Mobile management is evolving, says Staunton of B-Connected
We take mobility for granted. Most adults have a smart phone and a high proportion of workers also a tablet or laptop. Depending on the task in hand, and the screen size, many use two or even three devices daily. But no organisation can afford to take this mobility for granted. They are faced with important issues in managing the whole process. Anywhere, anytime working offers huge advantages to users and the business. But to be effective, the mobile devices have to connect back in some way to the corporate systems. That is where the risks begin.
Security is the principal concern and there are certainly real risks. But there are also issues to do with what access or functionality the enterprise wants to give all of its mobile devices users or specific individuals and their roles. Essentially, we are talking about control. That is why the whole field has moved on, both in our understanding and experience and in the technology that gives the organisation the levels of control that it requires. It is epitomised by the term we now use — Enterprise Mobility Management [EMM] — as opposed to Mobile Device Management [MDM] which is most certainly still there but really only a part of the overall solution. EMM is about enabling rather than constraining.
The sheer pace of adoption of mobile technology in business has been very rapid precisely because it is enormously valuable. So MDM as a market category of products and services is just about five or six years old in the form we recognise today, with smart software like AirWatch by VMware, for example. B-Connected and a few other specialists have been in this field since the early days of Blackberry.
Many organisations today are finally recognising that their mobile devices are effectively network endpoints and need coherent management. That starts with what the enterprise wants to achieve, its concerns and what it wants to enable its mobile users to do. That last question is the key one and the tricky one. Because it is quite likely that the enterprise wants to give its users a wide range of functionality, but selectively. Some activities are universal, some are restricted to particular classes of employees or to particular staff only.
“The term we now use is Enterprise Mobility Management, as opposed to Mobile Device Management which is most certainly still there but really only a part of the overall solution. EMM is about enabling rather than constraining”
So ‘mobile’ is no longer a good enough specification because any user base will have a range of possible applications and permissions. There are management implications for email, applications and apps, content management, data access permissions and synchronisation of data.
In a larger organisation, almost every activity will have some users who should be mobile-enabled. That certainly means that no one device or type of device will suit everyone. So whether you are dealing with employer-supplied devices or BYOD, simple uniformity is not going to be a feasible technical answer.
Security pervades everything, but in general the way EMM manages the range of requirements is by controlling the corporate functionality that the device or the user can access. That is fully controllable where a class of user is issued with a pre-configured company device. Commonly this will be for clearly defined repetitive tasks, say in van delivery or equipment servicing.
On the other hand, in field sales other considerations come into the picture — literally! Displaying products or information may be a part of the job, for example, suggesting a tablet solution. Our job as experts is to help the client align the various devices and their capabilities with the security policies and technologies as well as the business rules of the organisation. It is about enterprise integration of all ICT for maximum business enablement of mobile.
One major line of approach is that you take all of the traffic in by VPN or APN from the devices and then subject it to the systems you have in place in-house for access permission, filtering, anti-malware, traffic analysis or whatever. AirWatch by VMware is effective and comprehensive in this area and it opens up the widest range of device choice for employees or the organisation.
Another growing approach is containerisation, segregating the corporate functionality and any data on the device from everything else. The user has a separate, encrypted business section of the device. There are several successful technologies in this area — Samsung even offers it natively on the device with its separate Knox workspace that will also form part of the upcoming Android 5.0 release. It can also be done with virtualisation and even virtual desktop solutions.
Mobile ICT is already established as one of the most significant developments across society, much less technology. The inexorable trend is towards everything, everywhere, all the time. Enabling that securely from organisation to employee user is the daily challenge for business that we have made our business.
Glenn Staunton is director of B-Connected.