No longer can an enterprise standardize on one type of mobile device. There are now multiple mobile device operating systems, and enterprises must get smart about managing and securing these varying mobile devices.
Learn how to create a comprehensive mobile device management strategy that includes managing multiple mobile operating systems.
In a January 2009 study of IT decision makers, Forrester Research found that the number of mobile devices that enterprises must manage and the difficulty of doing so continue to escalate. More than half of enterprises must now manage multiple mobile operating systems, and most are being pressured to incorporate employee-owned devices as well. Forrester expects that by 2012 there will be 397 million mobile workers, representing 73% of the enterprise workforce. Combine explosive growth and complexity with shrinking budgets, and something's got to give. As Forrester concluded, enterprises must "get smart about managing and securing mobile devices -- now." But how?
Establish a unified MDM strategy
For starters, enterprises should use business goals to sharpen their mobile device management (MDM) focus. MDM has long been a nebulous behemoth, encompassing a broad range of tasks, ranging from mobile asset inventory and provisioning to software distribution and security. Enterprises that try to do it all in one fell swoop are bound to struggle, but nibbling at bits without an overarching plan tends to yield segregated silos. A typical scenario: BES for BlackBerry provisioning, Exchange ActiveSync for Windows Mobile provisioning, a homegrown database for telephony asset inventory, and no process for employee-owned smartphones.
As mobility itself moves beyond wireless access to email, contacts and calendars, enterprises must reject this band-aid approach in favor of a top-down unified strategy. Take a hard look at business process and workforce mobilization plans, using them to create a comprehensive but prioritized set of MDM requirements. (To cover all the bases, refer to this mobile device management checklist.) Then define a phased implementation plan to meet your company's key requirements in an incremental building-block fashion.
For example, many enterprises consider security a top priority but cannot secure devices they do not own or recognize. Don't start with a goal like "password-protect all of our mobile devices." Begin with identifying all mobile devices used for business, including those that currently fly under your radar. Pull that inventory into a single dashboard and (virtual) data store that can be used by all other MDM tasks. This foundation will make it easier to carry out other tasks like defining suitable password policies for all affected devices, instead of repeatedly reinventing the wheel as you implement each mobile device management task.
A unified MDM strategy also fosters policy and tool reuse. Today's knowledge workers carry an increasingly diverse collection of mobile devices -- laptops, netbooks, smartphones, VoIP handsets -- that must be managed in concert to achieve business goals. Workers shouldn't have to deal with different identities and privileges on each mobile device, and many already demand consistent applications and synchronized data. A unified, platform-based approach to MDM makes it easier to push the same policies, applications and data to disparate devices -- including new devices your workers will start clamoring for next year.
Distribute the mobile device management workload
Near-term business mobility needs must be met while your long-term MDM strategy is being implemented. For many organizations, this will mean maintaining legacy "silo" MDM tools and processes for existing users and devices while channeling new users and devices through an emerging unified mobile device management approach. For example, verticals often use device-specific tools to manage purpose-built or ruggedized mobile devices but are likely to pursue an entirely different MDM approach when outfitting a growing population of knowledge workers with smartphones.
But how can already-busy organizations find the IT resources to implement their long-term MDM strategy? One possibility is to offload selected MDM tasks to a third party: a systems integrator, managed service provider, or wireless carrier. For small to midsized businesses, offloading MDM in its entirety may be a quick-and-easy path to enabling mobility. For larger enterprises, offloading MDM is more of a means to an end -- delegating tasks that can be better handled by a third party (permanently) or outsourcing tasks (temporarily) while processes and platforms are being established.
For example, large international enterprises typically need to establish cellular service contracts with many wireless carriers. In such cases, outsourcing MDM in its entirety to any individual carrier may seem impractical -- as does pursuing a different mobile device management approach on a per-carrier basis. However, carriers are well positioned to perform certain MDM tasks, notably asset inventory and activation. Enterprises might delegate just these MDM tasks to wireless carriers, feeding inventory records and activation notifications from each carrier into an in-house MDM responsible for provisioning and maintaining mobile business policies, applications and security measures. This "carrier bootstrap" division of responsibility could let enterprise IT focus on MDM platforms and processes for tasks where they can add the most value -- and reap the greatest benefits in the long term.
