One of the significant technological trends in recent times has been the huge proliferation of mobile devices and apps into the workplace. From smartphones to Tablets to wireless add-on devices like sensors, scanners etc., mobility in enterprises has reached a critical mass and is all set to occupy a dominant position in the overall organizational setup. While enterprise mobility solutions bring myriad benefits to organizations in aiding transformation, boosting efficiency, increasing customer satisfaction and eventually leading to better margins and revenues; it also poses a range of serious challenges in terms of managing, monitoring, collaborating and securing an ever increasing pool of mobile devices and apps, loaded with sensitive data, which needs to be answered to optimize the benefits arising out of mobility. A few years back, enterprise mobility was predominantly occupied by Blackberry devices and a BlackBerry Enterprise Server (BES) was sufficient to manage and secure the environment. However, in recent times, consumerization of IT and Bring Your Own Device (BYOD) policy has led to entry of devices of all types and sizes making it impossible for the IT departments to manage and monitor it and posing a serious threat to the security of corporate data. Mobile Device Management or MDM can be one such solution that can prove to be an effective answer to most of the challenges arising while implementing mobility. Our cover story, this month, takes a detailed look at MDM and discusses why and how it could be a solution to various challenges faced by enterprises in their mobility adoption.
According to Gartner, Mobile device management (MDM) includes software that provides the following functions: software distribution, policy management, inventory management, security management and service management for smartphones and media tablets.
Mobile Device Management solutions can be deployed on-premise or as a cloud-based service. There are a few vendors who also offer MDM as managed service wherein routine updating and maintenance is outsourced to third parties. Most mobile device management solutions enable organizations to manage and provide end-to-end security to mobile devices, apps, network and data through single software whereas some MDM solutions also incorporate expense management to provide more elaborative coverage to the management of mobile devices.
Whether deployed as an on-premise server or as a cloud solution, a MDM lets you manage all the mobile devices deployed across your enterprise. Every device that has to be controlled and managed in your enterprise and hence enrolled into the MDM has to follow an authentication and provisioning process through which it is registered in the MDM directory. An authenticated and encrypted connection is then established between an enrolled mobile device and the MDM gateway server enabling all traffic to and from the device network to be redirected through it and the Gateway Server. A registered device can interact with the MDM server after it successfully authenticates itself. The device management server collects information about the smartphone or tablet and then sends the applicable settings and applications to it. MDM allows administrators to enable or disable any functionality of the device; decommission inactive devices, blacklist and whitelist applications or selectively wipe data from a device as per the mobile policy and the user cannot override it. It also supports remote location of any device and provides troubleshooting services to any device. The MDM also regularly checks and evaluates for newly published software package distribution.
Most of the MDM solutions offer customizable, on-click dashboards for administrators to get information on all the enrolled devices in the enterprise network.
Whether deployed as an on-premise server or as a cloud solution, a MDM lets you manage all the mobile devices deployed across your enterprise.
Configure: Configure device and application settings, restrictions etc., as per policy.
Provision: Facilitate automated and over-the-air user device registration and distributing configuration check and evaluate software package distribution.
Security: Secure devices, apps, and data by enforcing security measures like authentication and access policy, enable or disable device functionalities, blacklisting and whitelisting apps.
Support: Help users by remotely locating any device and providing troubleshooting services.
Monitor: Keep a track on device, app and data usage; check unauthorized user access; abnormal device behavior etc.
De-activate: Decommission lost or stolen devices; block user access, wipe out data from compromised devices.
The widespread proliferation of mobile devices and applications caused by consumerization of IT and the popularity of BYOD policy has enabled unprecedented mobility and data on the fingertips of employees while boosting productivity and efficiency of the organizations. However, while providing multiple benefits to enterprises and employees, mobility has also posed several challenges to the IT department. From selecting platforms to support within the network to dealing with loss or theft of devices to securing critical corporate data on thousands of devices; IT departments have a lot to consider. MDM software helps IT department in answering all these challenges by providing control over devices, applications and data flow. Administrators can monitor and control the apps installed on devices, keep a track on user behaviour, enforce security measures so as to create a secure mobile ecosystem within an organization. Moreover, MDM solutions also go a long way in optimizing the functionality of the mobile network in an enterprise as well as minimizing costs and reducing downtime. In other words, MDM paves the way for implementation of both device and platform agnostic security policy and supports enterprises in mitigating business risks by protecting data and information.
Enable sophisticated security mechanisms to prevent corporate data stored on devices from being leaked, stolen or compromised.
Ensures central control of registered mobile devices by providing real-time overview on each specific device via dashboard.
Safely manage & distribute recommended apps, blacklists risky apps.
Provides single, comprehensive infrastructure to manage devices and apps.
Minimizes total cost of ownership (TCO) with a scalable, dependable solution.
