Mobile Device Management 2.5 Flashcards
Mobile Device Management (MDM)
Some companies provide mobile devices, others have the BYOD policy. A mobile device manager can manage all the mobile devices from a single device. It has near total control of the devices it manages. Can even go as far as forcing screen locks and PIN’s.
App Management
Managing mobile apps are a challenge. Apps are installed on mobile devices constantly. Not all apps are secure and some are even malicious. Android malware is a rapidly growing security concern. Apps can be managed through whitelists.
Content Management
Data on these devices is a concern. You need users to have access to it, but you don’t want it to be exposed to attackers. Files are often stored on-site or in the cloud and viewable online. Many of the devices provide options for data loss prevention.
Remote Wipe
Mobile device manager can wipe the device even if you don’t know where the device is. Make sure there is a plan to handle these situations. Always have your own backups in case.
Geolocation
Precise location tracking within a couple of feet. Useful for finding a lost phone but they can also know where you are whenever you have the device on you. Many devices have the option to enable or disable this but often the security team requires it is enabled.
Geofencing
The devices can have features enabled or disabled based on a policy for a specific geographical area. For example if you are at work, the camera feature may be completely disabled until you are outside a certain radius.
Screen Lock
All mobile devices can be locked. MDM can force how strong a password must be on the device in addition to setting lockout policies for failed attempts.
Push Notifications
Can be managed from the MDM. No more pesky unnecessary notifications.
Mobile Device Authentication
Can be logged in via pin, passcode, or even biometrics. MDM can manage which is enabled/required.
Containerization
Can separate all enterprise data from personal information on the phone. You do this be creating a virtual “container” on the phone. The personal data and organization data are separate. This is good for BYOD policies so the work data can be erased but the personal data can be retained if necessary.
Full Device Encryption
Becoming more popular. Different devices and OS’s handle encryption options differently. It’s complex and uses a lot of CPU power. If you lose the password or key, the data is completely gone. Backup the keys on the MDM.