The mobile device market has expanded rapidly in the last few years; more and more businesses are adopting remote-friendly cultures and offering mobile-specific solutions for their platforms. Meanwhile, an increasing number of people are working remotely, and governments are increasingly regulating remote work. This situation presents organizations with an opportunity (and a challenge) to solve rising issues with Bring Your Own Device (BYOD) and Dedicated device policies.

This sparks several questions about how businesses can use mobile devices to empower their operations and how to reduce risk when managing those devices at scale. As it turns out, there are valid concerns when it comes to trying to leverage mobile devices to strengthen the operational delivery of new features in a secure and reliable way.

Let’s take a look at the dangers of poor enterprise mobility management (EMM) solutions as well as some things that you can do to solve several enterprise mobility pain points.

Why Poor EMM Strategies Make Mobile Devices a Liability

For companies that are trying to adopt a viable EMM strategy, the primary obstacle is the inability to envision and understand exactly what they want to achieve. In other words, they have difficulty recognizing what they are attempting to accomplish in the first place. Normally, the main goal is to provide a secure and reliable platform where employees can share information, access internal apps or networks, monitor and control access to data, and tick the boxes of some compliance rules.

A poor EMM strategy would be to just start rolling out devices to employees but failing to keep track of mobile expenses, software and security updates, especially when running dedicated devices, and providing user support. That could potentially lead to a situation in which more and more users either abuse their usage or just avoid using the devices at all, due to inconvenience and inefficiency. 

An EMM strategy without a quality training program on how to use company-issued devices is also a liability. Every employee should know how to properly use the device, any self-service features, support tools etc. Even the smallest mishap or misstep while using the device could lead to a major setback if users aren’t oriented to the basic operations. They should be able to determine what to do in case something goes wrong, and what kind of support is available in case of hardware or software issues or failures.

Security Controls

Finally, we should address the elephant in the room which is how to approach security. More specifically, what is the minimum level of security controls you need to support in order to roll out an effective EMM strategy. 

On the most basic level, organizations should establish the following security controls when issuing mobile devices:

Two-factor authentication: There should be at least two disparate pieces of evidence in which a device user is granted access to a website or application. Those factors have to be in various categories like something the person knows (passwords) or something the user possesses (one time token) or something distinctly unique to the user (fingerprint verification). This is to ensure a better security model for rolling out sensitive data in applications. Also, single sign-on (SSO) will help eliminate increased risks with using weak passwords.

Remote wiping: This allows a person or an admin to erase data on a device if it’s lost or stolen. This operation can be performed as long as the phone is connected to an internet provider and has a data connection.

Remote backups: This feature allows the devices to periodically backup their sensitive info into cloud providers. This makes the process of recovering lost or deleted data from remote wiring more convenient and less catastrophic. 

App wrapping: This is a process of baking specific security policies into a mobile application or custom apps, and exposing them as normal applications. Usually, those apps are listed in an internal store like Apple Business Manager or Google Private Apps.

Secure Container: This is an encrypted sandbox installed on the user devices that host a variety of workplace applications and internal policy configuration.

Building Custom Mobile Devices

An effective mobile device strategy is not limited to BYOD and considers the use of dedicated/purpose-build devices for employees and customers as well. Those are instruments that have a custom hardware profile and could be either customer or employee-facing. Typical examples of those devices include kiosk screens, tablets, ticket booths, terminals, POS, or rugged devices. The benefit of using them is they are specialized for certain business operations offering the maximum cost/benefit compared to their generic or consumer counterparts.

You need to ensure as part of the EMM strategy to properly enroll and manage those devices especially if they are public-facing and to monitor them for theft, damage, or deficits. 

All the security controls mentioned in the previous apply also to dedicated devices as part of an effective EMM strategy. You will also have to consider the following:

• Compliance and policy requirements: Those devices need to adhere to local or governmental regulations in regards to eligibility and security controls in place.
• Device-tracking and telemetry: Making sure the devices report their vitals and can be tracked down for administration purposes.
• Geo-fencing: In some cases, you can force devices to be disabled or shutdown in place once they physically moved outside a boundary area or if they touch a magnetic strip. 

Establishing common SRE best practices when deploying software, considerably improves the reliability and security of this process.

In practice it means obtaining a solution that customizes the device OS and application updates. Using CI/CD pipelines, you can configure those devices consistently, and embed observability and monitoring controls from the start. The main idea is to treat the device as a piece of software customized from the ground up.

Next Steps with EMM Solutions

All of those recommendations are not just theory. They are concrete steps of an operation coined as DeviceOps that an enterprise ready-platform like Mason revolutionizes. With DeviceOps you think of the mobile device as your VM that hosts the OS, your configuration, your data and your application. By thinking in those terms, you can eliminate the traditional problems when managing mobile devices at scale, and the teams responsible can collaborate more efficiently.
Have a look at how Mason can help you launch a smart product or dedicated device solution in days by giving you turn-key control over every aspect of your mobile infrastructure.

Theo Despoudis is a Senior Software Engineer, a consultant and an experienced mentor. He has a keen interest in Open Source Architectures, Cloud Computing, best practices and functional programming. He occasionally blogs on several publishing platforms and enjoys creating projects from inspiration. Follow him on Twitter @nerdokto. He can be contacted via http://www.techway.io/.