Mobile Device Management and Securing Your Data

mdm solution

In our FAQ article series, we have a look at the most frequently asked questions about mobile device management and data security. A common reason for rejecting a mobile device management system within the workforce is the fear that private data could be spied on. It is also often unclear how an MDM prevents data from being spied on by third parties. So in this chapter, we'll discuss privacy concerns related to an MDM.


1. Does the usage of a mobile device management system mean spying on employees?


Software that aims to restrict the way mobile devices are used, as a mobile device management does, is mostly viewed critically by the employees involved. Questions will naturally arise: can the software read my messages? Will calls be intercepted? If I'm not allowed to use certain apps, will the device even work?

There are probably many more questions - but we will answer the most important ones today. Let's take it step by step and shed some light on the subject.


Using an MDM is for management - not control


Fortunately, Germany has a comprehensive and in-depth data protection law (GDPR) that regulates exactly to what extent personal data must be protected. This not only puts the responsibility on the companies themselves, but also on providers of SaaS (Software as a Service) products.
It must be ensured that sensitive company data and also personal data cannot be leaked to the outside and, in the worst case, misused. MobiVisor MDM only accesses the data that is fundamentally important for the functionality of the MDM. This includes only technical and device-specific data, such as the device name, phone number, serial number, model name and number, capacity and free storage space, version number and the installed apps.
Specific content or exchanges between colleagues in the form of private and business emails, calendars, contacts, text messages or messages, and telephone call logs are not recorded under any circumstances. The reading of browsing history, personal reminders and notes, and the frequency of app use are also not conducted.
So the answer to the above question is a clear: No. The use of an MDM can never be used for espionage.
It is important to communicate this with employees - after all, the aim is to create acceptance for the MDM and consolidate its position as an administrative aid.


2) What happens when employees use their private devices - does MDM work in these cases at all?


In quite a few companies the practice of 'Bring your own device' (BYOD) is employed. Employees bring their own devices and are allowed to use them for work.
This can have advantages, such as eliminating the need for additional work devices.
The big sticking point, of course, is that this model blurs the line between private and business. And the question of data ownership is often not as clear-cut as it might seem at first glance. This is particularly the case with creative activities: for example, if an employee creates content using a private account, but the content is intended for the company - how is the decision made as to who owns the content?
Before introducing MDM, it is therefore extremely important to obtain legal advice as to whether BYOD is even possible in the company and, if so, how. It must be transparently explained to employees who owns the data and what may be done with it.

But back to the question: An MDM can be applied in various scenarios, even if the device is intended for private use. You can find more areas of application in our infopaper on MDM and data protection.

In order to nevertheless ensure a clean separation of private and business data, there is the so-called container principle. Here, the separation of the device into two areas is already defined during installation: a private profile and a business profile. Access by the MDM admin to the private profile is no longer possible. This means that employees can continue to use the private interface with their preferred settings. In the business area, employees are also protected against accidentally transferring private data to it.
This should not be underestimated: how quickly does it happen that an e-mail is forwarded to the wrong account? With a clean separation, this can be ruled out.

3) What measures does MobiVisor take to secure the data within the software?


An IT security strategy does not stop at securing mobile devices against potential threats. And of course, one assumes that the MDM software that secures the mobile devices is also secure itself. MobiVisor achieves this primarily through secure hosting.

On the one hand, the security of the data is guaranteed by the server. Considering the strict GDPR requirements, it is important that a mobile device management system is hosted on a secure server. For our cloud customers (i.e. customers who do not host the solution on their own server) MobiVisor provides servers in Germany.

But what can those do who want or need to host MobiVisor MDM on their own server?
For this on-premise installation, a secure server does not necessarily have to be located in Germany. Other European countries also have good and secure data protection infrastructures, e.g. Switzerland or the Netherlands. However, we generally recommend a certified server location in Germany, especially for industries such as healthcare. This ensures that data cannot be resold or read out under any circumstances. Servers located in countries with unclear political situations, unreliable infrastructure or porous data protection laws are strongly discouraged.
(A list of countries with the strictest data protection regulations, which also affect hosting, can be found here).

On the backend, MobiVisor works with a so-called 'tenant system'.
This means that individual customers are stored as tenants on the server. Each instance is separated from the others. Even in the hypothetical case that an attacker manages to crack the security system of the server, whereby the server-specific alarm functions immediately take action, this cannot spread to the entire tenant system. Basically, as little information as possible is stored on the MobiVisor server. This means, for example, that the tenant key is only stored in the customer's database. An attacker can therefore not retrieve it.
Each MobiVisor domain is also subject to a constant audit - if unusual activities are detected, they are checked. If there is a problem, it is reported to the system and our developers can react immediately.

The security of the data, as well as the software itself, is always in focus, both in the company and on the provider's side. With MobiVisor, you can be sure that our fast service will always be there when you have questions or concerns about security issues.

If you'd like to ask more questions, you can click the contact button below!

Similar Contents

Is Social Media Usage a Security Issue in the Workplace?

Is Social Media Usage a Security Issue in the Workplace?

Is Social Media usage during work really just a distraction and a security issue? Or can it also be a useful addition to work routines?

Read More
Make Your Own Digital Recycling System

Make Your Own Digital Recycling System

MobiVisor provides you with a beneficial and efficient way to improve your own digital recycling process, not only sustaining your mobile devices’ shelf-life, but also affecting your budget in an economic way.

Read More