t assume the same policies and procedures for mobile device security will last forever. Technology changes so fast, you need to adopt to the changes quickly.