With the proliferation of mobile phones, tablets, and personal devices – alongside the growing presence of SaaS applications – data protection and integrity concerns are at an all-time high.
Since you’re reading this article, it is likely your organization began juggling the idea of adopting BYOD, with the below questions keeping your IT Director awake at night:
- How do we track the various devices our users work from?
- How do we manage and enforce policies across each device type and platform?
- How do we ensure that sensitive data is protected?
- How do we enable our users while protecting our interests and meeting regulatory requirements?
The reality is that the ideal answer to each of these questions is going to vary for each organization, and each team will be subjected to different regulatory and compliance concerns, so it’s important to identify these first as they pertain to your unique needs.
Users require the flexibility of a mix of devices and applications. While some teams can function with a fully locked-down phone and laptop, other users – particularly mobile users – will likely need a phone or tablet to access files and applications on the go, while simultaneously utilizing a laptop to function at a high level.
So where does one start? An Enterprise Mobility Management strategy should address these three core areas:
Most organizations leverage Active Directory or some form of open Lightweight Directory Access Protocol (LDAP) to manage their identities for traditional systems and applications. In their traditional states, these platforms work well-enough for on premise applications, but require (major) modifications to work in cloud workloads.
To start, let’s try and answer these questions:
- Where is the source of the identity, and where do you want the identity long-term?
- Which applications contain sensitive data that needs to be protected? Does this data reside mainly on premise, or in the cloud?
- What type of users, internally and externally, access this data?
Most of our customers tell us they would like to manage these identities within Active Directory or Open LDAP. Maybe additional data is needed from external systems, but there are plenty of solutions to address data synchronization. So how do we extend identity to all of these applications? There a few main methods to do so:
- Individually manage multiple (often dozens) of identity banks for each application
- Create an extension to each cloud app individually (perhaps through ADFS)
- Leverage an Identity as a Service solution (IDaaS, often referred to as Single Sign On, or SSO)
From a hard-cost standpoint, the first two options are essentially “free.” However, they require significant investment in man-hours, and often a significant physical infrastructure.
IDaaS requires some investment; however, it’s often a low monthly cost per user, as many solutions are priced under the SaaS monthly option. Also, as with many other end-to-end solutions, IDaaS vendors have invested months, if not years, in doing much of the work for you, and as a managed solution, will continue to manage this for you. Often times, the TCO of an IDaaS solution is far better than managing several identity banks or deploying ADFS to each application.
Device Policy Enforcement
By now, most organizations leverage some sort of Bring Your Own Device (BYOD) program, or at the very least, provide their users with an employee-owned mobile phone for corporate use. While the use of devices was initially focused on access to email, most users leverage their tablet or phone just as much (if not more) than their traditional laptop or desktop. They access several types of files, several applications, and are seldom separated from the device.
Many organizations have adopted a Mobile Device Management (MDM) solution to lock down these mobile devices. Often this involves restricting email and file access to locked-down, containerized applications, with many limitations. These solutions weren’t cheap, and as with many expensive solutions, were overburdened by clunky features most customers don’t use. Because of this, users often find ways to circumvent MDM or don’t use the features at all.
Newer MDM solutions have tried to address these issues, by appealing to 80-90% of feature/security at a more cost-effective price point. While the most involved IT departments will stick to comprehensive and expensive MDM solutions, the majority of customers will find the newer solutions hit the sweet spot. It’s also important to ensure that the device management solution meshes with any desktop-management solution, to ensure all devices and policies are ubiquitous across the enterprise.
File/Data Security and Control
Despite controlling which users and devices can access certain files, there are still several ways for data to be compromised. The reality is that individual files can be easily downloaded, forwarded/shared, or just simply lost (say on a lost and unlocked laptop). In order to address this vulnerability, many organizations have relied on file-level “rights management” capabilities. Given that files are now located in several locations, exploration of cloud-based (or extended-to-cloud) solutions is warranted.
Organizations looking to elevate above the status quo and achieve a competitive edge need to adopt a BYOD strategy. With the world going mobile, organizations need to discern their IT infrastructure’s capability of adopting a BYOD program. Click the banner below to request a consultation with one of our Technical Solution Specialists who can help you roadmap your path to a modern mobile enterprise.