The rapid uptake in enterprise smartphones coupled with an exploding range of mobile device types is driving enterprises
to consider mobile device management software to manage and secure their mobile devices more effectively. Unfortunately, many organizations have depended almost entirely on the security of an all-BlackBerry environment, and are now being forced to develop management and support solutions that will address iPhones, Androids and possibly other platforms as well.
It is no surprise that the options for mobile devices are increasing both in terms of platforms and form factors. The tablet revolution means that the mobile OS could be present on a number of user devices. The key issue for IT departments will be how to best secure and manage tablet computers and other mobile devices so that organizations can capitalize on the productivity gains that mobility can provide.
BYOD: Bring your own device or demise?
Clearly the biggest shift in mobility has been the “Bring Your Own Device” or “BYOD” movement. In the traditional approach to enterprise mobility—what we call a corporate-liable approach—the company bought the device, paid for the service plan and operated the service environment. Most typically that was done using BlackBerry devices and a BlackBerry Enterprise Server (BES). Based on its security and manageability, BlackBerry became the de facto enterprise mobility solution for professional users, though there were managed solutions for Windows Mobile environments as well.
In response to user demands, some organizations are now allowing employees to use their own smartphones (i.e., individual-liable approach) to send and receive corporate emails, maintain business contacts, manage their calendars and possibly access other corporate applications. It is difficult to get a clear picture of how prevalent the BYOD approach has become. According to the Aberdeen Group, nearly three quarters of companies allow employee-owned smartphones and/or tablets to be used at work. One quarter of companies give employees a list of allowed devices, and almost 46% let employees bring in any device. Some 28% of companies do not support employee-owned devices.
When you peel the onion back another layer, however, the picture becomes clearer. Government organizations and those in regulated industries are the least likely to support BYOD. While there are some exceptions, large organizations seem to be less likely to endorse BYOD policies. As you move to smaller organizations, the prevalence of individual-liable devices increases. Unfortunately what that means is those smaller companies will have the greatest need for mobile device management software, but they are typically the ones least likely to invest in it.
Reduced cost and increased employee satisfaction are the most frequently cited reasons to support BYOD. There’s no doubt that letting users have the device they want will make them happier, but the cost issue is a little harder to substantiate. One approach is to simply give the employee a fixed stipend based on his or her job level, so “savings” means dumping part of the cost off on the employee. Reduced support costs are also cited, but if you think “sink or swim” is a reasonable approach to user support, I guess you can replace your help desk with an answering machine. Unfortunately, having users spending their time figuring out problems on their computing devices is probably not a good use of their time.
It is clear that IT departments in larger organizations are feeling increased pressure from their users to widen the range of mobile devices they support. As the BlackBerry BES solution supports BlackBerry devices exclusively, providing that same level of management and security for non-BlackBerry (or more typically a mix of BlackBerry and non-BlackBerry devices) calls for a mobile device management system. These larger companies that are moving to a mix of mobile devices are the most promising segment for the mobile device management platforms.
Mobile device management overload
At the outset it’s important to note that mobile security embodies a number of separate issues and vulnerabilities. Typically the biggest concern is losing control of sensitive corporate data that is on a device that is lost, stolen or in the possession of someone who leaves the company. However, there are also issues with regard to protecting information in transit, contact numbers, compromised applications and the potential for introducing viruses and malware.
With regard to protection of data on the device, the key elements are mobile device policy enforcement and remote wipe. Policy enforcement allows a network manager to specify such requirements as a strong power-on password protection and on-device encryption. Remote wipe would come into play when a device is lost, stolen or when employees using their own devices leave the company. These core capabilities existed in the BlackBerry BES environment and are standard across mobile device management systems today.
Beyond the requirements to protect data on the device, there is also the need to secure data in transit. Again this is standard in a BES environment, and is typically a capability in MDM software solutions. If data in transit is the core concern, solutions focused primarily on security like those from Good Technologies or NetMotion Wireless’ Mobility XE might fit the bill.
The other major area of concern is mobile application security. While there have been concerns regarding mobile viruses and malware, much of that has been quashed by the closed models for software distribution used by BlackBerry, Apple, and now Microsoft with its Windows Phone 7.
Things are not quite as peaceful in Android land, as Google recently had to withdraw more than 50 mobile apps containing a hidden Android Trojan. The opt-in model of software upgrades where the user must accept an application before it loads on the device can make software management more challenging. MDM software systems can allow network managers to whitelist or blacklist applications and can also restrict access if the latest version is not installed or if the policy settings are not correct.
While security is the issue that typically draws users to consider MDM systems, they quickly find that there are a lot of other functions available as well. The MDM server will maintain an inventory of devices with the phone numbers, IMEI’s, carriers and other pertinent details.
For troubleshooting, some solutions provide WebEx-like access to the device for remote fixes. There is also a range of troubleshooting tools that allow a help desk technician to remotely view the device setting (e.g., Wi-Fi and email configurations), battery level, available memory and software versions. Some even allow the tech to switch on the device’s ringer remotely so you can call it to find where it is.
With the move to greater choice in mobile devices, organizations have to look past their exclusive BlackBerry environments and incorporate tools that allow them to manage these heterogeneous environments. As BlackBerry will still be the preferred device for some portion of the population, BlackBerry support is typically included, and those BlackBerry devices can be managed through the same console as the iPhones, Androids and other devices.
Variety may be the spice of life, but enterprises will need tools to ensure that heartburn is not the result.
Part 2: What to look for in mobile device management systems
About the author:Michael Finneran is an independent consultant and industry analyst who specializes in wireless technologies, mobile unified communications and fixed-mobile convergence. With more than 30 years in the networking field and a broad range of experience, Finneran is a widely recognized expert in the field. He is the author of Voice Over Wireless LANs -- The Complete Guide (Elsevier, 2008). His expertise spans the full range of wireless technologies, including Wi-Fi, 3G/4G cellular, WiMAX and RFID.