Six Quick MDM Tips for the Security Executive

There is not doubt we are seeing an onslaught of employee owned mobile devices entering the enterprise. For an IT security executive these new devices and the variety of operating systems they work off of, compiled with legacy or existing company owned devices, can make enterprise mobility security a dizzying task. With so much to manage and with technology evolving at such a high rate making it tough to keep up, it is important remember some of the basics. Gordon Makryllos in CSO has highlighted some of those basics which, when are kept in mind as an enterprise’s mobility increases, can help keep the ship on course.

1. Have a strong mobile policy

“A mobile usage policy is a framework that defines who the users are and what devices, platforms and applications they can and can’t use. Enterprises must clearly define policies around reimbursement for services and what applications users can access via personal devices, along with clear guidance on who controls the data on devices.”

2. Create an inventory of assets

“Businesses with accurate inventories have much clearer insight into their telecommunication environments and as such, more reliable information on which to base policy decisions.”

3. Ensure proper configuration of devices

“If a device is enrolled with a mobile device management server, a configuration profile defined and managed by IT admin can be implemented, enabling the device to interact with enterprise systems. An appropriate level of encryption can also be added to any commands coming from the server to ensure that settings cannot be altered without proper authorization.”

4. Implement appropriate security

“In addition to implementing data encryption, enterprises need to inform workers about the risks of failing to comply with security protocols – there is a good chance that they are unaware of the risks associated with using their personal devices for professional purposes.”

5. Regulate application protocols

“Malware is steadily creeping into the app world, so even applications from the app store need to be checked before they are allowed into the enterprise. Such malicious applications can take over the mobile device and operate in the background without the user knowing, searching for sensitive information such as passwords or banking details.”

6. Provide training and end-user support.

“Support and training can increase worker efficiency and also reduce security risks, as employees better understand how their devices work.”

One thought on “Six Quick MDM Tips for the Security Executive”

  1. It is a good idea to verify “security” claims by MDM’s. Many times they truly believe that secure dev best practices have been followed only to have independent third party mobile security experts find significant vulnerabilities. Several MDM’s have taken the initiative to have these audits performed on their solution. They should be happy to let you know that they have done this. If they haven’t, you might want to consider getting the audit done on their platform using your implementation.

    An example of a vulnerability found on an MDM solution is the preloading of authentication credentials. Certain MDM providers, when placing the device in a locked state, will preload the user’s credentials in an effort to expedite the unlock process, rather than allowing for proper authentication on the MDMs backend servers. Another example of a vulnerability discovered was the mishandling of device requests. Whenever the MDM providers application would make a request to its back-end server, the device would pass the user’s login credentials with every request, rather than utilizing authentication tokens.

Comments are closed.