Mobile Device Management (MDM) Buyers Guide
I have been investigating technology that might enable a company to develop a ‘Bring Your Own Device (BYOD)’ policy or more advanced management of company owned tablets and mobile devices.
The days of one or two corporate standard mobile devices seem to be fading fast, bye-bye Blackberry market share, hello personal choice.
As I see it, the main leap forward recently in this area is to separate the data from the device.
Blackberry made huge gains in the enterprise by integrating with Exchange, allowing push email and allowing administrators to remote wipe in case of loss. The blackberry methodology allowed you to quarantine the device, modern MDM solutions allow you to quarantine the data. For example, in the case of loss I don’t need to wipe the whole device (which might not be owned by the company) I can just wipe the data and apps that belong to the company.
Corporate IT is now free from the shackles of standardized devices and users have much more flexible and personal access to IT resources.
I have included some key features to consider when selecting Mobile Device Management (MDM) solutions. Bear in mind that this market is moving fast and new developments are occurring all the time. I suspect the list below will become out of date fairly soon but it should provide you with a good starting point as you begin to explore your requirements.
Infrastructure
- How is the solution deployed? SaaS, Appliance, Installed on Windows, MAC, Unix, on a virtual machine?
- What licensing options are available, MDM solutions are commonly perpetual license or subscription
- What support levels are available? e.g. 12 x 5, 24 x 7 etc.
- How does the solution scale in large enterprises? multiple locations, location specific administrators, role-based administrators
- What fault tolerance can be built into the system? standalone server, ability to fall-over to another server, load balancing.
- How do I add new users? via a web portal? a freely available app? API, Bulk upload etc.
- How do I authenticate new users on the system? Active Directory, Open Directory, Other LDAP, User Upload
- Device Coverage: Android, Blackberry, Symbian, Windows Mobile, Windows Phone 7, Windows Desktop, Mac Desktops, Linux Desktops
Users and Profiles
- Mobile Configuration Features: Require password, device restrictions, exchange account seeding, WIFI configuration, VPN ( L2TP, Cisco Anyconnect, Juniper, F5), “Push” Retail Apps, Encrypted Mail, Sandbox Email, Prevent iCloud, Wifi Autojoin
- On-Demand Features: Remove Passcode, Remote Lock, Remote Wipe (Full wipe / selective wipe), Camera Control, Push a Text Message
- Profile Features: Start on Date, End on Date, Versioning, Rollback, Triggered by Inventory
- App Management: Push Web App, Catalogue on in-house Apps, Recommended Retail Apps, Apple VPP Integration
Administration
- Administration Console: Web, API or SDK, Destop App
- Alerting: Alert when no Response, Alert when Roaming, Alert on Forbidden App, Jailbreak/Rooting Detection,
- App Security: Blacklist / Whitelist / Corporate Appstore
- Device Inventory Management: App Memory, Device History, Geolocation, Status
- Integration: Apple GSX, Microsoft BPOS, Good
- Certificate Features: Enterprise SCEP Integration, Local CA with SCEP, Apply Certs to Exchange, Apply Certs to VPN, Apply Certs to Wifi, Disk Encryption enforcement
- LDAP Features: Dynamic Policies by LDAP Group, Dynamic Policies by LDAP OU, Dynamic Policies by LDAP Attribute, Custom Message by LDAP Attribute
For MDM policy considerations see ‘What to include in a Mobile Device Policy‘.
What have I missed? If you would recommend any other features or considerations please leave a comment below. Thanks, Martin
Related articles:
About Martin Thompson
Martin is also the founder of ITAM Forum, a not-for-profit trade body for the ITAM industry created to raise the profile of the profession and bring an organisational certification to market. On a voluntary basis Martin is a contributor to ISO WG21 which develops the ITAM International Standard ISO/IEC 19770.
He is also the author of the book "Practical ITAM - The essential guide for IT Asset Managers", a book that describes how to get started and make a difference in the field of IT Asset Management. In addition, Martin developed the PITAM training course and certification.
Prior to founding the ITAM Review in 2008 Martin worked for Centennial Software (Ivanti), Silicon Graphics, CA Technologies and Computer 2000 (Tech Data).
When not working, Martin likes to Ski, Hike, Motorbike and spend time with his young family.
Connect with Martin on LinkedIn.
Hi Martin, One issue that I see coming up the whole time is platform support, ie. what platforms does the MDM solution support and what features are enabled on which platform, for example remote control is typically available on Symbian and Windows mobile devices. The other issue notably for IPads is that the use case that comes up is mostly not around an application, but rather data, or specifically documents. i.e. how can I show the latest catalog to a customer on my IPad and how can I do that securely ? Regards, Mark
Hi Martin,
There are a couple of points which I think should be given consideration to:
1. Compliance Reporting Features: Including Patch status, Antivirus (if applicable), Applications installed against the company policy, etc.
2. Compliance Enforcement: What actions can be taken in case a device is found to be non-compliant. E.g. Alert, Escalation, Access Denied, Device Wipe.
Regards,
Sarang