How we interact with technology has changed. We are no longer confined to a desktop computer in the office. We are on the go. We are mobile. We have laptops and tablets and mobile phones. Our emails sync across all three, as do our documents, our contacts and our calendars. Everything is available to us no matter where we are. The evolution of mobility that has descended upon working life in the past few years has changed how we work and it has also disrupted data protection.
Business data can be left anywhere now. Someone can leave a laptop on a train, a phone on a restaurant table or a tablet at an external meeting. Our data has become mobile and because of it we need to consider additional security and protection to ensure that mobility is a bonus not a drawback.
If you have a particularly mobile workforce and want to add an additional layer of security then you should consider Mobile Device Management. Some organisations may consider this if they have particularly sensitive data, e.g. if they are in legal services or a charity. With GDPR coming into force in May 2018, it is important to consider if deploying Mobile Device Management will help you to respect the data you hold and protect it accordingly.
What is Mobile Device Management?
Mobile Device Management enables you to be able to control your organisation’s data on mobile devices without needing to access the item physically. For example, if a phone was lost on a train you would be able to wipe data from the device remotely.
There are lots of different Mobile Device Management tools out there and they all do different things. We recommend Microsoft Intune which is part of Microsoft’s security suite called Enterprise Mobility + Security. When talking about Mobile Device Management features we’ll be referring to the ones available using this tool. Intune is also a Mobile Application Management tool.
Bring Your Own Device
One of the great things about the mobility tools available to our workforce today is the ability to use ‘bring your own device’. Your employees might want to do this for a number of reasons. They might prefer a specific brand over the one you might offer as a ‘work device’ and would rather use their own. You might only offer a laptop or a laptop and a phone and they wish to work from a tablet and other devices. The flexibility that can be offered with services like Office 365 means that your employees will probably be using a mixture of both work and personal phones.
Your staff using their own devices is a good thing. It gives your employees choice and can give a bit of relief to your technology budget. However, if your staff are using their personal devices it can become difficult to gain control over the data that is held on them because they are ultimately owned by your member of staff. Your employee is unlikely to be happy to use their device they have paid for for work if when they leave you will wipe it remotely to stop any data breaches and they lose all their personal photos and data.
Using Microsoft Intune, your employees will be free to use any device they choose. You don’t need to actively manage the device to manage the data using Intune. This way you can segregate what is corporate data and personal data and only manage what you need to. Your organisation won’t be able to access web browsing history, passwords, pictures or text messages. You will be able to see installed apps and serial numbers. Work applications are separate to personal applications making it easy for you to manage. You are able to wipe specific work apps and data without touching the personal aspects of the user’s device.
Using Intune with Office 365
Intune is particularly great as a Mobile Device Management tool if you are using Office 365. You are able to require encryption for any data from Office 365 that is managed by Intune. You can also set it up so that copy and paste is only allowed between managed applications, meaning that if your employee has access to a sensitive document on their home computer they can’t just copy and paste it into their Gmail account.
What is Enterprise Mobility + Security?
Microsoft’s Enterprise Mobility + Security (EM+S) is a suite of security tools to enhance the protection of your data and devices. In addition to Microsoft Intune for Mobile Device Management, there is an array of different services to meet your data protection needs.
The security in EM+S is identity driven and built to be user-centric. Your users are given a single identity for signing in to all their corporate applications. By using this single identity you are able to use Azure Rights Management within EM+S to control who has access to what. It becomes easy to make it so that only certain teams have access to certain documents and if data was to leave the organisation it would not be able to be accessed. A classic example of this is accidentally emailing the wrong person an attachment. With Enterprise Mobility + Security that person would not be able to open the attachment.
Enterprise Mobility + Security offers an organisation data protection tools built around the challenges that mobility can bring.
Wrapping up
Using Mobile Device Management in your business can mean a greater level of security for the mobile devices in your organisation. You have a better control of your data without infringing on the privacy of your staff.
If you would like to know more about your Mobile Device Management options call ACUTEC on 01675 469020 or email hello@acutec.co.uk.