Whether businesses are willing to admit it or not, the use of personal devices on the company network is increasing. Some organisations continue to push back against bring your own device (BYOD), while others have embraced the inevitable – nearly 60% now permit employees to connect their own smartphones and tablets to company systems
Other reports suggest that employees truly value these mobility programs – when questioned, 39% said they would leave if BYOD provisions were not available
BYOD cannot become a free-for-all
For the CTO, BYOD is a headache. And allowing users to drive the company mobile strategy is a step too far, particularly as employees are seen as the number one threat to security by 78% of IT managers
The concerns extend well beyond security too. Among the many issues the CTO needs to address are:
- Supporting multiple devices, operating systems and apps.
- Ensuring that data and intellectual property is properly secured against loss and theft from mobile devices.
- Verifying that data protection and compliance standards are upheld at every point of the new extended network.
- Relevant safeguards are applied on the mobile device to restrict unauthorised access, and to protect against loss or theft.
- How to ensure operating systems and apps are kept up-to-date to prevent security being compromised.
With so many legitimate concerns, manually managing the mobile estate is out of the question. Leaving end users to resolve these issues themselves is also out of the question.
Which is where mobile device management (MDM) comes in.
MDM is key to managing BYOD effectively
Mobile device management (MDM) is similar in operation and effect as your in house network management console (like Active Directory). When a user asks to connect their device to the corporate network, it is enrolled with the MDM system. You can then define and enforce a number of security provisions remotely.
MDM greatly simplifies mobile administration:
- The system takes care of operating system differences automatically, extending the range of devices the IT team can support.
- You can grant and revoke access to key resources from a central console on a per-user, or per-device basis.
- You can define basic policies to ensure that devices are running the latest patches and updates before granting access to network resources.
- You can deploy apps – like antimalware protection – to all enrolled devices, instead of relying on your users to make the necessary updates.
MDM is not necessarily stand-alone either. You can integrate the MDM’s authentication system with your existing domain controls, allowing consistent application of permissions and group memberships. This then streamlines the mobile deployment process, reducing your own administrative burden without sacrificing much-needed security.
Creating a break between personal and professional lives
Smartphones are central to our personal lives, acting as our default diary, address book and messaging tool. But to prevent sensitive personal and professional data being exposed to each other, you need to apply additional controls.
MDM allows you to create a sandbox on the user’s device, acting like a firewall between the two types of data held. Outside the sandbox, users are able to use their smartphone for social networking, chat and personal communications. Inside the sandbox you can install a series of business apps – email client, instant messaging, CRM etc – that are reserved for use in a work capacity. Data from outside the sandbox cannot pass through the firewall, nor can business data be taken out of the partitioned space.
Taking this sandbox approach segregates data efficiently, and reduces the risk of breaking compliance and data protection rules. The sandbox can also be managed efficiently from the MDM console – even if the device is not currently on site. You also have the ability to wipe the data remotely should a device be lost or stolen.
Centralised is the future
Even though the MDM platform may be located in the Cloud, the ability to control all of your users’ BYOD devices centrally will dramatically reduce your management overheads. In fact, MDM is the only way to deploy much needed mobility, without sacrificing resources required for managing and supporting other line of business applications and systems.
To learn more about MDM, or to arrange a demo of On Line Computing’s own hosted service, please get in touch