Mobile device management is still a challenge, says Kurmana of B-Connected
Every organisation now recognises that the mobile working we take for granted has to be properly managed. Whether employees bring their own devices or have them supplied, mobility enables anytime, anywhere working, which is possibly the most valuable single technology-enabled business advance in recent times. Depending on the task of the moment — and the screen size — some people may use a smart phone, tablet and laptop every day. Whether officially or not, those devices will be used for work. That is the context in which the employer has to take decisive action to ensure security and control.
But like all other kinds of electronic working, it needs to be managed in a secure way that protects the organisation’s data and any information it may hold or work with that belongs to or affects others, such as customer details. The common term is MDM or Mobile Device Management, and there are some very good solutions on the market. As specialists in this whole field, we have extensive experience and take a slightly different approach, which is becoming more widespread, placing the emphasis on the applications those mobile users need rather than on the devices.
Our term is Enterprise Mobility Management (EMM) which aims to bring together all aspects of remote working in an overall solution, and is the term favoured by Gartner. Since mobile or remote working of all kinds is now integral in any organisation it needs to be managed as well as every other element of the corporate ICT resources. In practice, because it is so directly individual in actual use, we believe it is valuable to approach it from the point of view of those end users and the applications they need.
There is a clear distinction between the applications and functionality that the organisation wishes to give to its staff on their devices and other personal or unofficial apps. Mobile Application Management (MAM) functionality is the key tool. Organisations use mobile applications in many new ways, such as deploying mobile points of sale, configuring sales kiosks, creating business intelligence and helping with everyday work related tasks. MAM allows distributing, securing, and tracking the organisation’s mobile applications.
Others need to be broadly controlled or regulated to ensure that there is no risk to the corporate resources. Since such a high proportion of the devices are owned by the users, the tools to accomplish this today are highly sophisticated and offer corporate security and adherence to policy with minimal intrusion on the rights of the device owner/users.
“As specialists in this whole field, we take a different approach, placing the emphasis on the applications rather than on the devices”
We work principally with AirWatch, the market leading MDM solution from VMware. Other well regarded MDM suites include MaaS360, from an IBM company, and MobileIron, also in the Gartner ‘Magic Quadrant’ top five. These cloud-based SaaS solutions have the essential characteristics of flexibility and reach to match the enormous mobile user base and potential range of apps. But similar functionality can be delivered in-house.
A mobile business user may have apps that are public or bought through an app store, apps that are extensions of the employers’ enterprise software or specially developed internal corporate apps.
In addition, the devices may be running different operating systems and have various limitation or capabilities depending on the specific device, for example, its OS or perhaps the display technology. All effective corporate EMM systems must support all of the multiple app types that might enter the picture as well as more sophisticated options such as virtual desktops.
This is one area where size does not matter. If there is corporate data, including email, on the device, or accessible through it, the organisation has to have protection. Where the employer provides the units a standard configuration can be set up very easily with plenty of freedom for the user to add personal apps and material according to agreed corporate policy. That would include, for example, remote wiping if the device was lost, stolen or believed to be compromised.
Another common necessity is to operate a blacklist of certain apps, typically online games, and that might apply with consent to BYOD employees. On a corporate subscription Netflix might be barred because of bandwidth and data storage consumption. MDM allows certain apps to be disabled or hidden if there are O/S restrictions. You can create compliance policies that detect when users install forbidden applications and the system can take actions to remedy the non-compliance status.
But for most enterprises looking to manage their mobile workforce and the applications they use the details of MDM really only arise when they set about implementing it. The tools available today will support almost any conceivable requirement. On the other hand, they are usually cloud-based and require some experience and technical expertise to set up and manage properly. Day to day control, on the other hand, can be from a single panel by a staff administrator with a modest level of training.
Patrick Kurmana is enterprise mobility management consultant with B-Connected