Four steps to implementing an effective MDM strategy

Mobile device management (MDM) is a common requirement for enterprises. Mathivanan Venkatachalam, Vice President, ManageEngine, shares his top tips for shaping a comprehensive MDM strategy.

  • Friday, 12th July 2019 Posted 5 years ago in by Phil Alsop

Remote work policies are becoming increasingly popular as businesses recognise how providing a better work-life balance can result in an overall boost in productivity.

Bring your own device (BYOD) culture is also on the rise with businesses allowing employees to use their own preferred personal devices such as smartphones, tablets, and laptops instead of devices supplied by the business.

From a security perspective, this puts business networks at risk. Companies enabling remote work environments and BYOD policies must formulate an effective MDM strategy. Here are the elements that enterprises should consider when approaching MDM:

1.       Set a clear objective

Begin by selecting which of the four main device categories each device falls into. These categories are BYOD (user-owned devices); choose your own device (CYOD); corporate-owned, personally-enabled (COPE) devices; and single-use devices. Once the device categories have been defined, it’s essential to set clear objectives on what the business needs to provide to ensure data security is managed effectively. 

This can be achieved using a set of questions, including: Which types of devices are permitted? Which employees are eligible to access corporate data from their mobile devices? What level of business access should the enterprise provide from each device? What security policies have to be imposed on each device? And finally, which apps should be provided?

The answers to these questions will help identify basic strategies to allow enterprises to use mobile devices for corporate access. 

2.       Ensure clear communication

An effective MDM strategy must provide clear communication to end users around what the user will be accessing from their mobile devices and what level of access the user will have on the device. For example, in an enterprise allowing employees to use their personal devices, employees should be given a clear understanding of what data they can access from their mobile devices and whether their personal data will be accessible to the company. 

Communicating to employees what changes are afoot and what access and restrictions they can expect from their devices will help avoid an influx of help desk tickets when the changes take place on their devices. 

3.       Manage data by device

The main purpose for an MDM strategy is to identify or secure the data on devices. There are three types of data on mobile devices: data at rest, data in transit, and data in use. Each of these must be managed in their own way. 

When it comes to data at rest, it’s important to encrypt the mobile device. Unauthorized data transfer should be restricted, whether it's through USB, Wi-Fi, or Bluetooth. If the device is stolen, the sensitive data on the device should be wiped.  

Data in transit requires routing all network traffic to a common, secure proxy or VPN channel. If the enterprise suspects using public Wi-Fi is not secure enough for users to accessing data through, that type of Wi-Fi connection can be prohibited. This way, organisations can ensure devices only use secure Wi-Fi connections while avoiding public ones. 

When it comes to data in use, enterprises should blacklist certain applications from devices to prevent access to malicious websites. Data sharing between managed and unmanaged apps and backing up to third-party cloud services or other third-party applications should be restricted. 

Secure, sensitive documents should also be managed. Sensitive data can be distributed to devices while ensuring data is only accessible from a secure, managed app. For example, if an enterprise allows certain devices to access email from Exchange Server, they should ensure that devices can only access the data using a managed application. If the device is not managed, access to email from Exchange Server should automatically be blocked.  

4.       Implement one solution to manage all devices

Implementing and managing an effective MDM strategy can be made easier by investing in a solution that enables device management anywhere at any time. It should include the capability to scan devices remotely, install agents, and monitor for and install operating system updates as well as other software updates. The solution should also have the capability to manage prohibited software and add or remove devices from the business network.

By following these steps and implementing a singular device management solution, enterprises will benefit from a safe, secure, and reliable MDM strategy that works around the clock and requires minimal input from the IT team.