Users are bringing their own devices to work, like it or not. To completely prevent users from bringing their own phones, tablets, and laptops requires a very militant and expensive array of solutions to properly secure the data.
Implementing an Enterprise Mobility Management (EMM) solution provides a better option for implementing BYOD that satisfies both users and IT. When it comes to EMM, there are 3 ways we advise clients to avoid data leakage, data loss prevention and reduce help tickets.
What is an Enterprise Mobility Management solution?
An Enterprise Mobility Management solution, like the one AirWatch offers, provides a simplified way to manage Android, Apple iOS, BlackBerry, Mac OS, Symbian, Windows Mobile, Windows PC/RT and Windows Phone from a central admin console.
Who really benefits from an EMM?
EMM is a technology that should be considered a critical component of the new borderless network. No matter what size, industry or user base you have, if your users are bringing iPhone, Android , BlackBerry devices to work – and you have important data – you need an EMM solution. For BlackBerry, you will need an EMM solution with the addition of BlackBerry’s BES infrastructure.
Our 3 best practices for EMM:
1. Configuring the devices
Once the user has successfully signed into the onboarding app we set the devices up for them. You need to ensure:
- Device password/PIN: Users typically don’t do this on their own. IT is the owner of the data, and this is the first line of defence in protecting lost or stolen corporate data.
- Email/Calendar/Contacts: Don’t fumble with the users over the phone to walk them through these configurations. It’s much simpler to configure it once in an EMM and push it to authenticated users.
- WiFi: Push a WiFi password maintained by IT to the device. If the user doesn’t have that password, they’re unable to add devices to your WiFi unless they enroll in the EMM.
AirWatch’s simple enrollment process provides a consistent agent-based flow for major platforms. Once users are authenticated, profiles, applications and content are configured automatically based on the user and device ownership type. You will be able to provide employees connections to intranet sites and corporate content, apps, Wi-Fi, VPN networks and more from their mobile devices by pushing profiles automatically or on-demand.
2. Managing Applications
It’s important to also consider the security of apps on the devices that we’ve just enrolled and configured. This is where Mobile Application Management (MAM) comes in. MAM allows administrators to push internal, public and purchased apps directly to devices.
One way to make it clear to users which paid applications are supported by the organization is to purchase and publish them through an enterprise app store. When the user goes into the app store they could see document editing apps, CRM, accounting, and others that have already been paid for and allocated by their organization.
AirWatch integrates with public app stores such as the Apple App Store, Microsoft Store and Google Play Store to allow access to public apps in the AirWatch App Catalog. Control app costs by setting cost control policies and designating apps as reimbursable or non-reimbursable in the App Catalog. AirWatch integration with the Apple Volume Purchase Program (VPP) allows you purchase apps, iBooks and custom B2B apps in bulk and easily manage your licenses.
AirWatch also helps organizations build secure apps for their business with the AirWatch Software Development Kit (SDK) and AirWatch App Wrapping. With AirWatch, you can containerize applications, secure data and enforce compliance policies on Android and Apple IOS devices.
3. Controlling the flow of data
Data is managed through mobile content management. Deploy a secure content container provided by an EMM vendor. This container application links to the EMM vendor’s cloud storage or even potentially into your own internal file share server. From there, you prevent cloud storage applications like Box, Dropbox, and Google Drive from running. However, because this is a user’s personal device, this is often not practical.
Another way is to figure out which cloud solution your users access most often. Discover this by monitoring your web security gateway/web filtering logs. Once you know which app users prefer, sign people up for corporate accounts, then wrap the application and push it out to their enrolled devices.
AirWatch supports cloud storage through the AirWatch Cloud and integrates with cloud storage solutions like Amazon EC2 and cloud repositories including Office 365, SkyDrive and Google Drive. Secure Content Locker integrates with on-premise repositories, including SharePoint, WebDav and network file servers. Integration with SharePoint enables secure access without a VPN connection on mobile devices. For a hybrid environment, Secure Content Locker centralizes content stored in different locations, whether in the cloud, on-premise or both.
Users are able to view content stored in the cloud alongside repository folders.
Also, administrators need to remove access to corporate email, Wi-Fi and VPN when an end user un-enrolls or leaves the company. Remove internal apps and corporate content from devices upon end user departure. Finally, perform an enterprise wipe without affecting personal content on the device.
Why we like EMM solutions and AirWatch
With an EMM solution, the process changes from a heap of help tickets to asking users to download an app or visit a URL and enter their email address and email password. From there, any policies that the administrators configure for the user role or type of device will be pushed and installed automatically. This is easier for the user who doesn’t want to have to call for support and easier for the support team who are trying to move away from mundane calls and become more strategic.
It’s equally important to message this to the management team. People managers should be able to direct their teams to download the app or visit the URL and sign in. People managers should also be able to communicate that if something has not been pushed to the phone after enrolment, like VPN, then it’s because there is a policy explicitly preventing it.
What you should do right now
Unless you have technology in place to prevent users from bringing their own smartphones, tablets, and laptops they are finding ways to make them work on their own. This means that your data is getting onto unmanaged, and inherently vulnerable, devices. Best practice today is to control the fluidity of data, like the riverbed that directs water in a river. Contact Softchoice today and we’ll connect you with a team of dedicated security experts. Specifically, our team offers a Mobility TechCheck Assessment that helps you understand current devices connecting to your infrastructure, identify the types of devices being used and evaluate these findings to review risks and define a structured mobility strategy.