With ‘Bring Your Own Device’ (BYOD) popularity increasing across company’s so does the demand to protect your company’s data on those devices, especially mobile devices which may not be fully integrated into your IT Solution. Most companies give very little thought about what company data their employees are accessing and storing on their mobile devices, especially what would happen to that data if an employee’s device was stolen or they leave the company.
How often do you pass your mobile device to a stranger for a photo and think “My companies data is on that device!”? The answer is most likely never, for those who are shouting “I do” well done. If your phone was stolen would you report it to your IT department or would you hide and hope no-one notices that there was company data on your phone? (Be honest now!)
When there is a risk of a security breach traditionally IT would block the employees account or reset their password which stops the device accessing the latest information from the servers, problem solved…or is it? What about those documents already out of IT’s control on that mobile device? You cannot call your mobile and kindly ask the person who stole it to delete your data.
In May 2018 a new set of EU regulations (GDPR) take effect. I’m sure you’ve already read hundreds of blogs explaining what GDPR is. If you haven’t, I would head to Google right now! GDPR is data protection for the 21st Century. This includes the need to protect every device that users touch. The correct security needs to be put in place to protect the data. The correct controls need to be live to withdraw the data and remain GDPR compliant throughout.
Enter Microsoft Intune. With Intune MDM (Mobile Device Management) and MAM (Mobile Application Management) these situations have an answer (you may cheer!) Microsoft Intune, part of the Microsoft Azure platform, provides device and mobile management which allows your employees the flexibility to work from any device without the employer worrying about security. Intune can be used on iOS, Android, macOS and Windows 10 and ties in with other Microsoft Office 365 products giving you a seamless setup and user experience for your employees accessing data via Teams, SharePoint Online, OneDrive and Outlook etc. MAM, which manages tablets and phones, creates a security barrier round the business apps, known as managed apps with Intune, which controls your data but not the whole users phone which may have caused problems with the employee. Intune is clever enough to detect the managed apps and apply any polices to them without affecting the devices owner’s personal applications and information. Intune can stop company information from being mishandled by:
- Disallowing users copying information from a managed app to a non-managed app but if required it can allow the user to copy information from a non-managed app to a managed app.
- Preventing employees taking screenshots of information within a managed app.
- Adding an additional PIN\password requirement to access company information, even if the user has unlocked their devices with a PIN\password.
- Blocking users from saving company documents to their phones and forcing them to save into OneDrive or SharePoint Online
If a device has been lost or stolen, then Intune Mobile Device Management offers the ultimate solution for all mobile devices. As well as encrypting all devices, MDM can wipe all company data from the device. This gives you the great peace of mind knowing that if the mobile device falls into the wrong hands then all the company’s data or full device can be wiped. MDM will also prevent the device being recovered from backups that have been created since the device was enrolled into Intune.
We understand the changing workplace environment and can help you implement the correct controls and protection to ensure you remain compliant.