We explain how a mobile device management system can help secure your business data, and why it doesn't have to cost the earth.
Do you ever worry about your business data in the hands of employees? A mobile device management (MDM) system can protect your data from loss, theft or inappropriate disclosure.
An MDM system can remotely lock or wipe devices that have been lost or stolen, or automatically lock devices that have been inactive too long. It can ensure staff comply with basic security measures, including the use of complex passwords or passcodes, and encryption of data on devices. It can also automatically install relevant security certificates and disallow the use of devices that have been jailbroken or rooted – and it can ensure these precautions are taken before business data is allowed onto devices.
We’ve explained the importance of having a mobile strategy and policies recently, and MDM can be an important component in the implementation these policies. For example, if your business is providing employees with devices, you could use an MDM system to exercise control over the applications that may be installed on the devices.
However, an MDM system can do a lot more than secure devices. From a central control panel, you can remotely set up email accounts and configure Wi-Fi settings. And rather than leaving the individual to take care of all of the installation chores, an MDM can push a collection of business apps onto the device, or at least present a list of work apps that should or may be installed.
At the top end, there are several advanced enterprise mobile management (EMM) systems available, such as VMWare’s AirWatch, IBM’s MaaS360, MobileIron, BlackBerry’s Unified Endpoint Manager, Microsoft InTune, Citrix XenMobile and Sophos Mobile Control, among others.
However, small and mid-sized businesses don’t have to spend a fortune on MDM. It’s even possible that it’s already available to you at no extra cost, because MDM is one of the lesser-known features of G Suite (formerly Google Apps) and Microsoft Office 365. And there other MDMs are available, some of which are very cost effective, especially if you don’t need advanced features.
Here are a few of the more affordable options.
G Suite Mobile Management
G Suite's MDM works with Android, iOS, Windows and other smartphones, with features including the enforcement of security settings such as screen locks, strong passwords and remotely wiping work accounts. There’s an admin console for easily managing devices, which even allows you to distribute Android or iOS work apps to staff phones quickly.
Office 365 MDM
Office 365 business plans include MDM for Android, iOS and Windows devices. Features include access control, policy enforcement (such as passcode active, device not jailbroken or rooted), and remote wiping. It may be a good way to get started with MDM, and if you find that you need a more comprehensive set of MDM capabilities, you can upgrade to InTune.
AirWatch Express is an entry level version of the full AirWatch system. Express costs $US2.50 per device (Android, iOS, macOS or Windows) per month, and offers app distribution, email and Wi-Fi configuration, device setting control (such as passphrase enforcement), and remote locking and wiping. Express also may be a good way to start, but offering an upgrade path for the future.
Jamf Now costs $US2 per month per device (the first three devices are free), but only works with iOS and macOS. It handles app distribution (via the App Store and the Mac App Store), device settings, email and Wi-Fi configuration, remote locking and wiping, and separates work and personal app data. Deploying OS and non-Store app updates and preconfiguring app settings are among the additional features found in Jamf Pro, which starts at $US3.33 per month for iOS and $US6.25 for macOS, with a 25-device minimum.
Separating business and personal data
The ability to remotely lock or wipe devices is useful, but it is important to consider that the requirements and expectations of the business may differ from that of the employee. For example, the business might be inclined towards wiping phones as soon as they are reported lost. But someone who has just photographed their newborn child and lost their phone on the way home from the hospital before the shots are backed up might prefer to hold off until they feel sure it isn't going to be recovered or returned. (Yes, we know that mobiles can be backed up on the move, but not everybody does that.)
So an MDM should be able to treat business and personal data separately. One way this can be achieved is to quarantine business data in encrypted containers that are only accessible from specific and managed apps. An example is the Dynamics system that became part of BlackBerry's range when that company acquired Good in 2015.
Rolling out MDM
It’s important to choose the right MDM for your business – and again, there are several others to pick from, not just those covered above – and then implement suitable policies for your circumstances. For example, if you take a Bring Your Own Device (BYOD) approach and don’t contribute anything to employees’ phone costs, then it’s difficult to insist that you have tight controls over what staff install on their devices.
But used correctly, an MDM will help secure your business data and may provide productivity benefits.
There might be some pushback from employees, especially those who don't even take the basic step of protecting their devices with passcodes, in which case it's worth reminding them that at least some of the settings you're enforcing make their own data safer too. It may also make it quicker and easier to install the set of apps that they need for work.