Wednesday, October 15, 2014

Tips from an industry insider: Mobile Device Management "MDM" 101

Mobile Device Management "MDM" 101
MDM softwareAmong the hundreds of MDM companies, fortunately, there are really only a few vendors that make up the large majority of actual sales in the market.  The major players in this space include: Air Watch, Mobile Iron, Box Tone, Good Technology, Emobius or Zenprise. 
Does RIM still matter?RIM released their own MDM software, Fuse, which will essentially extend BES' capabilities to become multi-OS. Analysts and critics question RIM's motivations in offering MDM software, since it may erode the market share of their own Blackberry's, making adoption of non-RIM devices that much easier in any given company. This will be a very attractive offering for many buyers, since it will be provided at no cost.
GUI or Compartmentalize?
Also referred to as a "secure container" approach, this method requires replacing the device's native applications for email, calendar, and contact lists. This means that iPhone users, for example, would not be able to use the Apple email application that comes with the device. This approach is very secure because the corporate data exists only within the sandbox application itself. Very specific security policies and practices can be implemented. For example, specific encryption methods can be used. The sandbox approach may not sit well with users, since the major reason that they want to use an iPhone is for its impressive user interface. Good Technology is one of the most prominent examples of MDM software that uses this approach, and if your security policies require you to use the sandbox approach, then your decision is easy, as Good is the only vendor in the shortlist. Most other MDM software preserves the native user experience of the device itself. The user is able to securely use the default email, calendar and contact applications built into the device operating system. Since the device's user interface remains the same, employees tend to prefer this.
Technical Criteria
There are many important technical factors to consider when deciding which MDM provider(s) will be a good fit for your company including:
  • Are you planning on supporting specific tablet and Smartphone operating systems; if so which ones?
  • Are you looking for a solution that you can host within your corporate network?
  • Are you interested in a product that can be run within a virtual machine or within a hard appliance?
  • If virtual machines are preferred, what type of visualization infrastructure do you currently use?
  • Will you be supporting users who bring personal devices into the corporate network?
  • Will these users be subject to different security policies than those using corporately owned devices?
  • What system are you currently using for corporate email, calendar and contacts? For example every solution offers varying support for Microsoft Exchange, Lotus Notes Traveler, etc. The version(s) you are currently running may also affect the functionality. For example Microsoft Exchange 2007 allows for differing functionality within some MDM product than Microsoft Exchange 2003.
  • Are you planning a transition from a locally hosted email system to something cloud based? If so which service are you considering? Some MDM services support cloud based email systems, others do not.
  • Does your current IT disaster recovery policy affect the installation of an MDM service?
  • Are you intending to use your MDM software to distribute applications to your users?
  • Are you planning to use commercial applications, or custom ones? Which operating systems will you develop for?
  • Are you currently making use of, or do you have plans to use, certificate based authentication within your network? Which services would you like to authenticate in this manner?
  • Would you like to allow your users to register their own devices?
  • Are there any government regulations that you are subject to? How do these regulations impact mobile devices and MDM?
  • How technical is your user base? If your organization is composed of a more technical group you may benefit from having fewer calls to tech support. More technical users may also be more likely to intentionally subvert security policies. Conversely less technical users may require more technical support and may not fully understand the security risks associated with mobile devices. Differing MDM providers are more suited to differing technical levels of users.
  • How many total users will make use of the MDM service you choose? Differences in volume pricing and ability to support various user group sizes will impact your MDM decision.
  • Do you intend to administer your own MDM software? Professionally administrated MDM software is available from some providers?
  • Do you have other internal or external processes involving mobile device procurement or management which will be affected by your introduction of an MDM service?
  • Do these teams have the ability to handle the changes in their process required by some MDM services?
  • Are you interested in an MDM software as subscription or perpetually licensed software?
What about pricing?
The cost of MDM software varies greatly, generally depending on amount of functionality, hosting options, and the quantity of licenses purchased. In general you can expect to pay $20-$75 per seat for a perpetual license, or $1.50 to $3.50 per seat for a monthly subscription service. Additional fees will also apply for ongoing software maintenance/support, installation services, and training. Pricing is currently fluctuating, as the market grows. Generally, pricing is higher for vendors that offer the most functionality, and that are most favored among buyers. Between the vendors on our shortlist, there are some differences in price; however, it depends on your specific requirements and volume.
What Should I Expect From Installation?
Most MDM software relies on server-side software which acts as a central hub for mobile device communication with other services within the corporate network. The installation of an MDM product can be very complex. Integration with existing network services will need to be established and properly tested; this will require involvement from your IT department.
We've been seen several failed MDM projects. The software was not properly installed or tested. The software may have been an appropriate choice; however, the attention required on installation was not adequate.
As is the case for other network software, professional installation practices, including step-by-step installation checklists should be followed.
Top reasons why MDM systems do not live up to expectation or fail. (Hint... It's not the software):
  •  Lack of clear objectives for MDM. 
  • Implementation. Lack of a good road map and plan for implementation can spell disaster. Have you taken into consideration all of the considerations above? If so, how are you planning to mitigate these risks,
  • Training. Without proper companywide training, the solution will not live up to expectation. It will actually generate more calls into your IT help desk.
  • Lack of communication with employees. Employees are going to be concerned about big brother and need to feel comfortable that their personal data will remain personal.
  • Implementation - How the applications are rolled out to users is important. Also, making sure that the right settings are in place. We suggest a small sample group to make sure the systems, processes and setting are working correctly before rolling it out to a wider audience.
  • On-going management. Everyone likes their shiny new MDM toy, but it requires daily monitoring and management. Mobile is a dynamic environment. Without the right vigilant resources managing the administration and escalations, you will not get all you paid for.
  • Carrier management. Identifying people who are abusing the phones is one thing. Fixing it is another. Your people should have the required skills to comfortably interface with each carrier's billing portals to make changes to individual accounts.
There are many benefits to MDM software, however given how dynamic mobile is within a large organization, do not underestimate the cost of maintaining it. To make it work as advertised "the devil is definitely in the details".  If you are considering rolling out MDM to a large user group, we highly recommend a phased approach starting with a small user test group to work out all the kinks prior to releasing it corporate wide. Most MDM companies 
 Like any software solution, it's only as good as data you put in and how vigilant you are at managing it.