A few short years ago, managing mobile devices was a relatively straightforward task of applying control to a number of corporate laptops allocated to relatively trusted individuals.
True, the devices were only intermittently connected, but otherwise the challenge operated within tightly defined boundaries.
Today, a diversity of platforms, a wide spectrum of users and employees increasingly bringing their own device in preference or as an alternative to a corporate offering means the challenge of mobile device management (MDM) has escalated significantly.
The only good news is that with the widespread availability of high-speed wireless connectivity – cellular and Wi-Fi – the chances are that mobile devices will most often be connected.
Deployments are altogether more complex, but the debate has moved up the organisation to a strategic level. There are issues caused by users having a choice and participating in bring your own device (BYOD) programmes, as well as the legacy considerations of desktop systems and laptops. In addition to the hardware, there are applications, content, mobile connectivity expenses and even user behaviour to manage. So in this environment, is it still right to talk about enterprise mobile device management (MDM)? Yes, this is only the first step along the way, but it is an important step.
More articles on MDM
Current state of MDM and IT strategy
There are a number of tools which, over a few years, have been able to deliver the basic MDM secure functionality that many were first introduced to with the BlackBerry Enterprise Server (BES). For example, the capability to set secure access passcodes and enable remote lock and wipe is now extended to all of the other mobile device platforms. Long-term players in the mobile market – such as Mformation, the iAnywhere subsidiary of Sybase – now SAP – and Good Technology (the latter two in their current shape due to a number of significant acquisitions and mergers as the mobile industry matured) – have this at their core. More recent entrants such as Airwatch, Mobile Iron, Zenprise and Fiberlink have moved rapidly to become significant providers of core MDM functionality too. For most organisations that have some form of basic usage security controls, the next step is to look at the overall lifecycle of mobile devices and ensure it fits with the wider strategy for IT deployment. After all, while mobile devices may cause more problems than in-office desktops and increase the management burden, they might still be regarded as part of the total IT estate. Suppliers that offer a “single pane of glass” that encompasses desktops, laptops, tablets and smartphones – for example, Fiberlink and Kaseya – will appeal to companies that still have a very mixed environment.
The management challenges facing mobility
Lifecycle management is not only about dealing with configuration, settings and activation; it needs to run right to the end of use, with asset-tracking, replacement, upgrade, decommissioning and disposal. If an employee breaks a device, loses it or is fired, there need to be procedures to ensure the process is simple and easily repeatable, but also securely deals with the assets. While much of this should be automated – especially during commissioning with self-service, portals and corporate app stores – the increasing prevalence of employee-owned devices used for enterprise access makes this fraught with difficulties. MDM tools should be able to set a variety of policies and controls and interface well to HR processes and systems.
The challenge for those managing increasingly larger mobile fleets of devices – some of which will be the employees’ own - is to look beyond the basics to a broader set of functionality requirements, some of which may be met by features from the dedicated MDM providers, or perhaps other specialisms from other sectors.
The complex use of mobile devices for a complex mix of applications – social and corporate – means the expense management issue is not going away
Either way, these wider requirements bring in the need to evaluate many more suppliers, each of which can legitimately claim to be part of the mobile device management ecosystem. One aspect that has emerged as a result is the need for mobile application management (MAM).
This tries to sidestep the issue of BYOD versus corporate deployment and shifts the focus from the devices to the user by constraining what applications are made available to the individual and what they are permitted to do. The approach is to treat every device as insecure and to distribute and manage the applications required for enterprise usage on a set of supported platforms.
While many MDM suppliers would say they offer some form of MAM, it is central to the message of companies such as Airwatch and Fiberlink and has encouraged new entrants such as Apperian. There are solutions adopting a “container” approach with a number of mobile enterprise application platforms (MEAP) that incorporate MAM into their solution, for example Kony and Antenna. These might be useful to consider for organisations where bespoke or in-house developed mobile applications fulfil a significant role. Ultimately, applications are more important than devices, as it is a matter of managing what the user is doing which widens the mobile management challenge with behaviour, content and expense.
Content is perhaps the next most important and widely discussed part of the mobile management challenge. It is largely part of security, but the issues are most complex when users are mobile, storing and accessing a mix of their own and work content, with a need to share this with colleagues. The two aspects that need most attention are what to do with email, in particular attachments, and what to do regarding storage outside the organisation or the device, that is, in the cloud.
Email is easier to address through selective encryption and/or data leakage prevention (DLP) and there are companies who have added mobile capabilities to existing email management, such as Mimecast, or MDM companies such as Good Technology which provide email access tools with the controls built in. Cloud storage control is much harder to address, as there are so many different tools and offerings, many in the consumer domain. The challenge for those tasked with MDM is to provide something that is as straightforward to use as the consumer tools, but provides the enterprise with acceptable control.
Behaviour and expense management
Controls on user behaviour are increasingly found in mainstream MDM tools which allow policies to be set, for example with geo-fencing (controlling what can be done based on location) and constraints based on time or date. However, with users likely to employ more than one device at a time, and with different ownership options – their own or belonging to the organisation – managing multiple devices as a per-user fleet will increasingly become necessary.
The area of network billing or telecoms expense is one area of user behaviour that will need more control, since mobile data usage at both a personal and business level is increasing and yet mobile data plans are capped, even with the latest generation of high-speed mobile networks.
Also, despite expectations that Wi-Fi would become broadly free, its increasing professionalisation means high-quality services are still incurring a cost. Telecom expense management has its roots in the practice of checking phone bills to re-charge or account for personal phone calls, and has delivered substantial savings for many organisations in both fixed and mobile telephony. The increasingly complex use of mobile devices for a complex mix of applications – social and corporate – means the issue is not going away. While some MDM companies are incorporating rudimentary expense management into their platforms, there are others, such as Tangoe (which acquired UK expense management specialist ttMobiles) that started with a focus on expense and have grown into device management.
Need for strategic reassessment of mobility
All together, the enterprise mobile management challenge encompasses several different strands, but – because the route to mobile deployment has for many organisations been a tactical one – while there has been adoption of MDM tools, it has often been viewed as a point solution that will need revision as soon as deployments broaden or issues like BYOD come to a head.
For many, this is happening now. CIOs are starting to look at a strategic solution to manage mobile in concert with the other elements of IT they have to manage. This is not about simply managing large numbers of devices, but understanding the way they are used, the applications they need and the content, both at rest at the mobile edge or passing through it. It encompasses security, provisioning, day-to-day operations and analytics. The devices themselves are only the beginning.
Rob Bamforth is an analyst at Quocirca.
Picture credit: Thinkstock