The SMB and the Case of the Personal Mobile Phones

Problem

Employees don’t want to give their employer access to their personal phones.

At the same time, employers need to be able to ensure basic security settings exist on devices accessing corporate data + collect other basic telemetry to make sure they are holding up to the security expectations of their customers. Additionally, customers want to be able to delete corporate data from a mobile phone if it is lost, stolen, or otherwise compromised.

Corporate phones plans are expensive and time consuming. At the same time, most employee’s phones have the needed security controls in place, making some other approaches potentially heavy handed for little gain.

A Better Way

For companies that make heavy use of GSuite or AzureAD, we can use some built in functionality of those identity providers to answer the critical questions we need to about devices accessing corporate data. We can then work with our teammates who aren’t quite passing muster on their personal device security to get them sured up.

To give the best of both worlds of BYOD + Company Security Assurances, we:

1. Monitor the list of devices accessing GSuite/AzureAD
2. Monitor if all devices accessing GSuite/AzureAD have a passcode and are encrypted.
3. Monitor that all devices accessing GSuite/AzureAD are on an up to date OS version
4. Block a device reported as lost or stollen from logging into GSuite/AzureAD

‍