In today’s mobile, cloud-first world, organizations are allowing unprecedented levels of work to be completed from outside of the office. Employees and employers both benefit from the flexibility and efficiency that arises when workers can perform their duties from coffee shops, airports, their homes, and more. As such, providing employees with the ability to work remotely is an excellent way to attract and retain a talented, productive team. The devices and security measures used throughout an organization play a significant role in enabling safe, efficient remote work. Unfortunately, it can be quite challenging to determine which devices should be granted access to corporate data. IT teams need to consider how device policies and security solutions affect user efficiency, user privacy, and the security of corporate data. Unsurprisingly, the rising popularity of bring your own device (BYOD) has complicated the challenge of enabling secure remote work. A personal device that is used for professional and personal activities has access to the corporate network and the user’s personal apps – increasing the likelihood that corporate data can be accessed by unauthorized users or infected with malware. The workforce’s myriad of smartphones, tablets, and wearables represents an entry point for cyber threats that leverage devices to target corporate data.
1. Locking down devices: agent-based mobile device management (MDM)
Mobile device management (MDM) solutions are generally favored by large enterprises seeking to enforce security policies across a large number of corporate-owned devices. Typically, MDM solutions require software to be installed on all employee assets. This enables all devices to be centrally managed by IT administrators who implement features such as password protection, remote data wiping, the rejection of unsafe WLAN networks, and more. However, a major problem can occur with MDM if the mobile environment is heterogeneous, or contains disparate mobile devices and operating systems. Within these diverse environments, device management functions are often unavailable for some of the assets on the network. Because heterogeneous mobile systems are difficult to secure with MDM, it’s necessary for organizations to involve employees at an early stage of onboarding and implementation. This helps organizations to assess if the MDM solution supports all employee workflows and if deployment will be excessively challenging for certain devices. While agent-based MDM solutions can secure corporate-owned devices, they lead to privacy challenges when deployed on BYO assets. These solutions can allow companies to reset device settings, identify device locations, and collect information about device usage and user internet habits. When these capabilities are used on personal devices, it is often seen as an unacceptable intrusion into users’ private lives. As a result, many employees refuse having any kind of security software installed on their phones or tablets, creating substantial challenges for enterprise security.
2. From the device to the application: mobile application management (MAM)
Unlike MDM, mobile application management (MAM) focuses on securing company-provided applications that house sensitive data. Where BYOD is allowed, MAM is occasionally used to secure mobile data access; for example, when a traveling salesperson uses a corporate app on her or his personal phone to access customer relationship management (CRM) systems. To ensure that application data is sufficiently protected, company mobile apps are centrally managed by security administrators or IT personnel.
Despite the above, MAM has multiple limitations. While MAM can govern a number of corporate applications, it does not cover popular cloud apps like Dropbox and Slack. Like agent-based MDM solutions, deploying MAM requires the installation of software on employee devices. Additionally, as the solution does not provide device management functionality, a usage policy must also be installed on each device. Finally, MAM provides no assistance with detecting or blocking shadow IT.
3. Honing in on data: agentless mobile security
Fortunately for the enterprise, mobile security solutions can protect data without requiring anything to be installed on employee devices. Despite their agentless approach, these solutions can still provide MDM functions like data loss prevention and remote wiping of company data from even BYO devices. They also offer data encryption that can be extended to all popular cloud apps including Office 365, and Salesforce. This means that sensitive data is secure regardless of the app in which it is stored or the device through which it is accessed.
Through agentless solutions, security administrators can govern device access without the installation of intrusive software. As a result, they offer rapid deployment and alleviate users’ privacy concerns about employers accessing their personal information. In light of the above, these solutions are often adopted by businesses seeking to secure corporate cloud data as it is accessed by a variety of devices. With the growing popularity of cloud services and BYOD, the proliferation of agentless solutions will continue to increase.
Identify specific requirements
Organizations need to consider a variety of factors when selecting a mobile security strategy. First, IT administrators need to compile an exhaustive list of governmental regulations relevant to their firms. From there, they must ensure that deployment will not be impeded by users who want to keep their personal data private. In light of escalating BYOD trends, organizations should also identify the devices and operating systems in use, as well as the mobile applications employees need. Determining whether a security solution should be bolstered by legal agreements is another important consideration. Finally, all stakeholders need a voice in the decision-making process in order to ensure the adoption of a mobile security solution that is fair and effective for all.
1. Discuss how to expand physical security to address BYOD associated threats.
The physical security of confidential data and vital information related to the work on employees' own devices can be addressed to in following manner
(a)Using agentless security system to prevent the data breach from any device or aplication used by the employee, without compromising on his privacy concerns.
(b) Assigning company owned devices which are protected through MDM like features and only the applications relevant to the company's work can be installed on it. IN this case, there will be no issue of privacy,as these devices would be used for personal purpose.
While using one of the above mentioned techniques, the care must be taken to ensure the compliance to the regulations related to the use, ensuring legal formalities with employees and other relevant parties to avoid liability in later stage and training the employees appropriately about the usage policy that minimises the risks of data breach and also protects their interests.
Get Answers For Free
Most questions answered within 1 hours.