Effective enterprise mobile device management (MDM) is paramount for organizations considering large deployments of smartphones or tablets to their workforce. Without a carefully considered approach to MDM, enterprises will struggle to maximize the benefit of their mobility investments, place a heavy strain on their IT department’s resources and, even worse, put their business at risk of data security breaches. Nick Rea, a senior director with Samsung Business, regularly consults with enterprise customers on issues surrounding corporate-liable mobile deployments. He recently took the time to lay out his top five tips for enterprise mobile device management:

1. Deploy on a Robust Security Platform

The first tip revolves around security, since Rea states that security always dominates discussions with customers and is generally the core focus of evaluations. To assuage security concerns, organizations should ensure that they’re deploying their mobile fleet on a robust security platform. They must ensure that they’re 100 percent confident that security is stringent before devices are even powered on, and certainly before corporate data is placed on devices. Samsung Knox provides mobile security platform capabilities right out of the box with hardware-backed security elements that protect the integrity of the operating environment at boot time and run time. In addition, Knox supports extensive integration with enterprise mobility management (EMM) or mobile device management (MDM) providers.

2. Complexity of Deployment

Second, organizations need to consider the complexity of the deployment — how difficult is it to enroll devices, apply policies to them and push them out to a diversified fleet of devices? Virtually every organization has mixed environments and there are often multiple platforms to consider. The Samsung Knox mobile enrollment program can help to simplify deployments by automating the enrollment process for EMM or MDM systems. Whereas it used to be laborious and time-consuming to provision each device with the software, policies, configurations and authentication mechanisms required, including checking that certificates are valid, organizations can use this cloud-based platform to pre-enroll any number of devices, making the process transparent to users as well as simple and virtually error-free. For greater control enabling more granular configurations, Rea recommends the Knox Customization Configurator tool, as well as Tachyon, a robust third-party device configuration solution.

3. Keep Enterprise Data Secure

The third tip regards keeping enterprise data secure. A key consideration for all customers is to ensure that corporate data is kept isolated in a protected environment. Knox Workspace is one option that provides these capabilities, in essence creating what is almost a separate phone within the same device. According to Rea, this is one of the most popular parts of the offering and is easy for users to navigate in and out of. One of the key features that makes it so secure is that security is anchored in the hardware, rather than just the software. When a user attempts to boot up a device, its integrity is checked, and if a problem is detected, the corporate data inside the Knox Workspace container is rendered inaccessible through hardware-based mechanisms or simply it’s prevented from booting up. Encryption is essential for high levels of data security, and Knox certificates and keys are kept in a hardware-backed key store so that they can’t be tampered with.

4. Ease of Ongoing Management

The fourth thing to think about is the ease of ongoing management. Since security threats are constantly evolving, the security platform must continue to evolve and grow. Samsung has invested heavily in ensuring that mobile device management is as granular and robust as possible. There are thousands of APIs provided with Knox that are leveraged by its MDM partners for easier ongoing management. For example, these can be used to enable authentication via Active Directory, to provide single sign-on for collections of apps, or for managing VPN connectivity, which can be expensive when managing roaming access on a per-app basis. Organizations will have these capabilities at their fingertips when enrolling in an MDM environment.

5. Customizing Configurations

Finally, some organizations wish to create a golden image when deploying devices with a customized configuration that meets their business and security standards. Samsung provides high levels of flexibility with its Knox Customization offering, which allows an organization to create a one-time configuration to lock down a device. It has similarities to Knox mobile enrollment and MDM configuration capabilities, but is designed for one-time configurations. The cloud-based Knox Customization Configurator offers a simplified set of off the shelf kiosk mode options. For more granular deployments, the Knox Customization SDK can be leveraged. An example use case for this is in retail environments, where a tablet is provided for customers to interact with but can’t be used for other purposes. These capabilities allow a device to be truly locked down so that it’s tamper-proof, with hundreds of APIs available in the Knox Customization SDK to provide extremely granular levels of control for very high-security environments.

The importance of enterprise mobile device management can’t be underestimated. These tips will help any organization to assess its mobile security and ensure that security capabilities are as robust as possible.

Mobile device management solutions allows businesses of all sizes to protect against security threats.

Posts By

Fran Howarth

Fran Howarth is an industry analyst specializing in security. She has worked within the security technology sector for over 25 years as an analyst, consultant and writer. Fran focuses on the business needs for security technologies, with a focus on emerging technology sectors. Current areas of focus include mobile security, cloud security, information governance and data security, identity and access management, network and endpoint security, security intelligence and analytics, and security governance and regulations. Follow Fran on Twitter: @FranNL

View more posts by Fran Howarth