Last week we posted a blog about all the exciting phone announcements to look forward to this year, and that got us thinking. While getting a new phone is fun, there’s a lot more now-a-days to keeping your phone secure, and as more and more employees use their phones for work purposes there is a fine line that employers have to watch out for.
Today i’m going to just scratch the surface of “Mobile Device Management.” as always, if you have questions, or think this is something your company should be doing, let us know!
First and Foremost, what is “Mobile Device Management”?
Mobile Device Management is defined as “a type of security software used by an IT department to monitor, manage and secure employees’ mobile devices that are deployed across multiple mobile service providers and across multiple mobile operating systems being used in the organization”... I know, I almost fell asleep too.
So, let’s break this down into a non-technical description.
Essentially, every company has smartphone, tablets, and laptops—”mobile devices”—that require something less traditional than your internal security suite of having only corporate-owned devices attached to an internal system that The resolution to this is a mobile device management system that operates over the internet, which is perfect for remote employees or devices not on the internal network all the time. Most of these systems provide the ability to remotely wipe the device, set security settings - for example force encryption and passwords - and network settings like being able to push settings to the device, and details on how to connect to the company WiFi.
So why is this important? Well it really comes down to security.
I think it’s safe to say that a majority of workers primarily use mobile devices, whether that be a phone, tablet or laptop, for work. In this day and age, it’s almost impossible not to.
But mobile devices are still susceptible to data loss, intrusions and malware just like desktops. The Breach Level Index shows that 1,023,108,267 records were breached in 2014 and in that same year there was a 75% increase in US mobile malware rates according to Lookout. These are significant numbers, and it’s also probably safe to say that in the past 3 years they have only continued to increase. This is why MDM is so important. It protects these devices against hackers, breaches, and malicious intrusions and gives companies the ability to wipe confidential information should the phone be physically lost or stolen. My phone is basically attached to my hand, but Consumer Reports reported that in 2013, 3.1 million smartphones were lost or stolen… that’s a lot of potentially confidential information with the possibility of being released into the world.
Because it’s so important, and we know that not every company has the same needs when it comes to security and MDM, our CTO put together a short list of recommendations.
- Cisco/Meraki: This suite is pretty popular, and they offer a 30 day trial.
- Symantec: Their Mobile Device Management system integrates with other Symantec security products.
- Microsoft InTune: This is what we use internally and recommend to our clients.
- Google Apps: This is only a lightweight MDM built into the platform providing the capability to set a few security settings and wipe phones remotely, but doesn’t offer the ability to push apps, or perform other functions that higher end MDM systems allow you to do.
I mentioned above that we use Microsoft Intune. We really use a hybrid-cloud configuration of Microsoft Azure Active Directory and Microsoft InTune (full disclosure: we are a Tier 1 Microsoft Cloud Solution Provider), and this is what we recommend to our clients as well. Here’s why:
Microsoft Intune has a lot of features and integrates well with Azure Active Directory. Azure Active Directory is the cloud-based evolution of Microsoft’s long-time Active Directory product, and it serves much the same purpose—hosting user accounts and authentication details. Since Intune integrates so nicely with Azure Active Directory, phones or devices with this software installed can be tied to Azure AD accounts so everyone just has to use one password across a multitude of devices and services, password resets are quick and easy, and everything can be wrapped up tightly behind the built-in multifactor authentication built into Azure Active Directory.
There’s a good chance that most companies using Intune are also using Azure AD.
Intune was also one of the only MDM systems that aligned with our ethical ideas of what a company should and shouldn’t be able to do. What I mean by that is, most other MDM platforms make it relatively easy to spy on end users with things like remote screen capture, recording of browser history, etc., which is something we are not about. With Intune we have the ability to protect corporate data and wipe only company apps/email accounts on the phone without the ability to see the employee’s personal data/email/texts/etc.
With all the good and necessary things about MDM, there are challenges, as with most things. The biggest being privacy concerns.
While it’s not as big of a deal on company-provided devices, mobile phones are typically employee-owned so it’s easy for employees to feel as though they are being spied on. How do you overcome this? We’ve found that being up front about what the software does, and choosing a system with privacy in mind is the best way to go.
Other concerns involve cost, plus the work required to rollout and maintain the new solution. Without ongoing auditing/monitoring/management plus company policies to enforce all the guidelines, knowing that users are non-compliant doesn’t do much good.
Now, we know that for the average user this is a bit much, but if you and the majority of your company are conducting work on your personal mobile device, this is something that you should look into.