The beginner’s guide to MDM

Learn how to protect and manage your mobile devices with this step-by-step guide covering everything from planning groups and creating policies, to reporting.

Download Now
Device Management

5 tips for securing DeX in mobile-only workforces

Samsung DeX offers the opportunity for enterprises to go mobile-only by delivering a desktop-like experience that is powered by a smartphone or tablet. When connected to a screen — either via a USB-to-HDMI cable or wirelessly — smartphones with DeX boot up a desktop-style user interface, complete with multiple resizable windows, keyboard shortcuts and other standard PC productivity features. Even better, the mobile device can continue to be used as normal, even while it projects DeX on the monitor or TV.

The possibilities are intriguing for IT managers looking to simplify and reduce the number of desktops and laptops in their fleet or support an increasingly remote workforce. But adopting DeX for desktop productivity raises another question: What about security?

The short answer is, it shouldn’t matter. The smartphone doesn’t fundementally change because you extend the interface to a monitor and pair a keyboard with it, so whatever security configuration and risk mitigation strategy you’ve designed for a Choose Your Own Device (CYOD) deployment doesn’t change if DeX is in the picture.

However, as security practitioners know, it always matters. The way the device is used changes: different apps, different use patterns, different network connections. And anytime there’s a change, security should take another look to make sure old assumptions still hold. So what are the key points for information security managers to look at? Here are a few places to start:

1. Check your devices’ security profile again

Absolutely the first place to look is your device security settings. There’s no special magic here, but rechecking assumptions on authentication (biometrics should be required, for example), application store restrictions, allowlist/blocklist settings and patching requirements and schedules should all be first on your list when scrolling through your mobile device management (MDM) or enterprise mobility management (EMM) policy settings.

Go mobile-only with Samsung DeX

icon of a documentWhite Paper

Your comprehensive guide to rolling out a mobile-only solution for your workers. Download Now

If you haven’t enabled a dual data profile solution like Samsung Secure Folder, now is definitely the time to reconsider. Keeping organizational applications and, more importantly, their data separated from home uses is more important now than ever before.

2. Make sure policies are updated

If your CYOD policy and security profiles were put in place assuming a fairly casual use of mobile devices, definitely take a quick look at the policies themselves. With increased risk comes increased responsibility, and — as with security profiles — assumptions that were made when the CYOD or even Bring Your Own Device (BYOD) policy was laid out may not hold true anymore.

It can be simple things, such as cost reimbursements and stipends that need to change, but you should also look at any policies regarding safe use of devices and physical security, such as rules regarding device loss reporting.

Good CYOD policies also tie in with acceptable use, data protection and information security policies, so checking all of these fundamental documents to be sure they’re up-to-date for this new use is important — and shouldn’t take a lot of time.

3. Get a bird’s eye view

When smartphones and tablets are used with DeX, they act a lot more like desktop and laptop PCs, so they will probably be connected directly to enterprise networks when they’re in the office or virtual private networks (VPNs) for as long as your workforce is remote or blended, rather than pass through a carrier’s data network.

Now is a good time to look at how you want to engineer your internal networks. Old topologies that treated most desktop PCs as “trusted” devices with relatively few restrictions have fallen heavily out of favor with information security architects. If you haven’t already reviewed and redesigned your in-building wired and wireless local access network (LAN) or VPN to add more security controls and barriers, this is an excellent time to do so. There’s nothing particularly insecure about adding smartphones with DeX to your LAN; in fact, they may be more secure than their Windows PC brethren. But a DeX rollout is a good opportunity to step back and see if your LAN is properly secured using current security thinking and design paradigms.

While you’re looking at security, don’t forget to also look at the capacity of the Wi-Fi network. Mobile devices running DeX can be wired (using a multiport adapter with an Ethernet port) or wireless, so if you choose wireless access for the higher security it offers, check that your Wi-Fi network is tuned up and can handle the increased load.

4. Take advantage of DeX security settings

Additional DeX security and management options are made available within Samsung’s Knox device management tools and some third-party EMMs. These include the ability to force the use of Ethernet (incredibly valuable for highly-regulated industries), set static IP addresses and limit applications. Additionally, there’s still control over configuration, enrollment and management.

Security is another area where smartphone vendors have learned from their desktop cousins. Samsung’s Galaxy smartphones are equipped with a full toolkit of security features and capabilities, including:

  • Application sandboxing
  • Work/home protected application containers
  • Trusted execution environment (TEE) hardware
  • Full-disk encryption
  • Biometric sensors
  • Mandatory access controls
  • Tight integration with MDM/EMM agents

It’s not a question of adding, upgrading or installing apps or tools — this is how Samsung Android phones and tablets with Knox come out of the box. With a stronger platform come fewer security incidents, tighter control on application-based malware and a better approach to end-user computing security.

5. Don’t forget the importance of uptime

Most information security managers spend a lot of time focusing on confidentiality and integrity of data and applications, but don’t forget there’s a third leg to that stool: availability. If a smartphone isn’t available, then your mobile worker isn’t getting any work done.

Make sure you have a plan in place to deal with the inevitable device loss and damage scenarios that come naturally with any smartphone deployment. This means having spares ready, on hand and set up for quick deployment, but also knowing what you’re going to do if someone calls while on the road, or even at home, and needs a device replacement fast.

Discover more of the productivity benefits that Samsung DeX can provide to your workforce. Then learn more about going mobile-only with DeX with the complete free guide.

Posts By

Joel Snyder

Joel Snyder, Ph.D., is a senior IT consultant with 30 years of practice. An internationally recognized expert in the areas of security, messaging and networks, Snyder is a popular speaker and author and is known for his unbiased and comprehensive tests of security and networking products. His clients include major organizations on six continents.

View more posts by Joel Snyder