2.8 Given a scenario, apply common methods for securing mobile devices.
📘CompTIA A+ Core 2 (220-1202)
When securing mobile devices like smartphones, tablets, and laptops, organizations use policies and procedures to make sure devices and data stay safe. This is an important part of CompTIA A+ Objective 2.8. Here’s what you need to know:
1. Mobile Device Management (MDM)
Definition:
MDM is software used by an organization to manage, monitor, and secure employees’ mobile devices.
Why it’s important:
Without MDM, devices can become a weak point in security. If someone loses a device or installs unsafe apps, company data could be at risk.
Key features of MDM:
- Device Enrollment: Add new devices to the system so they can be monitored.
- Security Enforcement: Enforce PIN codes, password policies, or encryption.
- App Management: Approve or block apps to prevent malware.
- Remote Wipe: If a device is lost or stolen, MDM can erase all data remotely.
- Updates and Patches: Ensure devices always have the latest security updates.
Example in IT environment:
A company issues tablets to employees. Using MDM, the IT team can make sure each tablet requires a strong password, has antivirus installed, and can be wiped if it’s stolen.
2. BYOD vs. Corporate-Owned Devices
Organizations need to decide who owns the device and how it’s managed.
a) BYOD (Bring Your Own Device):
- Employees use their personal devices for work.
- Pros: Employees are familiar with the device; no cost to company.
- Cons: Harder to secure; personal apps may conflict with security policies.
Security Considerations for BYOD:
- Use MDM or containerization to separate personal and work data.
- Require strong passwords, device encryption, and regular updates.
- Remote wipe may be limited to just company data (not personal photos or apps).
b) Corporate-Owned Devices:
- Company provides and owns the devices.
- Pros: Easier to enforce policies; full control over security.
- Cons: Higher cost; employees may be less comfortable if they can’t install personal apps.
Example in IT environment:
- Corporate smartphones can have apps blocked that aren’t approved.
- BYOD smartphones may require a separate “work profile” managed by MDM to secure company emails and files.
3. Profile Security Requirements
A profile is the set of rules and settings applied to a device to keep it secure. Profiles are often configured through MDM.
Common security requirements in profiles:
- Passwords/PINs: Require a strong password or PIN to unlock the device.
- Encryption: Encrypt storage so data is protected if the device is lost.
- Lock Screen Timeout: Automatically lock the device after a short period of inactivity.
- App Restrictions: Limit which apps can be installed or run.
- Network Security: Require VPN or Wi-Fi authentication to connect to company networks.
- Updates: Force automatic OS and app updates for security patches.
Example in IT environment:
- An employee’s tablet has a profile that forces a 6-character password, locks after 5 minutes of inactivity, and encrypts all files. Even if the tablet is lost, the data remains safe.
Key Takeaways for the Exam
- MDM is used to manage and secure mobile devices remotely.
- BYOD devices are personally owned, corporate-owned devices are owned by the company — security policies differ for each.
- Profile security requirements enforce specific rules like passwords, encryption, app restrictions, and updates.
- Understanding the differences and how these are applied helps prevent data breaches and protect sensitive information.
✅ Exam Tip:
If a question asks which solution lets IT enforce security settings, block apps, and remotely wipe devices, the answer is MDM.
If it asks about securing employee-owned devices, think BYOD with work profiles.
