With all the data collected from users and/or devices stored and shown on the server, the MDM server becomes a veritable repository of confidential information with the need for securing it becoming imperative. Securing the data being sent/received by the server becomes the primary focus when it comes to server security. In addition to securing the data received via incoming communication, we also need to secure the access to the data stored on the MDM server. MDM provides several ways to fortify security in both the cases, ensuring the data stored and/or shown on the MDM server is always secure.
MDM lets you configure settings to ensure, complete security is maintained for the data collected while also securing access to it. Server Security consists of two major components:
- Securing login to MDM server - Settings pertaining to strengthening the means of server access, while also preventing unauthorized access
- Securing device-server communication - Settings pertaining to securing the data sent/received by MDM, while also securing the communication channel used.
Configuring Server Security Settings
As stated previously, configuring both the sections ensures complete data security. You can know more about the two sections in detail, below:
- On the MDM server, click on Admin tab from the top menu and select Server Security (present under Security Settings).
- Configure the policy based on the details given below:
Securing login to MDM server
To access the data stored on the server, users need to login to the MDM server. Thus, the server login becomes the first level of security, which can be secured to the maximum by configuring the settings as explained below:
|HTTPS login to secure server access and data||Enabling this ensures server and data access occurs only on the secure HTTP(HTTPS) channel, preventing unauthorized access to both the MDM server and the server data.|
|Passcode policy to ensure login passcodes are stronger||Provisioning a passcode policy for the MDM server login ensures, the passcode is strong/complex making it difficult to guess through any brute force attack. You can also configure it to ensure the passcode complies with your organization's security standards. You can know more about passcode policy for login here.|
|Enforce Two-Factor Authentication(TFA) to further secure access to server.||In addition to having a passcode policy, you can secure login further by opting out for Two-Factor Authentication(TFA). TFA provides an additional layer of security when logging in, providing an additional layer of security. You can know more about Two-Factor Authentication here.|
|Disable default admin account and create users with requisite permissions||The default admin account credentials are displayed on the login screen and further, is easily guessable. Thus, it is recommended to disable the default admin account and create separate accounts for all users, using which they can login to MDM server. To know more about creating users, refer to this.|
Securing device-server communication
Having secured access to the server, the next step is secure the data present. This data includes device details such as Phone Number etc., which are to be compulsorily secured to prevent unauthorized data usage.
|Secure HTTPS communication between devices and MDM server||As stated previously, enabling this ensures server and data access occurs only on the secure HTTP(HTTPS) channel, preventing unauthorized access to both the MDM server and the server data.|
|Use trusted SSL certificate secure device-server communication||This ensures you further secure the communication taking place, by provisioning a third-party certificate. This certificate further authenticates the communication and ensures the communication is carried out on a secure channel. You can know more about SSL certificates here.|
|Configure Secure Gateway to add an additional layer of security||As the name suggests, Secure Gateway adds an additional layer of security, by ensuring all incoming communications to the server are routed through itself before actually reaching the server. This is especially useful, as the server is exposed to the external networks for continuous management of mobile devices. To know more about Secure Gateway, refer to this.|