michelangelus - Fotolia


Five ways to secure mobile data with EMM

For most organizations it's a matter of when, not if, their data will be attacked. But EMM tools can help keep mobile data secure.

As the number of mobile workers skyrocket, so grows business data risk. Organizations can use enterprise mobility management tools to secure mobile data.

Two-thirds of the total U.S. workforce is already mobile, according to IDC. Finding more scalable and effective ways to safeguard business data on mobile devices is therefore paramount. Here are five:

Enforce mobile data security policies

Between the BYOD and BYOA movements, the amount of business data moving outside of the enterprise has never been greater.

Enterprise mobility management (EMM) can automatically assess new mobile devices that attempt to connect to a corporate network or access corporate services, including cloud services. By rejecting devices that do not meet minimum criteria, enrolling devices that do and requiring consent from users, EMM can provide the foundation from which to enforce policies that secure mobile data.

For example, EMM can reject older Android devices that don't have encrypted file systems, ensure that device-level passcodes are enabled and sufficiently strong and, if a device is lost or stolen, require user consent for data wipe. EMM can also serve as the conduit to deliver and activate configuration profiles and applications, and remove them should a device become noncompliant.

Containerize mobile data

As enterprise focus has shifted from securing devices to securing business data, EMM tools have embraced containerization. EMM-supplied containers can be data-centric or application-centric, but the underlying principles are common: create an access-controlled, encrypted, trustworthy environment in which to access, use, store and share business data.

For example, many EMM tools offer mobile content management (MCM) capabilities that IT can use to automatically push business folders and files onto mobile devices, keep them up to date, allow users to read and edit data, and, where appropriate, copy/paste or print data. IT can use MCM tools to prevent users from accidentally leaking business data; admins can also easily wipe the app by removing the encryption keys or disabling the user's access credentials.

Other EMM tools offer enterprise-grade variants of standard business applications, such as secure email and secure browser applications. These secure apps also serve as containers, but focus on enabling business functions -- for example, providing access to an enterprise contact directory, forwarding email attachments only to defined groups or safeguarding business data accessed through an enterprise website, file server or cloud service. EMM plays a role by installing, configuring, maintaining and removing the secure app -- including credentials to access enterprise assets such as trusted CA certificates or single sign-on.

Restrict mobile data movement

EMM can provide the foundation from which to enforce a company's mobile data security policies.

As secure mobile apps and content managers emerged, EMM evolved to oversee not just individual containers, but the flow of data between containers. With growth in business cloud services, EMM's reach has extended beyond the device to secure mobile data, no matter where it resides. EMM is not directly involved in moving or blocking business data, but it can give IT the ability to configure and audit associated security policies.

Detect and neutralize mobile data threats

It's one thing if a mobile device is lost or stolen, but if its security has been compromised, it's an even bigger headache for IT. For example, an encrypted file system or container can stop a thief from simply picking up a lost smartphone and accessing sensitive business data. If an Android device has been rooted or an iOS device has been jailbroken -- or if either is infected with a malicious Trojan app -- business data remains at risk.

EMM tools can mitigate these kinds of threats by continuously monitoring a managed device for the presence of unwanted apps or signs of rooting or jailbreaking.

When all else fails, wipe data clean

When it comes to security, it's not a matter of whether an organization will be attacked, but when. Using EMM to secure mobile data is an excellent starting point, but it can also be helpful when those defenses fail. IT can use EMM tools to initiate remote action on a managed device, from disabling managed apps or removing enterprise user credentials and profiles required to access business data to actively wiping an entire mobile device. For BYOD, full device wipe should always be a last resort, and only done with advance user consent. Remote wipe can be an extremely valuable fail safe, however, when used in combination with other mobile data security measures.

Next Steps

Strike a balance between access and mobile data security

Protect mobile data with EMM

Essential guide: ensure mobile data security

Dig Deeper on Enterprise mobile security