Meeting service level agreements (SLAs)
Adheringe to key compliance obligations like HIPAA, FISMA etc.
Implementing a standard mobile management & security policy.
Improvinge user experience and thereby sustaining worker’s productivity.
Reduces IT burden with self-service portal for employees.
Among organizations that have not yet deployed an MDM solution, 32% will deploy one in 2013 and additional 24% plan to deploy one in 2014
The leading factor (34%) cited for deploying an MDM solution was the potential for loss of intellectual property
Among respondents switching to a new MDM platform, 31% indicated that they would likely select a cloud-based solution. Of those, 55 percent said they would choose a private cloud solution for security reasons
The top three reasons cited for choosing a cloud MDM solution were
Simpler administration/maintenance (69%)
Predictable/reduced costs (39%)
Don’t want to use internal IT staff resources (21%)
Source: Osterman Research
When should you consider looking for a MDM solution? The answer depends on many factors including the type of devices being used in your enterprise to types of apps and the kind of data accessed through them. You may not require an MDM solution in case you provide your employees only BlackBerry or iOS devices or in case the devices don’t access any critical data. However, if you have a Bring Your Own Device (BYOD) mobility culture wherein employees bring their own devices or you approve multiple OS devices like iOS, BlackBerry, Android, Windows etc., then a MDM solution becomes a necessity to prevent your device and data from theft or being compromised. In addition, there are various other questions like- Does data and sessions need to be encrypted? What would be the business impact of a security breach? What and how much control do you wish to have on the devices and apps? In other words, a comprehensive assessment of your organizational risk profile with respect to mobile devices will answer your need for a MDM solution.
MDM vendors are somewhat limited in the control that their specific MDM solution can exercise on the APIs (Application Programming Interfaces) of the devices which means that while each MDM is different, the core functionalities and features remain same. MDM platforms may differ from each other in deployment choices-traditional in-premise versus cloud based, the platforms-iOS, Android, Windows etc., it supports, integration with security and service management platforms, telecom expense management and enterprise content management system etc.
The market for MDM solutions is competitive with many big players involved in it. According to Gartner research, the MDM market is dominated by a “big 5” group of vendors consisting of Good Technology (which alone accounts for 20% of the total market), SAP, AirWatch, MobileIron and Fiberlink Communications that controls about 60% of the market.
Deployment: MDMs can be deployed on-premise or as cloud-based service. On-premise installation would require in-house capability and resources for maintenance and trouble-shooting while cloud-based solution would make you completely reliable on vendor’s capability and services.
Costs: There are significant expenses involved in installing MDM solutions. While on-premise installation requires significant upfront costs with low recurring expenses, cloud-based solutions require low upfront expense but have high recurring expenses every year. Companies have to do a comprehensive cost-benefit analysis before opting for a MDM solution.
Adaptability: Every organization has its own set of niche requirements that a MDM solution must be able to address. Allowing sufficient customization and tweaking choices is a challenge for a specific MDM.
Choosing the right MDM platform becomes critical due to security implications and high costs involved. Here are a few key points to consider while choosing a MDM platform-
Mobile Policy: Your MDM platform should best cater to your mobile policy. Does it have sufficient functionalities to provide the level of security that your business needs? Does it support archiving of mobile content?
Security Mechanisms: Data security is an on-going process. Make sure that your MDM platform supports advanced data security measures.
Remote configuration & control: Your MDM platform should enable remote configuration, updating of OS and apps. Moreover, it should also provide you control through locking/wiping of devices in case of loss and theft.
Scalability: The types of platforms and devices it can support is also a key consideration while choosing an MDM. Does it offer flexibility to add more devices and platforms in future?
Compliance obligations: Your MDM platform must be able to help you in fulfilling compliance obligations related to data security, customer privacy etc., of the country.
Analytics: MDM solutions must provide real-time, comprehensive analytics on registered devices and apps.
Any good MDM must have following security features
Functionality to remotely lock/wipe device in case of loss or theft
Data loss prevention mechanisms
i. Device Management
Over the air configuration
Remote operating system and application updating
Remote control of devices
Real-time analytics on usage
ii. Application Management
Whitelisting and blacklisting of apps
Management of enterprise app stores
App security features
Remote data wipe of applications
Real-time analytics on apps downloaded, data accessed on registered devices
The massive proliferation of mobile devices and applications in enterprises has posed a serious threat to the IT department in securing critical corporate data. Moreover, with huge diversity in devices and multiple platforms, it has indeed become burdensome and resource-taxing for organizations to monitor and control devices, apps and their usage. Also, there is a regulatory requirement call for sufficient data protection mechanisms. In such a scenario, MDM solutions become a necessity for organizations to optimize their mobile initiatives and mitigate business risks associated with it. A centrally controlled and real-time monitored mobile environment will be the defining feature of most of the enterprises, in times to come.