J. Gerry Purdy, Ph.D.
Principal Analyst, Mobile and Wireless
Gerry.Purdy@aotmp.com | LinkedIn
Mobile Content Management: Keeping Important Information Accessible and Secure
Mobile Content Management includes security, file sharing, collaboration and synchronization. Most MCM systems include a Secure Content Locker (SCL) to hold and manage the access and control of information.
With security so important to the enterprise, a lot of effort has been made to keep important files and information secure. Putting important enterprise information in shared cloud storage such as Dropbox made it too easy for that information to be accessed by people outside the company. As easy as sharing the intended root folder is, it is also easy to accidently give access to other important, confidential enterprise information.
Over the past 10 years, vendors such as IBM MaaS360, MobileIron, AirWatch, Citrix and BlackBerry Good have provided mobile device management software. These systems are designed to maintain the integrity of the mobile device and the software running on those devices.
MCM systems keep the important information ‘locked up’ so only authorized personnel can access it. A good example would be the financial information that should only be made available to those in finance, accounting and top management; while marketing information should only be available to those who work in marketing, etc.
Most MCM vendors support Secure Content Lockers (Figure 1) as part of their overall solution.
The Enterprise Mobility Management solution includes a number of sub-systems such as Mobile Device Management (MDM), Mobile Content Management (MCM) and Mobile App Management (MAM), among others. Two of these sub-systems are shown in Figure 1. The MDM sub-system is focused on managing the different devices on the network such as laptops, tablets and smartphones. MDM ensures the integrity of the device and the apps that reside on the device.
While MDM is still an important part of a complete enterprise mobility management strategy, enterprises have another big challenge: to ensure corporate information is protected while providing employees with a simple way to access up-to-date documents anytime, anywhere from their mobile device.
The Secure Content Locker (SCL), under the Mobile Content Management (MCM) sub-system, represents the files and folders that reside in a secure area where only legitimate users can access, update and create content.
The Secure Content Locker (SCL) protects sensitive content in a secure container that is managed by enterprise IT administrators. Both document distribution and access to content is managed, ensuring enterprise users always have the latest content on their device.
MCM Capabilities
Most MCM systems provide the following enterprise-grade capabilities:
Advanced security
Flexible storage (Cloud, on-premise or hybrid)
Enterprise integration
File synchronization
Administrative console
Event logging and analytics
End-user experience
Personal storage and synchronization
Desktop synchronization
Collaboration and sharing
Each of these is described in more detail below.
Flexible Storage
Mobile Content Management systems provide a number of flexible storage deployment options that enable enterprises to arrange content storage and access to best meet their needs. This is shown in Figure 2.
Cloud – Support for documents stored in Cloud
On-Premise – Support for local Microsoft SharePoint, enterprise file servers and network drives
Hybrid –Support for a combination of cloud and on-premise storage
Security
It’s critical to control access to enterprise content and protect it from malicious attacks; therefore, security is one of the most important aspects of mobile content management. Security includes multiple functions such as user authentication, data encryption, device and application access, document access and encryption, email access and network security.
A solid MCM provides enterprise-grade security:
Authenticate using existing corporate credentials
Support two factor authentication, SAML, certificates and PKI
Encrypt data in transit and at rest
Disable access if device is compromised
Perform remote wipe of corporate content
Prevent editing, printing and opening content in other apps
Restrict access to a specific location with geo-fencing
Further, most MCM systems provide full opt-in for the Secure Content Locker. This means the user must comply with terms of use before access is granted. It also informs users about data captured and actions allowed and can report on compliance over time.
Cloud Management
Cloud support is an important aspect of managing content, and includes:
Adding files individually or through bulk import
Organizing categories, subcategories and metadata
Capturing author, description, keywords, etc.
