SPONSORED REPORT
EUSER-DRIVEN DEVICE CONFIGURATION Automating mobile device configuration can ensure the right policies are enforced.
NSURING MOBILE SECURITY is a multi-step For the most stringent containerization, consider devices process. Besides developing the right policies, it where the container technology is built on top of the hard- requires choosing mobile devices with rigid secu- ware security instead of the application or operating system rity features and the ability to configure them for layer. When containers are built on top of hardware security,
specific use cases and to support security policies. Effective, automated device configuration tools are the
best way to limit access to certain applications or parts of the device for specific situations, roles and responsibilities, and locations. Mobile Device Management (MDM) systems are critical, as are highly configurable, easy to use auto-enroll- ment tools to ensure a common operating baseline, reduce administrative overhead, and eliminate the human compo- nent of device configuration.
“Device configuration isn’t something anybody should take for granted,” says Craig Ano, Senior Manager for Federal at Samsung. “The best way to ensure that devices are set up quickly and correctly is by eliminating the human element—in other words, by using auto-enrollment or customization tools for devices whenever possible.”
At its most basic level, an MDM solution should anchor the device management process. This is then layered on top of any type of mobile device. MDM/EMM is there to provide flexible policies and ongoing management of the devices.
All policies are not the same, though, and each organiza- tion should look at what data they are trying to protect and assign policies appropriately. For example, an inspector will have different data than a warehouse worker or an agency executive. Policies that agencies can customize and config- ure for each data protection use case are essential. The goal is to put enough security to protect the data without overly burdening the devices with security controls.
MDM systems can also prevent mobile devices from installing unapproved applications, track devices, enforce application whitelists and blacklists, provide geo-fencing, enforce data sharing restrictions and remotely wipe devices if they have been lost or compromised.
To provide even more granular protection, some agencies use containers. These are a software-based system that separates sensitive data and applications from personal data and applications, even when they’re stored on the same device. They prevent sensitive data from leaking out, as well as malicious data and applications from entering. While this is certainly useful and effective on government- issued devices, it’s especially important for agencies that let employees use their own devices.
the information inside is better protected against malware. The exact restrictions imposed on any device depend
on the specific agency and user security requirements.
For the majority of government users—those using mobile devices to improve productivity—the most important device configuration capabilities most likely revolve around data encryption (at rest and in transit), authentication, device feature restrictions, and wireless network controls. Whether devices can connect to public WiFi networks
or are restricted to approved WiFi networks; and
whether Bluetooth is acceptable or should be blocked, are examples of commonly enforced security policies. These configuration factors along with containerization are the most common use cases for most government mobile users.
For more secure environments or those dealing with classified data, there are many more possibilities. For example, for users who regularly enter classified areas, agencies can configure devices to immediately put the phone into secure mode where it can’t transmit or receive data, gather or disseminate data, and the camera is inoperable.
There are many other secure use cases and situations
as well. That’s where enrollment tools to automate device configuration become more critical. An agency supporting 10,000 users, for example, probably has many categories of employees with different security clearances. Each will have different configuration needs. There are use cases where a device may not need to be connected to an MDM system, but still benefits from automated enrollment and customization to ensure security. The device of a field inspector, for example, will have a different configuration from a first responder.
“It’s important to make sure your deployment and config- uration tools match the problems you’re trying to solve, and your user base,” says Ano. “The more granular the control you can get with device configuration, the more effective it will be.”
Download the Full Report at fcw.com/SamsungSecurityMandate