MDM security policy in BYOD: Data takes precedence over Devices

Source: Internet
Author: User

MDM security policy in BYOD: Data takes precedence over Devices
Not long ago, a typical enterprise IT user's desk was a desktop computer, and some people may also get a laptop for business trips and occasional remote office work, alternatively, the company may issue Blackberry phones for mobile services and access emails and instant messages.

However, the current situation has changed a lot: Many enterprises assign each user a notebook instead of a desktop, and, many employees can also get powerful smartphones and tablets. In addition, with the rise of BYOD, users began to work with their laptops, smartphones, and tablets. The final result was that an employee usually needs to use multiple devices for work.

It can be said that the rise of various mobile devices suddenly and violently. For enterprise network and security management personnel, after devices connect to the enterprise network, they often see that the platform on the device is a new platform they have never seen before. This is a common phenomenon.

Unfortunately, mobile device security is far behind the advances in mobile device technology. Vulnerabilities in smartphones and tablets gradually catch up with desktops and laptops because they are all based on the same software, but smartphones and tablets lack built-in security control for desktops and laptops, for example, a host-based firewall and intrusion detection system. To mitigate this vulnerability, enterprises should add appropriate third-party security controls to mobile devices as part of the mobile device management (MDM) strategy. This article provides several practical tips on MDM security strategies to better protect mobile devices and data.

Use MDM Software

MDM software has become the preferred Basic Security Control for mobile devices and must be considered when deploying your MDM strategy. It provides centralized management for mobile device security and protects sensitive data stored on mobile devices and accessed by mobile devices. It can "take care of" security control of all basic operating systems, such as installing patches and configuring operating systems safely. It also adds different data security controls, including storage encryption, device control, and data loss Protection (DLP) technology. MDM software is the easiest software to deploy and use for enterprise-controlled mobile devices (including laptops), but MDM can also be deployed and used for a limited number of BYOD devices.

Focus on data rather than operating systems

Although mobile operating systems pose great security challenges, enterprises have been able to protect them relatively well. Of course, this is mainly due to the rise of MDM software. At the same time, data has become more valuable, especially financial data and personal identity information. Not surprisingly, attackers have switched their focus from exploiting operating system vulnerabilities to acquiring data. A single data leak accident may cost enterprises millions of dollars, and the loss or theft of a single mobile device may lead to this accident.

Enterprises need to consider the possible locations of their data and protect the data against multiple threats. DLP technology and media encryption (including built-in and removable media) have become critical. Fortunately, mobile operating systems have begun to provide media encryption, while DLP and media encryption are available through MDM technology.

Keep sensitive data away from mobile devices

This rule may seem simple, but enterprises often suffer major leaks because they do not stick to it: to ensure that sensitive data is kept away from users' mobile devices. If sensitive data has never been stored on a mobile device, the loss or theft of these devices has much less impact on the Enterprise. Enterprises should not store sensitive data on mobile devices. Instead, they should store sensitive data in a centralized manner and only provide necessary data for mobile device users, preferably images of such data. This minimizes the risk of data exposure.

Block Web-based malware

The threat of malware has gradually become a nightmare for mobile devices, especially for web-based malware. Enterprises usually rely on web security gateway to detect and block such malware. Unfortunately, with the increase in mobility, these gateways are useless because mobile devices are generally in external networks and do not use these gateways. There are two ways to solve this problem: deploying web Security Control (possibly through the MDM Policy) for mobile devices or forcing Enterprise Mobile devices to "Route" traffic through the central proxy server, this may include network security control, such as web security gateway. Although this method can provide high security, enterprise-level network security control is deployed for all mobile devices, it also brings significant cost and performance problems, before deploying such a solution, enterprises need to evaluate it carefully.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.