Mobile devices are as much a part of IT computing infrastructure today as servers and workstations. In this article we present common features of mobile device management (MDM) software to help you mitigate security risks.
Both employee-owned and company-provided tablets and smartphones are accessing corporate data and making use of business applications. Unlike workstations and servers, these devices are constantly on the move and sometimes mix business with personal functions.
Tools you have acquired over the years to manage servers and workstations may not be right solution for managing mobile devices. Tablets and smartphones have distinct characteristics that present different management challenges. For example, you need to manage the type of apps that employees install. Do you really want them agreeing to terms of service that allow an app to collect contact information from a smartphone or track location information of your employees? Mobile device management software is designed to give IT administrators more control over tablets and smartphones than is practical using only mobile devices themselves. Five common features are especially important for mitigating security risks
Tracking Mobile Devices: Asset Management
The first step to managing mobile devices in the enterprise is ensuring you have an accurate inventory of devices working with your infrastructure. Inventory and asset management features can help you identify the number and types of devices on your network. Asset management features should include the ability to register devices, query for device configuration, and report on the status of devices. For example, you should be able to generate reports on the number of mobile devices registered, the type of devices present, as well as the operating systems and patch levels used.
An asset inventory supports many of the other functions required for managing the security of mobile devices.
Screening Apps: White/Black Listing
System administrators can readily control applications installed on workstations and laptops by limiting administrator privileges. Achieving comparable levels of control with mobile devices is more challenging. Different platforms will offer varying features and functionality so look for a mobile device management system that provides a common set of management features for all the platforms you will support. One of those common features should be the ability to limit apps used on managed mobile devices.
Whitelisting allows you to list the set of acceptable apps for mobile devices. Some mobile device management systems include app stores which allow you to host a repository of apps for your users. Mobile application management is also a separate category of software; if your mobile device management platform does not provide an app store you can get that functionality from another application.
Blacklisting allows you to limit the use of unapproved applications.This is useful when you wish to specifically identify an application that should not be on a mobile device accessing the corporate network. Blacklisting can be especially useful for limiting apps that assert unacceptable rights in the end user agreement, such as collecting personal or corporate information on the device but unrelated to the function of the app.
Dan SulivanDan Sullivan is an author, systems architect, and consultant with over 20 years of IT experience with engagements in systems architecture, enterprise security, advanced analytics and business intelligence. He has worked in a broad range of industries, including financial services, manufacturing, pharmaceuticals, software development, government, retail, gas and oil production, power generation, life sciences, and education. Dan has written 16 books and numerous articles and white papers about topics ranging from data warehousing, Cloud Computing and advanced analytics to security management, collaboration, and text mining.
See here for all of Dan's Tom's IT Pro articles.