The ITAM Review

News, reviews and resources for worldwide ITAM, SAM and Licensing professionals.

Quick Guide to Mobile Device Management (MDM) Part 1 of 2

MDMMobile devices are increasing in popularity within organisations. With so many mobile device types and options currently on the market, organisations are spoilt for choice when choosing what tablet their employees can use, or what mobile phones they are going to give out.

Mobile devices can also relate to the ‘Bring Your Own Device’ (BYOD) concept. Any mobile device that connects to the organisations network or has access to company data needs to be managed.

What is Mobile Device Management?

Mobile device management (MDM) is the management of mobile devices throughout their lifecycle, including the day-to-day ability to secure, support, monitor, manage and configure the mobile device.

Types of mobile asset device           

Organisations may have their own definition of what constitutes being a mobile asset, but the most common examples of mobile assets are:

  • Device
  • Mobile Phone
  • Smartphone
  • Tablet
  • Mobile Printer
  • Mobile scanner
  • Point of sale device

As mentioned previously, this list may be different based on the organisation. For example, there may be a specialist mobile device that is only relevant to a particular industry or job. The asset still needs to be managed, but it can only fall under the MDM aspect if it connects to the network and is compatible with the MDM solutions that are currently on the market. Otherwise, it needs to be managed like any other hardware asset.

Managing Mobile Devices

With the introduction of mobile devices, sometimes on an enterprise scale, there is now a critical need to manage said mobile devices throughout their lifecycle. There are a number of management factors that need to be considered.

Software / Application monitoring

Software and application monitoring is a must have for any MDM solution. Just like the data provided within SAM tools, the user has visibility on when, how long and how many times an application on the mobile device has been used. This is primarily aimed at smartphones and tablets and should be viewed as you would view the usage data for software installed on a machine.

This aspect of MDM is particularly important as large vendors now allow a single user to install their product on a set number of devices. Mobile devices count as a asset, so an organisation needs to have visibility on how many instances of the software a single user is using/has installed.

Away from the main vendors, it is also important for an organisation to monitor the software on mobile devices to ensure users are not using any blacklisted applications. As with desktop software, there should also be a list of approved or standard applications that users can install on their mobile device. Application monitoring allows the organisation to see what is installed on their devices so no non standard software (such as games) are installed. Furthermore, this allows the organisation to challenge any user who is using unauthorized software, or challenge users not using applications they should be.

Managing Data

Mobile data can be a very expensive aspect of mobile devices. Should it be abused outside of the agreed data limits set out by an organisations agreement with the mobile service provider, organisations can end up with a huge bill. This is also an issue if the organisation allows their devices to be taken outside of the office as users may end up taking it abroad. There are a number of stories on the Internet of people running up huge bills by leaving their data roaming switched on, or using apps while out of the country. If an organisation has tens of thousands of employee’s, with hundreds taking their device abroad, then the bill could end up crippling the IT or phone budget.

MDM solutions allow organisations to actually turn off the data roaming or mobile data should the users tell them they are taking the device abroad. Unfortunately this is reliant on the user communicating with the IT staff. There are ways of using the MDM tool to identify a change of location, but if an organisation has a large user base and a large proportion of mobile devices, then managing the data usage is an uphill battle.

Monitoring the device

As they are mobile devices, the organisation needs to monitor its whereabouts and identify when it was last seen on the network. It is also important to be able to establish who the user is. A number of MDM solutions provide such data as standard to help organisations manage the mobile device throughout its lifecycle.

A number of mobile devices have 3G or 4G capabilities so their location can still be tracked even if it is not connected to the internal network or the Internet. MDM solutions can track the location of its devices this way should it be stolen or misplaced. This is very effective if a device is stolen, as the organisation can pass the information from the MDM solution on to the police.

Types of solution available

There are a number of MDM solutions available that provide a wide range of features. Firstly though, before considering or implementing an MDM solution the organisation must ensure that their processes are ready for MDM. This mainly includes any BYOD, software and procurement processes.

It is also recommended that a number of solutions be tried first on a ‘trial’ basis. This allows the organisation to see if the solution provides the data required and also fits into the organisations environment.  Trialling the MDM solution can also help with internal support for the project and as well as to clear up any internal issues or questions that may arise around mobile devices.

Once all of the above considerations have been resolved, the following options need to be considered when picking a MDM solution. ComputerWorld have published a useful list that I’ve summarised below:

Deployment

OS

MDM

App management

Security

SaaS / Cloud Android Enable / Disable WiFi User self-service app delivery Device wipe
On Premise Blackberry Configure settings (VPN etc.) Enterprise app store Selective wipe
iOS Enable / Disable Bluetooth App containerization using app wrapping Remote lock
Windows Mobile Enable / Disable data roaming Block copy/paste between apps Password protection/reset
Windows Mobile 7 Enable / Disable camera Block copy/paste from email Firewall
Windows Mobile 8 Manage mobile-attached devices (printers/scanners) App inventory tracking Application blacklisting/whitelisting
Multiple user support (same device) App usage monitoring Data loss prevention
Configuration monitoring or auditing Apple volume purchase program integration Email attachment data loss prevention
Remote desktop access Device compromise detection
Device-level encryption
Mobile VPN
App-level micro VPN
Multifactor device/app authentication
Malware detection
Single-sign-on

There are many more aspects to consider, but these are the main points that need to be considered when first evaluating a MDM tool.

Conclusion

This has been part one in our two-part introduction to mobile device management. If you would like to know more about MDM, or want us to cover certain aspects of MDM in the future, please contact me here.

In part two we will be looking at how MDM can help support mobile devices, and also the issues faced by organisations in relation to MDM.

Image Credit

About David Foxen

David Foxen is a Software Asset Management expert and enthusiast. He had a vast experience of successfully implementing SAM, SAM tools and also made huge cost savings. A member of the ISO Standards WG21, David is a massive ITAM geek, so uses any opportunity to talk about the subject to who-ever will listen. He believes that the industry needs to share its knowledge and success stories to help the SAM industry mature and become more effective. Always willing to help, his primary goal is to make a difference to organisations and the SAM industry so everyone will know how epic SAM is!

One Comment

  1. Interesting post and a topic that is becoming very hot with Microsoft offering incentives through O365.

    Around Security, an interesting demo I saw recently related to this topic was geo-fencing where the access rights to the company network automatically reduced when you left the building.

    Looking forward to the next chapter

Leave a Comment