In: Computer Science
A Corporation with a BYOD policy is very concerned about issues that may arise from data ownership. The corporation is investigating a new MDM solution and has gathered the following requirements as part of the requirements Gathering phase:
each device must be issued a secure token of trust from the corporate pki
all corporate applications and local that I must be able to be deleted from essential console
cloud storage and backup application must be restricted from the device
devices must be on the latest OS version within three weeks of an OS release
Which of the following should be preachers in the new MDM solution to meet these requirements? Select 2
Application based containerization
Enforced full device encryption
mandatory acceptance of scep system
sideloaded application prevention
biometric requirement to unlock device
over the air update restriction
May this helps you...
Since, a Corporation with a BYOD policy is very concerned about issues that may arise from data ownership, It should opt for a specific MDM solution that apt for the corporation to maintain it's security measures among their products.
Taking in consideration with the MDM solution i.e, Mobile Device Management, which mainly foucuses on the administration of mobile devices, such as smartphones, tablet computers and laptops, out of all the above parameters, enforced full device encryption and mandatory acceptance of scep system should be taken care off.
Before getting further behind the reason for opting these two options, first, let's talk about BYOD policy:
Bring your own device, BYOD, is the evolving trend of employees
using their personal devices for work purposes. The device
mentioned here might be a laptop, smartphone, tablet, portable disk
drive or any consumer piece of data technology.
Companies may utilize BYOD or a subset of the trend, like BYOC, or
bring your own computer. Whatever level of consumer technology a
corporation allows within its greater IT infrastructure, an
equivalent benefits and risks apply.
Now, if we talk about the two prechers in the new MDM solutions, the first one is, enforced full device encryption.
Enforced Encryption allows IT Administrators to increase their
Device Control policy and confirm all confidential data transferred
to USB storage devices is automatically encrypted. The solution are
often used on both macOS and Windows computers.
The Enforced Encryption functionality is enabled from Device
Control, by assigning the “Allow Access if device is Trusted Device
Level 1+” right to USB Storage Devices, - on Global/Group/Computer
or User level. As soon because the user connects their USB device
to their computer where the Endpoint Protector client is installed,
the encryption application called EasyLock are going to be
automatically pushed onto the device, prompting the user to define
a password for the application.
After the EasyLock application has been successfully installed on
the USB, the user can copy files from their computer inside the
encrypted container of the device, this manner ensuring those files
are safe and not accessed by any other person that might get a hold
of the USB drive, without knowing the password.
Using the Enforced Encryption functionality gives the administrator
the possibility to centrally manage the encrypted devices, by
changing user's password, resetting the device, sending messages
etc.
Compared to FileVault or BitLocker, the EasyLock encryption
application is cross-platform, - so a user can encrypt files on a
Mac and decrypt them on a Windows machine.
And the other parameter is, mandatory acceptance of scep system,
it is an antivirus and anti-malware tool for Windows. With SCEP
you'll manage antimalware policies and Windows Firewall settings
for multiple computers located throughout your network. The
solution is used by many enterprises and educational institutions
to protect endpoints from online threats like malware.
SCEP comes integrated with the system management software Center
and offers a client for Windows, Mac, and Linux devices. You can
use Microsoft System Center Configuration Manager (SCCM) to manage
SCEP.