This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.
What You Need to Know About MDM to Improve Device Security
When it comes to managing mobile devices for a large enterprise, IT’s hands are full with various tasks and challenges. Ordering from multiple carriers, locking lost or broken devices, changing services, negotiating pricing, accommodating international travelers, tracking minimum revenue commitments … the list goes on. Whether it’s cellphones, tablets, or hot spots, managing these devices in a large organization can be a full-time job in and of itself.
So, how does IT teams wrap their head around the depth and width of responsible mobile device management? I’ll break down the topic into bite-size pieces in a three-part series. This month, we will discuss the benefits of mobile-device-management (MDM) apps. Next month, we will discuss the pros and cons of bring your own device (BYOD) vs. company-provided devices. And finally, we will wrap up with a discussion on the finer points of these operations, such as procurement, finance, audits, and staffing.
First, from a security perspective, policies and procedures are needed. Here’s an example of each and of a security feature:
- A policy might limit the telecom department as the only department that can place orders or make changes to a mobile device account.
- A procedure might be that end users must open a help desk ticket with the telecom team to make a change to a mobile device.
- A security feature can be the length of a password or requiring that the password be reset within X many days/months.
The business and IT leadership should agree upon policies and procedures to ensure smooth support and operations, and these should be periodically reviewed and updated to change with business requirements and technology evolution. But security needs enforcement, and that is where MDM becomes essential.
What is MDM and Why Do Enterprises Need It?
But do all organizations need MDM software? In short, the answer is yes, as Sandra Richardson, a telecom manager who specializes in mobile devices for a Fortune 500 company, shared in an interview. Regardless if an enterprise is currently rolling out devices to their users or already managing 1,000s of devices, MDM can be a useful tool, “especially when security is a concern,” Richardson explained.
With MDM software, IT staff can responsibly manage a company’s tablets, laptops, and cellular devices by applying enterprise-grade security policies with the primary goal of protecting company data. Solutions range from very basic to robust, and costs vary just as much, so it’s important to define your requirements. You should consider things like wiping devices remotely, lock phones when they are lost, resetting devices when repurposing, no-touch setup, troubleshooting, and software deployment. If your user base typically only makes and receives calls, a vanilla MDM solution can meet your requirements. But if your company devices manage email, CRM software, or any confidential information, your devices need a firewall — that’s what the right MDM software can offer.
One critical function of a robust MDM is it needs to act as a firewall between personal apps and company information. At a minimum, the content of company work performed on a mobile device should be considered confidential. It’s a good idea to contact your governance department and perhaps your legal department about what might be classified as confidential, sensitive, or beyond. It’s imperative to understand the ramifications of a device that hosts business content and services while also hosting personal applications. It’s not uncommon for installed applications to have access to other things on a device. How often have you installed an app that requested permissions to phone calls, contacts, calendar, photos, or even other apps? As IT managers, we can’t depend on the discretion of our end users to grant or deny an application’s access to content on a device.
Additionally, end-user license agreements (EULAs) generally contain language that allows the app maker to change the terms of the EULA without consent. I think it’s important to understand that this barrier, this firewall, this MDM software is critical from a security perspective, whether employees have a company-provided phone or use a personal phone for company business.
MDM software can require that mobile devices have security measures enabled, such as facial recognition or a PIN. The admin can also make it so that the user can’t disable this feature.
MDM is More Than Security
However, many MDM solutions bring more to the table. Do you need to remotely push software to mobile devices on a regular basis? Would you like to save an hour or two setting up each new phone? Registration, setup wizard, personnel assignment, and software installation all require time if done manually. An MDM solution can automate all of this providing out-of-the-box, no IT touch setup.
MDM software can provide high-level or detailed reports that managers enjoy, such as who (or how many) users travel internationally, who uses data over XX Gigs, who uses (or doesn’t use) the company software on the mobile device. If you find that 20% of your users never open a certain company-provided app on their mobile devices, you might be able to reduce your mobile SaaS costs by 20%.
Your end users may need to log into different apps regularly — perhaps hundreds of times a day. Single sign-on may save them valuable time and can be accomplished with some MDM services.
Not all MDM solutions offer the same suite of features. Some services are designed for mobile phones, and others are designed for Android and don’t work with Apple products. Some extend services to laptops; others do not. Carriers provide MDM solutions but be careful as this may limit you to only their products. A third-party MDM provider will be more agnostic and generally provide greater flexibility. It’s important to define your company’s requirements and shop around with care and attention to detail.
The ROI of MDM software “depends on the spend on devices, turn-over rate of the company, loss of devices, and if security of your company information is important to your company,” Richardson said. “The ROI does not always have to be monetary; it can be the security of the data.”
The MDM industry has a host of providers, and they fall in all sectors of the Gartner Magic Quadrant. Some of these software companies produce outstanding products that manage mobile devices well, while others extend their capabilities into other functions, such as office software management. It’s important to define and map your company’s requirements before shopping for an MDM partner. If a service tries to do too many things for too many products, you might want to ask yourself: Does it do any of them well?
In next month’s article, we’ll explore the pros and cons of company-provided mobile devices vs. running a BYOD program.