Mobile device management checklist

According to Forrester, employee handheld use expanded at 69% of North American businesses last year, but most still lack a cohesive plan to handle this fast-growing tidal wave. Ideally, IT should be managing those new smartphones and PDAs throughout their entire lifecycle, from activation to retirement. In this mobile device management checklist, we highlight business needs that you should consider when developing your own mobile device management strategy.

Mobile devices: Out of sight, out of mind

For the past decade, IT departments turned a blind eye to mobile handhelds, believing that cell phones were too limited and PDAs saw too little use to warrant attention. But today's increasingly powerful converged mobile devices have blown past both barriers, leaving IT in the hot seat. After all, you cannot secure what you don't manage, and you cannot manage what you don't see.

Mobile device management (MDM) can help your business plug this gaping hole by en...

RELATED CONTENT Mobile Management Choosing personal mobile devices in a diverse mobile world Mobile device management strategy for diverse mobile devices Future proofing mobile device management Managing mobile device diversity Your mobile strategy is always a moving target Mobile device management: What can it do for your organization? Mobile device governance Mobile worker strategies Mobile user management: Mobile employees and team-building Mobile user management: Managerial styles Mobile Policies Mobile device management strategy for diverse mobile devices Future proofing mobile device management Managing mobile device diversity Ensuring mobile data protection for smartphones is critical Mobile device management: What can it do for your organization? Mobile device governance Employees using their own mobile devices are a growing challenge Podcast: FAQs on mobile policies Developing and instituting corporate mobile device policies Mobile security policies

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

abling remote visibility and control over smartphones and other handheld devices carried by your workforce. But MDM can also be a frustratingly vague term, applied to a diverse collection of products. The first step is to define precisely what you want MDM to do for your mobile workforce. The following checklist can help you identify your needs and common MDM capabilities that could address them.

Mobile asset inventory

Clearly, your MDM must maintain a list of devices to be managed -- that is, your mobile asset inventory. But what should your inventory include, and how will it be maintained?

• Device inventory: What physical details do you need to track? Beyond the basics (device ID, hardware model, firmware version), an MDM can help you record and report on related assets like wireless adapters and removable memory.

• Inventory classification: How do you want to group those mobile devices? For example, an MDM might auto-classify your devices by mobile OS/version or state (e.g., unknown, authorized, provisioned, decommissioned).

• Inventory maintenance: How do you want to update your inventory to reflect adds, changes and deletes? An MDM might be used to periodically poll devices, check for changes at network connect, or carry out admin-initiated audits.

• Physical tracking: Do you need to know not just who carries each handheld but precisely where that device is located? With many smartphones now supporting GPS, location-based MDM features become feasible.

• Database integration: Do you already have inventory systems that manage other assets (e.g., desktops, phones)? If so, you may want to integrate managed mobile device records into a common database using inventory exports or reports.

Mobile device provisioning

Managing a device through its lifecycle begins with activation and provisioning. How will each new device become an authorized, capable member of your handheld fleet?

• Supported platforms: Device management depends on characteristics like operating system and vendor/model/version. What platforms (e.g., Windows Mobile, Symbian, BlackBerry) and minimum models/versions (e.g., Symbian 9+ on Series 60) must you support? Target a few devices that satisfy your needs, while making device-independent choices wherever possible and practical.

• Device registration: How will you enroll mobiles to be managed? MDMs can help administrators register company handhelds (e.g., directory add) or let users register their own devices (e.g., enrollment portals), or some combination thereof.

• Agent activation: How will the MDM agent get installed on each new device? Alternatives include manual IT install, desktop sync, mail gateway sync, and over-the-air installation (user visits URL from email or SMS).

• Device configuration: How will you override factory/carrier defaults? For example, you might want to require passwords, add registry keys, or rewrite menus to eliminate non-business applications. MDMs can apply your "standard config" to each device after initial activation or hard reset.

Mobile software distribution

Many MDMs go beyond device inventory and configuration, providing tools that deliver and update mobile applications. This may not be Job 1, but it should be a close second.

• Software packages: How will you bundle related applications for purposes of configuration and delivery? MDMs can help you define and deploy those packages, helping to resolve platform, memory, and application dependencies.

