Why you need Mobile Device Management (MDM) in 2021
by Rasheeda Russell on Jun 07, 2022
As business owners, one thing that keeps us all awake is the security of the data we hold, whether internal business data or the data held about our customers.
The weak point for any business is the individual devices of our staff. In a world where we are all going to be working more remotely, securing these “End Points” is critical.
The more organised of us will have a company IT security policy. Traditionally this would be easier to enforce as staff are using office-based desktop PCs. These devices can be set up by an IT admin and the policies can be easily enforced. However, as we contemplate a world of working from home using laptops, how can we ensure that even small business owners can benefit from enterprise level security?
The major issue is the set up of the device.
If the user sets up as a personal laptop how do you ensure that they set up a secure password, install the correct antivirus software, install security updates and ensure they do not store sensitive documents on their local drive? What happens if this machine gets lost or stolen, how sure are we that the machine can not be unlocked and the data stolen?
The solution here is corporate-owned devices. The laptops your team use must firstly be work-only devices ─ Bring Your Own Device (BYOD) for laptops is a massive no. These corporate-owned devices then need to be registered to your business and not set up as personal machines.
This is where the world of Mobile Device Management (MDM) and End Point Protection comes in.
The most popular and easy to implement MDM is Microsoft Intune, which is an add on to Office 365. Each user will need a licence and, after setting up your business within Intune, users will log into their machines using their corporate login credentials (this can be as easy as the details they use to log into the email accounts).
Once the laptop has been enrolled into your MDM then these become managed devices. You, or your IT admin, will be able to see each device registered in your Intune dashboard.
You are then able to implement the policies set up in your IT security policy remotely.
For example you will be able to:
- Push applications to the device - such as anti-virus software and any business applications needed
- Enforce security updates for all applications
- Blacklist non-approved applications
- Enforce a password policy and other security measures
- Remotely wipe the machine if it gets lost or stolen
- Produce reports to show which users are compliant with your IT security policy
MDM allows a great new joiner experience.
The business laptop can arrive fully set up for the user, rather than the new user being expected to sign up themselves.
When there is a leaver in the business they can be immediately locked out of their business laptop, to reduce any risk in this regard.
This may all sound very complicated but Intune is relatively easy to set up by an IT admin and also cost effective.
MDMs can also be applied to mobile devices.
For many of your team, their mobile phones and iPads will hold their business email and other business applications. How do you enforce a password policy on your teams’ mobile devices? And how do you ensure that users do not download unapproved apps or that their devices are not open to external threats?
Samsung Knox is a great example of an easy-to-implement MDM. Knox is specifically designed for Samsung devices but works well with a number of other Android devices and Apple iOS.
Devices are enrolled into the MDM by the user entering user details or devices can even be bulk enrolled on purchase. Various profiles are set up to enforce security profiles on the device.
For example you will be able to:
- Only allow pre approved apps to be installed on the device
- Geo-fence devices so they are usable in a defined location only
- Block the user from factory resetting the device
- Be able to track the device and either lock or reset the device if it is lost or stolen
- Disable the camera
- Only allow connection to specified or secured WiFi networks
Android devices also have the ability to be switched into a “Kiosk Mode”. This allows the device to be completely locked down, meaning that system apps are hidden and the user will only be allowed to see pre-approved apps. This is perfect for business app providers as you can supply devices to your customers locked down to only your apps. A screen background can also be applied to allow devices to be branded by your business.
At Klyk we have helped a number of tech businesses set up Kiosk modes to provide devices to their customers as well as their employees. One of our partners, Log my Care, has implemented the MDM system into their care providers’ mobile phones. MDM helps to restrict their devices to protect their users and patient data.
Either to secure your devices or to improve the distribution of your bespoke applications ─ get in touch to find out how we can help you.