In a perfectly secure world, IT would provide employees with a single type of mobile device, a customized operating system, proprietary applications, and absolutely unrootable hardware.
The closest we ever got to that state was the mass enterprise adoption of BlackBerry smartphones at the end of the last decade. It was a secure, fairly closed system with advanced enterprise management apps and a single point of contact for support. It also flamed out when employees revolted.
The bring-your-own-device (BYOD) uprising of recent years is, in large part, a response to the shackles IT placed on employees in the past. Workers are also customers, and want to be treated as such. Some of those customers have the authority to mandate change in the organization. So IT is left fulfilling requests from employees who prefer to use their personal devices at work.
From a security standpoint, it’s not ideal. Through adoption of some sensible policies — and a mobile device management (MDM) system to process them — it’s possible to address most of your security worries without greatly inconveniencing your users.
What to expect from MDM
There are certain baseline features you should expect from any reputable MDM system. Among those are:
- Pre-enrollment compliance checks: Clear hardware to your security standards before allowing it on your network.
- Remote inventory and logging: Know what your users have installed on their systems and how they are using them at all times.
- Blacklist and whitelist management: Choose which applications can be installed without violating compliance.
- Proactive notification: Know immediately when a device falls out of compliance.
- Remote wipes and locking: In the event of a compliance failure, device loss, or employee termination, a remote admin should be able to erase sensitive data and applications or lock a device from network resources.
While the above list is far from comprehensive, it gives an idea of the kinds of tools MDM makes available, and the peace of mind those tools provide.
Questions to ask when considering MDM
There are hundreds of MDM vendors on the market, and dozens of them have legitimate potential. To shortlist your search, ask yourself the following questions:
What mobile platforms am I supporting? The majority of MDM providers support iOS, Android, and BlackBerry. Some also support Windows Phone 8. As Windows 8 gains momentum, it’s likely that the number of vendors supporting it will grow. If Windows-based phones or tablets will be a part of your strategy in the next 12 to 24 months, do the smart thing and focus on vendors who support the system now.
What management services do I already use? BYOD is a big issue for the enterprise and many vendors want to claim a piece of the MDM market. If you already use a centralized management tool for your virtual and physical devices, ask your rep about MDM extensions. In some cases, the vendor will offer a native tool. In others cases, they may suggest a partner. You can certainly work with other parties. Look for a solution requiring limited training and at a relatively low price point.
How far should I go? Some MDM systems use secure, proprietary mobile apps for mail, calendaring, and other office-essential business functions. These solutions provide a consistent interface across mobile OS platforms. They allow you to lock down your system in a number of different ways. But at some point, your users will resent your meddling, and you might have another revolt on your hands.