With all the data collected from users and/or devices stored and shown on the server, the MDM server becomes a veritable repository of confidential information with the need for secured access becoming imperative. In addition to this, there are certain configurations for which the Admin either needs to provide consent and/or configure settings for secured data access.
MDM lets you configure settings to ensure, complete transparency is maintained with regards to the data collected, access to the data and actions taken based on the data. Since the privacy settings are for the server, it automatically applies to all managed devices and users. Server Privacy Settings is broadly divided into four sections:
- Consent - Settings pertaining to permissions provided by the Admin, to collect certain data.
- Data Protection - Settings pertaining to data protection, which when implemented provides secure data access and data security.
- Breach Notification - Settings pertaining to notification of serious security/privacy breaches.
- Right to Erasure - Settings pertaining to non-storage of data, once it is erased.
Configuring Server Privacy Settings
As stated previously, configuring all the four sections ensures data privacy can be achieved to the maximum possible limit. You can know more about the four sections in detail, below:
- On the MDM server, click on Admin tab from the top menu and select Server Privacy (present under Privacy Settings).
- Configure the policy based on the details given below:
In specific scenarios, certain data might be collected and/displayed on the server, for which the consent of the Admin is required.
|Share device asset data with ManageEngine Asset Explorer||In case you have integrated with Asset Explorer, you need to provide consent for syncing the data present on the MDM server with Asset Explorer.|
|Share device asset data with ManageEngine ServiceDesk Plus||In case you have integrated with ServiceDesk Plus, you need to provide consent for syncing the data present on the MDM server with ServiceDesk Plus.|
|Automatic log upload for diagnosis by support technicians||There are certain cases where you might be stuck on the MDM server, unable to configure a particular setting/feature and you decide to contact MDM support. For MDM support team, to provide an adequate solution quickly, it requires the logs for diagnosis. Giving consent for this setting, ensures the logs get automatically uploaded.|
|Anonymous collection of product usage statistics, to improve product capabilities||With the ever-expanding capabilities of MDM and the forever growing needs of the user, there comes a need to prioritize between these two. Unobtrusive and anonymous collection of usage statistics provides the MDM team with a high-level idea regarding feature usage and where more focus is required. The collected data is used as a marker for improving product capabilities, ensuring features which might be required in the immediate future is prioritized over other requirements.|
As stated previously, MDM is a storehouse of confidential corporate data and access to this data must be protected and secured.
|Secure MDM Server||In case of MDM, confidential data can be compromised in two scenarios: data accessed by logging into the server and data accessed during server communication. This option lets you secure both the login access to the MDM server as well as securing MDM server communications. To know more about server security, you can refer to this.|
|Role-based access||This option builds upon the previous option by letting you restrict users from accessing some/all of the data, ensuring further data security. This can be achieved by associating certain roles with the user accessing the MDM server. When the roles are associated with the user, the user can access data only based on what the role definition. You can know more about role-based access here.|
|Integrations||You can ensure the data being synced/shared with the integrated products is happening on a secure HTTP(HTTPS) channel.|
|File Security||This is more of a recommendation than a configuration, whereby we strongly recommend you encrypt any data stored on the server machine locally to prevent unauthorized data access.|
MDM though a standalone product, depends on a few third-party products such as Apache etc., especially on the server side for proper functioning. These components in certain situations might become vulnerable, which in turn can lead to security breaches. MDM will provide immediate updates for overcoming the vulnerability, by including the fix(es) provided the related third-party vendor(s). To receive notifications in such scenarios, you can subscribe to our breach notification service.
Right to Erasure
In case, you chose to deprovision devices and/or remove users accessing the MDM server, MDM will not hold any data related to these entities except for the entity name which is used for audit logging.