With all the stories about hacking, stolen credentials, and more, you’d think the best course of action would be to just use two cans with a string in order to communicate with people, especially your business customers.
While you probably don’t have to resort to string, locking down systems and making sure nobody can get to your data, is a big priority. Being open and flexible are also top priorities so reconciling all of this is often confusing. Here are some thoughts about what you can do in order to protect your business.
Three Important Letters: MDM
If your business is your castle, then who comes in, when they come in, and how they act while in your castle are the prime responsibilities of your Mobile Device Management (MDM) software.
A solid MDM, combined with the Knox security platform, will afford your business the highest levels of security and data protection, while at the same time allowing your employees access to information they need to service your customers.
Here are some of the key questions you should ask your MDM provider in order to get a solution that meets your needs.
- Does the MDM provider fully support Knox? Full support of Knox means that the all the security and privacy features are available to you. This allows you maximum flexibility in configuring access to your systems (remember, it’s your castle!).
- Ease of enrollment? Make sure the process the vendor provides isn’t so complex that you resort to ignoring/not using it. Being able to “push” software bits or send a simple text message to allow your employee ease of enrollment, is critical.
- BYOD friendly? These days, people bring their own devices to work and you want to make sure that when that device is on your network, your rules are followed. But, you want the MDM to be out of the way and not interfering with the employee’s person/private enjoyment of their device.
- Cloud support? Many vendors offer extremely robust systems that require your own network and infrastructure. For you, a cloud solution may be just the ticket to balance costs and desired features/functionality.
The trick to making “access control” successful is to make it a balance of common sense and transparency with the reasoning. Here are some suggestions:
- Log it all. With cloud storage and indeed hard drive storage costs being in the pennies, log everything and keep those logs for a pre-determined amount of time. That time will depend on your industry, regulatory obligations, and consultation with your legal advisors. The MDM should have a robust logging system and the ability to archive the logs, usually in an automated fashion.
- Minimum/Maximum. What this means is, give somebody the minimum authorizations required to get the job done to the maximum extent possible. Giving everybody access to “everything” is risky. Divide storage, files, accounts, etc. by need and once that is organized, give people access only to what they need. The sales guy probably doesn’t need access to the payroll files, for example.
- Where are they? If you have a ten-man business in Iowa and you have an inbound access from somebody from Santiago, Chile, you might have (assuming nobody is traveling there) an intrusion. “Bob’s” name and password may be correct, but if he is sitting down the hall; you’ve got a problem. Your MDM should have geographic restrictions and other polices to prevent “Bob” from logging in outside of where he is supposed to be.
As you can see, the selection of a good MDM service, full support of Knox, and a good, common sense approach to policies will result in a solid foundation for your business success.