Managing Security with a Mobile Workforce

Using EMM to Support Remote Teams and Ensure Safety

Companies are becoming more open to the remote worker, seeing the benefits in increased employee productivity, efficiency, morale and engagement. However, along with these benefits to employer and employee come a new set of managerial challenges and security protocols, particularly in the use of mobile technology. Diane Conde, Senior Manager at Tangoe offers her perspective on how enterprises can support the remote worker and ensure the safety and security of all company devices and data through Enterprise Mobility Management (EMM).

Twenty years ago, more than 90 percent of the American workforce could be found in offices or facilities belonging to their employers. But according to a 2015 Gallup Poll, that number has fallen to 63 percent. With the convenience and accessibility of mobile technology today, it is easier than ever to work remotely.

More and more firms are open to the remote worker, seeing the benefits in increased employee productivity, efficiency, morale and engagement. However, along with these benefits to employer and employee come a new set of managerial challenges and security protocols, particularly in the usage of mobile technology.

Enterprise Mobility Management (EMM) is a growing field both within companies and in outsourced services. Firms dealing with a wide array of hardware and software providers, as well as mobile telecom carriers, often find themselves trying to manage a bewildering maze of contracts, costs, discounts, upgrades, replacements and more – which is why outsourcing some or all EMM functions is a fast-growing trend.

A real-life example: an energy retail company that sells its services through both direct and reseller channels. Trying to boost its sales productivity, the company initiated a large internal EMM program to put very specialized mobile productivity tools in the hands of every remote salesperson.

They wanted to deploy very secure iPads that had access to a privately developed enterprise communications tool with access to sales documentation and order forms, as well as a publically available mobile point-of-service tool to allow credit card purchases. They also needed a subset of these devices to be multi-share devices to be utilized by sales people working different shifts. Because all the devices were corporately owned, they wanted workers to be able to access only the software tools deployed to the devices through their EMM platform.

Realizing the complexity of the situation, the company decided to partner with an EMM outsourcing provider.

VMWare, MobileIron and Microsoft inTune all have technology available that allow conditional access to cloud-based services. These products are leading edge and as mobile application usage rises, we see the real benefit to corporations and end users alike, from both a security standpoint and an ease of use due to Single Sign-On (SSO) capabilities. In evaluating these tools for this client, the outsourcer recommended a simpler route to accomplish their goals in terms of technology, cost of licensing and implementation.

The EMM Managed Services team recommended leveraging a Device Enrollment Program (DEP) to enroll and supervise their iPads. The enrollment process was streamlined with a customized configuration of iPads that are supervised and locked down by default. DEP devices are also locked down so that only authorized corporate users can enroll the device. The EMM platform was configured to push a passcode policy to the devices to ensure that every device can be locked and that they are encrypted by default.

The outsourcer and client worked hand-in-hand to test, stage and deploy an approved set of business applications that were whitelisted and pushed to devices. Unauthorized applications were hidden from the devices entirely so that users could not access them. Blacklisted applications included Contacts, iMovie, Facetime, iTunesU, Pages, Numbers, Keynote and the iTunes application store. Restricting the device in this way closes the door to potential malware threats, key loggers or sniffers that would attempt to capture credit card data. Through the use of restrictions policies, the outsourcer recommended devices be locked down to prevent access to unauthorized features such as AirDrop, modifying accounts on the device, in-app purchases, iMessage and games. Users were further prevented from installing applications, and software updates are completely controlled through the EMM platform.

Where the client had the need to allow shift-based sales people to share devices, the outsourcer tested, staged and deployed an additional configuration called “Multi-user Secure Sign-In for iOS” to all of the devices in the identified group. This configuration pushes a web clip to the iPad that allows their users to sign in and out of the device while maintaining security and application postures approved for all sales teams.

At the end of the process, the client was able to leverage technology they already had in place to put very secure, uniform, application-specific mobile productivity tools in the hands of both their direct sales force and their channel resellers.