Have you noticed that mobile devices and the Internet of Things (IoT) are changing our society and the way we do business? Indeed, you need only look around any type of workplace to see we’re becoming an integrated digital-human workforce that counts on mobile devices to deliver anywhere/anytime business productivity. The catch (you knew there was a catch, right?) is the number of serious challenges related to mobile device management (MDM).

Making Employee-Owned Devices Secure

We’re past the point now where employees expect to use their own mobile devices for business purposes. They began demanding that convenience because their employers didn’t provide them with smartphones, and because they didn’t want to carry separate personal and business phones. What’s more, a lot of employees are savvy enough to get around barriers to using their personal devices for work.

But management has had concerns about the security of company data being compromised by personal handsets, exacerbated by a rash of media stories exposing corporate data leakage. Hence, managers have taken a few approaches to protecting their workers’ mobile phones.

Since they would need to immediately delete all sensitive data if a mobile handset is lost or stolen or if the employee leaves the company, companies have migrated people over to the Microsoft Office 365 platform so that mobile device data storage is unnecessary. IT managers are also securing company networks for employees to connect using their device while in the office. And since mobile flash file systems let people share sensitive information over mobile handsets, IT managers are restricting this kind of data access when necessary.

Monitoring mobile handsets to track staff is another use for MDM, but that can be a non-starter if employees are reluctant to be tracked and don’t agree to submit their own phone to such surveillance.

What An Endpoint Management Solution Can Do

Managers are wary of employees who want to save company content in the cloud, especially since it’s impossible to identify the people who are using personal cloud storage. This contributes data leakage and requires monitoring. Cloud-based, remote monitoring endpoint management (EM) solutions can be used to identify those who install unauthorised apps and prevent malicious intrusion of desktops, laptops and mobile handsets.

Among other things, the endpoint management platform can lock down the USB drive on a device so that it can’t be used, and alert managers if anybody tries to set up any unauthorised FFS apps. Endpoint management solutions allow companies to control what is being downloaded or plugged into devices.

Integration As An Answer

Beyond EM, companies are looking at even bigger-picture strategies, namely, enterprise mobility management tools that integrate mobile device, app and content management in an end-to-end solution. This empowers IT professionals to detect corrupted devices that endanger company data, and collaborate with users to define business needs and identify apps that employees need to work more efficiently – all without undermining security.

By taking this direction, IT managers shift from ad hoc device management to a position in which devices, access and identity management work in a symbiotic relationship to control who can obtain what data from which conduit.

The Importance Of Having A Policy

Companies that want to get on top of the data leakage problem need to develop and implement a well-defined MDM policy. Such a policy involves auditing, blocking unapproved access, removing data that can be compromised and locking down devices so that they can securely plug into the company network.

This type of policy, for a managed bring-your-own-device (BYOD) environment, gives companies full visibility into the devices connected to their networks. It issues and controls secure corporate credentials for Internet connections. It also enables company access to all employee-owned devices that have corporate email and employee self-service (ESS) privileges.

Configuring devices to lock with a personal identification number (PIN) is an effective mandatory option in this regard, so that a registered, employee-owned BYOD devices requires a PIN to open in all circumstances. In any case, it’s easier to carry out a policy that covers many devices if an automated MDM process is put in place. Solutions can instantly monitor and manage thousands of devices within hours of set-up.

Not all data is created equal. To determine the types of data that can reside on employee-owned phones, policies can classify data such that private and confidential information is a higher protection priority than public and sensitive information. Besides, it’s much harder to justify completely controlling a personally owned device, even if it is accessing company data.

Since all machines are not created equal, the same policies can be used to decide not just who gets to access certain data and applications but what devices can tap into that information.