Graphicroyalty - stock.adobe.com
The last decade has seen the smartphone and, to a lesser extent, the tablet, become an essential tool for business people. This means that the enterprise can no longer take a laissez-faire attitude to what can be used on the network – there has to be some form of mobile device management (MDM).
MDM allows a business to manage its own portfolio of mobile devices – tablets, phones and laptops. This means that IT can manage hundreds or even thousands of employee devices remotely and configure profiles, install updates, wipe stolen or lost devices, deploy apps, and more. Without it, IT would need to manage devices individually – costing a significant amount of time for IT and the user.
Organisations need MDM if they have a bring-your-own device (BYOD) policy and therefore need to segregate business data and personal data on the same device – ensuring, among other things, that the company does not have access to personal apps and data.
Bryan Betts, principal analyst at Freeform Dynamics, says MDM can also provide configuration control for a work-owned mobile device, whether it is simply a company phone or a fixed-function/dedicated device, such as a locked-down tablet used as a kiosk.
“Setting up a mobile device is slow work and there is the risk of making a mistake, so automating the process is pretty much essential in an organisation of any size,” says Betts.
“MDM lets you push out, update and remove or revoke company apps, data and configuration settings – the settings bit is especially important to ensure privacy and security. With all the various rules from the GDPR [General Data Protection Regulation] onwards, you have to be sure that users are following your organisation’s policies on things like device encryption, passwords, and so on.”
What makes a good MDM product?
A good MDM product enables users to get the most out of their chosen device and platform. It should not be all things to all people, but rather a tool that brings accuracy to the complex IT infrastructure of mobile devices within the enterprise.
Jody Evans, product manager at Quest KACE, says MDM should be accessible, and preferably cloud-based to reduce a lot of the network and infrastructure issues that could occur with an on-premise system.
“If your company has a footprint outside the main office, accessing the MDM solution from anywhere is of paramount importance,” he says.
An MDM product should be scalable enough to cope with all the devices that need managing, says Evans. “The feature set for a good MDM solution needs to be able to take into account multiple devices within its actions and not just be designed for a single-device focus.”
Lastly, it has to be secure. From a platform perspective, all data needs to be encrypted, both at rest and in transit. At the device level, restrictions should be available as part of the feature set, so that lost or stolen devices can be handled effectively, says Evans. “Enforcement of policies that can occur perpetually is desired, as opposed to setting restrictions at a single instance,” he adds.
How much can it cost?
Pricing for MDM products is typically set according to the number of devices being managed, or “per node” pricing, says Evans.
“These prices can range from $1 to $6 per node per month, and can go even higher than that,” he says. “If MDM providers have tiered offerings, expect the node pricing to increase as you progress through their different offering levels.”
Evans points out that most MDM providers offer a free trial for their product, “so be sure to kick the tyres and use its features to see if it meets your needs”.
Evaluating the options
Some MDM providers deliver on-premise systems that require you to install and set them up, while others provide cloud-based solutions that can be accessible from anywhere. That leaves just the enrolment of devices to complete before your mobile devices can be managed.
“Personal devices will need users to enrol their devices, while company-owned devices could be managed through their respective business channels, for example Apple DEP for Android for Work,” says Evans.
There are MDM offerings available that are dedicated solely to the Apple, Windows or Google platforms. This approach to MDM is called ecosystem management. By developing an MDM tool that supports one unique platform, such as the Apple ecosystem, it enables users to take advantage of the native features that Apple provides for users, while enabling IT to manage macOS, iOS and tvOS devices more efficiently.
Kieran O’Connor, senior regional sales manager at Jamf, says that as an alternative, there are also tools that look to manage multiple platforms with a single solution – an approach he calls unified endpoint management (UEM).
“Rather than focusing on enhancing the unique elements of each platform through MDM, UEM looks to be a one-size-fits-all tool,” says O’Connor. “While UEM enables organisations to manage multiple platforms with a single tool, it also minimises the unique features that users have come to love – and expect – from their platforms of choice.”
According to James Longworth, pre-sales consultant at Insight UK, the biggest mistake organisations make in implementing MDM is simply assuming that the default version of any system will work for them – instead of taking time to understand how it will affect users and their work.
“Down the line, this leads to frustrated workers and little reduction in risk,” says Longworth. “Instead, organisations need to take time to understand their workforce – how do they work, what devices do they already use, and what actual risks do they face? MDM should then be implemented to support the way people work, rather than hinder it. If you don’t think of the impact on the user, then any MDM implementation is doomed to failure.”
Quest KACE’s Evans says that when implementing MDM, enterprises should identify their goals and requirements. How will they use mobile devices within the work environment in the near term and in the future? Will they allow personal devices to be used, only provide company-issued devices to access company data, or have a mixture of both?
All the stakeholders should be “on the same page”, says Evans.
“This means that IT, HR, executive leadership and even regular employees need to weigh in on the policies they will implement regarding mobile device management,” he adds.
Read more about MDM
- Want to get started in enterprise mobility? Trying to answer a question? Start with this curated list.
- IT should understand the differences between UEM, EMM and MDM tools so it can choose the right option for its users. Learn about the differences between these tools.
- Given the diversity of devices that people can use for work, IT needs to look at how it can unify device security.
Revocation is essential, says Freeform Dynamics’ Betts, because a mobile worker might have masses of company data on his or her phone or tablet, and businesses don’t want that data going with them when they leave.
“A common way to do this kind of thing is via a sort of containerisation, where the company apps and data live in their own secure area,” he says. “Many devices have something like this built in now, for example via the Work Profile in newer Android versions. With iOS, it’s different – you use MDM to configure access to managed apps and data.”
When implementing MDM, enterprises should also consider its role in any IoT projects the organisation may have, says Betts.
“Not all IoT, or industrial IoT, devices are mobile, but they face almost all the same challenges as phones and tablets, plus a few more for good measure,” he says. “So any IoT project will need MDM or something very similar.”
To get an MDM deployment right the first time, it is absolutely critical to develop a strategic plan for deployment and implementation, says Jamf’s O’Connor. “Prepare by learning about the MDM tool – what its capabilities are and what specific elements your organisation needs,” he says. “MDM undoubtedly provides multiple benefits for both IT and end-users, but it is critical that the roll-out is well planned and executed to ensure that all benefit from it.”
Where is MDM heading?
Insight UK’s Longworth says future MDM products will put a focus on data, not applications or devices. “After all, this is where the threat to the business really lies – not from employees using unverified applications, but what data they can share or open up to vulnerabilities in the process,” he says.
As a result, he says, MDM will concentrate on preventing users accessing or sharing data that they shouldn’t, rather than locking them out of specific apps or restricting them to certain devices. “This will allow users to concentrate on doing their jobs without interruption, and IT teams to focus on the real risks to the organisation,” says Longworth.
Evans says MDM providers will need to account for PCs, IoT devices and other system management responsibilities, driving the market to a point of convergence where unified endpoint management (UEM) will be the main market of focus.
“An additional layer of emphasis that MDM providers will need is to provide solutions that help customers manage their business, not just manage their management systems,” he says, adding that this will continue over the next 12-18 months because the market shift will take the next three to five years to develop to a significant level of maturity.