When it comes to data stored on mobile devices — or data transmitted through them — security is critical. With untethered employees viewing or storing confidential data outside the office on their mobile devices, data is too easily open to compromise. And when an employee doesn’t understand the perils of a rogue Wi-Fi connection or willfully jailbreaks a device, the probability of a security incident increases.
This risk is only growing. According to Verizon’s 2019 Mobile Security Index, 81 percent of employees admitted to using public Wi-Fi for work tasks, even if their employer bans them from doing so. Add to this that, each month, about 4 percent of devices encounter a risky hotspot, and the danger to business becomes clear.
How can you be sure all that data is tightly secured in today’s mobile economy? Employees need to be educated about the risks of a data breach — but don’t rely on compliance to keep sensitive company information safe. Careful management of devices and communications is necessary. The best approach? Start by securing and controlling the endpoint device so data compromises can’t happen.
Managing your mobile fleet
While some employees only require access to email when outside the office, a great many employees use a home desk or even a public or private vehicle as their preferred workspace, and they communicate work assignments and updates principally by means of data stored and transmitted from their mobile devices. Whether those employees are home healthcare therapists, service technicians, delivery staff, appraisers, auditors or a myriad of other job titles, they are entrusted with detailed data that must be secured.
For example, a physical therapist travels to the homes of post-surgery patients to provide rehabilitative services. One aspect of the job includes accessing various applications that contain confidential patient data such as healthcare records, insurance information, billing systems and expense reporting. Because those applications are highly confidential, enabling that employee to access those applications securely is a necessity. But with limited IT staff, how can that be accomplished?
Simplifying mobile management for small businesses
Not all mobile device management (MDM) solutions are equal, and the administrative effort to deploy and maintain an advanced mobile security system varies as well. Basic MDM enrolls and secures smartphones and creates an encrypted, virtual container on the device for email and other common applications. But it starts to get complicated, especially for small businesses and IT shops, because basic MDM often isn’t sufficient. Typically, organizations of all sizes need to enable corporate apps in the container and/or enforce stringent security policies that stipulate if a user attempts X under Y circumstances, then Z occurs.
The reality is that endpoint management is considerably more complex when dealing with multiple operating systems, OS versions and device capabilities, because management options inherently vary slightly — which may frustrate administrators. As a result, small businesses in particular may find it beneficial to provide or allow users to purchase only specific devices.
While many organizations enact a “bring your own device” (BYOD) policy that enables IT to manage employee-owned smartphones, Oxford Economics reports about 69 percent of companies provide devices for some or all of their employees, and the financial case for company-provided devices is bolstered with more streamlined security and reduced fringe use cases.
Samsung provides inherent security with its smartphones using Samsung Knox, a defense-grade mobile security platform comprising hardware- and software-based protection against malicious threats. In addition to chip-level security that protects phones from the moment they’re first powered on, Knox Platform for Enterprise allows IT to create an encrypted partition on the Samsung device, holding all work-related applications and data. This container can be locked or wiped if the employee separates from the company or the device is lost, freeing the user to enjoy the smartphone for common purposes — such as texting friends or paying for coffee with Samsung Pay — without fear of compromising company data. Whether your organization is large or small, containerization is an essential step in ensuring mobile security.
Making EMM easy with Knox Manage
Another solution part of the Knox platform is Knox Manage, a cloud-based enterprise mobility management (EMM) solution allowing easy enrollment of both new and existing devices already in use by employees. EMM takes MDM to a higher level by enabling IT admins to apply a wide variety of management controls and protections, from disallowing corporate app access over Wi-Fi connections to enforcing biometric or multifactor authentication, providing GPS tracking and more.
Knox Manage can control the device and user interactions at a granular level based on predetermined profiles, such as disallowing screen capture from healthcare applications that would violate company and regulatory requirements. The platform generates alerts such as failed upgrades of containerized applications, while monitoring and reporting capabilities enable administrators to track numerous data points for forensic evaluation and compliance based on devices, users or groups.
A key feature of Knox Manage is fast, trouble-free provisioning of new Samsung smartphones for employees. Knox Mobile Enrollment, which enables new device IDs to be preloaded into Knox Manage, is especially useful for small businesses. Rather than enroll each device individually, the owner or manager can automate the provisioning of numerous Samsung devices with just a few clicks. When the user then receives their phone, all they have to do is turn it on — without extensive how-to documentation or having to call with connectivity questions. And with the work container, they have easy access to all their business applications without frustrations related to accessing a VPN or extra steps to open the apps securely.
Although most effective with Samsung devices that come with Knox built into their chip architecture, Knox Manage can also be used to manage other Android-based devices, iOS and Windows 10 devices — all from a single console.
While we often think of security gaps in the context of major data breaches involving banks or healthcare databases, unmanaged mobile devices can be the cause of data compromises. Whether your organization is large or small, an EMM that stretches across multiple mobile operating systems the way Knox Manage does provides the ultimate software security solution.