By Sam | January 20, 2014

Exchange ActiveSync (EAS) or MDM? – How To Choose the Right Mobile Security Strategy for Your Credit Union

Mobile Device Management (MDM) has become the hot topic at every round table I’ve attended lately. Bring the complexity of BYOD (Bring Your Own Device) into your mobile strategies and the risk levels associated with not getting things secured properly is very real.  Here at Ongoing Operations, our Hosted Exchange solution addresses the mobile device risk through implementation of the Exchange ActiveSync (EAS) policies. If you’re a CIO faced with locking down your remote devices and want to know where to get started with some type of MDM strategy, this post is for you!

Exchange ActiveSync – What it is NOT

If your Credit Union has determined that it wants application level control on all mobile devices, then standalone EAS is NOT for you.  Why would you care about application level control? Some applications have email clients built in which transparently share contact information. Without an application level control mechanism, an administrator cannot monitor this transmission.  Or perhaps you’re launching a mobile workforce and wanting to provide mobile support to internal applications other than exchange? Since it’s all about mitigating risk, you’re probably thinking that you HAVE to have this level of control, right?

Not so fast – Full MDM tools may provide you with functionality but at what cost? And I’m not just talking about the financial expense as MDM tools are very costly to purchase and maintain.  Also consider that if you establish black/white lists, you risk being too permissive AND being too restrictive (and annoying your end users and increasing helpdesk calls!). You effectively become the hall monitor for EVERY app and contact on the end users device. Credit unions need to assess their risk before jumping feet first into a full blown MDM. For most Credit Unions, a well-designed launch of EAS will secure these devices and give you control over your mobile environment. For those that need more, a combination generally does the trick.

EAS Policies are built into Exchange, and provide admins with the ability to lock down mobile devices.  Some of the setting possible (but dependent upon the actual mobile device) include:

• Password/PIN Locks
• Screensaver Timeouts
• Device Encryption
• Remote Wipe
• Disabling of Storage Cards, Cameras
• Non-compliant devices prevented from connecting to Exchange

This powerful set of tools provides administrators the ability to get their arms around the increasing mobile workforce as well as address the BYOD crowd. Remote wipes are also critically important to Credit Unions due to the very nature of a mobile device (easily lost/stolen, employee turnover, etc.). The encryption standards address the possibility of sensitive data transmission between the source and the device. And while not all devices (IOS, Android, Windows, and RIM etc.) will support 100% of EAS features, the majority ARE supported and provide a very secure mobile device management strategy.

So How Do You Know Which One Works For Your Credit Union?

The answer is: “it depends.” As with all security decisions, your Credit Union must assess the risk associated with your current and planned mobile workforce. At the simplest of levels, locking down the device and being able to remotely wipe are critical.