1 One of the challenges facing information technology departments today is securing both privately owned and company mobile devices such as , tablets, and PC’s whose users have a job need to access our information systems remotely.

2 • MDM, or management, is software that allows IT administrators to control, secure and enforce policies on smartphones, tablets and many other types of endpoints • MDM is typically a deployment of a combination of on-device applications and configurations, corporate policies and certificates, and backend infrastructure, for the purpose of simplifying and enhancing the IT management of end user devices

3 3 • Mobile device management (MDM) must have the capability to push VPN and passcode settings to users. • MDM software must have the ability to set up device management options to automatically handle out of compliance situations by users by sending users a message explaining the policy and why they are out of compliance with it. • MDM solution must provide monitoring and reporting and statistics on how compliant devices are.

4 The mobile device management solution must enable the designated responsible group to take the following actions on mobile devices: • Remote Deletion (Wipe) • Location Tracking • Remote Lock • Patch Management when applicable • Virus and Malware updates when applicable

5 All mobile devices may be remotely wiped if:

• The device is lost • The employee terminates their employment • Technology monitoring detects a data or policy breach, virus, malware, or similar threat to the security of our data and information technology infrastructure.

6 An effective Mobile Device Program needs to utilize an appropriate mobile device management solution to secure mobile devices (, smart phone, tablets and other mobile devices) and enforce device management policies. • There is a hacker attack every 39 seconds. • Hackers steal 75 records every second. • Multi-factor authentication and encryption are the biggest hacker obstacles. • The average cost of data breaches will be about 150 million by the end of 2020. • You can purchase a consumer account for $1 on the dark market. • Hackers create 300,000 new pieces of malware daily. • There will be 3.5 million cybersecurity job openings in 2021.

8 • The emergence of MDM software was a result of corporations needing a way to control and secure PDA’s and smartphones • Developed and introduced in the early 2000’s • Fueled by Apple’s development of the iPhone in 2007 • Early days required connection to the device or a special SIM to be installed • Later functionality included client-initiated updates • Finally, we have come to over the air technology for deployment

9 • MDM supports smartphones, tablets, Windows 10 and MacOS computers/laptops and even some IOT (Internet of Things) devices • MDM can reduce support cases and business risks • MDM is meant to optimize the functionality and security of a network of mobile devices while minimizing cost and downtime • MDM’s primarily is designed to segregate corporate data from personal data, secure emails and documents on mobile devices, enforce policies and integrate and manage mobile devices that will be used for any type

of work related functions. 10

10 • MDM was created to allow consistency throughout your corporation while maintaining security, scalability and supportability • This includes the following: • Configuration of devices • Troubleshooting • Consistent setup of equipment • Updating of devices • Use of Applications • Monitoring and tracking of equipment

11 • MDM relies on the deployment of an agent • Usually installed as an app either silently or manually • MDM also relies on server to control the agents and for configuration of policies to be applied to the devices • Normally setup in an on- remise data center or in a cloud environment • Administrators configure policies through the management interface of the MDM server • The server pushes the policies over the air to the MDM agent • The agent applies the policies to the device through API’s (Application programming interfaces)

13 A MDM policy applies to all employees, including full and part- time staff, contractors, or other agents and contracted service providers who use any mobile device, whether the device is owned by the user or the company to access, store, backup, move, or transmit any company or customer confidential information as defined in the data classification policy. • Inventory and tracking • App Distribution • App Whitelisting and Blacklisting • Data Encryption • Device Lock • Location Feature • Corporate data separated from personal data • Password Enforcement • Remote Wipe / Maintenance • Enterprise Mobility Management • MDM is the core component • Includes mobile application management (MAM), mobile identity management (MIM) and mobile content management (MCM) • Does not support older Windows laptops/desktops or new Macs • Unified Endpoint Management • Similar to Enterprise Mobility Management, but includes additional functionality for traditional and modern devices

16 • Vmware Airwatch • MobileIron • Sybase • Zenprise and Fiberlink • Microsoft Intune

17 • NIST SP 800-53 • NIST SP 800-111 • 2017 ACIPA Trust Services Criteria • FFIEC Information Security Handbook II.C.13 (a) Storage • FFIEC Examination Work Program • FFIEC Cyber Security Assessment Tool (CAT)

Wikipedia. “Mobile Device Management.” https://en.wikipedia.org/wiki/Mobile_device_management. Accessed 21 August, 2020.

TechTarget Network. “mobile device management (MDM).” https://searchmobilecomputing.techtarget.com/definition/mobile-device-management. Accessed 21 August, 2020. 18 Michael Johnson Email: [email protected]