On our MobiVisor Blog and our website we often state that the organization of IT-Security strategy should resemble an onion: many layers to protect the valuable core.
The layers of IT-security begin with the protection of the data on the companies’ server, include the access and account management and end with the endpoint management, which serves predominantly to manage mobile devices. An MDM belongs in this onion of IT security as well. But it is also an onion in its own right. In the sixth part of our FAQ we take a closer look at the layers of MDMs like MobiVisor.

Which features of an MDM are especially important for IT security?

The main goal of an MDM is to guarantee the safety of mobile devices. Furthermore it can be used to manage and maintain the devices in a clearly structured manner.
The biggest part of MDM features is still relevant for IT security though:

Enroll & Manage:

App Management:

Data Security & Safe Communication:

These Features are relatively self-explanatory. But it is often unknown how they can be combined or even how they need to be combined in order to secure IT security completely.
Let's have a closer look at single security issues that can be solved with an MDM.

1. Introduction of a safe communication strategy in the company for IT Security:

The biggest challenge is that companies rely more and more on mobile ways of communication like Microsoft Teams or other messenger applications like What’s App, since employees are more mobile and work from basically everywhere.
Companies now face the challenge to enable this kind of mobile communication, because it simplifies work and makes them more attractive as employers - but on the other hand this creates more risks for IT security. You can read more about it in this blog article.

In order to not give attackers any chance of compromising the IT security via chats or SMS (e.g. Smishing attacks), there are certain security policies that need to be enforced via MDM.
It helps to envision which kind of tasks the users usually work on with their mobile devices to be more aware of risks.

1.1 Regulate the reception and dispatch of sms:

If the companys’ mobile devices are solely for work purposes you can restrict the dispatch and reception of SMS. It is also possible to define a whitelist for certain numbers where sms can still be received. Furthermore, to prevent smishing, you can also forbid that websites from unknown sources can be opened or that downloads start without authorisation.

1.2 Secure email and messenger integration:

In general we advise to integrate an email application that is especially created for business purposes and thus presumably safer. Microsoft Outlook can be used and integrated into an MDM, but also gmail might be used without bigger security issues.
It is still important though, to instruct the users to not connect the company mail with online shops or other websites that connect data.

If you want to use a messenger in your company, we generally recommend to install a safe application. The facebook messenger, slack or Whats App should not be used to transfer important data. Furthermore the App / Play Store should be configured, so that it is not possible to download unauthorized messenger apps.

2. Increasing IT Security by solving problems on mobile devices with an MDM:

Another reason to introduce an MDM to increase the level of IT security is that technical problems can be directly solved via MDM in some cases. Operating errors can be solved with the help of remote support functions.

2.1 Report and Avoidance of errors:

MobiVisor MDM, as a holistic MDM, has a debug log feature.
This means that the admin can request a log of the last activities of the device via the MDM. If an error has occurred, the cause can be discovered.
If the admin cannot solve the error directly, it is possible to report the bug to the MDM provider. In this way, errors can be corrected without having to reset the device each time.
The centrally controlled setup of mobile devices with all apps and policies also prevents bugs from creeping in right from the start.

2.2 Simplifying operation through KIOSK mode:

Devices running in KIOSK mode are characterized by a reduced user interface. That is, there are only a few predefined apps that can be used on the phone. As a rule, the system settings cannot be accessed by the user and thus cannot be changed. This also means that no settings can be made that could paralyze the device or prevent the basic setup.
Another advantage of the KIOSK mode is that it acts as a user interface above the actual user interface of the mobile device. All changes that are made are therefore only made on the KIOSK interface, but not in the device itself. If the KIOSK mode is removed, any incorrect settings would also disappear.
A clear specification of how devices must be operated generally increases IT security. The less the user has to decide and set up himself, the better the implementation of the company's internal security guidelines.

3. IT security and risk management with the help of MDM:

When mobile devices are used, they are exposed to many risks.
For example, mobile devices can be stolen more easily, can be lost or attempts are made to root them in order to circumvent security restrictions.
Public WLAN networks are also a risk factor, because you can never check how secure they are. If the mobile devices are also allowed to be used for private purposes, there is quickly a risk that private and professional data will be mixed.
Comprehensive risk management therefore increases IT security immensely.

With the help of an MDM, control mechanisms can be introduced for these threats to IT security:

3.1 Data recovery in case of loss or theft:

Every mobile device should perform regular backups of the important data.
This is because if the mobile device is lost, it can then be locked and wiped via the MDM without also deleting all data from the user's account. This double data storage is more costly, but also essential if you want to guarantee secure and effective mobile working.

If a device is lost or stolen, one of the strengths of MDM also becomes apparent: namely, the clear assignment of users and devices. This means that the device in question can be taken out of service immediately. In this way, any attempt to gain access to corporate data can be prevented.

3.2 Preventing the removal of the MDM:

There is an additional feature in MobiVisor to report rooting or resetting the device as a security breach. This action can then not be performed and in addition a message is sent to the admin that an attempt has been made to remove MobiVisor MDM from the device.

3.3 Secure Internet connections and clean data separation:

It is always recommended, especially for companies with very sensitive data, to define which Internet connections are allowed to be used through the mobile devices.
The 'Whitelist WiFi connection' function is available for this purpose. This prevents the device from automatically dialing into open WLANs.
If mobile devices are also used privately, private use of the Internet cannot be configured for legal reasons, but by installing an extra work profile on the mobile device, you can at least make a clean distinction between work and private use.
In this way, the work profile can prevent unsafe Internet connections from being used. However, extensive training on data security is generally recommended for this type of device use.

Conclusion: 

With an MDM, various important layers of IT security can be covered, like an onion. Starting with the professional setup of the devices with all important accounts and apps, to the definition of security policies - to the specification of the way of usage and problem solving. The topic of IT security is, of course, even more complex than simply securing the hardware - but fundamentally, this is the first step in properly protecting companies and their data.