Mobile devices are quickly becoming a staple of the professional world, and the value they add isn’t hard to identify: enhanced productivity, anytime access to corporate resources and systems, real-time collaboration, etc. But as personal smartphones, tablets, PDAs, and laptops infiltrate the workplace, they also bring new uncertainties for which many businesses are still unprepared. According to a recent study by Spiceworks, 98 percent of IT professionals are worried about the impact of mobile devices on the workplace, and yet less than half plan to use a central management solution for security and control.1
Mobile device management (MDM) or BYOD software helps businesses extend productivity to personal devices without compromising corporate security. This guide will simplify the buying process for IT leaders by outlining common software features, industry trends, and a case study of a leading mobile device management software solution.
The “bring-your-own-device” (BYOD) phenomenon has affected businesses of every size and in every industry. As employees increasingly use their own smartphones and tablets to manage both professional and personal tasks (roughly 84 percent do), many employers are seeking ways to leverage mobile technology for growth. In a recent Forrester study, 64 percent of European and North American companies said “providing more mobility support for employees” would be a top priority in the coming years.2 In the same study, IT decision-makers also identified some of their biggest concerns with BYOD software:
Mobile device management software can alleviate many of these concerns by standardizing security measures, giving IT departments better control and visibility, and extending access to corporate content and applications. During your selection process, you may also see MDM referred to as enterprise mobility management (EMM). Functionally speaking, the two are near-synonymous, although EMM usually refers more to the larger methodology of controlling mobile devices in a business environment.
Most MDM software solutions are built around two main components: a server component (which sends configuration and security protocols from an administrative control center) and a client component (which receives the protocols, once installed on the mobile device).3 Some systems are built exclusively for mobile OS management (OS compatibility will vary according to vendor), but some MDM systems include other devices not owned by the company, from laptops to PDAs and even desktop computers.
There are primarily two ways to package a solution:
Most MDM software solutions will address some or all of the following features:
MDM security measures help protect corporate networks from unwanted access by blocking foreign devices and providing gated access to employees. This usually entails role-based permissions and WiFi/VPN management. At the device level, IT managers can enforce passcode and encryption policies, distribute native malware protection and/or web filtering tools, and use audit reports to check for rooted or jailbroken devices.
Mobile applications can bring added productivity to business processes, but they’re also susceptible to exploitation. Application management features give IT control over which apps employees can download and which are blacklisted. In addition to basic filtering, application management can support enterprise purchasing and over-the-air distribution of business apps to all employees or to specific groups.
Mobile email management provides access to a corporate email infrastructure either through a secure gateway configured on the client component or through a containerized solution. This lets administrators block access by revoking certificates when a device doesn’t meet minimum security standards — for instance, if the device has no encryption or has been lost or stolen. Email management tools can also protect corporate documents attached to emails by restricting access to an approved application.
Some MDM solutions offer built-in messaging platforms that let company users exchange secure messages and files. These chat services are similar to instant messaging platforms (availability status, profile pictures, message threads, corporate directories), but the messages are encrypted during transmission and devices are authenticated according to corporate standards. Some platforms also enable managers/administrators to send push notifications to specific devices.
Lost or stolen employee devices represent one of the biggest mobile security threats, since an unauthorized user can then gain access to company files and back-office systems. Instead of leaving the door open for theft, administrators can use remote management tools to erase data or lock the device. More advanced systems can also track device location and may give the option of clearing only company data (vs. all data on the device).
As new technology permits, many businesses are moving away from device-level management and instead using secure applications with single sign-on (SSO) authentication to manage mobile security. Some of these applications are custom-built and distributed through client/server certificates, while others are commercial apps safeguarded by a proxy of some kind. Part of the reason for this movement is greater sensitivity to employee privacy; most businesses don’t want to maintain control over an employee’s personal files, hardware, and browsing data unless they absolutely have to. In our recent study on Data Monitoring and Employee Privacy, we found that 64.3 percent of employees are uncomfortable with having their cell phones monitored.4
In the past, some companies have tried to sidestep the BYOD dilemma by providing employees with company-owned devices, which are, of course, subject to control and monitoring by the IT department. But many employees — especially those who work outside of a traditional office — have strong preferences about the technology they use and may already have their own smartphone, tablet, etc. Research firm Gartner predicts that 38 percent of employers will stop providing company devices by next year, and by 2017, half of all companies will expect employees to supply their own mobile devices for work.5
Another trend that will have significant impact on MDM technology in coming years is containerization. Essentially, containerization allows enterprises to secure corporate data, communications, and apps in a partitioned, encrypted area of the device, rather than controlling the entire device itself. Some analysts have warned that “the end is in sight” for traditional MDM,6 and smart vendors will divert their efforts toward building containers. Others argue that containerization can’t offer the robust security of traditional MDM because of its inherent vulnerability to rooting and jailbreaking.7 Whether or not it subsumes device management, containerization will play a significant role in the future of mobile security, and by extension, MDM platforms.
Company: Graham Construction8
Graham Construction is a North American construction firm with over 1,300 employees and a large client network of companies, owner-occupants, and public organizations. They deliver solutions of varying scale, from renovations to design-and-builds, financing, and post-construction services. One of Graham’s biggest challenges has been managing workplace technology with a small IT department and finding ways to increase employee productivity.
Infrastructure Architect Glenn Coulman decided to launch an initiative to replace company Blackberries with higher-functioning devices, and he needed to maintain control in a way that wouldn’t exhaust resources. Instead of upgrading to Blackberry Enterprise Server (BES) 5, Coulman and his team scoured the market for an MDM solution and settled on AirWatch by VMware. They selected modules for device management, application management, content management, email management, and browsing management.
Graham Construction made an initial release of 700 iOS devices on the AirWatch platform to test the waters. “During implementation,” Coulman said, “we found there was much more functionality available for us.” After the initial deployment, Graham continued replacing their company Blackberries at a rate of 100 per month. They also began using AirWatch’s Content Locker to distribute digital copies of corporate documents, replacing many of their paper-based communications. “These solutions have been instrumental in evolving our mobility strategy well beyond our initial expectation,” Coulman said.
At TechnologyAdvice, our goal is to connect businesses with the technology that best meets their needs. We’ve compiled product information, reviews, case studies, features lists, video walkthroughs, and research articles on hundreds of leading IT solutions, all to make the buying process more straightforward for decision makers like you.
If you’re curious about any of the MDM solutions listed in this guide, we’d love to talk to you. Call one of our experts for a free consultation, or use the Product Selection Tool on our site to get a personalized recommendation based on your industry and desired features.
Our team of experts is ready to help! 877.702.2082