Mobile Device Management

What Is It?

Mobile Device Management (MDM) is the control infrastructure for your organisations mobile devices, typically phones and tablets but modern MDM solutions can also cover workstations and laptops. It is a central location, typically running on a server, where policies about the functionality and behaviour allowed on the devices are set, such as enforcing a specific minimum length passcode to unlock the device or forcibly enabling location services to recover the device in the event of a loss or theft.

Why Assess It?

There are many reasons to conduct a mobile device management security assessment, five of which are below.

Cost Effective Assurance

An MDM solution offers a very efficient way of validating the configuration of all your enrolled devices. Similarly when it comes to assuring them, it is an efficient task to review the security of the configurations. Conducting a security assessment in this way yields a high return on investment.

Assure All Your Mobile Assets

When an organisation has a large amount of disparate mobile devices in use, conducting an MDM security assessment can give real visibility of the risks in a short space of time versus reviewing each mobile device individually from a user viewpoint.

Secure Underlying Infrastructure

MDM solutions running on your infrastructure can pose an attack surface for any would be attacker. This is both from requiring your organisation to build servers to host the service but also by the nature of the service itself, as the mobile devices need to call back to the management solution to receive policy updates and send alerts amongst other activities.

Obtain a Tactical Advantage

By ensuring you utilise the right features of the MDM solution, in the right way, your organisation can benefit from early warnings of attacks on the mobile devices. This allows another perspective to supplement your monitoring of other end user devices, such as the ability to check for malicious apps being installed and jailbreak attempts being undertaken amongst other activities.

Ensure Compliance

Organisations require compliance with data handling laws but also your organisation will have its own usage policies for mobile devices. Through a security assessment of the MDM solution, you can have confidence that there are technical enforcements which bolster your mobile device organisational policies.

The Agility Cyber Approach

Like all our engagements, we want you to get the most out of your mobile device management security assessment and we do this by:

Multi-Faceted Assessment

We believe in looking at the whole picture. This means we do not just look at the MDM configuration set for each device but also look at the MDM solution itself, how it is been configured as a service and evaluating the security posture of the operating system configuration hosting it.

Look at Every Scenario

Devices are used in a number of ways and we believe it is important to think of every reasonable attack vector. Whilst others may solely look at the baseline configuration, we consider what would happen if the physical device falls into the wrong hands or is subject to additional scrutiny from a malicious network perspective.

Align with Best Practices

The configuration options available for mobile devices is extensive. We look to align you with security fundamentals ensuring that every aspect of your security posture on these devices is covered, aligning you to relevant best practices to ensure that future compliance with security standards and requirements is achievable.

Simplifying Management

Like the rest of your organisations infrastructure, the MDM platform needs managing both from a configuration and patching point of view. We look at how the various platforms are being managed and, using our experience, make logical recommendations for how to simplify the process to ease the burden on the network and platform teams without compromising on security. This includes the other security relevant management considerations such as how these underlying platforms will be protectively monitored through logging.

Balancing Business Requirements

Most MDM solutions offer a raft of security functionality however this is not always appropriate to enable. We find the balance of meaningfully uplifting your security posture whilst not creating an organisational burden or impeding employee activities.

Benefits of Partnering with Agility Cyber

Mutually Invested

Our experts work with you, not against you. There are no egotistical celebrations when a serious issue is discovered, just rapid full disclosure with pragmatic suggestions for effective remediation followed by ongoing support.

Clarity and Simplicity

We always provide clarity, believe in simplicity and value your time. An example is rather than waiting until the engagement starts, we will conduct open source intelligence gathering activities before the scoping meeting to help us understand your organisations position and risk posture thus enabling us to ask better questions, securing you higher value and saving you time.

Full Consultancy

Our team, based in the UK, is technically exceptional but we pair that with business sense to discover, triage and help you remediate the full range of security issues.

Impartiality

We are impartial, we do not sell you products or the latest buzzword laden trending solution.

Outstanding Service

We have an industry leading turnaround, agility is in our name after all. Proposals are shared with you within 24 hours of the scoping meeting. Accurate and complete daily debriefs are given during every engagement. The report is shared within 5 working days at the latest.

Scroll to Top