Mobile Device Management & Security

Expand all

The Risk

In an era where mobile smart devices such as smartphones and tablets are fast becoming indispensable tools of personal as well as professional use, organizations are faced with multi-dimensional challenges.  First and foremost, organizations cannot keep up with the ever-increasing pace at which such technologies change as their procurement, management, and maintenance is a highly costly endeavor both financially as well as technically. Secondly, they have to face employee discomfort when they assign such devices to them as this usually means that they have to carry around and get used to the functionality, look and feel of a device, which is different to their personal device.

To surpass these issues, organizations nowadays are inclined to adopt hybrid “Bring/ Use Your Own Device” (B/UYOD) programs, via which they attempt to capitalize on the operational benefits of the use of smart devices present, irrespective of whether these are corporate or employee owned. In this respect, organizations can cut down on their smart devices procurement costs by allowing their employees the flexibility to use their personal devices for corporate use, if they prefer to do so.

Although it is clear that the adoption of such a hybrid B/UYOD policy presents operational and financial advantages, it has to be recognized that it does so at the expense of corporate information security.

To explain, enforcing a hybrid B/UYOD policy within your organization, will allow you to save money by pushing some of the technology costs to employees, while keeping them connected anytime, anywhere. This flexibility is expected to be embraced by employees, as it will further facilitate mobile working.  However, while a B/UYOD policy is certainly convenient and will be less costly for your organization, it also raises potential issues, which if left unaddressed can quickly wipe out the potential gains. Furthermore, excessive security measures might also undermine the aforementioned benefits of allowing the use of personal or corporate mobile devices in the workplace.

The Challenge

The first and foremost concern you should be addressing when adopting a hybrid B/UYOD policy is the security of corporate data whether this means data being inadvertently or purposely leaked to outsiders. The risk of data leakage when enterprise information is allowed on mobile devices, increases mainly because you will neither have control over how corporate data moves outside the organization, nor what is installed on such devices.  You may also have minimal control on how well they are protected against loss or theft.

In addition to the adoption of policies that will ensure the security of your data, you would also have to incorporate policies that will provide a consistent B/UYOD user experience.  Relevant issues which should be addressed include the extent of control that users will have, the types of devices which will be allowed to access the organization’s network, as well as, how the privacy of employee personal information residing on these devices will be safeguarded.  These require a structured, yet flexible B/UYOD program to ensure a reliable user experience whenever users connect to the network.

Enabling Your Organization

To address these challenges, you should be implementing a practical and measured B/UYOD policy approach, away from any excessive security measures. This approach should be based on the adoption of an efficient mobile device lifecycle management policy across the organization.

Odyssey’s comprehensive mobile device management solution helps organizations simplify processes across multiple device types and mobile operating systems, and enables remote visibility and control over mobile devices used by your workforce.

To ensure the deployment of an efficient and effective mobile device management policy which successfully addresses the organization’s needs and objectives, Odyssey has developed and implements a diligently designed six-step deployment methodology.

 
Mobile device management deployment methodology

The goal of this methodology is to ensure that we fully understand your organization’s business objectives and requirements. This will enable us to work with your team to determine and precisely define your needs and expectations of a mobile device management system.  During this process, we will clarify mobile asset and device inventory related issues such as which devices will be managed, what physical details need to be tracked, how the mobile devices will be classified and how the inventory list will be maintained.

Once we have a holistic understanding of your needs and objectives, we will execute on a set of capabilities that will support your organization’s mobile devices through their lifecycle.

The process starts with device configuration and ends with decommissioning of the device.

The first step in the process is to configure the device.  This includes developing a set of device management policies reflecting the organizational policies, which will govern the use of mobile devices in the organization.

The second step involves the provisioning of the device, where the users enroll, the policies and applications are delivered to the device and users are granted access to applications. During the provisioning step, our team will work with your organization to develop a set of policies, such as which platforms will be supported, how managed devices will be enrolled in the Mobile Device Management system, how the software will be installed on each new device and how each device will be configured to override factory defaults.

Securing the device is one of the most important phases in the mobile device management lifecycle as its goal is to protect sensitive data from leaking outside the organization. During this phase, we will ensure that devices are secured by configuring security settings, blacklisting applications and restricting device resources. We will also recommend solutions that will help with user authentication, password policy enforcement, and remote device wipe in the case of device loss or theft. Equally important to consider here, are data encryption policies that will prevent unauthorized access to corporate data stored on mobile device.

Last but not least, we will help you enforce policies for the necessary support, troubleshooting, monitoring and reporting on the device, service and infrastructure. The final stage in the lifecycle management is the decommissioning of the device when it is no longer in use. 

Doing it right: Our Mobile Device Management Solutions’ Key Features and Benefits.

Our Mobile Device Management solutions are largely characterized by the following Key Features and Benefits:

Key Features

Benefits

Support of all major mobile platforms such as iOS, Android, Blackberry, Symbian, Windows etc. 

Provide a flexible Bring/Use Your Own and Corporate Device program which brings particular advantages to the organization such as:

  • Safeguard corporate information found on mobile devices and
  • Increase employee productivity and satisfaction, by allowing employees to use device of choice and by taking advantage of the latest mobile technologies available.

As a result reduce the overhead cost and IT resources needed for administration and management of these devices.

Allow access to corporate resources based on specific mobile brand devices.

Provides the capability to authorize which brand, type and model of a mobile device will have access to specific corporate resources.

Basic or Directory-based (AD/ LDAP) authentication.

Ensures that user is a valid company employee with authorization to access corporate information using his/her device.

Allows the configuration of device security policies, including content encryption based on user’s ownership type and identifies compromised devices.

Helps the organization to embrace device security, configuration management and device control, thus ensures that security objectives are achieved.

Ability to remotely lock or wipe the information from the device.

In a case that a corporate and/or authorized device is lost or stolen corporate information is removed.

Verifies whether device and/or storage, SD card, is encrypted and detects when device uses an unapproved SIM card.

Prevent data leakage of corporate data by encrypting local data storage.

Detects when a device uses an unapproved SIM card and takes preconfigured actions such us, remove access permission.

Create and enforce compliance policies and set up automated actions for non-compliant devices.

Enforce organizational policies, and ensure compliance with legal and regulatory requirements.

Track and view real-time device information via interactive dashboards.

Gain real-time visibility into mobile environment.

Ability to act fast in response to security events or other improper use.

Set privacy policies that do not collect personal data and define granular policies to prevent collection of GPS, user info, app lists and telecom data.

Isolate and secure corporate data from personal data on devices to protect employee privacy.

 

Remaining Secure – Support tailored to your needs

We very well understand that to remain effective, a security deployment requires constant monitoring, fine-tuning, updating and maintenance.  These requirements may prove a burden your small/medium business is not poised to undertake.  We have, therefore, structured our post-deployment services so that you may have the level of support you need, in order to achieve maximum return on your investment, with the least of worries.

Our suite of post-deployment services range from simple Maintenance and Support, to full-fledged Managed Security & Outsourcing Services.

This solution comprises part of the “Design & Implement” phase of our Information Security Continuum (D&I).