Many companies no longer require employees to use only company owned mobile devices for business purposes. In part because some employees prefer the convenience and efficiency of using their own devices for work activity, many companies have adapted to the bring your own device (“BYOD”) trend. This trend has grown steadily since the launch of the iPhone in 2007. It’s not uncommon today for employees to use their personal smartphone or tablet as their primary work device, rather than a company issued device.
This raises the question of how businesses can secure the personal mobile devices used by employees for work purposes. Mobile device management (MDM) has emerged as one of the best safeguards and permits a company to manage, secure, and enforce company policies on mobile devices such as phones and tablets. MDM containerization of documents, email, browsing, and applications can enhance the functionality and security of mobile devices within the company while simultaneously protecting the corporate network. While MDM is not an antivirus software, there are features within MDM that create a buffer between the corporate network and the personal device of the user.
What are some MDM features? Mobile device manufacturers and developers of mobile operating systems regulate MDM utilization on devices through application programming interfaces (APIs). Because of the limitations of these APIs, most MDM providers offer a similar set of core capabilities. Typical features include Virtual Private Network (VPN) configuration, remote wiping capability, password enforcement, two factor authentication, and data encryption enforcement. These features are very important for keeping company data safe. If an employee loses or misplaces their mobile device, with MDM, then a company IT administrator can remotely wipe the device before someone else accesses it.
Can MDM collect and preserve text messages and other data? MDMs are often misidentified as a way to collect and preserve data on mobile devices, such as text messages or call logs. From a forensics point of view, MDM is not a collection tool for text messages or other data stored on a mobile device. MDM is designed to manage and secure BYOD devices. Collection and preservation of text messages and other data in a forensically sound way require forensic software specifically for this purpose, such as Cellebrite or Oxygen.
As employees continue to use personal devices for work which may include the storage and transfer of sensitive business documents, the need for strong security features will continue to increase. Use of MDM solutions combined with strong company BYOD policies, such as the right to access, monitor and delete information, will enable companies to acquire, audit, and investigate employees’ personal devices as necessary to protect company data and IT infrastructure.