Tracking document versions and update history
Delegating management to appropriate authors
Defining storage thresholds for users and groups
Synchronization
Since files must be kept in synchronization across multiple platforms and various storage solutions, a full-service MCM solution enables information to be kept in sync across all devices. The MCM solution includes:
Synchronization by single user or group
Automatic or on-demand synchronization
Wi-Fi only or cellular data synchronization
Transfer priority synchronization
Effective and expiration dates
Offline access
Automatic updates
In addition, desktop synchronization can enable:
Two-way sync of content from desktop to device
Sync based on scheduler and real-time folder changes
Sync status and notification of failures
Sync personal and shared content
Available for both Mac and Windows
Integration
Enterprise integration enables the MCM solution to fit into the total enterprise IT environment. Most MCM systems provide a complete set of enterprise integration services including:
Synchronization of network shares, file servers and file systems
Defining of unique repositories by business unit with multi-tenancy
Utilization of existing corporate credentials for user access
Use Access Control Lists (ACL) for user permissions
Secure distribution without VPN (EIS)
Integration with SharePoint, Office 365 and any WebDAV
Integration with Amazon and Google Drive
Event Logging and Analytics
A quality MCM provides comprehensive analytics and reporting including administrative control, event logging and dashboard reporting.
End-User Experience
An integral part of any enterprise information system is the end-user experience. A good MCM has a sophisticated end-user interface and provides a positive experience that enables users to:
Navigate through synced folders and categories
Browse via smart views
Tag content as a favorite
Search for content
Receive auto updates and notifications
Manage content in personal folders
Brand custom to your company
Make available in multiple languages
Collaboration
One main objective of MCM is to enable important content to be shared with other employees. A good MCM provides the following collaboration and sharing features:
Share, edit and collaborate secure content with other internal users
Assign different access and editing privileges to users or groups
Read, edit, own, co-own
Share links to content for external users with password protection
Email
A lot of sensitive content is attached to email messages. A MCM system provides management of email attachments through both the email client as well as other popular email client engines. MCM for email includes:
Open email attachments in Secure Content Locker (SCL)
Decrypt, view and save email attachments
Functions that keep users from emailing content from Secure Content Locker
Messaging
Messaging has joined the important paradigms in which content needs to be kept secure. Enterprises use more messaging today for inter-employee communication since it’s fast, easy and direct. But, MCM systems need to include the ability to manage content access and distribution to and with others. For example, MCM has to ensure that an employee doesn’t use text messaging to send a confidential file to someone outside the company. While WeChat and Signal provide a secure link between the two people sending and receiving messages, they don’t check to verify whether the attached file is confidential or not.
AOTMP PERSPECTIVE
Mobile Content Management is an essential telecom management practice and the need for MCM is becoming more prevalent as user reliance on mobile platforms increases.
There are a number of vendors who provide various ways in which to manage a Secure Content Locker as part of Enterprise Mobility Management (EMM). These include AirWatch by VMware, Citrix XenMobile, IBM MaaS360, SAP Afaria, MobileIron and Microsoft Intune. Specialist content management systems include Box, Dropbox for Business and Egnyte.
They all provide some way to secure content and make it available to only those employees that have a need and are approved by enterprise IT. The information is structured in files and folders much like any non-secure public Cloud-based service like Dropbox. The main difference is the way in which the information resides in some form of a Secure Content Locker. Then, the employee gets rights to enter the locker and see all or part of the total content.
But the problem is more challenging than just setting up access. The MCM in EMM suites has to address things like collaboration – how to set up ways to have two or more people share and update specific content. Or, there needs to be a way to extend the rights privileges to partners, contractors and consultants who are external to the enterprise.
A small business may opt for a simple, focused Secure Content Locker (Box, Dropbox for Business, Egnyte), but a large organization will likely deploy a full EMM platform that includes full control over content.
Any organization should make sure they are addressing the issue of content management in addition to device management. Often, the most important asset in a company is information (content) and, thus, management of that asset is the number one priority of the information systems team. If a company has solid mobile content management, the information assets will stay secure inside the company and not be compromised, either by accident or on purpose, by its employees.
Get More Resources from the Experts on Telecom Management
The post Mobile Content Management | Keeping Important Information Accessible and Secure appeared first on AOTMP.