With the rise of BYOD being widely adopted by countless organizations, the uncontrolled distribution of corporate network access to unmanaged devices includes the risk of exposing other corporate devices as well as sensitive internal information to malicious third parties.
With such a large selection of applications available at the thumb taps of mobile device users, cybercriminals have exploited this market by posting malware spreading apps.
Parallels MDM provides administrators with the ability to enforce application control policies and further monitor applications retained on these devices, to if not circumvent a security breach altogether, monitor applications installed on these devices and further action on application control violations where necessary.
Let's walk through a 'How-to' guide for securing your corporate network against such threats on newly connected devices.
Configure Application Control to the Default Group Policy
Once a new device has successfully connected to a Parallels MDM account, it shall automatically be added to the default group policy and settings pushed out to the device. This policy should be set to either weed out many of the currently know threats, or define applications allowed on connected devices.
Let's take a look at the steps involved in both weeding out undesired applications by setting an application blacklist or defining the applications allowed by the corporate network by setting an application whitelist:
- Log in to the Parallels MDM portal.
- Navigate to the 'Group Policies' node and select '(Default)' .
- Click on the 'Application control' tab.
- Select the 'Blacklist' radio button to add apps to the blacklist or 'Whitelist' radio button to add apps to the whitelist.
- Click the 'Add Application' drop down.
- Select the source that applications shall be added from (APK, Google Play, App Store etc.).
- Select or enter the applications you would like to add to the blacklist and click 'Add'.
- If you want to add applications from several sources, repeat steps 5-6.
- Once you have added all of the necessary applications, click 'Apply' to implement the application blacklist to the '(Default)' group.
Once connected, the Parallels MDM client application shall notify the new user that applications need to be added or removed. An email shall also be sent to the Parallels MDM account administrator which includes information regarding applications installed on the device which violate the set whitelist/ blacklist.
The default group should cater for generic app management when connecting new devices, before further adding these devices to specific group policies, fine tuned for specific roles.
Monitor Application Pool
Apart from that, you may further review a list containing all of the applications installed on all connected devices by navigating to the App Management Group and further clicking the Installed Apps node.
Should you locate a possible threat, either add this threat to the default group policy or delete directly from the installed applications node by following these steps:
- Select the application
- Click remove
- Click Yes
Note that applications installed by the manufacturer (pre-installed apps) may not be removed.
Review Device for Violations
Furthermore, checks may be performed per selected device to review if users are abiding by the set application control policy or not.
You may review this list by selecting a device and navigating to the 'Applications' tab following the next steps:
- Click 'Devices' node
- Locate and select a device
- Click the 'Applications' tab
Subsequently, pay special attention to the status column and further filter for specific results using the below contraints:
- Ignored install - user selected the ignore option when prompted by Parallels MDM to install app
- Ignored Uninstall - user selected the ignore option when prompted by Parallels MDM to uninstall app
- Pending install - user has not yet selected the install option
- Pending delete - user has not yet selected to uninstall/ delete application
- Pending delete (Whiltelist) - user has not yet selected to uninstall/ delete applications which are not whitelisted
Congratulations! You can now put you mind at ease when adding new devices to your corporate network and should a threat arise, deal with it in an efficient and timely manner.