Alternatively, enterprises may prefer to partner with a systems integrator, using third-party legs (and brains) to implement their long-term MDM strategy. Risks and limitations associated with this approach are familiar. For example, systems integrators may be invested in specific MDM tool(s) and less able (or motivated) to reuse existing enterprise tools and processes. Furthermore, businesses are naturally reluctant to outsource development of systems with strategic importance -- MDM (should) fit this category. Here, clear goals and collaboration are essential. Choose an integrator with expertise in desired mobile device management tool(s), but define external systems integration and reuse expectations as part of the contract, and designate IT and LOB team members that your integrator can work with to understand and meet those requirements.
Finally, businesses of any size may engage a (non-carrier) managed MDM provider to meet part or all of their MDM needs. In some ways, this is similar to delegating selected tasks to a carrier -- but a pure-play managed MDM provider should be able to manage mobile devices that communicate over any wireless network (including your own WLAN). Managed services generally have rapid-activation and pay-as-you-go appeal, but over the long run, as workforces grow, those advantages tend to fade. However, enterprises should not discount managed MDM as part of a long-term strategy. For example, a managed MDM service can be used to quickly support exception cases (or employee-liable consumer devices) that don't fit into enterprise MDM systems and processes. It can even be handy to have a concrete per-device MDM price tag so that exceptions can be charged back to organizations (or to determine whether business value exceeds that cost).
Mobile device management services emerge
To illustrate how MDM delegation can work, consider the Managed Mobility Solutions announced this month by Verizon, Sybase and Quickcomm. These solutions are designed to support enterprise needs for mobile inventory and expense management, mobile device logistics (i.e., procurement), mobile device management (e.g., provisioning and software/policy distribution), and mobile security. Verizon delivers the first two managed services using Quickcomm's Telecom Expense Management (TEM) platform, and the latter uses Sybase's iAnywhere Afaria platform. A fifth service -- Application Management (i.e., enabling business process mobilization) -- will be delivered using Sybase's platform in 2010.
At first glance, this might seem like a monolithic service from a wireless carrier, but it is not. Sold by Verizon Wireless in the U.S. and Verizon Business globally, these services are explicitly designed to be carrier-agnostic and transport-independent. For example, customers establish their own contracts independently with each carrier (including Verizon). Contracted rates and terms from any carrier can then be imported into the solution's Quickcomm system to track orders and manage ongoing expenses.
Furthermore, customers need not purchase the full Managed Mobility Solutions package. For example, mobile inventory can be imported into Sybase not only from Quickcomm but from other sources, making it easier to manage/secure both corporate-liable and employee-liable devices. Of course, there are some dependencies: Mobile security requires MDM, and logistics requires inventory. Prices start at $4 per month per device per service, but according to Cliff Cibelli, director of global managed solutions for Verizon Business, large enterprises may average $10 per month per user.
Rob Veitch, senior director of business development at Sybase iAnywhere, expects Verizon's Managed Mobility Solutions to complement rather than compete with in-house enterprise MDM. "We expect to see managed service adoption increase, but in-house [deployments] won't necessarily decrease," Veitch said. "I see [Managed Mobility Solutions] appealing to new enterprise customers that are just getting into mobility or that have pockets of mobility but are now trying to make changes on a corporate or global scale."
In fact, Cibelli observed that some enterprises may deploy in-house platforms after using Managed Mobility Solutions to get workers and applications mobilized and establish processes. "Some customers tell us that they've got the platforms we're using, but they need help in deploying mobile applications," he said. To that end, Verizon Business also offers a range of consulting services, from developing mobile deployment strategies to performing mobile security assessments.
While this offering is just one example, it is likely to be the tip of a very large iceberg. Enterprises absolutely must find new ways to enable business mobility on a larger scale, in a more flexible and cost-effective fashion. Establishing a unified mobile device management strategy and considering opportunities to delegate and collaborate on MDM delivery can help your organization embark upon this essential transition.
About the author: Lisa Phifer is president and co-owner of Core Competence, a consulting firm focused on business use of emerging network and security technologies. At Core Competence, Lisa draws upon her 27 years of network design, implementation and testing experience to provide a range of services, from vulnerability assessment and product evaluation to user education and white paper development. She has advised companies large and small regarding the use of network technologies and security best practices to manage risk and meet business needs. Lisa teaches and writes extensively about a wide range of technologies, from wireless/mobile security and intrusion prevention to virtual private networking and network access control. She is also a site expert to SearchMobileComputing.com and SearchNetworking.com.
This was first published in October 2009