MDM stands for Mobile Device Management.
MDM Beyond Corp is a service that gives you the opportunity to register your BYOD device (Win10 and MacOS - in future also Android or iOS) with the device management of TX Group.
If you order a Beyond Corp device in ServiceNow, the service will be included automatically.
After ordering, you can register your device within a few minutes - further information on the procedure will be separately sent by email.
Also, you can have a look at this video, in which our Group CISO explains the concept of Beyond Corp and its significance for TX Group.
In this interview, the Group CIO talks about what exactly MDM is.
Data are collected to
- detect malicious activities like hacking attempts or malware
- give automated feedback to the user on how to increase their security
- measure the security maturity in the organization
TX Group is not surveilling personal user activities. The following data are collected:
MDM Data
- Device information (Firewall settings, UUID, Serial number, Password Policy, Account Policy, Encryption settings, machine name, user name)
- Installed applications (only for corporate owned devices, for byod just if applications from the Intelligent Hub are installed; e.g. Cybereason)
- Profiles
Access to the MDM is limited to the needed workplace engineers and security personnel.
Cybereason Data
The Cybereason Endpoint Detection and Response and eXtended Detection and Response platform differentiates malicious detections and normal detections. Detections that are considered normal are deleted after three months automatically. Malicious detections are deleted after one year.
The following types of information are collected by the Cybereason sensor
- Machine, User and Logon information
- IP Address, Domain and Network Interface information
- Services, Drivers, Scheduled Tasks and Autorun information
- Mount Points, File, File Hash information
- Processes, Modules and File Events
- Connections and Requests
- File Events and Registry Events
Access to the data is strictly limited to the TX Group personnel and the partnering Cybereason Security Operation Center.
If you order a Windows device in ServiceNow, the hardware is not fundamentally different, but the management of the device:
- On a Beyond Corp Windows device, the software offering is limited. The device is designed for working primarily with cloud-based software.
- A standard notebook is required if you depend on a business application for your work that is installed locally on the device.
For more information, check out this video of the Group CIO explaining the TX Group’s workplace strategy. Beyond Corp is an important key player in it.
If a device is regularly used for business purposes it must be registered with MDM Beyond Corp in accordance with the code of conduct.
In addition, it offers you many advantages:
- protect your device in case of loss of theft
- defend against malware and know threats in real time
- ensure the most important security settings are enabled
- automatic access to the most important public apps. This makes it ideal for you if you primarily work with cloud-based software.
- connect the device automatically with corporate WiFi (“TX” instead of “TX Guest”)
- VPN access with Pulse Secure
- the number of authentication steps required to use the various applications will decrease significantly
From a cyber security perspective, Beyond Corp is hugely important. It is solely about device security and not about monitoring employees, as the Group CISO describes in this short video.
Primarily for your protection, as this also prevents damage to the company. We try to retain as much freedom as possible, which is why "only" the MDM and the antivirus solution are mandatory.
With the MDM, the corporate antivirus solution Cybereason is installed. An antivirus needs access to files (therefore access to all files) and we protect private files with it as well.
All of these measures are set with the purpose to protect the security of the company and its working devices. It is not at all a matter of surveillance what the employees do with their devices. Watch here, what the Group CISO thinks about monitoring employees’ devices - which is not allowed by the code of conduct.
Generally, access to the MDM is exclusively for individual IT Workplace Admins and to Cybereason for the Security Admins as well as the Cybereason Security Operation Center. The antivirus does not collect the files themselves, but metadata, e.g. hash values, file names and also when, for example, a file reloads and executes something from the Internet. If the files are not classified as malware or hacking, the information is automatically deleted in Cybereason after 3 months. We do this only to prevent hacker attacks. We are not interested in your private data or what you do with your device.
But there is always a grey area. If your device is infected by a private activity e.g. with viruses, then we see such a thing of course. But we do not monitor you or your file contents.
You can also check out this video of an interview with our Group CISO. There, he explains in detail what kind of data is collected and what exactly happens with it.
Registering your device with Workspace ONE does not affect your existing admin rights. They will be taken over when you register. Especially if it is your personal device (BYOD), nothing changes for you.
If you use a COPE device provided by TX Group and have a professional reason why you need admin rights, you can order them separately.
Your Question was not answered?
Contact Support