8 ways in which MobileIron can help secure your remote workforce

Work-from-home programs are often advertised by organizations as employee perks. When well implemented, they provide employees with the ability to be productive anywhere, anytime, and on any device. Surveys have also shown that the average employee is willing to accept 8% less pay for the option to work remotely. While the employee benefits of remote work have been discussed broadly, the recent spread of COVID-19 has shown that having a scalable remote work program is also essential for business continuity.

Many organizations across the globe are now requiring or encouraging their employees to work remotely, to stem the spread of COVID-19. This rapid transition to support remote workers is requiring IT to quickly on-board additional devices, deploy business applications such as Zoom, and provide secure connectivity to on-premises and cloud services, all while maintaining overall information security. Below are eight ways in which MobileIron can help IT  successfully enable a secure remote workforce.

 

Seamless onboarding and OTA provisioning for any device

The first step is to enroll new users and/or mobile devices in a unified endpoint management (UEM) platform. With MobileIron UEM, organizations can easily onboard both BYOD and corporate-issued devices over-the-air. IT isn’t required to pre-image devices and employees are free to use any devices they want, including devices that run iOS, Android, macOS, or Windows 10. Using services such as Apple Business Manager or Android Enterprise Enrollment, IT can customize the onboarding process, resulting in a simple and smooth enrollment process for users. Furthermore, employees can use a self-service portal to track, add, or remove devices they have under management. 

 

Configure a consistent set of security policies across devices

Next, you need to ensure that all devices being enrolled are secure and configured with policies that match your organization’s information security guidelines. Mobile threat defense (MTD) has the ability to validate device posture prior to enrollment. You can also enforce the need for policies such as passcodes and disk encryption. Disk encryption makes it harder for hackers to physically extract business data from devices. And MTD continues to protect against device, app, and network level threats.

In addition, at the time of enrollment, you can provision a secure workspace on the device, using either Apple device management or Android Enterprise profiles, separate from the personal space to ensure you are safeguarding the user’s privacy, while maintaining control over business data.

 

Enable secure connectivity for on-premises and cloud applications

At the time of enrollment, you can deploy a variety of network settings and profiles for Wi-Fi, per-app VPNs, or device-wide VPNs. This is critical to protect data in transit and allow users to connect securely to the intranet, services behind firewalls, and even cloud applications. MobileIron Tunnel, a per-app VPN solution, can automatically be triggered to launch on a per-app, on-demand, or always-on mode to secure the connection over the insecure Internet. This provides users with a seamless experience while ensuring business data is always secure. In addition, MobileIron Sentry provides secure and conditional access to on-premises resources and can be deployed easily without requiring you to undertake a massive redesign to your datacenter for external access.

 

Distribute email, PIM, secure browsing

To ensure productivity, organizations need to equip remote workers with secure access to email, calendars, contacts, and secure browsing capabilities on their devices. MobileIron UEM can remotely configure and secure both native productivity apps or cloud productivity apps that are part of the Office 365 bundles and G Suite. In addition, we also have our own suite of secure productivity apps designed for companies with higher security requirements.

 

Deploy video conferencing, collaboration, and other business apps

In addition to distributing email, many organizations need to deploy communication and collaboration apps such as Zoom and Slack. These are essential to allow employees to continue collaborating even as they work from home. MobileIron UEM can silently install and configure (using AppConfig - an industry standard) these applications so employees have access to them, without requiring them to search for apps and configure them on their own. In addition to reducing helpdesk tickets, remote installs and configurations mean that employees are quickly enabled to be productive at home. MobileIron can also publish an enterprise app catalog where employees can easily find other business applications such as HRportals, apps to file expenses, and so on. In addition to making it easier for employees to find business apps, the enterprise app catalog also ensures that employees do not download fake and potentially malicious versions of popular business applications.

 

Remote troubleshooting to increase help desk efficiency

New remote workers will face challenges with the shift to working from home and having to use new applications, tools, and methods to get work done. Your IT helpdesk is the frontline to ensuring employees remain productive during these times and it is important to equip them with the right tools to be efficient. Training employees is critical. However, empowering IT with tools such as MobileIron Help@Work - an application that enables remote screen sharing with user consent will go a long way in allowing the helpdesk to see, diagnose, and fix issues in an efficient manner.

 

Activate passwordless MFA for secure user authentication

Companies are moving fast to enable remote access and employees are still adapting to this new paradigm. Meanwhile, hackers are absolutely taking advantage of the chaos and confusion. Many organizations have reported an increase in phishing attempts. Enabling passwordless MFA will not only protect your organization from phishing attacks, but also reduce the number of helpdesk tickets resulting from account lockouts and password reset requests. MobileIron zero sign-on eliminates passwords and provides quick, easy, and secure access to applications by using devices as user’s identity. In addition, ZSO integrantes with our UEM platform to provide secure conditional access to ensure only authorized and compliant users, devices, and apps have access to business services.

 

Deprovisioning for end-to-end lifecycle management

Tracking the state of all devices being used to connect with business resources is important from a security and compliance perspective. MobileIron UEM provides a single console via which IT can view all managed devices and track critical information such as operating system versions, app versions and so on. This can be used to identify devices running potentially vulnerable software and quarantine them. User’s can be instructed on actions required to bring devices back to compliance. And if the user needs to retire a device, or if IT chooses to, unenrollment can be initiated remotely. Organizations have the option to selectively wipe devices such that all business data and applications are removed while leaving all personal information in place. This goes a long way in protecting user privacy while reducing the liability of organizations as they adopt BYOD programs. This ability to deprovision devices remotely and selectively wipe data is critical for an end-to-end device lifecycle management program.

To learn more about MobileIron UEM and how it can help enable a remote workforce, contact us here. You can also register for one of our upcoming webinars here.

Jay Bhansali

Product Marketing

About the author

Jay is a member of the global product marketing team at MobileIron and is responsible for Access - MobileIron’s cloud security portfolio. Prior to MobileIron, Jay worked at Cisco and has close to ten years of enterprise security experience, working with organizations ranging from start-ups to large multinationals, helping them secure their networks, devices, and cloud services.