By Pedro Pereira, Field Technologies magazine
MDM (mobile device management) solution choices multiply as personal devices flood corporate networks.
As companies grapple with the proliferation of smartphones and tablets used by employees within network firewalls, they are turning to MDM solutions to manage and secure the devices. But MDM approaches are so varied that they rival the number of devices and operating systems IT departments need to manage.
Users who bring personal mobile devices to the office choose them based on interface and applications, so security and adherence to corporate policies aren’t typically a priority, and that creates a serious challenge for IT departments. Even though the market looks as though it is about to be flooded with MDM solutions, as often happens with emerging technologies, one solution is very different from the next, offering a wide variety of capabilities and approaches. This gives IT managers plenty of choices, while at the same time making the choice harder.
IT departments, therefore, must carefully define their requirements and policies for mobile devices, and map them to the functionality of whichever MDM solution they choose, advises Marco Nielsen, director of services at Enterprise Mobile, now part of Intermec. “If mobile devices must adhere to particular corporate security policies, for example, looking only at solutions that provide the requisite capabilities will help narrow the field,” he says.
Complicating things further is guessing which mobile devices and operating systems will be around tomorrow. Already, the mobile landscape has changed dramatically as Apple’s iOS and Google’s Android largely displaced BlackBerry and Windows Mobile devices. “In 2007 BlackBerry, Windows Mobile, Symbian, and Palm OS together made up 100% of the mobile enterprise OS installed base,” says Ojas Rege, VP of products and marketing at MDM vendor MobileIron. “In a span of just four years, each of those operating systems was ‘end-of-lifed’ by its manufacturer.”
With several operating systems and a multitude of devices in use, setting management and security policies becomes a herculean task. Failure to secure and properly manage mobile devices, though, increases the potential for security breaches caused by smartphones and tablets. “The first step in mobile enterprise security is device control with the right tools,” says Troy Fulton, director of product marketing at life cycle management software vendor Tangoe. “You want to be able to remotely enforce your policies for the device.”
The Challenge Of Multiple OSs
With user preference dictating device choice, IT departments have to support multiple mobile platforms and, therefore, a wide spectrum of capabilities, functions, and applications. “There are dozens of decisions to be made around BlackBerry, iOS, Android, Windows 7, and other mobility platforms for smartphone handset and tablet form factors,” says Fulton.
As the platforms mature, management is bound to get easier, but in the meantime frequent updates keep IT managers and MDM developers on their toes. “One of the most difficult challenges IT faces is keeping up with different versions of all the mobile operating systems it must support,” Nielsen says.
And even if an IT department learns to handle the complicated patchwork of mobile systems and applications in use today, it may have to learn other systems, as Rege points out. “This means IT will have to handle constant change and uncertainty,” he says.
To get better control of mobile devices, IT departments can mitigate complexity by standardizing on a single OS, which in companies with BYOD (bring your own device) policies is practically impossible. But, if a company could manage to do so, picking an OS would depend on specific requirements, such as who controls upgrades. “For example, IT cannot control operating system upgrades on iOS or Android, but they can on Windows,” says Rege.
With the landscape changing as much as it already has, a transition from one OS to another may be necessary. Nielsen recommends weighing factors such as usability, application support, and manageability. Fulton says a transition must be managed deliberately and must address challenges such as data protection, preventing unauthorized use, data and voice carrier plan costs, and proper policy management for the new device.
With MDM, IT departments can set policies on usage and security that can ultimately prevent the cost of a security breach, for instance, especially during a transition from one OS to another, Fulton says. “A self-service portal is an excellent tool for provisioning, monitoring, and supporting employee devices without [or with minimal] involvement from IT.”
Rege says the challenge with migration is modifying policy structures, getting IT trained on the new platform, and porting apps. MDM helps by providing a single view into the old and new devices. “This makes retiring the old devices and configuring and registering the new devices very easy,” he explains.
Selecting An MDM Solution
As MDM solutions multiply in the market, IT departments have a difficult choice to make. Fulton recommends a solution with round-the-clock monitoring of the applications on the devices. Companies, he adds, also should establish a private app store through which they enforce application best practices.
Rege warns against simply relying on Microsoft’s ActiveSync, which syncs up different machines and provides basic security but is not an MDM solution. That’s why most IT shops are opting for third-party solutions, he says. “The only way to select a solution is the old-school way — do a head-to-head technical evaluation and ask for customer references.”
Nielsen says many MDM vendors have SaaS (Software as a Service) solutions that customers can evaluate in their environments. “I advise companies to take advantage of a test drive,” he says. “Proof-ofconcept installations could then be the next step to determine how an MDM system would interact with a company’s internal systems and infrastructure.”
Adapting To Mobile Deployment Change
The proliferation of mobile devices and the BYOD
movement have changed the rules of the game
for IT departments, which now have to contend
with managing and securing company-owned
machines as well employees' own devices. Mobile
deployments are no longer just about email, but a
much wider range of applications, notes Rege.
Fulton notes the risk equation has changed.
"When it comes to the world of mobility, it is
not a hacker seeking information. The biggest
risk may be a well-intentioned employee with an
unmanaged personal device," he says. Companies
should deploy scalable solutions that both manage
and secure, but that is just a start. "You need a
mobility management strategy that controls the
devices, their applications, provisioning, security,
policies, expense management, support, and device
retirement and replacement."
Nielsen says future mobile platforms may provide
separate virtual instances that allow segregation of
work and personal data, which would make things
easier on IT managers. In the meantime, he says IT
departments need to understand "the mobile space
is changing rapidly. IT needs to be flexible and
prepared to adapt to new solutions."