• Package distribution: Do you want software to be pushed to devices (on schedule) or pulled by periodic device polls? Push can propagate updates faster but requires more frequent communication that drains handheld battery life.

• Mobile optimizations: Must your strategy accommodate unreliable or limited WANs? Some MDMs offer compression, incremental updates, and bandwidth management (attempting or resuming installation only over fast, low-cost links).

• Change control: How often will your mobile applications need patching or update? Define how deployed packages will be maintained so that changes are applied without resulting in user pain or weeks of effort to fix failed updates.

Mobile security management

On handhelds, device and security management tend to converge. Many MDMs offer basic security features that are missing from mobile OSs or related to device tasks.

• User authentication: How will you authenticate users before granting access to mobile devices? Some MDMs can be integrated with enterprise directories while addressing mobile needs like network-disconnected authentication.

• Password policy enforcement: How many login attempts will you allow before requiring reset? Can emergency calls bypass authentication? Many MDM agents can enforce these and other password policies that go beyond OS-provided PINs.

• Remote device wipe: Do you need the ability to wipe clean a remote mobile device? For example, an MDM can often delete data or hard-reset a lost smartphone on next server connect or upon receipt of an SMS "kill pill."

• White/black lists: An MDM involved in software management may require certain business applications and ban other applications. Similarly, an MDM that controls device settings can help you disable risky interfaces and wireless options.

• Secure communication: How will sensitive MDM traffic (e.g., configuration changes, software packages) be protected? Some MDMs provide their own secure channels rather than relying on OS or third-party protocols.

Mobile data protection

Data just might be the most sensitive corporate asset on any mobile handheld. MDMs can help you preserve and protect that mobile data.

• Data encryption: Do you want to enforce policies that prevent unauthorized access to data stored on mobile devices? A few MDMs provide this capability; others can enforce your policies by installing or activating third-party encryption.

• Backup/restore: How will you prevent data loss when a mobile is damaged or stolen? Most MDMs support scheduled over-the-air backup from remote handhelds to a central archive and restoration by authorized users or admins.

• Data tracking: Do you need to maintain an audit trail of corporate data copied to and from mobile devices? Some MDMs can control and report on sensitive files transferred during over-the-air synchronization or onto removable media.

Monitoring and help desk support

Mobile device total cost of ownership can far exceed hardware/software purchase. Over time, MDM should pay for itself by reducing maintenance and support costs. How?

• Self-help: Can some admin tasks be cost-effectively shifted away from IT? Some MDMs offer self-help portals for user-initiated device enrollment, password reset or recovery, optional package download, and data restoration from backup.

• Diagnostics: When problems arise, what will your help desk need to see? MDMs can play a big role by providing not just intended settings but real-time status and health information (e.g., memory, battery, network connectivity).

• Remote control: When remote users need assistance, what can your help desk really do? Many MDMs include remote-control features (e.g., screen sharing) that let support staff interact with an off-site handheld in real time.

• Audit and compliance: Do you need to prove that mobile devices comply with your stated policies and/or industry privacy regulations? MDMs can help you automate remote assessment, remediation, and compliance reporting.

• Activity reports: How much insight will you need into mobile user activities, including interaction with business servers and networks? Most MDMs provide historical reports -- but look closely to see whether they capture what you need to know.

Your company probably does not need everything on this checklist, and any single MDM product is unlikely to cover all of these bases. Instead, treat this checklist as though it were a menu, introducing you to a foreign cuisine. Some considerations are simply variations on traditional desktop management needs, while others may be new and unfamiliar. Trial a few MDMs to gain field experience with mobile user and device requirements before settling on a management strategy for your mobile workforce.

About the author: Lisa Phifer is president and co-owner of Core Competence, a consulting firm focused on business use of emerging network and security technologies. At Core Competence, Lisa draws upon her 27 years of network design, implementation and testing experience to provide a range of services, from vulnerability assessment and product evaluation to user education and white paper development. She has advised companies large and small regarding the use of network technologies and security best practices to manage risk and meet business needs. Lisa teaches and writes extensively about a wide range of technologies, from wireless/mobile security and intrusion prevention to virtual private networking and network access control. She is also a site expert to SearchMobileComputing.com and SearchNetworking.com.

Rate this Tip To rate tips, you must be a member of SearchMobileComputing.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.