Mobile Content Management: Keeping Important Information Accessible and Secure
Mobile Content Management includes security, file sharing, collaboration and synchronization. Most MCM systems include a Secure Content Locker (SCL) to hold and manage the access and control of information.
With security so important to the enterprise, a lot of effort has been made to keep important files and information secure. Putting important enterprise information in shared cloud storage such as Dropbox made it too easy for that information to be accessed by people outside the company. As easy as sharing the intended root folder is, it is also easy to accidently give access to other important, confidential enterprise information.
Over the past 10 years, vendors such as IBM MaaS360, MobileIron, AirWatch, Citrix and BlackBerry Good have provided mobile device management software. These systems are designed to maintain the integrity of the mobile device and the software running on those devices.
MCM systems keep the important information ‘locked up’ so only authorized personnel can access it. A good example would be the financial information that should only be made available to those in finance, accounting and top management; while marketing information should only be available to those who work in marketing, etc.
Most MCM vendors support Secure Content Lockers (Figure 1) as part of their overall solution.
The Enterprise Mobility Management solution includes a number of sub-systems such as Mobile Device Management (MDM), Mobile Content Management (MCM) and Mobile App Management (MAM), among others. Two of these sub-systems are shown in Figure 1. The MDM sub-system is focused on managing the different devices on the network such as laptops, tablets and smartphones. MDM ensures the integrity of the device and the apps that reside on the device.
While MDM is still an important part of a complete enterprise mobility management strategy, enterprises have another big challenge: to ensure corporate information is protected while providing employees with a simple way to access up-to-date documents anytime, anywhere from their mobile device.
The Secure Content Locker (SCL), under the Mobile Content Management (MCM) sub-system, represents the files and folders that reside in a secure area where only legitimate users can access, update and create content.
The Secure Content Locker (SCL) protects sensitive content in a secure container that is managed by enterprise IT administrators. Both document distribution and access to content is managed, ensuring enterprise users always have the latest content on their device.
Most MCM systems provide the following enterprise-grade capabilities:
- Advanced security
- Flexible storage (Cloud, on-premise or hybrid)
- Enterprise integration
- File synchronization
- Administrative console
- Event logging and analytics
- End-user experience
- Personal storage and synchronization
- Desktop synchronization
- Collaboration and sharing
Each of these is described in more detail below.
Mobile Content Management systems provide a number of flexible storage deployment options that enable enterprises to arrange content storage and access to best meet their needs. This is shown in Figure 2.
- Cloud – Support for documents stored in Cloud
- On-Premise – Support for local Microsoft SharePoint, enterprise file servers and network drives
- Hybrid –Support for a combination of cloud and on-premise storage
It’s critical to control access to enterprise content and protect it from malicious attacks; therefore, security is one of the most important aspects of mobile content management. Security includes multiple functions such as user authentication, data encryption, device and application access, document access and encryption, email access and network security.
A solid MCM provides enterprise-grade security:
- Authenticate using existing corporate credentials
- Support two factor authentication, SAML, certificates and PKI
- Encrypt data in transit and at rest
- Disable access if device is compromised
- Perform remote wipe of corporate content
- Prevent editing, printing and opening content in other apps
- Restrict access to a specific location with geo-fencing
Cloud support is an important aspect of managing content, and includes:
- Adding files individually or through bulk import
- Organizing categories, subcategories and metadata
- Capturing author, description, keywords, etc.
- Tracking document versions and update history
- Delegating management to appropriate authors
- Defining storage thresholds for users and groups
Since files must be kept in synchronization across multiple platforms and various storage solutions, a full-service MCM solution enables information to be kept in sync across all devices. The MCM solution includes:
- Synchronization by single user or group
- Automatic or on-demand synchronization
- Wi-Fi only or cellular data synchronization
- Transfer priority synchronization
- Effective and expiration dates
- Offline access
- Automatic updates
In addition, desktop synchronization can enable:
- Two-way sync of content from desktop to device
- Sync based on scheduler and real-time folder changes
- Sync status and notification of failures
- Sync personal and shared content
- Available for both Mac and Windows
Enterprise integration enables the MCM solution to fit into the total enterprise IT environment. Most MCM systems provide a complete set of enterprise integration services including:
- Synchronization of network shares, file servers and file systems
- Defining of unique repositories by business unit with multi-tenancy
- Utilization of existing corporate credentials for user access
- Use Access Control Lists (ACL) for user permissions
- Secure distribution without VPN (EIS)
- Integration with SharePoint, Office 365 and any WebDAV
- Integration with Amazon and Google Drive
Event Logging and Analytics
A quality MCM provides comprehensive analytics and reporting including administrative control, event logging and dashboard reporting.
An integral part of any enterprise information system is the end-user experience. A good MCM has a sophisticated end-user interface and provides a positive experience that enables users to:
- Navigate through synced folders and categories
- Browse via smart views
- Tag content as a favorite
- Search for content
- Receive auto updates and notifications
- Manage content in personal folders
- Brand custom to your company
- Make available in multiple languages
One main objective of MCM is to enable important content to be shared with other employees. A good MCM provides the following collaboration and sharing features:
- Share, edit and collaborate secure content with other internal users
- Assign different access and editing privileges to users or groups
- Read, edit, own, co-own
- Share links to content for external users with password protection
A lot of sensitive content is attached to email messages. A MCM system provides management of email attachments through both the email client as well as other popular email client engines. MCM for email includes:
- Open email attachments in Secure Content Locker (SCL)
- Decrypt, view and save email attachments
- Functions that keep users from emailing content from Secure Content Locker
Messaging has joined the important paradigms in which content needs to be kept secure. Enterprises use more messaging today for inter-employee communication since it’s fast, easy and direct. But, MCM systems need to include the ability to manage content access and distribution to and with others. For example, MCM has to ensure that an employee doesn’t use text messaging to send a confidential file to someone outside the company. While WeChat and Signal provide a secure link between the two people sending and receiving messages, they don’t check to verify whether the attached file is confidential or not.
Mobile Content Management is an essential telecom management practice and the need for MCM is becoming more prevalent as user reliance on mobile platforms increases.
There are a number of vendors who provide various ways in which to manage a Secure Content Locker as part of Enterprise Mobility Management (EMM). These include AirWatch by VMware, Citrix XenMobile, IBM MaaS360, SAP Afaria, MobileIron and Microsoft Intune. Specialist content management systems include Box, Dropbox for Business and Egnyte.
They all provide some way to secure content and make it available to only those employees that have a need and are approved by enterprise IT. The information is structured in files and folders much like any non-secure public Cloud-based service like Dropbox. The main difference is the way in which the information resides in some form of a Secure Content Locker. Then, the employee gets rights to enter the locker and see all or part of the total content.
But the problem is more challenging than just setting up access. The MCM in EMM suites has to address things like collaboration – how to set up ways to have two or more people share and update specific content. Or, there needs to be a way to extend the rights privileges to partners, contractors and consultants who are external to the enterprise.
A small business may opt for a simple, focused Secure Content Locker (Box, Dropbox for Business, Egnyte), but a large organization will likely deploy a full EMM platform that includes full control over content.
Any organization should make sure they are addressing the issue of content management in addition to device management. Often, the most important asset in a company is information (content) and, thus, management of that asset is the number one priority of the information systems team. If a company has solid mobile content management, the information assets will stay secure inside the company and not be compromised, either by accident or on purpose, by its employees.