Market statistics for mobile devices leave little doubt that tablets and smartphone adoption is growing, and affecting IT operations. According to the Financial Times, the size of the smartphone market has surpassed the PC market. The increasing use of mobile devices in the enterprise has captured the attention of IT managers.
The need for MDM software
According to a recent survey, 75% of IT managers noted that adequate support for mobile devices would require new security rules, 64% believe lost or stolen mobile devices pose a security threat, and 50% want to be able to restrict applications used on mobile devices. Fortunately, not all the news about mobile devices in the enterprise is negative. A Visiongain study found that business use of mobile devices can reduce demand for technical support by as much as 20%.
Another factor driving the adoption of a mobile device management (MDM) system is that many existing infrastructure and configuration management applications were not designed to support mobile devices. Sometimes an existing application can provide functions of MDM software. For example, Microsoft Exchange ActiveSync allows administrators to enforce BYOD policy and remotely wipe devices but lacks more advanced, and increasingly required, functions.
Common features of MDM software
MDM software provides at least basic functionality in four areas: policy enforcement and management, inventory management, security management and software distribution.
Policy enforcement is essential to protect business information assets. Of course this assumes you have the necessary policies defined, which include access control, acceptable use, encryption and data management policies.
Access control policies specify rules about which users can authenticate to a device and perform operations on that device. Corporate application users should be segmented into groups according to their roles and responsibilities. They should have the fewest privileges required to perform tasks associated with their roles. This is a best practice for information security more generally, but it extends to mobile device use by specifying which enterprise applications can be accessible to users of mobile devices. Don’t assume that because an individual has access to an application on a company-owned workstation, that person will have access to the application on a mobile device over an unsecured communication channel.
An acceptable use policy should define the types of apps that can run on mobile devices for business operations, and MDM software should enforce these rules. Some application agreements specify that a vendor can download contact information from a mobile device, and such agreements can result in corporate information leaks. Businesses need to have app control on mobile devices, and MDM software enables them to enforce access control and allowed application policies.
Common inventory management features include registering devices, assigning devices to groups, centralized dashboard reporting and billing tracking. Reporting services include a detailed description of devices.
Security management includes a range of capabilities, such as setting password requirements on devices, configuring virtual private network (VPN) settings, installing secure sockets layer (SSL) certificates for device authentication, enforcing encryption policies, disabling device features such as GPS and camera, and remotely wiping a device. Encryption and data management policies are important elements in securing enterprise data. MDM software can support the enforcement of full device encryption policies if needed. They can also provide isolated sandboxes for protected data. With this model, protected data is logically separated from other device data and removed when it is no longer needed. If a device is lost or stolen, this kind of data management can mitigate data leak risks. SSL certificates have long been used to authenticate servers and can now improve the security of enterprise systems accessed from smartphones and tablets by authenticating those devices.
Once mobile devices are in use, you need to support them. MDM software commonly features software distribution services and it often includes the ability to establish an enterprise app distribution service akin to an internal application marketplace. In addition to supporting an app marketplace, MDM software typically allows for patching and remote software distribution.
Advanced MDM software features to consider
As MDM software offerings improve, you can distinguish between the technologies based on more advanced features, including additional security controls, better data protection, software license management and bandwidth optimizations.
For IT departments, erasing the personal contents of an employee’s device isn’t necessarily a first choice. But if a device is lost or stolen and the only remote-wipe option that your MDM software offers is resetting to factory defaults, you may have a difficult choice to make. More advanced remote-wiping features can target enterprise data, which is segregated from personal data in a vault that allows you to erase sensitive information without affecting the personal contents of a device.
Malware developers rarely miss an opportunity to exploit potential vulnerabilities, such as widespread mobile device use. MDM software security features have improved and can include automatically updating virus definitions, scanning incoming files from mobile devices for malicious content, and blacklist filtering.
More on MDM software
Buyer’s Guide: Choosing and understanding MDM software
Gartner Magic Quadrant: Oracle, IBM lead product MDM software market
Unused software licenses incur unnecessary costs, but using unlicensed software is risky as well. MDM software that track and report on application use can identify the number of licenses in use, which enables administrators to determine the number of licenses needed. This can prevent admins from purchasing too many licenses while mitigating the risk of unlicensed application use.
In some locations, bandwidth can be limited. MDM software that can throttle bandwidth usage for management tasks can reduce the risk of undermining other applications’ performance.
About the Author
Dan Sullivan, M.Sc., is an author, systems architect, and consultant with more than 20 years of IT experience with engagements in advanced analytics, systems architecture, database design, enterprise security and business intelligence