Does device-centric monitoring exceed policy-based alternatives?

Several factors drive investigation into device-centric monitoring, but chief among them is a desire to secure company data and prevent network breaches. This is especially important when employees use their own devices as part of a BYOD program.

The introduction of a BYOD program, while convenient for workers, generates risk. Granted, there are productivity and collaborative benefits, but companies must first protect their data and connected networks. This includes keeping a keen eye on certain issues, like loss or theft of a device containing corporate data, employee turnover, mobile security threats, and standard compliance or e-discovery litigation.

Can device-centric monitoring alleviate these concerns? According to Val King, president and CEO of Whitehat Virtual Technologies, “For all the talk around agentless monitoring, there’s still nothing that can compare to having an agent on the endpoint you want to manage. Agent-based monitoring, also called device-centric monitoring, allows you to understand the unique characteristics of the endpoint and the environment far better than agentless, or policy-based, endpoint management.”

Understand MDM and MAM

Mobile device management (MDM) and mobile application management (MAM) are two methods used to secure mobile devices. MDM requires full device control, while MAM—although it can piggyback on MDM—limits the applications available on the device.

Chas Hartwig, strategic account executive at TayganPoint Consulting Group, says, “Companies need an even finer-grained privacy and security approach that focuses on the application, not the device—especially if they offer both BYOD and company-provided device options to their employees and contractors.”

Why are companies so intent on securing devices they don’t own? The reason is quite simple: Company size doesn’t matter when it comes to external attacks and security threats. Both MAM and MDM are common small and midsize business solutions that attempt to mitigate risk from mobile threats, but it’s important to remember other security measures are necessary.

As King says, “Security is built in layers, like user credentials, antivirus, firewalls, intrusion detection systems (IDS), and intrusion prevention systems (IPS). An agent installed on a mobile endpoint is just one more layer of protection.”

“Are you monitoring my device?”

Users are a suspicious lot and loathe perceived attempts to remotely administer their mobile devices, as it feels like an invasion of privacy. After all, what interest does your company have in their personal data? The answer is you want to prevent mobile security threats and protect corporate data on those devices. Securing mobile devices with the latest antivirus definitions, secure passwords, and encryption will prove beneficial to both the company and the device owner.

You also shouldn’t expect employees to provide ongoing compliance with a defined BYOD policy. IT is aware that employees are the weakest security link in any organization, and they realize the need for proactive device monitoring. It’s monitoring—not spying—that helps IT protect against the latest threats. Blind faith in an employee’s security awareness is a risk most companies will—and should not—accommodate.

Gain mutual benefits

The ideal solution will satisfy the company and all employees who use their own devices. As Hartwig says, “Privacy concerns regarding use of employee-owned devices can be addressed if the employee has a choice to use a personal or company-provided device for work applications and is informed about the device management and monitoring performed by the work applications.”

However, if the IT team is too swamped to manage their security tools efficiently, the benefits are worthless. Finding the budget for a monitoring tool is one hurdle, but figuring it out and learning how to administer and effectively manage it is another beast entirely. The potential freedom, capital savings, and flexibility BYOD promises often obscures what’s sometimes an expensive lesson.

Address privacy issues

In terms of privacy concerns, Hartwig says siloing is the answer. Siloing involves creating containers for personal and corporate data on endpoint devices. IT can then change anything they wish on the corporate container without interfering with or monitoring the device owner’s personal data or applications.

Employees have every reason to expect privacy of personal data on their own devices, especially if they weren’t purchased by the company. King claims that, “Mobile device proliferation is happening, and it’s happening on the dime of the employee. Employees are taking the bull by the horns and spending their own cash to improve their experience and productivity at work.” However, while device-centric monitoring can detect risks other solutions cannot, it can also generate false positives, especially in the absence of mature security and technology management practices.

The adoption of MDM or MAM solutions requires dedicated attention to effectively monitor results. Can your company cope with the additional workload, or will you opt to take your chances with the latest mobile threats?

 

To view the article as it originally appeared in The Pulse of IT, click here.

Chas Hartwig  |  Strategic Account Executive  |  TayganPoint Consulting Group  |  chartwig@tayganpoint.com

Leave a Reply

Your email address will not be published. Required fields are marked *

Like what you read?

Follow us on LinkedIn or Twitter for even more great content and ideas for how you can make strategy happen.