- How many devices are in use, and what kind of devices are they? (Manufacturer and operating system?)
- Are these purely company devices, or are private devices also in use? Do employees use the devices for both professional and personal purposes?
- What processes can be carried out on mobile devices today? Are mobile devices only an extended arm for existing processes or can they enable new processes or optimize existing ones?
- Who needs to access what data and from where? How sensitive is this data?
- Are employees exposed to a higher security risk when working on their mobile devices? Can the risk be quantified, e.g. financial/economic/image damage?
- Does the company have its own apps and if so, how many?
- What technologies are used today?
- How is software supplied today?
_This process should cover all the various departments to assess all requirements for the business itself and the individual employees, and to ensure that the employees are on board at an early stage_ Philipp Klomp Founder and CEO Nomasis
Crucial to this is ensuring that the concept incorporates a degree of flexibility so that the system can be adjusted to allow for new technology trends, legal changes, or other developments.
_We recommend designing the concept for a 24-month period and checking it on a regular basis_ Ronan Murphy CEO CWSI
You should also allow for a large enough budget to implement the strategy from the outset. EY’s 20th Global Information Security Survey 2017–18 discovered that 87% of businesses require up to 50% more funds to cover their security requirements.
_2.1 Security concept
The security concept for mobile devices must be based on the company’s general security guidelines. Security standards for mobile devices are derived from this and cover your specific needs. They form a hugely important part of your mobile strategy and need to answer the following questions:
- Device registration: What steps do users have to take when registering their devices? Are there any fixed settings?
- Password guidelines: What criteria must be met for a password to be secure?
- Update guidelines: When do software and app updates need to be performed?
- Encryption standards: How should data be encrypted?
- App guidelines: Are users allowed to download all apps? Are there any apps that must be installed?
- Countermeasures: What steps need to be taken if a device goes missing, or in the event of compliance breaches or a cyberattack?
- Personal use: Can company devices also be used for private purposes? Is the use of personal devices permitted? Are there any rules governing this aspect?
_2.2 Device concept
State whether you provide company devices for use by your employees, and if so, which particular devices, whether they may also be used privately, and whether personal devices may be used for business purposes. Depending on the legal situation, this will determine the company’s authority to administer the devices. For instance, in Germany, companies are not entitled to completely wipe data from a private device under any circumstances, and are instead limited to deleting only the company data.
_As a rule, businesses tend to have very diverse offerings with a range of device types and operating systems to be taken into account_ Thierry Lammers CEO BLAUD
_2.3 Process, application and data concept
Define the operations employees are to perform via their devices, and the applications, interfaces and data they require for this purpose. Classify data according to its protection requirements and specify which applications employees should or should not install.
_2.4 Technology concept
Decide on the most suitable solution for your requirements. For example, this might be Enterprise Mobility Management, where all mobile devices can be managed on a central basis; container software, in which private and professional applications and data are kept separate; or other, additional security software.
MDM, EMM, UEM – What’s the difference?Mobile Device Management (MDM) makes it possible to centrally configure, manage, control and secure mobile devices such as tablets and smartphones via one single platform.
MDM is part of Enterprise Mobility Management (EMM), which represents a holistic approach and also enables central administration of apps and content.
The Unified Endpoint Management UEM goes one step further and is not limited to mobile devices, but enables central management of all end devices.
_In this case, it is particularly important to think very carefully about the most suitable solution for the business. For example, a simple solution, which may help protect against phishing attacks sent by e-mail but does nothing to protect against attacks circulated via a messenger service or apps, will not be sufficient. This is why working with a mobile IT expert is highly recommended, as they will be able to help you make the right decision_ Ulrik Van Schepdael CEO mobco
Businesses that already use security software but are looking to make a change can opt for tried-and-tested technologies for this purpose.
_Even changing an EMM system, which may seem like a lot of effort, can be automated to a considerable extent, and implemented quickly and easily by using tools such as the EBF Onboarder_ Marco Föllmer Founder and Managing Director EBF
_2.5 Resource and operating concept
Decide where the software is supplied, whether the solutions need to be installed in your own computer center or in the supplier’s computer center. In the latter case, there is the possibility of using a public cloud solution, which may be used by a number of businesses, or a private cloud solution where a specific service is set up for your business.
This decision depends on the following factors:
- Need for a customized solution
- Level of control over the solution
- Service level required
- Implementation, maintenance, and support costs
- Availability of human resources, expertise, and infrastructure capacity
_2.6 Implementation concept
Draw up a detailed implementation concept describing the initial requirements, installation and configuration of mobile solutions, as well as rollout phases, personnel resources and outlay.
This expert will help ensure that the concept is introduced seamlessly, will be on hand to guide you and your colleagues expertly through the process and will advise you whether adjustments of the concept are necessary over time.
You will benefit from the expert’s many years of experience in a range of implementation projects and an in-depth knowledge of enterprise mobility solutions.
By applying a mobile strategy in this way, you can make efficient and secure mobile working a reality for your employees, while making the most of the potential offered by mobile devices. We would be delighted to help you define your requirements, identify and implement the right solution for you, and offer you ongoing advice on your mobile strategy and mobile IT matters Feel free to contact us for more information.