Protecting your devices
This is the third of five blogs, which are looking at Microsoft’s Enterprise Mobility + Security (EMS) and how it can benefit your business and your users. In this blog I will be discussing how to protect devices.
Devices are the conduit by which users gain access to their applications and data, and in this consumer device driven market, they come in a wide variety of sizes and operating systems.
Looking at devices from a user's perspective, they want to use the device that best fits the task they are currently performing. If they are at their desk at work, a large screen and lots of desktop real estate, or if they are on the train home, a mobile phone that fits in their pocket. The main concern of the user is they want ease of use – access everything when they need it.
Whereas, from a business perspective, you would like them to use their work device at all times. Why? Most likely because you control the device completely. It has your company image installed along with all of the security tools and configuration like Antivirus and Group Policy. It is within your security boundary and protected by your expensive security appliances.
You may, or may not, have a defined Bring Your Own Device (BYOD) strategy. However, ask yourself this question: Do we let users access company email, documents etc. from their personal mobile phones? If you answer yes then you have implemented BYOD. This means your data is already on all those devices. So how can you protect them?
For those devices you own, Mobile Device Management (MDM) provides the protection needed to secure them. In its purest form MDM can ensure the device has the latest approved AV and security updates installed, plus compliance policies ensuring security standards are maintained. It also allows for the device to be wiped remotely if lost.
For devices which are not company assets, Mobile Application Management (MAM) delivers protection around the applications and data, rather than the device itself. MAM is targeted towards user owned devices and like MDM, it provides compliance policies to ensure security standards are maintained. But instead of protecting the entire device, it protects the applications, and data within - your applications and data. This forms a clear separation of company apps and data to the users apps and data. As the user, it may seem harsh if the company wipes your device if you leave the company. With MAM however, you have the ability to wipe just company apps and data, leaving personal apps and data untouched. Win, win.
With Microsoft Intune, which is part of EMS, businesses can protect company owned devices and BYO devices securely.
In the next blog I will be discussing how you can protect your data with Information Protection.
If you would like to know more about EMS, and how it can help you, please get in touch with us here at Intergen.
Posted by: Jeff Tebbs, Senior Infrastructure Consultant | 20 April 2017
Tags: mobility, Digital Transformation, EMS, Enterprise Mobility Suite
Rate this post: