Server Security

Overview

With all the data collected from users and/or devices stored and shown on the server, the MDM MSP server becomes a veritable repository of confidential information with the need for securing it becoming imperative. Securing the data being sent/received by the server becomes the primary focus when it comes to server security. In addition to securing the data received via incoming communication, we also need to secure the access to the data stored on the MDM MSP server. MDM MSP provides several ways to fortify security in both the cases, ensuring the data stored and/or shown on the MDM MSP server is always secure.

It is also recommended to configure Server Privacy Settings to ensure data privacy on the server, Device Privacy Settings to ensure data privacy on the managed devices and Terms of Use which sets the mandate for the data collected and purposes for collecting the same.

Policy Description

MDM MSP lets you configure settings to ensure, complete security is maintained for the data collected while also securing access to it. Server Security consists of two major components:

Configuring Server Security Settings

As stated previously, configuring both the sections ensures complete data security. You can know more about the two sections in detail, below:

Securing login to MDM MSP server

To access the data stored on the server, users need to login to the MDM MSP server. Thus, the server login becomes the first level of security, which can be secured to the maximum by configuring the settings as explained below:


PARAMETER DESCRIPTION
HTTPS login to secure server access and data

Enabling this ensures server and data access occurs only on the secure HTTP(HTTPS) channel, preventing unauthorized access to both the MDM MSP server and the server data.

Passcode policy to ensure login passcodes are stronger

Provisioning a passcode policy for the MDM MSP server login ensures, the passcode is strong/complex making it difficult to guess through any brute force attack. You can also configure it to ensure the passcode complies with your organization's security standards. You can know more about passcode policy for login here.

Enforce Two-Factor Authentication(TFA) to further secure access to server.

In addition to having a passcode policy, you can secure login further by opting out for Two-Factor Authentication(TFA). TFA provides an additional layer of security when logging in, providing an additional layer of security. You can know more about Two-Factor Authentication here.

Disable default admin account and create users with requisite permissions The default admin account credentials are displayed on the login screen and further, is easily guessable. Thus, it is recommended to disable the default admin account and create separate accounts for all users, using which they can login to MDM MSP server. To know more about creating users, refer to this.


Securing device-server communication

Having secured access to the server, the next step is secure the data present. This data includes device details such as Phone Number etc., which are to be compulsorily secured to prevent unauthorized data usage.


PARAMETER DESCRIPTION
Secure HTTPS communication between devices and MDM MSP server

As stated previously, enabling this ensures server and data access occurs only on the secure HTTP(HTTPS) channel, preventing unauthorized access to both the MDM MSP server and the server data.

Use trusted SSL certificate secure device-server communication This ensures you further secure the communication taking place, by provisioning a third-party certificate. This certificate further authenticates the communication and ensures the communication is carried out on a secure channel. You can know more about SSL certificates here.
Configure Secure Gateway to add an additional layer of security

As the name suggests, Secure Gateway adds an additional layer of security, by ensuring all incoming communications to the server are routed through itself before actually reaching the server. This is especially useful, as the server is exposed to the external networks for continuous management of mobile devices. To know more about Secure Gateway, refer to this.

Copyright © 2019, ZOHO Corp. All Rights Reserved.
ManageEngine