Mobile Email Management (MEM) is concerned with securing confidential company data contained in corporate mail, including attachments, by configuring individual device settings and deploying compliant security policies.
Table of Contents
Emails form the backbone of corporate communication due to their ease of use, fast and reliable communication. These days employees access corporate mail on their devices through local networks. These devices serve as endpoint vulnerabilities. If any of these devices is compromised, it serves as a threat to the entire organisation’ database. Mails have many sensitive information and attachments, and securing mail communication on personal and corporate devices should be a priority for enterprises of all kinds.
Mobile Email Management is a part of Mobile Device Management(MDM) solutions which provides device management and deploying security policies over the air, among other features, securing that offer to help IT teams secure devices and company databases through a centralized console.
Mobile Email Management
Mobile email management provides comprehensive security to the mail communication framework of an enterprise both at the server end and user end to prevent breaches of data contained in emails and related attachments.MEM is part of MDM solutions which offers device management capabilities, deploying applications and security policies, monitoring of devices, configuring, and managing devices to meet standard company security compliance through a central administrative console hence securing company databases and personal and corporate devices.MEM helps secure access from unauthorized devices to company email and attachments, remotely manages and deploys security policy through a central console, and pre-installs and configures email clients on devices before their first boot. Synchronization settings on calendar, mail, and contacts can be applied to individual devices or a group of devices.
MEM technology, with its advantages, also represents certain challenges:
- Development and deployment of MEM technology across different Operating Systems(OS), devices, and email clients.
- Over the air configuration of email
- To get an update on the list of unmanaged devices from earlier
- Protecting email data centres against loss and theft
- Recognizing and blocking access of unauthorized, stolen or lost devices
- Give access to only enrolled devices
- Features of certificate integration and revocation
Key features of Mobile Email Management (MEM)
MEM offers various features to secure and manage mail on personal and corporate devices and ensure compliance with company security standards. Some of these features are:
Configuring corporate email accounts for employees
Corporate mail accounts are essential for internal and external communication. Creating individual IDs for separate employees can be tiresome and time-consuming. MEM allows bulk email ID creation by selecting an email policy for an individual or group of employees. Dynamic variables simplify bulk creation by automatically fetching mail addresses associated with devices during onboarding. The email clients can be pre-configured in devices even before their first boot. Additionally, email signatures can be pre-configured, and a default email account can be set up.
Configuring email restrictions
HTML is often used to attach links or images and poses a security threat to the entire network as downloaded files may have malicious software or hidden viruses.MEM software can block any HTML format and displays plain text only.
Forwarding of mails and their storage on third-party cloud servers also represent key security challenges. Employees who have switched a company may still have access and forward company mail to a third party. Critical and sensitive information may be exfiltrated to competitors who may gain an advantage or misuse the information. A breach in the case of the third-party server may result in compromise of company data as well.MEM prevents forwarding mails and provides control over syncing of mail to third-party servers.MEM further allows admin to configure access of email from non-email accounts, push notifications, among others.
Secure communication channel
Traditionally email configuration compliances like POP or IMAP for retrieving data involve converting to plain text and leaves confidential data vulnerable to eavesdropping and security breaches.MEM uses SSL/TLS certificates to encrypt data end to end and secure communication channels. Advanced layers of security are added with S/MIME, an additional layer of encryption for retaining message integrity and enhancing data privacy. To embed emails with certificates, Simple Certificate Enrollment Protocol(SCEP) can be used for iOS and Windows devices to ensure emails use certificates.SSL/TLS connections or SSL certificates can be used to secure communication.
Securing email attachments
Email attachments are an important part of corporate communication with sensitive documents, excel files, among others. These documents, once downloaded, can be shared, opened by unsecured applications, or uploaded on a third-party cloud server.MEM secures attachments during transmission as well as after download. A built-in documents viewer ensures the safe opening and saving of files. Copy-pasting or sharing files to other devices or the cloud are prohibited through sandbox technology. Other enterprise documents viewing apps can be embedded in software, but third-party unauthorized applications are restricted from opening corporate attachments.
Securing access to exchange
Exchange server is widely used in the corporate world to manage and secure emails. Exchange provides active sync of calendar, mail, and contacts. This makes exchange services a vulnerable target for hackers who are always trying to leverage sensitive company information for their gains. Traditional firewall configurations and other security tools to control access are not enough for modern-day threats but require control of Exchange server access at the device level. MEM only allows enrolled devices to access Exchange services and blocks unauthorized devices.
Remote centralized Management
MEM is part of MDM solutions and provides a central administrative console with an installed client-server that sends Over The Air (OTA) commands to user servers installed on endpoint devices. Security policies can be configured and deployed to meet enterprise compliances. Security certificates can be integrated or revoked. Holistic security policies can prevent users from deleting or modifying company data.
Integration with Other Platforms
MEM integrates with existing email clients on devices to access corporate mail. Windows, iOS, and android are among other supported Operating Systems. Office 365 or Exchange on-premise is supported as well. Post-enrolled devices are enabled with OTA configuration through the MDM console.
Configuring corporate email accounts for employees
Creating and configuring one mail at a time can be tedious and time-consuming. MEM allows the creation of mail ids in bulk, and mail configuration settings can be deployed to an individual or a group of people. MEM can be integrated with existing email clients to customize functionalities of managed email app as per enterprise requirements, deploy apps to devices and predefine functions such as account type, domain name, and email signature. Hence, devices have these settings on devices even before their first boot. The administrator uses a central console to send commands Over The Air (OTA) and makes it easy to mass upgrade and implement ever-changing security compliances. Collaboration tools like Microsoft Outlook, IBM verse, and ZOHO mail be integrated with MEM.
App permissions can also be managed with MEM. You can prevent data from being stored on a device, copied-pasted, shared with other devices, or to a cloud server, among other features. These permissions are pre-configured at the time of enrollment. Specific data functions are user-controlled if they are not fundamental to the app’s working, like allowing access to contacts and SMS. Some permissions can be forced for features like tracking if the enterprise app uses a tracking function.
Ensuring Secure communication
MEM ensures the security of the enterprise email framework by working at different levels of security both at the client and user end. Some of these measures are:
End-user device security
- Sandboxing the email platform with restricted access to the only enterprise authorized app and accounts
- An inbuilt doc viewer to safely view all attachments without the risk of downloading malicious content or viruses. All HTML links are blocked, and content is shown as plain text.
- Prevent modification or deletion of data on the company server
- Partial or complete wipe for lost and stolen devices
Server end security
- Holistic security compliances communicated Over The Air(OTA)
- The email app is contained to allow access to only authorized accounts, devices, and applications.
Integration with other platforms
The client email server inbuilt in devices is leveraged by MEM services to access corporate mail working along with different Operating Systems(OS) like windows, android and iOS to provide users with a native experience. Office 365 and exchange service on-premise is supported as well.OTA configurations for different users can be deployed after enrollment on the MDM console.
Exchange Active Sync
Exchange Active Sync’s main function is to sync corporate contacts, email addresses, calendars, and mail, among others. Exchange can be integrated with MDM services to enable more features such as:
- Messages cannot be shared between different accounts with restricted permissions.
- Blacklists and whitelists app to only provide access to company approved apps
- End-to-end encryption of mail with S/MIME certificates.