MCPc Blog

8 Questions for Your Mobile Device Management (MDM) Strategy

 Email Article  

Tweet  

  

As mobile devices (smartphones and tablets) become more prominent among consumers, they also continue to infiltrate the workforce, whether company-sanctioned or not. If employees aren’t already asking for access to company email and applications on their personal devices—or simply trying to gain access on their own—they soon will.

Many clients I speak with are using some native Microsoft controls, paired with Exchange ActiveSync (EAS), for mobile device management. While EAS provides controlled, mobile access to email, calendars and other critical applications, it alone is not sufficient in providing a complete mobile device management (MDM) program.

MDM tools offer additional controls to complement EAS, but how do you know what you need, and the best way to continually manage your environment?

To provide end users with the flexibility they demand, while maintaining the security and control that the company requires, consider the following questions when developing your mobile device management strategy.

1. How will you activate and enroll new devices?

One of the most difficult technical aspects of mobile device management is that with multiple devices and operating systems, compatibility with corporate applications becomes an issue. Outside of limiting the types of devices employees can use, this may require system testing, or limited applications employees can access.

You can efficiently sidestep this problem, however, by installing virtualization software on end-user devices. However, virtualization alone won’t provide the levels of security your organization likely requires.

By pairing virtualization with MDM, you can also monitor usage, and set additional security controls. For example, you can see where devices are located and where they have been, and be alerted if a device has been offline for an extended period of time.

2. Do you have an end-user segmentation process?

As you would when developing images for PCs, segment your end users based on their job functions, mobility, application usage, and other company-defined criteria. Then, use these roles to determine which groups need what level of access to various applications.

MDM software allows IT managers to set specific controls and restrictions based on end-user segmentation. For example, you may want to provide a wide-open device for executives, while limiting access of lower-level employees.

3. How will you manage configuration profiles?

Additional controls provided by MDM tools enable you to set specific, granular controls for added layers of security. For example, there is some concern that Android versions under V 3.0 are insecure. To keep questionable devices out, but allow other Androids in, you can set a rule that Androids can access the network, only if they are running V 3.0 or higher.

You can also limit user functionality. For example, screenshot functionality on an iPhone can be disabled when viewing company data. And, those in the healthcare industry can set specific rules for devices that have accessed electronic medical records (EMRs) to stay compliant with HIPAA.

4. What corporate services will you manage and support?

Some companies only allow email access on mobile devices, while others enable the use of nearly any corporate applications that employees can access on their main work machines. The access you provide will depend on the nature of your business, the level of mobility in your workforce and the demands of your staff.

5. What applications and services will you restrict?

There is concern about unsecure applications that employees may download to their mobile devices, which may then adversely affect other devices that access the network. If there is a service that you don’t want end users to access, you can set MDM controls to disallow it. Any device that has a “blacklisted” application installed cannot access corporate data, until the application is removed.

6. How will we control costs?

After setting preliminary budgets, and determining whether your organization will operate on a BYO or stipend model, MDM tools can help manage your mobile device spend, and alert you to inefficient data plans within your network. Reports that show how much cellular data employees have used, roaming levels, variations in access by day and more can help you understand and control costs, and update plans to ensure efficiency in spend.

In addition, there are typically cost savings from fewer lost devices, as employees tend to take greater care of devices that they own, or that house their personal information, pictures, files, music and more.

7. What actions will you take when a device is lost or stolen, or a password is forgotten?

MDM software offers remote wipe functionality, which can be activated at any time if a device is lost or stolen. When virtualization is used for all corporate data access, this drastic measure may not be needed.

8. How will you roll out changes and upgrades?

Smartphones need patches, just like any other like endpoint. It’s important to develop a runbook that will ensure all corporate-accessible devices are up-to-date, and therefore, less vulnerable.

Conclusion

At the end of the day, to have a truly secure and well-managed mobile environment, you need to have a plan in place. It’s important to look at MDM as a managed service, similar to network monitoring or data center management; it requires consistent review, monitoring, reporting and upkeep to maintain control.

Mobile devices are endpoints. They must be imaged, and they must be secure. It’s imperative to answer the above questions early, develop a plan, and put a team together that will execute it—from onboarding and rollout, to regular monitoring, throughout the entire device lifecycle.

Your Thoughts?

How do you manage mobile devices? Please share your tips in the comments below.

Ira Grossman, VP, Personal Systems Group, has more than 15 years of technology project management experience and is an expert in lifecycle management and mobile device management for the enterprise, including the iPad. Connect with Ira on LinkedIn.

Stay Connected with MCPc: Subscribe to the blog; follow us on Twitter, Facebook or LinkedIn. 

Image credit: Salvatore Vuono / FreeDigitalPhotos.net