Little known ways of managing mobile devices to prevent data loss

This article originally appeared on Stephen’s personal blog. You can visit it here. 

Most people feel naked without their smart phones and tablets. The adoption rates of these devices over the last five years have been explosive with an expected 10 billion by 2020, according to Morgan Stanley  (to give you an idea of the magnitude – PCs and notebooks are at about 1 billion today.) Morgan Stanley also predicts that 95% of devices purchased for business will be by employees. This means that there will soon be a diverse selection of mobile devices in the office (for example right now Softchoice’s Employee Choice model has brought hundreds of iPhones into our environment.) How is IT going to cope with this?

Device heterogeneity is a serious issue.  Similar versions of Apple’s IOS Operating System run on iPod, iPhone, and iPad devices. Android has been modified by several vendors including Samsung, HTC, and Motorola. HP recently introduced new versions of WebOS that run the Palm Pre3 and TouchPad.  RIM has also introduced the Playbook that works with Blackberry devices. Is your head spinning yet?

All of this heterogenity has left network administrators confused about how to apply one of the most fundamental principles to these devices: centralized management. Lack of centralized control and updating is an architecture built for an individual, not an enterprise. Centralized management of mobile devices is crucial as part of a Data Loss Prevention program because of they are easily lost, stolen, (and likely soon to be) compromised. 

Here are seven little known ways to implement a Mobile Device Management solution:

1.  Secure Architecture – Typically we are still connecting to Microsoft Exchange ActiveSync or Lotus Notes Traveler to get access to email, calendar, and contacts. The MDM solution must act as a proxy or be configured inline in front of the server so that the user must traverse the MDM before getting access to the server, and be forced to comply with policies.

2. User driven on-boarding – There are lots of users connecting to the network, and many users have multiple devices.  IT does not have the resources to bring each phone and tablet into the environment. The users should be able to sign in, authenticate, register their device, and have policies configured over the air on their devices without further assistance.

3.  OS compliance – One of the ways to prevent compromise is to apply system updates from the manufacturer. While there is not a supported way today to push software updates to the devices one thing we can do is detect what version they are running and deny the user access to the corporate network until the user updates the device.

4. Password Compliance – The requirement for a password along with the complexity of the passwords are some of the most common policies today. These password enforcement and complexity policies are critical on mobile devices, again because they are so easily lost or stolen.

5.  Enterprise Integration – There are many settings that administrators typically configure on laptops that they want to deploy on smart phones and tablets. Email, calendar, contacts, VPN, and wifi profiles are all typical on mobile devices. Administrators must be able to configure these profiles centrally and push them to users who are permitted to use them without having to touch every device.

6.  Restrictions – In some environments it is beneficial to be able to disable features. In a manufacturing plant it may be required to disable the camera. In an area where bandwidth is expensive disabling YouTube or iTunes may be required.

7.  Remote wipe – When the device is lost, stolen, or the employee leaves the organization it is mandatory for the administrator to be able to remotely wipe corporate data from the device. Typically this means removing email, calendar, and contacts, however the entire device can also be fully restored to factory defaults.

While we appreciate the management functionality today it is functionality that is quite accessible. There are many vendors who offer all of these features, and more. Because of the massive growth rates on smart phones and tablets it is common consensus that they will be the attack target of the future. The (not so distant) future will mandate anti-virus, web browser protection, encryption, and Data Loss Prevention software. All of which features the major security vendors excel at. The major security vendors also happen to provide leading MDM solutions that integrate into their endpoint security management solutions, making them not only a great fit for the best management and protection but also a great Total Cost of Ownership fit from a software management perspective.

Softchoice Security Solution Architects are well versed in Mobile Device Management solutions and are here to find the best technology and best fit for your environment. We’re here to help. You can connect with us by calling 1-800-268-7638.

This article originally appeared on Stephen’s personal blog. You can visit it here. 

 

About Stephen Perciballi

Stephen Perciballi is the Director of Security Solutions for Softchoice, one of North America’s largest technology solutions and services providers.