Tomasz Zajda - Fotolia

EMM security features keep mobile devices kicking

IT admins at IBM InterConnect reveal some of their top security concerns, from managing user access to safeguarding apps and data, and more.

LAS VEGAS -- As enterprise mobility grows, so do the security risks. IT administrators need to make sure their organizations are prepared.

IT pros voiced some of their top mobile security concerns in a session here at the IBM InterConnect conference, including protecting a lost or stolen device that becomes compromised, preventing data leakage and shoring up device vulnerabilities.

Protect devices

As employees bring a diverse set of mobile devices into the workplace, organizations need an enterprise mobility management (EMM) security product that can secure multiple operating systems, using capabilities such as containerization and remote wipe.

EMM is critical in the event that phones are lost, stolen or an employee leaves the company, said Birgit Fagerholt, IT senior program manager at ISS Facility Services A/S in Copenhagen, Denmark. Her organization uses IBM's MaaS360 to containerize a work profile for employees, where they can securely access their corporate mail, contacts and applications.

"Under our BYOD policy, when a person leaves the company, we just take MaaS360 off the devices and we're safe," she said. "They have no corporate content on their device anymore."

Address privacy concerns

Some EMM security capabilities, such as remote wipe and GPS tracking, raise privacy concerns among employees. Organizations need to be sure they comply with privacy regulations specific to their industries and locations.

For example, ISS Facility Services has to abide by the union laws of Denmark, which requires IT departments to notify all employees six weeks prior to implementing any GPS location-tracking technology. The company did so, and also implemented policies to ensure user privacy. For anyone in the organization to access information regarding an employee's GPS location, for instance, the head of the IT department and the head of human resources need to assess the request and sign off, Fagerholt said.

"[Approval] needs to be tough to get," she said. "It's important for our employees to know it can't be granted easily."

Safeguard applications and data

You have to prevent people from trying to go around the EMM solution.
Jeremy Maloneenterprise mobility manager, Dignity Health

IT also needs to implement security at the file and app level, not just at the device level. One way is by blacklisting applications that are known to be vulnerable, said Jeremy Malone, enterprise mobility manager at Dignity Health, a MobileIron customer based in San Francisco.

Many EMM security products indicate which apps are vulnerable, so IT can opt to not allow them on the network.

"You can prevent users from having these apps installed, and if people do install them, you flag it and quarantine the device," Malone said.

Manage user access

If accessing their business applications on mobile isn't easy for users, they will find a way around using certain apps that don't fit with IT's security standards.

"You have to prevent people from trying to go around the EMM solution," Malone said.

One capability many EMM security products have that helps improve the user experience is single sign-on authentication, which allows users to securely access all their enterprise applications and content, without having to enter multiple login names and passwords.

For IT, adaptive access features can help enforce user access policies. Adaptive access detects user habits and patterns on their devices, and can flag abnormal activity, which may be a sign of a security breach. If, for instance, a device accesses corporate data from a different location or IP address than usual, the technology flags the device, and IT can check out whether it's secure.

Next Steps

MDM vs. MAM for mobile security

Three mobile threats you need to know about

Mobile threats go beyond malware

Dig Deeper on Enterprise mobile security