The days of a tightly managed corporate fleet of desktop PCs with a handful of mobile phones and notebooks are long gone, and with them the simplicity of managed, locked-down images and controlled devices. Today's IT environment is very different: flexible, mobile workers carry notebooks everywhere, while smartphones and tablets are changing the way companies provide hardware to users.
It's a big problem. Users are finding new ways to work, and if you don't support them they'll find a way around any blockages — increasing your risk profile and putting your business in danger of damaging data loss. But despite the seeming chaos, it's possible to remain very much under control, and still give your users the freedom they want. Mobile Device Management (MDM) applications have become an essential part of any systems management suite, giving IT administrators the tools they need to control a wide range of devices — from Windows notebooks to Android and iOS smartphones. No matter what the size of business you're running, there's a MDM tool to suit your organisation.
MDM for SMEs
Smaller businesses will find cloud-hosted management tooling a quick way to handle Bring Your Own Device (BYOD) scenarios, especially where users need to connect to managed corporate resources. Cloud mail services can use technologies like Microsoft's Exchange ActiveSync (EAS) to push policies to devices, and to ensure that devices are in compliance before users can download mail. With EAS support built into all the main mobile operating systems, it's a quick and easy way of rolling out basic device management policies — controlling access to mail, setting password rules, managing device capabilities and implementing hardware storage encryption.
"Users will need to be fully informed of just how their devices are being controlled — especially if they are using their own devices in a BYOD programme."
More traditional management tooling is available in the cloud, too. Using Software as a Service (SaaS) models, management tools can be used on a subscription basis, with a per-user, per-month charging plan letting you simply treat MDM as an operational expense. Cloud-based MDM tooling can be combined with private app stores, giving you more control over the apps your users install — as well as letting you use site licenses with BYOD devices.
Supporting the enterprise
Larger organisations will want to integrate MDM with existing systems management solutions. Device security will be a primary concern, as will ensuring that users are running the appropriate software packages. There's also an additional requirement: ensuring that support teams get access to live device information (and, where possible, screen-sharing and remote control), to help provide device-appropriate support. Enterprise MDM tools are also likely to give organisations control over device and software updates, including remotely configuring security certificates and VPNs.
Although MDM is a powerful tool, it's also important to be aware that users will need to be fully informed of just how their devices are being controlled — especially if they are using their own devices as part of a BYOD programme. For example, most MDM solutions will wipe devices fully when deprovisioning — which will cause users to lose their personal data, including photographs. However, some — including RIM's Mobile Fusion (when managing Blackberry devices with BlackBerry Balance support) — can keep work and personal data separate.
Approaches to Mobile Device Management
- Companies generally begin managing their mobile devices by using Microsoft's Exchange ActiveSync (EAS), which is supported by all of the main mobile OSs. With EAS, IT managers can control access to mail, set password rules, manage device capabilities and implement hardware storage encryption.
- Once the number of devices exceeds a few hundred, fully-featured MDM solutions are usually required. These have historically been on-premises deployments, but cloud-based SaaS solutions are becoming more popular as they offer easier scalability and lower capital costs.
- MDM products and services are available from established vendors with a range of backgrounds — security, infrastructure management and remote support, for example — as well as new, often cloud-focused, players.
- Areas covered by a fully-featured MDM solution include: mobile OS, app and content management; access to mobile network, Wi-Fi and GPS data; hardware provisioning and support; and device security, authentication and encryption.