BYOD (Bring Your Own Device) policies have been evolving over the last decade as companies try to balance the benefits of increased productivity and decreased equipment cost with the menagerie of security considerations that come with covering a host of mobile devices. Employees work best (and happiest) on equipment they’re accustomed to, but an open mobile device policy can poke holes in a company’s network security and provide leak points for sensitive data.
So how to allow employees to bring devices to work and still protect your network security? The answer for many is device and application settings that allow users the freedom to get work done without compromising security (or freedom).
Mobile Device Management (MDM) minimizes risk for companies by keeping close tabs on what happens on each device, and is the more intrusive of the device management strategies. MDM systems allow IT departments to track information about mobile assets such as their owners, their current condition, their usage, service and support requests made for them. Basically, MDM allows the company to see everything happening on a particular smartphone or tablet.
While some applications of this concept can appear totalitarian in practice, everything is geared toward maintaining the security and integrity of a mobile asset. Users must have their mobile devices password protected to prevent unauthorized use by other employees. The IT department may also install remote wiping software so they can ensure deletion of all the data contained on devices that are reported lost or stolen. GPS may also be installed on devices to help track their movement. MDM can also block users from downloading apps that are not on the company’s list of allowed programs. It’s rare that this method is implemented in entirety without complaint from employees who own the monitored devices.
The tricky part is balancing the capabilities of your MDM solution with the privacy and personal interest of the mobile asset owner. Going too far may go against one of the goals of BYOD which is to promote convenience for your employees. This is where Mobile Application Management (MAM) comes in.
MAM focuses more on enabling employees to access company data and applications on their private devices without intrusively securing the entire device. Instead, MAM systems impose control and restrictions only to specific areas/functions or applications. By distinguishing between personal data and company-related data, MAM systems allow IT departments to track and view only what it needs to. If a device is reported lost or stolen, only data the system recognizes as company-related can be remotely erased. MAM also does not fully restrict the download and installation of unlisted programs. It just prevents such programs from accessing corporate data.
The primary drawback of MAM is that it uses a unique code for each type of mobile device, which can require more IT setup time, effort, and resources before it is able to cover all devices.
Integrating an MAM system to your MDM system can be the best solution to finding the right balance between security and enablement. You can let your MDM system handle basic security and integrity while MAM handles advanced and specialized controls. This way, the minimum required level of security can be achieved while still allowing employees to do more work using their mobile devices.
Instead of using a list of allowed programs, you can instead make a list of unwanted programs or a blacklist. You can then set the MDM to handle the blacklisted applications while the MAM handles the rest. This way, employees can still download and install apps that they want without compromising the network with known malware.
Mobile devices offer challenges for business security. But with a thoughtful MDM/MAM policy, you can keep things secure and convenient for employees and guests. Don’t be hasty. Make sure you take your time in determining what elements and functionalities your MDM/MAM solution will possess. With so many options available, it is highly advised that you study each alternative so that you can find the best combination that will work best for your business.
Curious to learn more? Contact your Atlanta managed IT service provider today!
Forty-three percent of attacks are aimed at SMBs, but only 14% are prepared to defend themselves (Accenture).
More than 33 billion records will be stolen by cybercriminals by 2023, an increase of 175% from 2018.
The internal team was energized. With the Level 1 work off its plate, the team turned its attention to the work that fueled company growth and gave them job satisfaction.
It takes an average of 287 days for security teams to identify and contain a data breach, according to the “Cost of a Data Breach 2021” report released by IBM and Ponemon Institute.
The three sectors with the biggest spending on cybersecurity are banking, manufacturing, and the central/federal government, accounting for 30% of overall spending (IDC).
The cost of cybercrime is predicted to hit $10.5 trillion by 2025, according to the latest version of the Cisco/Cybersecurity Ventures “2022 Cybersecurity Almanac.”.
40% of businesses will incorporate the anywhere operations model to accommodate the physical and digital experiences of both customers and employees (Techvera).
The average cost of a data breach in the United States is $8.64 million, which is the highest in the world, while the most expensive sector for data breach costs is the healthcare industry, with an average of $7.13 million (IBM).
We did a proof of concept that met every requirement that our customer might have. In fact, we saw a substantial improvement.
We did everything that we needed to do, financially speaking. We got our invoices out to customers, we deposited checks, all the things we needed to do to keep our business running, and our customers had no idea about the tragedy. It didn’t impact them at all.
“We believe our success is due to the strength of our team, the breadth of our services, our flexibility in responding to clients, and our focus on strategic support.”