So you decided to roll out MDM, or maybe push some company device on a user. Did you see this face?
Maybe you didn't, because maybe it was behind your back.
But here's the truth - 80% of the devices in the world are end user owned. Legacy device management techniques like CMT and MDM can't be applied to securing corporate apps and data on these devices. Why? Very simple.
Because an end user is not going to give IT permission to lock down the device they bought. They don't want you to touch it. That's the face.
So what to do? Well, obviously, don't mess with the face. Deliver the apps and data onto any device, theirs or yours, and do it using a workspace. How is IT going to manage the security and lifecycle of the workspace?
- secure data in motion
- secure data at rest on device
- wipe data
Let's look at this lifecycle in more detail.
- Installation: An end user should be able to download the workspace client from the public app store. It should be installable on a machine where IT does not have control over the device in order to meet the requirements of an end-user owned device. Of course, if it's a corporate owned device, then you get an additional level of protection.
- Provisoning: IT should be able to push a user's configuration down to their workspace - which apps, what network shares, whether or not they are allowed to single sign-on, etc. And IT should be able to push these changes in real-time!
- Pre-launch: Since the design point for a workspace is an end-user owned device, a workspace has to perform posture checks prior to launch to ensure that the device isn't compromised. If the device has been jail-broken, or rooted, or does not pass a posture check, the workspace should not be launched.
- Secure data in motion: The data coming in out and of the workspace should be fully encrypted.
- Secure data at rest on device: Any data at rest should be encrypted. These include documents that are downloaded, cookies, file names, and any stored usernames or passwords. IT should be able to control whether users are allowed to download documents, copy-paste text, print documents, and share. IT should be able to control whether users can navigate to an external link.
- Workspace wipe: If an end user leaves the organization, or if a device is lost, IT should be able to wipe the data within the workspace.
So, don't even try to manage the device. It's a battle you can't win. Manage the workspace. You can securely deliver apps and data into a workspace on any device. Think it can't be that simple? What about product updates?
Do you struggle with managing product updates for enterprise infrastructure software? Many see this struggle as a never ending and challenging balancing act. On one hand, new feature updates enhance the user experience and increase productivity. However, releases are usually infrequent, and require significant IT resource to test, schedule, and execute the system upgrades.
Wish you could have BOTH faster updates AND minimal IT effort to roll out those updates?