Over the last 5 years the number of mobile devices in use has exploded. It’s hard to find a person who doesn’t own a smartphone or a tablet of some sort. Their popularity has also led to the number of devices connecting to corporate networks increasing significantly. Whether companies realise it or not, users now have the ability to read emails or access documents from anywhere in the world, be it on their personal device or a company provided one. This fact is further compounded by another shocking statistic that was published recently in SC Magazine (www.scmagazine.co.uk) suggesting that only 17% of UK based firms actually know where their sensitive data is located!
IT organisations spend a lot of time and money securing their internal IT infrastructures with permissions and policies so that their internal assets are secured and not open to attacks, which could lead to downtime and financial loss. But what about mobile devices? With the introduction of BYOD a user can bring in their tablet and read their emails, with the potential for sensitive information to be cached on this device. That same user could then misplace their tablet or have it stolen. But what happens to that sensitive data? With the number of data loss incidents on the increase and the level of fines being handed out by the Information Commissioner’s Office, this is a topic no one can shy away from.
The key players in the technology market are also aware that mobile devices are starting to be a big thing in the enterprise world and are working hard to get more of these devices deployed into corporate environments. Recently Apple signed a deal with one of its biggest rivals to help increase this figure. An’ Enterprise Mobility Partnership’ was announced between Apple and IBM which will see users of Apple devices having access to IBM enterprise software and also IBM enterprise customers gaining access to Apple’s hardware, services and support.
In addition, the government has also recently expanded the current flexible working rules to cover everyone, not just parents of children under the age of 17. From June 30th 2014, employees, who have been with their current employer for 26 weeks or more, have a statutory right to request flexible working. The majority of these requests will be for employees to work from home or to alter the times they start and finish work. This will require some additional thinking as to how your employees connect into your IT network and access data from these remote and potentially insecure locations and also as to how you can manage these devices and the access they have.
So what’s the answer? Well there are several actions IT departments can take to improve the situation.
The first would be to look at your IT security policy and make sure it encompasses not only mobile users and devices, but also the information they can access. This can include polices for requiring passwords on devices, password complexity, locking down the device, blocking certain applications from being downloaded and even disabling functionality like the camera. Defining what your end users are allowed and not allowed to do on the device is also key. All of this needs considering even before you start to look at the technology to enforce this. Once the above has been decided upon, the next thing would be to consider implementing an Enterprise Mobility Suite (EMS). With the growth in popularity of mobile devices, the number of acronyms to manage these devices has also grown, with MDM, EMM, MAM, MIM and MCM all being tools and products that can help IT departments to manage the devices and the information they may hold.
- EMM - Enterprise Mobility Management
- MDM - Mobile Device Management
- MAM - Mobile Application Management
- MIM - Mobile Information Management
- MCM - Mobile Content Management
A fully featured EMS will be able to perform all of the above roles allowing IT departments the functionality and flexibility they require. Administrators will be able to lock down devices and set policies against them to meet their information and security goals. Apps can be pushed to devices with the traditional method of users installing apps themselves being blocked, meaning the IT departments can still keep control remotely. All of these features have been available to IT administrators for years to control their PC and laptop estate, and now this can be extended to mobile devices.
So how do you choose what EMS is right for your business?
Choosing the right EMS comes down to the requirements your organisation has set. As the features and functionality vary greatly between EMS solutions it is vital that these requirements are considered when selecting which EMS solution is right for you. An example of this could be the ability to implement Geofencing, a technology that allows devices to have policies set depending on their current location. This feature is not available in all EMS products so if this is an important requirement only certain EMS providers will be a viable option. This feature may be crucial to a school environment where administrators can restrict children’s devices when on school premise but not when at home or away from school. An example of this would be to disable the camera or block access to social media sites to deter bullying when a child is at school but not when at home or other location.
Another key feature available in all EMS solutions is the ability to remotely wipe a lost device. A freedom of information request by McAfee in 2013 showed that in that year alone 15,833 mobile phones where handed in to Transport for London. The number of lost tablets also increased by a massive 2876%. Without some form of EMS there would be no way to wipe these devices that may contain personal or even sensitive corporate data.
There are some major players on the market and a lot of money and time is being put into making these products as functionally rich and secure as possible. In February of 2014 VMware completed the purchase of Airwatch, one of the market leaders for mobile device management. Microsoft is also investing heavily in their EMS solution which they've called Intune. This can run as a standalone product hosted in the cloud or be linked into your existing System Center Configuration Manager environment allowing all devices in your network to be managed from a single application.
Managing your mobile devices may still seem like a new concept but with the investments being made by the likes of Microsoft and VMware to name a few, EMS systems will start to become mainstream over the next few years. With their different levels of maturity it is critical that technical, security and information requirements are defined before choosing which EMS to implement.