Today, many companies actively use not only computers, but also mobile devices and laptops in their work. In this regard, there is a problem of managing these devices using a unified solution. successfully copes with this task and opens up great opportunities for the administrator:
- Management of mobile devices owned by the company;
- BYOD, corporate data access containers.
I will tell you more about the tasks to be solved under the cut ...
A bit of history
Before moving on to the technical side of securing mobile devices, it is necessary to find out how the solution from Sophos MDM (Mobile Device Management) became a UEM (Unified Endpoint Management) solution, and briefly explain what the essence of both technologies is.
Sophos Mobile MDM was released in 2010. It allowed you to manage mobile devices and did not support other platforms - PCs and laptops. Among the functionalities were available: installing and uninstalling applications, locking the phone, resetting to factory settings, etc.
In 2015, several more technologies were added to MDM: MAM (Mobile Application Management) and MCM (Mobile Content Management). MAM technology allows you to manage corporate mobile applications. And MCM technology allows you to control access to corporate mail and corporate content.
In 2018, Sophos Mobile began to support MacOS and Windows operating systems as part of the API provided by these operating systems. Computer management has become as easy and unified as mobile devices, thus the solution has become a unified management platform - UEM.
BYOD concept and Sophos Container
Sophos Mobile also supports the well-known concept of BYOD (Bring Your Own Device). It consists in the ability to give under corporate management not the entire device, but only the so-called Sophos Container, which consists of the following components:
Secure Workspace
- built-in browser and page bookmarks;
- local storage;
- built-in document management system.
Sophos Secure Email is an email client with contacts and calendar support.
How is the administrator managing this?
The control system itself can be installed both locally and run from the cloud.
The admin control panel is very informative. It displays summary information on managed devices. You can customize it as you wish - add or remove various widgets.
The system also supports a large number of reports. All administrator actions are displayed on the taskbar with the status of their execution. All notifications are also available, which are ranked by importance with the possibility of downloading them.
And this is what one of the devices managed with Sophos Mobile looks like.
The control menu of the target PC device is shown below. It should be noted that the mobile phone and PC control interfaces are quite similar.
The administrator has access to a wide range of options, including:
- display profiles and policies that manage the device;
- remote message sending to the device;
- device location request;
- remote screen lock of a mobile device;
- Sophos Container remote password reset;
- removing a device from the list of managed devices;
- remote reset phone to factory settings.
It is worth noting that the last action leads to the deletion of all information on the phone and reset to factory settings.
A complete list of supported Sophos Mobile features by platform is available in the document .
Compliance policy
The Compliance policy allows the administrator to set policies that will check the device for compliance with corporate or industrial requirements.
Here you can set a check for root access to the phone, requirements for the minimum version of the operating system, a ban on malware, and much more. If the rule is not followed, you can block access to the container (mail, file), deny access to the network, and create a notification. Each configuration has its own degree of importance (Low Severity, Medium Severity, High Severity). There are also two templates in the policies: under the requirements of the PCI DSS standards for financial institutions and HIPAA for medical institutions.
Thus, in this article, we have revealed the concept of Sophos Mobile, which is a comprehensive UEM solution that allows you to protect not only mobile devices on IOS and Android, but laptops based on Windows and Mac OS platforms. You can easily try this solution by doing for 30 days.
If you are interested in the solution, you can contact us - the company , Sophos distributor. It is enough to write in free form on .
Source: habr.com