Skip to main content

Getting your managed mobile services strategy right

(Image credit: Image source: Shutterstock/Chinnapong)

In a changing world, the only constant seems to be change. As we all continue to adapt our personal and working lives according to Government advice it is difficult to predict exactly what might be around the next corner. No more lockdowns? Working life and traveling users returning? UK economy rebounds as Covid restrictions ease? As organizations come to terms with the shape of their workforces today, whether that might be working from home (WFH), back-to-the-office or some kind of hybrid approach, one thing remains true for businesses of all sizes - it has become much more challenging for IT teams to keep their workforce connected, securely and productively. Another truism that we can attribute to the shifting work landscape is the massive increase in mobile/smart device usage by employees who seek to stay connected as they WFH or on public transport or from a remote location.

The concept of managed mobility services (MMS) therefore, looks at the IT and process management services needed by organizations to acquire, provision and support things like mobile devices, tablets and other devices with integrated cellular and/or wireless connectivity. And due to the shift in working patterns, the current market for such services is not only focused on corporate-liable devices. With many of us using work phones to organize our personal life for example, an MMS strategy can also assist organizations with individual liable devices (BYOD) that need to access corporate resources and information.

Whether your organization chooses Android or iOS devices, make sure that your managed mobility services strategy allows you to configure and build the devices with the right security parameters and with the right level of compliance. Mobile (smart) devices and apps have become an integral tool for businesses of all sizes and in all sectors, so any configuration needs to be both optimized and secure in order to protect corporate data, but also provide user privacy. When organizations migrate from one management platform to another, there may be some technical differences in the offering and these gaps need to be filled. Choose somebody that can provide a mobile assessment that includes a review and a gap analysis - one of the main gaps is that the likes of BlackBerry and MobileIron offer a tunnel for devices whereby a solution by the likes of NetMotion could fill the gap (plus offer much more).

Regularly validating endpoints security 

It helps if your MMS can review an existing device build in order to provide recommendations for your business or analyze requirements to design the policies and profiles for a new fully documented device build. The activation process has also changed. Choose an option that covers corporate and BYOD given the state of flux most organizations are seeing within their workforces. It is also a very good idea to align with regulations such as Cyber Essentials plus. This simple but effective, Government-backed scheme will help you to protect your organization, whatever its size, against a whole range of the most common cyber attacks. Undoubtedly, apps are the main way that sensitive data is accessed on mobile devices. Using a suitable app assessment, your organization is able to review specific app versions and identify any vulnerabilities including untrusted behavior, and endpoints. 

Another facet of Covid fallout has been the apparent rise in the number of phishing attacks. Unsurprisingly perhaps, cyber thieves see mobile devices as ripe for the plunder on the basis that people are WFH and probably spending more time on their mobiles. The issue is compounded because people tend to do things on their mobile devices that they wouldn’t ordinarily do on the office computer - they don’t seem to be taking the same security precautions which makes phishing attacks via mobile devices so attractive to scammers. Also, mobile users are more easily tricked by phishing attacks via email due to simple screen semantics - many mobile email clients display only the sender's name which can fool people into thinking an email is from a trusted source.

Clearly, a security breach could be catastrophic for any business along with any associated reputational damage incurred. So regularly validating the security of your endpoints in your apps is essential. Whether your chosen rollout is corporate only, corporate-owned, personally enabled (with user privacy), or a BYOD environment, choose a partner that will ensure that the device’s operating system and apps are all compliant and easy to manage.

Zero trust

Other areas, or future considerations could revolve around CASB solutions and the concept of zero-trust, or zero-trust network architecture (ZTNA). A Cloud Access Security Broker (CASB) solution can optimize visibility across an organization, by monitoring all user activity within cloud applications (company-approved and shadow apps) and enforce both internal policies and external compliance requirements. A CASB solution should additionally be adopted as part of a wider SIM/SIEM solution for the ultimate in forward-looking, secure data collection, monitoring, and consolidation. With most workers effectively not now tethered to a desk/desktop, businesses require security platforms that support the new normal with solutions that provide remote workers with security whilst actively improving the employee experience. organizations need to ensure that employees are able to work on any device, which makes a Zero Trust approach to security absolutely crucial. Adopting Zero Trust allows your organization to protect access to apps by employing conditional access - using a single policy per user can provide access to an application, whether that person is working remotely or from the office. If your organization currently suffers from fragmented, secure access then adopting a remote access solution that is unique and dedicated for all of your workforce is crucial.

 Getting your MMS strategy right comes at a critical time as we continue to see increases in mobile / smart device usage across a workforce that is WFH, remote or adopting a hybrid approach. At the same time, we see the lines increasingly blurring between work and personal usage of these devices.

Steve Whiter, Director, Appurity

Steve Whiter is director of Appurity, a company that deploys solutions for critical mobile security services across all verticals