MSP Blog Logo

BDR

Business Growth

Cybersecurity

Help Desk

MDM

RMM

Sales & Marketing

Subscribe

Empowering Your MSP Business to Grow and Prosper—One Post at a Time

5 Ways to Improve Your MSP Service Level Agreement (SLA)

Featured Post

5 Ways to Improve Your MSP Service Level Agreements (SLAs)

SLAs are the foundation of your MSP business. They are essential to building strong client relationships and must be clear, reasonable and well-constructed.

Read Now

iSpy With My Little Eye… Are MDM Administrators Accessing Personal User Data?

Posted May 7, 2015by Brandon Garcin

As today’s bring-your-own-device (BYOD) movement continues to grow, mobile device management (MDM) is quickly becoming a must-have offering for technology service providers – and with good reason. The end user benefits of a well-defined mobility policy are undeniable; the ability to collaborate on-the-go makes mobile employees significantly more productive, and having access to corporate data, email and applications at our fingertips allows employees to work offsite or after hours without being in front of a computer. 

And according to research from Gartner, BYOD won’t be slowing down anytime soon. The firm predicts that by 2017, half of employers will require workers to supply their own mobile devices for work purposes – and that by 2018, 70% of mobile professionals will conduct their work on personal smart devices. 

So if the need to support BYOD is so clear, why are so many businesses still struggling to do so?

In a word, security. One of the top concerns surrounding BYOD today is that businesses need to ensure corporate data is secure and protected, regardless of which devices it’s being accessed from. To do so, businesses need to implement a Mobile Device Management (MDM) solution. MDM software allows IT administrators (whether in-house or from an outside provider) to control the flow of corporate data to and from a given device, by establishing security and passcode requirements, granting or restricting access to certain applications, and more. (Learn more about key MDM features and requirements in this eBook


The MDM Myth:

Unfortunately, this creates a number of concerns for end-users – the largest of which is often the fear that personal data and information is being accessed by employers. In other words, users are worried that their bosses are spying on them.

It’s a valid concern, particularly for users who don’t understand exactly how MDM software works. The average employee simply wants to be able to access work email and apps on their personal phone, and may not fully understand or appreciate the need for increased security or policy enforcement – especially in cases where employees have been leveraging their own devices for some time already, and corporate IT departments are only now beginning to catch up and roll out MDM policies.    

MDM Myth Busting: 

Fortunately, the reality is that most modern MDM offerings do an excellent job of separating work from play, and do keep personal data and applications at a distance – it’s simply a matter of establishing the correct policies and setting things up in a way that makes sense for a given business environment.

For instance, highly-specialized verticals like healthcare and financial services have their own compliance regulations; and mobile device usage in these organizations has a different set of requirements than in, for example, a retail business. When working with an MDM provider, businesses must understand which requirements apply to them before implementing any device policies. 

Similarly, not all MDM solutions or personal devices are created equal (looking at Android is often a different conversation than Apple) – but most modern MDM solutions are built using a container-based approach, in which personal and corporate data are maintained in separate “buckets” on each device.

As an example, Apple’s website contains a list of what a third-party management server can and can’t see when monitoring a personal iOS device (using Apple’s management tools). Again, keep in mind that these will vary from one MDM offering to the next; it’s up to administrators to determine what should be monitored and what shouldn’t. 


MDM can see:

  • Device name
  • Phone number
  • Serial number
  • Model name and number
  • Capacity and space available
  • iOS version number
  • Installed apps

MDM cannot see:

  • Personal mail, calendars, and contacts
  • SMS or iMessages
  • Safari browser history
  • FaceTime or phone call logs
  • Personal reminders and notes
  • Frequency of all use
  • Device location 


Despite steady streams of news coverage relating to hacking, data collection, photo leaks, and more, it’s clear that many of the everyday concerns around corporate mobile spying through MDM are mere myth. So how can administrators – both in internal IT departments and MSP/ITSP organizations – help mobile users overcome these fears? Here are three best practices to keep in mind:

 

Educate Mobile Users

Transparency is essential whenever concerns about unwanted monitoring surface; the more you can tell mobile users about an MDM policy, and why it’s enabled, the better. Be ready to explain exactly which data and applications are being monitored, and why features like geo-fencing and jailbreak alerts might be active. Also take steps to ensure users clearly understand the consequences of non-compliance – nobody wants to wake up one morning to find their phone is locked without any explanation. Remember, mobile device management is designed to help – not hinder – users’ ability to work remotely and be productive.  

 

Set Realistic Policies

As with most things in IT, there’s no one-size-fits-all approach to MDM success. You’ll only frustrate mobile users if you attempt to restrict access to all data and applications, or don’t allow access to any personal data when a device is connected to a corporate network or VPN. Take the time to understand which data, applications and features must be restricted, and then implement MDM policies accordingly.

 

Simplify Adoption & Enrollment

The easier it is for users to enroll in an MDM policy, the more likely they are to do so. Over-the-air (OTA) enrollment allows devices to be registered over a wireless connection, simplifying the process and preventing users from having to manually connect a device to a local machine. When shopping for an MDM solution, look for a tool that provides users with one-click access to the corporate “container.” If mobile users have to jump through several hoops in order to access their work email, chances are they won’t be thrilled.
 

The bottom line is that employees today expect to be able to leverage their personally-owned devices in the workplace, and in many cases are doing so regardless of whether or not an MDM solution is in place. By educating mobile users, creating policies that make sense for your (and your clients’) respective organizations, and being as transparent as possible, you’ll be able to help businesses successfully support BYOD and secure mobile data – all while ensuring users feel safe, comfortable and confident that their personal data isn’t being monitored.


All month long, we'll be debunking common myths in managed IT services. Do you have any of your own that you'd like to share? Leave a comment below!


What features should you look for in your MDM solution?

MDM-Is-Calling-Does-Your-Business-Have-an-Answer

Brandon Garcin is Continuum's Senior Content Strategist, and is responsible for the creation and execution of a variety of resources designed to win new business and support existing customer accounts. He has authored more than a dozen eBooks which have generated thousands of downloads, and has consulted with hundreds of Continuum partners to help improve their marketing and lead generation efforts through website optimization and content development. Brandon is also the host of The Weekly Byte, a video and audio series produced by Continuum that provides quick, digestible tips and best practices that MSPs can use to help their business succeed.

RMM 101: Must-haves for Your IT Management Solution
MSP Guide to Managed Services SLAs  [white paper]
comments powered by Disqus