Make iPhones, Android, and Other Smartphones Live Happily Together On Your Network
iOS @ Work
By Darryl Crenshaw, MacworldNOV 19, 2012 5:18 am PST
Whether your users work from iPhones and iPads, Android devices, or some other mobile platform, it is your job as an IT administrator to manage access to network resources and protect company data stored on mobile devices. Managing mobile devices—particularly in mixed-platform environments—requires smart management.
You already have enough on your plate, and probably don’t need yet another management console or framework to administer. Fortunately, you can often use the same management software you use for your laptops and desktops to maintain your mobile devices as well.
Some of the most widely used platforms are those offered by IBM Tivoli, Microsoft, and Symantec. If you’re not already using one of these management suites, or are using one that doesn’t support mobile devices, purpose-built mobile device security suites, such as
Sophos Mobile Controlcan help you get your mobile devices under control.
Regardless of the solution you choose, the goal of mobile device management (MDM) is to give you the tools you need to effectively manage the mobile devices for your company, whether they’re company-issued or employee-owned. MDM allows you to define the apps that should be used, set policies, and configure the security settings of the mobile devices in use.
You can pre-configure company-issued mobile devices with the necessary apps and security settings. For employee-owned mobile devices, though, or for devices that are deployed without being pre-configured, an MDM platform enables you to facilitate over-the-air (OTA) updates to remote devices and exercise some control over the security policies and device configuration.
If users will be expected to download and install their own apps, it’s important to make the process as simple and foolproof as possible. You want to avoid having users download software from rogue sources that might introduce unnecessary risk and minimize support calls. Setting up links to the appropriate software downloads on an internal website is a good place to start.
You should have your mobile device and data protection policies defined in a written document and require that users read and acknowledge the policies before allowing them to use mobile devices for work purposes. The policies should state clearly what is expected of users and spell out the consequences of non-compliance.
The policy should also explicitly define the process for dealing with a lost or stolen mobile device. Most mobile operating systems and MDM platforms are capable of remotely erasing data on a lost or stolen device. In most cases, the device can also be configured to automatically erase all data in the event of too many failed login attempts. This extreme measure will erase all data on the device—including personal photos or data that belong to the user—so it’s important to make users aware up front.
To protect your network from compromise or possible malware infections, you should use some sort of network access control (NAC). NAC tools such as the
Cisco Identity Services Engine Virtual Appliance (running as part of a security system, such as
Cisco Prime Network Control System) verify that any device attempting to connect to the network meets the established security policies and has all appropriate patches and updates before allowing it to connect. Devices that don’t meet the requirements can be rejected, redirected, or granted limited network access depending on your policies.
There are also important considerations for protecting company data on mobile devices. When choosing an MDM platform, consider the ability to control where company data can be saved, limiting access to store information on removable SD memory cards or blocking apps that enable data to be stored on personal cloud services.
Mobile devices are essential to today’s workforce, and you want to empower your users to be productive no matter where they are. Ultimately, you should view mobile device management in terms of your company’s overall strategy, and employ it in the most efficient way possible—choosing the tools that allow you to manage it effectively with a minimum amount of additional effort. A mixed-platform mobile environment can make the task more complex, but with proper tools and a sound set of user policies, it should be a manageable job.