Secure management of mobile devices
A good year after its entry into force, the DSGVO still poses major challenges to numerous small and medium-sized enterprises. This applies in particular to the management and control of smartphones, tablets, laptops, etc.: How can data be effectively protected? Which programs are safe under data protection law? And how can sensitive documents and information be transferred securely? Find out how a midsize construction group successfully mastered these issues using IBM MaaS360 for mobile device management and the expertise of B2B IT service provider Axians.
DSGVO as a challenge
The Austrian-based construction company with over 2,200 employees and an annual turnover of around 450 million euros has been working with Axians in the IT sector for many years. In the course of the DSGVO amendment 2018, the company was faced with the question of potential problems with regard to compliance with the data protection guidelines anchored in this law. It soon became apparent that the use of smartphones and tablets was a particular weakness. For example, the matching of contacts with WhatsApp was problematic because the application might store data on foreign servers. Opening and storing confidential documents such as quotes and blueprints in unprotected locations also posed significant risks to the business. For example, it could not be ruled out that sensitive data such as construction plans for a bank vault could be transmitted unintentionally when opened with a freely available PDF reader and stored on external servers. Photos of construction sites and buildings could also be uploaded to a cloud by automated storage routines from providers such as Google or Instagram, or even published if access is not restricted. The same applies to DSGVO-protected contact data, where transmission and storage are uncontrolled.
Mobile Device Management is the solution
As a solution to these security issues, Axians consultants proposed Mobile Device Management to the company. This allows the secure retrieval of company data through the mobile devices of all employees as well as central access control to be implemented effectively and cost-effectively. Axians implemented the IBM MaaS360 solution in close consultation with the customer and his requirements. This makes it possible to block apps that are in violation of data protection regulations and to create protected containers in which confidential data in the form of documents and graphics can be securely stored. It is also possible to set rules for users, such as the mandatory use of PINs to prevent unauthorised access to the device. Finally, the software allows access data for networks such as WLAN and VPN to be managed centrally. With these regulatory options, the company can meet its data protection obligations and also has a simple documentation option with regard to compliance.
Quick deployment after successful test phase
First, in February 2019, users tested the functionality of the IBM MaaS360 solution in a free trial. The numerous performance features as well as the easy handling of the software finally convinced the company, so that in March 2019 the rollout took place in the company and the mobile end devices are now secured with IBM MaaS360.
Equally suitable for private and corporate devices
The solution can be used not only for company smartphones and tablets, but also for private devices. Here, the system ensures that business-related data cannot be read and transferred by private apps. Also of great importance for the customer was a sophisticated role and access control with regard to data access and the possibility to deactivate certain hardware components in sensitive environments. "Think, for example, of security-relevant construction sites such as barracks or data centers. Here you can pre-set the camera to automatically disable when the field worker enters the site," said Christian Brandlehner, project manager at Axians, explaining one of the many capabilities of the IBM MaaS360 application.
High data availability and comprehensive protection
What is particularly important for a decentralized organization such as a construction company with many construction sites is not only the availability of data, but also the synchronization of the central database. Here, MaaS360 offers the prompt input of documents such as delivery notes and immediate forwarding to the central accounting department. Project data is accessed via a secure VPN channel.
Simple installation via remote access
Easy installation via remote access
Apropos security: Should a terminal be lost or stolen, all data on it can be deleted remotely. In the case of private devices, the affected company data can be easily deleted and network access prevented. "Brandlehner explains: "The user interface is very simple and intuitive, so that our customer no longer needed any further assistance apart from the training materials available on the Internet. Since all the necessary data is transferred directly from the IBM cloud to the corresponding devices, the installation effort is minimal. In addition, the mobile devices don't have to be brought into the IT department, but the software can be downloaded directly via an installation link," Brandlehner continues. New devices can be ordered directly so that they are automatically registered for the program as soon as they are switched on. After the download, the user only has to log in.
Cost-effective protection of sensitive data
The customer is very satisfied with this solution, because a location-based installation and configuration would have been associated with considerable work stoppages and costs due to the long distances involved. Thus, the implementation could be carried out promptly and during operation. The IBM solution is also clearly ahead of the competition in terms of costs. The tool, which can be used across all industries, has proven itself since the test phase: The functional scope, data security, costs and speed of implementation convinced the company. "It took no more than six weeks from the idea to the order," says Brandlehner.