CIML006: Discuss how mobile devices are used within the organization (e.g. BYOD or company owned devices), and identify the data or information: MOBILE DEVICE MANAGEMENT (MDM) Case Study, TP, Singapore

DIPLOMA IN INFOCOMM AND DIGITAL MEDIA (ICT SYSTEMS, SERVICES & SUPPORT)

The main objectives of this project are:
• To research and understand the various types of MDM (Mobile Device Management)solutions and the organization needs.
• To apply the knowledge gathered from the research and propose an appropriate and detailed
MDM policy and strategy for the organization.
• To discuss on the possible challenges of the MDM strategy and suggest how to mitigate the challenges.

This is an individual project.

You are required to include the following in your report:

Part 1 – Introduction

You are to provide background information of the organization, discuss how mobile devices are used within the organization (e.g. BYOD or company owned devices), and identify the data or information that are confidential to the organization.

Part 2 – Policy

Based on your research in Part 1, develop a comprehensive MDM/BYOD policy that is appropriate for the organization. You need to consider how the policy may affect:

• work processes of the organization
• employees access to company data
• security of confidential data
• IT’s access to employees’ mobile devices and information
Your policy may be based on some assumptions of the organization, do list down the assumptions that you have made. You may refer to the sample policy in Appendix

Part 3 – MDM Solutions

Based on Part 1 and Part 2, suggest a MDM solution that best suits the needs of the organization. Compare the chosen MDM solution against another MDM solution and explain why the proposed MDM solution is more suitable for the organization.

Part 4 – Challenges & Limitations

Discuss the potential challenges of your proposed MDM strategy and policy, explain the limitations that your proposed MDM strategy and policy may have.

Company XYZ: BYOD Policy

Company XYZ grants its employees the privilege of purchasing and using smartphones and tablets of their choosing at work for their convenience. Company XYZ reserves the right to revoke this privilege if users do not abide by the policies and procedures outlined below.

This policy is intended to protect the security and integrity of Company XYZ’s data and technology infrastructure. Limited exceptions to the policy may occur due to variations in devices and platforms.

XYZ employees must agree to the terms and conditions set forth in this policy in order to be able to connect their devices to the company network.
Acceptable Use

• The company defines acceptable business use as activities that directly or indirectly support the business of Company XYZ.

• The company defines acceptable personal use on company time as reasonable and limited personal communication or recreation, such as reading or game playing.

• Employees are blocked from accessing certain websites during work hours/while connected to the corporate network at the discretion of the company. Such websites include, but are not limited to…

• Devices’ camera and/or video capabilities are/are not disabled while on-site.
• Devices may not be used at any time to:

• Store or transmit illicit materials
• Store or transmit proprietary information belonging to another company
• Harass others
• Engage in outside business activities

• The following apps are allowed: (include a detailed list of apps, such as weather, productivity apps, Facebook, etc., which will be permitted)
• The following apps are not allowed: (apps not downloaded through iTunes or
Google Play, etc.)
• Employees may use their mobile device to access the following company-owned resources: email, calendars, contacts, documents, etc.
• Company XYZ has a zero-tolerance policy for texting or emailing while driving
and only hands-free talking while driving is permitted.

Devices and Support

• Smartphones such as iPhone, Android, Blackberry and Windows phones are
allowed (the list should be as detailed as necessary including models, operating systems, versions, etc.).
• Tablets such as iPad and Android are allowed (the list should be as detailed as
necessary including models, operating systems, versions, etc.).
• Connectivity issues are supported by IT; employees should/should not contact the device manufacturer or their carrier for operating system or hardware-related issues.
• Devices must be presented to IT for proper job provisioning and configuration of standard apps, such as browsers, office productivity software and security tools, before they can access the network.

Reimbursement

• The company will/will not reimburse the employee for a percentage of the cost of the device (include the amount of the company’s contribution), or the
company will contribute X amount of money toward the cost of the device.

• The company will a) pay the employee an allowance, b) cover the cost of the
entire phone/data plan, c) pay half of the phone/data plan, etc.

• The company will/will not reimburse the employee for the following charges:
roaming, plan overages, etc.

Security

• In order to prevent unauthorized access, devices must be password protected using the features of the device and a strong password is required to access the company network.

• The company’s strong password policy is: Passwords must be at least six
characters and a combination of upper- and lower-case letters, numbers and
symbols. Passwords will be rotated every 90 days and the new password can’t be one of 15 previous passwords.

• The device must lock itself with a password or PIN if it’s idle for five minutes.

• After five failed login attempts, the device will lock. Contact IT to regain access.

• Rooted (Android) or jailbroken (iOS) devices are strictly forbidden from
accessing the network.

• Employees are automatically prevented from downloading, installing and using any app that does not appear on the company’s list of approved apps.

• Smartphones and tablets that are not on the company’s list of supported devices are/are not allowed to connect to the network.

• Smartphones and tablets belonging to employees that are for personal use only are/are not allowed to connect to the network.

• The employee’s device may be remotely wiped if 1) the device is lost, 2) the
employee terminates his or her employment, 3) IT detects a data or policy
breach, a virus or similar threat to the security of the company’s data and
technology infrastructure.