Planning for Security & Convenience within Your Mobility Program

By Bradley Kerstetter
Topics: EMM Mobile Strategy

In a recent conversation with Tara McLoughlin, our Chief Operating Officer, we were discussing how we could deploy Unified Endpoint Management (UEM) to drive productivity and mobility-led innovation within the organization. At the same time, we needed to accomplish this in a secure manner allowing for end user privacy and organizational security. The conversation became spirited when discussing the balance of end user experience/privacy expectation and the ease of accessing corporate data. Do we deploy native or 3rd party applications to access corporate data? Do we require complex passcodes or passwords to access devices? How strong of DLP do we implement? What level of personal and work data separation should exist? After working through the scenarios, Tara’s ultimate stance was “I’m happy to be secure as long as it’s convenient.” She was able to concisely summarize most end user’s feelings toward UEM and it framed the entire initiative. With that phrase in mind, we began looking for the ideal enablement balance.

Successful Data Security Starts in the Planning of your Mobility Program

In a traditional IT environment, users may be used to the principle of least privilege, or POLP. When deploying a POLP method, users are only given the minimum necessary rights to complete their job[1]. Typically, there are no deviations from these data security standards and additional access or application requests need reviewed and approved through time consuming and potentially frustrating processes. In the modern day where more than one in three American workers are millennials[2], the first digitally native generation[3], a lack of freedom and flexibility will not allow companies to hire the best available upcoming talent. With this in mind, creating an enablement balance that gives a workforce access to secure, interactive, and flexible software anywhere, anytime, and on any device is crucial. Locking down user access to mobile applications, requiring users to have complex passcodes, and making the setup process complicated are all pitfalls to avoid during the planning phase.

Developing Mobile Device Compliance Checks and Enrollment Flows

When developing the mobility program to enable the organization, we ensured that all device types were included and properly secured including iOS, Android, Windows, macOS, and Chromebooks. We made the enrollment flows as simple as possible with compliance checks to ensure devices were properly secured from the onset but still allowed facial recognition, fingerprint scanners, etc. We deployed a suite of productivity applications and allowed end users to choose among numerous email clients including native, OEM containerized, Outlook, Gmail, and others. When able, we applied managed configurations to these apps that made logins as simple as entering a password. We segmented control of devices between corporate and personal owned to exercise the proper control over the device depending on who owns it.

One of the most recent exciting advancements in the realm of device management is the advent of Android Enterprise and the flexibility it allows BYOD users to have a personal and work persona. As Vox Mobile has been recognized by Google as an Android Enterprise Recommended MSP[4], we were able to setup a great experience for our Android users that is second to none.

IN THE NEXT INSTALLMENT OF THIS BLOG, WE’LL COVER THE IMPORTANCE OF PILOTING/TEST GROUPS, GATHERING ONGOING FEEDBACK, AND MEASURING MOBILITY PROGRAM SUCCESS.