Mobile Data Management: It’s All About the Data
Many analysts have been discussing the issues at the center of the challenge of migrating to an environment in which users can bring any device they choose to connect to the corporate network. Some have suggested changing the popular acronym “MDM,” which stands for Mobile Device Management, to Mobile Data Management, because the data is the most important element in the equation.
Left unchecked, mobile users can easily obtain corporate data from the network, bring it onto their mobile device, and then share it publicly in unauthorized ways using their own private communications software, including email, text and others. This may violate not only corporate data security, but also federal and state regulatory compliance.
Whether deploying a mobile workforce, commencing a “Bring Your Own Device” (BYOD) initiative or simply enabling mobile workers in the field, every device that connects to your network and accesses your customer’s data is a potential open window that can overcome all the security measures your customer has put in place.
Mobile data policy best practices
Just because your customer has established a “Bring Your Own Device” (BYOD) initiative does not necessarily mean they must throw the doors open to all visitors. The establishment and publication of a thorough BYOD policy should begin with stated and enforced requirements for acceptable devices. To be acceptable, a mobile device must be able to support the required level of encryption, user authentication and other access security capabilities to which the rest of their network adheres. This alone will remove a tremendous burden from the security team, as they will not be required to invest significant time researching and evaluating every device that every user “throws at them.”
It can pay enormous returns as you develop your relationship for helping customers successfully launch and run their BYOD programs.
If possible, this policy should require compliant devices that can be managed using existing security and network management systems. The newest generation of tablet devices run a full version of Windows 8, which should make them compliant with and manageable by the majority of management and security systems in use today. Many platforms, including Microsoft System Center, now manage a wider variety of mobile operating systems than ever before, including Android and Apple iOS, as well as Windows and Windows Phone.
Every company that deploys mobile devices, or for that matter a network of any kind, must have strong information governance that begins with the development of a comprehensive information use policy. Within the sanctity of your own four walls, it is very possible to enforce most policies electronically, thereby assuring compliance and resulting effectiveness of security.
There are also ways to protect data accessed by mobile devices, but significant platform decisions must be made in advance, as each strategy requires a pervasive platform deployment from end-to-end.
Securing confidential data with containerization
The most obvious approach is to carefully segment personal data stored on a user’s device, and corporate data that is accessed and stored on that device. The objective is to keep personal applications from using or transmitting the corporate data in any way. The most popular strategy is called “containerization,” and it involves, as the name suggests, creating a separate corporate data “container” and a separate personal data “container” that each exist on the device, but cannot connect to each other in any way. Personal applications on the device can only access the personal data, and corporate apps can only access corporate data.
This approach also facilitates exit strategies, as only the corporate data may be removed from a user’s device without harming the personal data. While this is preferable, containerization is a difficult science with many opportunities for sophisticated user’s to achieve breaches.
Securing data via VDI
Another strategy has been used with great success because it completely avoids transferring any data from the corporate network to the user’s device. This also means that a wider variety of devices may be acceptable for use in a BYOD environment. That strategy is virtual device infrastructure (VDI.)
In this strategy, the actual compute session is taking place on a server in the data center and using all data locally. Only the screen appearance, keystrokes and “mouse” movements are transmitted between the data center and the user’s mobile device.
This is a very efficient way to achieve high-powered compute on small devices. The device itself runs a very small app so that it can view the actual application in action. In the earliest days, a VDI approach on any small device was clumsy as the large screen appearance could not all be viewed at one time, forcing the user to pan and tilt around the screen to see various elements. More recently, many applications feature a “mobile version” or “native app” that can be run on the mobile device across the virtualized connection.
The most important superiority of the mobile VDI approach is that no data ever actually reaches the mobile device. Data is processed on the server in the data center and only results are displayed on the device. The actual data remains in the data center. Even the screen appearances are not stored on the mobile device.
Data is the most valuable asset your customers own, but data only makes money when in motion. Today that motion includes trips to mobile devices where the data is most exposed. The devices themselves will come and go periodically, and will certainly require some management and control. But the data will always require complete protection.
There is no “one-size-fits-all” solution for all mobile environments. And that’s the good news. Your Insight technical pre-sales support team discusses your customer’s specific requirements with you and helps you arrive at the best possible solution. Contact them today for more insight into mobile data management.