MDM Technology for Mobile Security

      Comments Off on MDM Technology for Mobile Security

What is MDM Technology?

MDM is a way to ensure employees stay productive and do not breach corporate policies. Many organizations control activities of their employees using MDM products/services. MDM primarily deals with corporate data segregation, securing emails, securing corporate documents on device, enforcing corporate policies, integrating and managing mobile devices including laptops and handhelds of various categories. There are two major types of MDM implementations:

  1. On-premise Solution
  2. Cloud-based Solution

For the organizations where security is highest concern, it preferred to have On-premise solution. This is always suggested for mission critical secure applications. Cloud-based solution provides ease of access for the administrator.

Businessman pressing multimedia type of modern buttons with virtual background

Mobile Device Management – by Milan

How does it provide Security?

All MDM products are built with an idea of Containerization. The MDM Container is secured using latest crypto techniques (AES-256 or more preferred). All the corporate data like email, documents, enterprise application are encrypted and processed inside the container. This ensures that corporate data is separated from user’s personal data on the device. Additionally, encryption for entire device and/or SD Card can also be enforced depending on MDM product capability.

Secure Email: MDM products allow organization to integrate their existing email setup to be easily integrated with MDM environment. Almost all MDM products support easy integration with Exchange Server (2003/2007/2010), Office365, Lotus Notes, Blackberry Enterprise Server (BES) and others. This provided flexibility of configuring Email-over-air.

Secure Docs: It is frequently seen that, employees copy attachments downloaded from corporate email to their personal devices and then misuse it. MDM can easily restrict/disable clipboard usage in/out of Secure Container; forwarding attachments to external domains can be restricted, downloading/saving attachments on SD Card. This ensures corporate data is not left insecure.

Secure Browser: Using secure browser can avoid many potential security risks. Every MDM solution comes with built-in custom browser. Administrator can disable native browsers to force user to use Secure Browser, which is also inside the MDM container. URL filtering can be enforced to add additional productivity measure.

Secure App Catalogue: Organization can distribute, manage, and upgrade applications on employee’s device using App Catalogue. It allows applications to be pushed on user device directly from the App Store or push an enterprise developed private application through the App Catalogue. This provides an option for the organization to deploy devices in Kiosk Mode or Lock-Down Mode.

mdm_en

Additional MDM Features:

There are plenty of other features depending on which MDM product being chosen. Below is the list for it:

  • Policy Enforcing: There are multiple types of policies which can be enforced on MDM users.
  1. Persona Policy: According to corporate environment, highly customizable
  2. Device Platform specific: policies for advanced management of Android, IOS, Windows and Blackberry devices.
  3. Compliance Policies/Rules

 

  • VPN configuration • Application Catalogue
  • Pre-defined Wi-Fi and Hotspot settings
  • Jail-break/Root detection
  • Remote Wipe of corporate data
  • Remote Wipe of entire device
  • Device remote locking
  • Remote messaging/buzz
  • Disabling native apps on device

 

More light on MDM-MAM-MEM:

Mobile Device Management (MDM) is like adding an extra layer of security and ensuring a way to monitor device related activities. MDM provides device platform specific features like device encryption, platform specific policies, SD Card encryption. Geo-location tracking, connectivity profiles (VPN, Wi-Fi, Bluetooth) and plenty other features are part of MDM Suite.

Mobile Application Management (MAM) is done by application wrapping i.e. injection arbitrary encryption code in the mobile application source. This is necessary for commercial applications or applications being developed in-house for Enterprise use. Additionally, white-listing/black-listing of application can be done. Features like Application Catalogue allow admin to push applications remotely to the devices for instant install, push remote updates and also remote removal of apps.

Mobile Email Management (MEM) ensures your corporate emails are containerized using advanced proprietary/free encryption algorithms. MEM ensures all emails remain inside the secure container, so that attackers get encrypted data even if they try to compromise the device data using USB cable on a system. Heavy restrictions on clipboard, attachments and trusted domains can be enforced. Nothing can move in-out of the secure container as clipboard is disabled. Even the attachments are downloaded and saved inside the secure container. To view the attachments there is secure document reader as well as secure document editor available in MDM solutions. Adding trusted domains will ensure that data from corporate email is not leaked to malicious/suspicious domains.