Everyone else had already left for the day, but the Apprentice felt like his day was just beginning. He knew his internship with the IT department at Wizard, Inc. would be a challenge, but he never expected how challenging his final project — enterprise mobility management (EMM) — would be. The chief information officer (CIO) tasked him with securing all devices used for business purposes. If he could prove himself, maybe he’d get a job offer when this was all said and done. Fingers crossed.
The Apprentice’s Enterprise Mobility Management Challenge
But he was getting ahead of himself. First, he had to deal with the task at hand. There are so many devices of all kinds being used, and he needed to get a handle on every single one. It was clear that there were two cauldrons of users and devices: corporate-owned and employee-owned. The corporate-owned devices were already enrolled and managed, but their security policies didn’t seem to be set up correctly. Where to start?
The Apprentice turned to the company-issued mobile phones first. “A devicewide six-digit passcode strategy should do it,” he said to himself. Things were feeling better already. But he was getting ahead of himself again — what about those employee devices? He knew that employees had complained that Wizard, Inc. may be taking too much control or snooping on their personal devices. Nobody wants an employer to have access to personal pictures or see what apps they have installed.
He needed a container solution in which the user privacy was protected and the password strategy was only for corporate apps — that’s it! In other words, he needed a password for apps instead of the device itself. This job offer was looking more and more like a reality. The Apprentice was an enterprise mobility management wizard! He was about to press send on an email to the CIO to tout his genius, when he realized a brutal truth: There was still more work to be done. Lots more.
Securing Rogue Devices
Some kind of rogue devices were on the network. These devices weren’t enrolled or protected with corporate IT policies. “Oh no,” he said aloud. “These are devices being used at home!” Hundreds of tablets, laptops and personal phones were accessing corporate data and were completely unprotected. It was a nightmare! And some of them were running an even greater risk: They weren’t compliant with IT’s minimum system requirements. Outdated operating systems with known vulnerabilities — what an absolute mess.
The Apprentice got up from his seat and covered his face with his hands. He was in over his head. He thought he had everything secure, when the exact opposite was true. How can he lock down these devices without threatening employee privacy? How would he ever get a job offer now?
He should have understood the enterprise mobility management risks from the outset and made sure their defenses were protecting the right devices. It’s better to start out with a unified endpoint strategy than to struggle after the fact to control a wide range of insecure devices. There’s no shortcut to achieving sound mobile security. Why wasn’t that more clear in the beginning?
UEM Is Like Magic
The Apprentice acted immediately. He imposed an overarching unified endpoint management (UEM) strategy so all the devices were in control. He was able to set up granular policies that detected these rogue devices and automatically blocked them or forced enrollment into UEM, ensuring that the devices could be seen and protected prior to accessing corporate resources.
IBM MaaS360 with Watson is great for teams like his that are strapped too thin and don’t have the time to babysit every device. With the click of a button, a trusted advisor could guide him through any process surrounding enterprise mobility management. The Apprentice breathed a sigh of relief. It was almost like, well, magic.
Click here to read more lessons in security and discover how all our favorite fairy tale characters learned to live securely ever after.