Tracking Mobile Devices: Asset Management - The first step to managing mobile devices in the enterprise is ensuring you have an accurate inventory of devices working with your infrastructure. Inventory and asset management features can help you identify the number and types of devices on your network. Asset management features should include the ability to register devices, query for device configuration, and report on the status of devices. For example, you should be able to generate reports on the number of mobile devices registered, the type of devices present, as well as the operating systems and patch levels used. An asset inventory supports many of the other functions required for managing the security of mobile devices.
Screening Apps: White/Black Listing - System administrators can readily control applications installed on workstations and laptops by limiting administrator privileges. Achieving comparable levels of control with mobile devices is more challenging. Different platforms will offer varying features and functionality, so look for an MDM system that provides a common set of management features for all the platforms you will support. One of those common features should be the ability to limit apps used on managed mobile devices.
Whitelisting allows you to list the set of acceptable apps for mobile devices. Some mobile device management systems include app stores which allow you to host a repository of apps for your users. Mobile application management is also a separate category of software; if your mobile device management platform does not provide an app store you can get that functionality from another application.
Blacklisting allows you to limit the use of unapproved applications. This is useful when you wish to specifically identify an application that should not be on a mobile device accessing the corporate network, such as those that collect personal or corporate information unrelated to the function of the app.
Keeping Data Confidential: Encryption - One of the advantages of tablets, and even smartphones, is the ability to maintain copies of and read documents away from the office. Office productivity apps can give much of the functionality of desktop word-processors and spreadsheets creating even more incentive to download copies of corporate information to mobile devices. The obvious security drawback is that mobile devices can be lost or stolen, and therefore potentially leak confidential information.
MDM systems can allow you to define an encryption policy for data stored on mobile devices. This should include strong encryption and key management. Keep in mind that data should be encrypted during transmission ("data in motion") and while stored on the device ("data at rest").
Be sure to test your essential apps with device encryption. Data must be decrypted before it can be programmatically manipulated or viewed. Encrypting a device could disrupt some app functionality.
Locking Down Devices: Controlling Device Configurations - Mobile devices are feature-rich with Bluetooth communications, geo location tracking, Wi-Fi network access and other functions. These can all be useful in many situations, but for security-conscious IT professionals, these can seem more like vulnerabilities than features. MDM systems should allow for remote control over configurations, up to and include remotely wiping a lost or stolen device.
Enforcing Rules: Policy Management - A sound mobile device management strategy should include policies that describe configuration and operational requirements imposed on mobile devices. These policies can cover a broad range of device controls such as the use of encryption, the need for device passwords, or disabling Bluetooth, Wi-Fi or location services. Since many organizations will support multiple mobile device platforms, the policy enforcement mechanism should function across multiple platforms.
MDM systems can help mitigate security risks related to the use of tablets and smartphones in the enterprise. Look for support for asset management, app management, encryption and policy enforcement to help protect your information assets.