In the last blog we discussed how mobile devices have become integral part of organization workforce and how they can lead to security breach of vital HR system. As work is not only limited to office workstation, it is important that mobile device that are allowed to access the HR applications are secure and trusted. This can be accomplished with appropriate Mobile Device Management Policies. Using these policies the organizations can decide which devices should have the access to HR tech apps and also configure data and functions that can be accessed via such remote devices. Management Policies can also keep a track of user’s activities, analyze logs for risk assessments and take corrective actions in real-time to combat suspicious events and unauthorized data access.
For proper device management, one needs secure access to content of application, then to the application itself and finally to the device. Here are some of the best practices followed in these three aspects.
Mobile Security Management
Following are some of the best practices
- Registration of each mobile device within the organization using MAC address and allowing the content to be accessible only through trusted devices registered by users.
- A stringent criteria for mobile passwords and authentications
- Complete control of mobile activity and logging in the cloud
- Support for separate personal and business profile on mobile for enhanced security
- Continuous and timely compliance audit. For example, HIPAA
- Restricting the number of trusted devices per user
- Ability to wipe data and remotely lock privileges in case the mobile device is stolen or when the employee leaves the organization
- Remote troubleshooting of registered mobile devices
- Geo-locate mobile devices as and when required
Mobile Application Management
Mobile Application Management, or MAM, is management of enterprise level applications. Some of the best practices used in MAM can be seen below.
- Creation and maintenance of enterprise app store to be used only within the organization
- Installation and maintenance of mobile apps remotely without employee’s intervention
- Configuration and managing access to HR Apps based on the employee’s designation
- Manage licenses of installed HR apps remotely. This is useful when an employee leaves the organization or changes their role within the organization
- Disabling the access to HR Apps and sensitive data when connected to public and unsecured WiFi networks
- Blacklist apps in real-time that may impact productivity or pose security threat
- Enforcing “Single Lock App” in iOS mobiles or “Kiosk Mode” for android devices where the user is restricted to use only one screen or one single app within the mobile.
- Get report for audits on app deployment and usage status
Mobile Content Management
The requirement to access enterprise content anytime and anywhere using mobile devices, leads to the need for Mobile Content Management or MCM, which specifically deals with security of confidential and sensitive organizational information being accessed on the mobile devices. Following are some of the practices using MCM which can help accessing HR data on mobile in secure way:
- Implementation of EFSS (Enterprise File Synchronization and Sharing) platforms like Office 365, Sharepoint, Google Drive etc. on mobile devices and providing authorized access to it
- Cloud storage provisioning for better security and encryption
- Securing local file storage and offline access to data
- Ensure real time access to the latest and updated content on mobile devices
- Single repository and access point for all mobile users throughout the enterprise
- Automatically publish media and important documents on mobile devices without user intervention.
- Adding copy/paste restrictions and “open in” restriction to avoid loss of content and prevent data theft
Here we have seen various ways for device management. In next blog we will talk about some of the AI based HR app specific security mechanism and Identity Access Management in details.