Quick Guide to Mobile Device Management (MDM) Part 1 of 2
Mobile devices are increasing in popularity within organisations. With so many mobile device types and options currently on the market, organisations are spoilt for choice when choosing what tablet their employees can use, or what mobile phones they are going to give out.
Mobile devices can also relate to the ‘Bring Your Own Device’ (BYOD) concept. Any mobile device that connects to the organisations network or has access to company data needs to be managed.
What is Mobile Device Management?
Mobile device management (MDM) is the management of mobile devices throughout their lifecycle, including the day-to-day ability to secure, support, monitor, manage and configure the mobile device.
Types of mobile asset device
Organisations may have their own definition of what constitutes being a mobile asset, but the most common examples of mobile assets are:
- Device
- Mobile Phone
- Smartphone
- Tablet
- Mobile Printer
- Mobile scanner
- Point of sale device
As mentioned previously, this list may be different based on the organisation. For example, there may be a specialist mobile device that is only relevant to a particular industry or job. The asset still needs to be managed, but it can only fall under the MDM aspect if it connects to the network and is compatible with the MDM solutions that are currently on the market. Otherwise, it needs to be managed like any other hardware asset.
Managing Mobile Devices
With the introduction of mobile devices, sometimes on an enterprise scale, there is now a critical need to manage said mobile devices throughout their lifecycle. There are a number of management factors that need to be considered.
Software / Application monitoring
Software and application monitoring is a must have for any MDM solution. Just like the data provided within SAM tools, the user has visibility on when, how long and how many times an application on the mobile device has been used. This is primarily aimed at smartphones and tablets and should be viewed as you would view the usage data for software installed on a machine.
This aspect of MDM is particularly important as large vendors now allow a single user to install their product on a set number of devices. Mobile devices count as a asset, so an organisation needs to have visibility on how many instances of the software a single user is using/has installed.
Away from the main vendors, it is also important for an organisation to monitor the software on mobile devices to ensure users are not using any blacklisted applications. As with desktop software, there should also be a list of approved or standard applications that users can install on their mobile device. Application monitoring allows the organisation to see what is installed on their devices so no non standard software (such as games) are installed. Furthermore, this allows the organisation to challenge any user who is using unauthorized software, or challenge users not using applications they should be.
Managing Data
Mobile data can be a very expensive aspect of mobile devices. Should it be abused outside of the agreed data limits set out by an organisations agreement with the mobile service provider, organisations can end up with a huge bill. This is also an issue if the organisation allows their devices to be taken outside of the office as users may end up taking it abroad. There are a number of stories on the Internet of people running up huge bills by leaving their data roaming switched on, or using apps while out of the country. If an organisation has tens of thousands of employee’s, with hundreds taking their device abroad, then the bill could end up crippling the IT or phone budget.
MDM solutions allow organisations to actually turn off the data roaming or mobile data should the users tell them they are taking the device abroad. Unfortunately this is reliant on the user communicating with the IT staff. There are ways of using the MDM tool to identify a change of location, but if an organisation has a large user base and a large proportion of mobile devices, then managing the data usage is an uphill battle.
Monitoring the device
As they are mobile devices, the organisation needs to monitor its whereabouts and identify when it was last seen on the network. It is also important to be able to establish who the user is. A number of MDM solutions provide such data as standard to help organisations manage the mobile device throughout its lifecycle.
A number of mobile devices have 3G or 4G capabilities so their location can still be tracked even if it is not connected to the internal network or the Internet. MDM solutions can track the location of its devices this way should it be stolen or misplaced. This is very effective if a device is stolen, as the organisation can pass the information from the MDM solution on to the police.
Types of solution available
There are a number of MDM solutions available that provide a wide range of features. Firstly though, before considering or implementing an MDM solution the organisation must ensure that their processes are ready for MDM. This mainly includes any BYOD, software and procurement processes.
It is also recommended that a number of solutions be tried first on a ‘trial’ basis. This allows the organisation to see if the solution provides the data required and also fits into the organisations environment. Trialling the MDM solution can also help with internal support for the project and as well as to clear up any internal issues or questions that may arise around mobile devices.
Once all of the above considerations have been resolved, the following options need to be considered when picking a MDM solution. ComputerWorld have published a useful list that I’ve summarised below:
Deployment |
OS |
MDM |
App management |
Security |
SaaS / Cloud | Android | Enable / Disable WiFi | User self-service app delivery | Device wipe |
On Premise | Blackberry | Configure settings (VPN etc.) | Enterprise app store | Selective wipe |
iOS | Enable / Disable Bluetooth | App containerization using app wrapping | Remote lock | |
Windows Mobile | Enable / Disable data roaming | Block copy/paste between apps | Password protection/reset | |
Windows Mobile 7 | Enable / Disable camera | Block copy/paste from email | Firewall | |
Windows Mobile 8 | Manage mobile-attached devices (printers/scanners) | App inventory tracking | Application blacklisting/whitelisting | |
Multiple user support (same device) | App usage monitoring | Data loss prevention | ||
Configuration monitoring or auditing | Apple volume purchase program integration | Email attachment data loss prevention | ||
Remote desktop access | Device compromise detection | |||
Device-level encryption | ||||
Mobile VPN | ||||
App-level micro VPN | ||||
Multifactor device/app authentication | ||||
Malware detection | ||||
Single-sign-on |
There are many more aspects to consider, but these are the main points that need to be considered when first evaluating a MDM tool.
Conclusion
This has been part one in our two-part introduction to mobile device management. If you would like to know more about MDM, or want us to cover certain aspects of MDM in the future, please contact me here.
In part two we will be looking at how MDM can help support mobile devices, and also the issues faced by organisations in relation to MDM.
- Tags: BYOD · data management · MDM · mobile device management
Interesting post and a topic that is becoming very hot with Microsoft offering incentives through O365.
Around Security, an interesting demo I saw recently related to this topic was geo-fencing where the access rights to the company network automatically reduced when you left the building.
Looking forward to the next chapter