Managing iPads in enterprise networks

These days users expect to be able to use their iPads inside the business and as thousands of software vendors release applications for the iOS platform which provide data mobility and usability benefits to employees, the prospect of the iPad as a business device is becoming a forced reality.

These days users expect to be able to use their iPads inside the business and as thousands of software vendors release applications for the iOS platform which provide data mobility and usability benefits to employees, the prospect of the iPad as a business device is becoming a forced reality.

Many companies are looking to deploy Mobile Device Management (MDM) tools to manage the devices, and vendors like McAfee have included MDM features into their end point management solutions.

Device Management from the telcos

As telecommunications companies offer tablet devices as part of their hardware portfolio, it seems reasonable to assume that the telcos are in a good position to address mobile device management as a part of their business fleet solutions.

While some telcos have embraced MDM solutions most telco MDM solutions in Australia still have a lot of maturing to do.

Telstra offers an mobile phone only MDM solution for business mobile customers, and is available for iPhone and several Android phones.

Using the Telstra mobile device management portal, administrators can send configuration settings to a device as an XML profile, retrieve diagnostic information about the device, lock and unlock the device, perform a remote full wipe, and restrict certain applications.

Making use of the Mformation mobile carrier focused Mformation Service Manager, the Telstra MDM service does not require a client to be installed however each setting requires the user to accept and load the profile pushed to the mobile device. Users can remove each profile update applied at any time they wish, effectively removing the settings provided by provisioning.

This server-sends-a-profile and client-accepts-a-profile style provisioning is the core concept of OMA DM-based provisioning and configuration. OMA DM stands for the Open Mobile Alliance (OMA) Device Management (DM) Working Group.

Using XML for data exchange, instructions can provide firmware upgrades (Nokia Symbian and WM6.5 devices), smartphone application management, diagnostics, security management, lock and wipe, and customer experience management for both operators and enterprises.iphone profile

Authentication and challenge of authentication are built-in to ensure the server and client are communicating only after proper validation. The server and client are both stateful, meaning a specific sequence of messages are to be exchanged only after authentication is completed to perform any task.

The Optus MDM solution, due for addition features in Q3 2011, offers similar functionality. The Optus MDM was developed by third-party technology partners and the new features will allow for self-service provisioning and will authenticate mobile devices on an enterprise network.

At Optus however iOS management is provided through MDM iOS-only vendor Silverback. 

Optus Apple Device Management for iPad provides clientless profile provisioning, settings deployment functionality and the ability for administrators to perform a remote wipe. The same concerns apply as with the Telstra offering, as users can easily remove settings pushed as profiles to the device.

Vendors providing considerably more mature solutions are available

The Gartner April 2011 Magic Quadrant for Mobile Device Management Software listed 23 companies who satisfied Gartner's criteria and over 60 companies in the MDM space.

Companies in Gartner's magic quadrant included AirWatch, Good Technology, MobileIron and Sybase. Up-and-coming vendors include BoxTone, security vendors McAfee and Symantec, and Zenprise.

Functionality offered by these vendors includes:

  • The management and support of mobile applications, including the ability to deploy, install, update, delete or block specific applications and/or software vendors. Vendors wishing to manage Apple iOS devices will need to purchase the Apple iOS Developer Enterprise Programme licence, which allows organisations to create, sign and host their own iOS applications.
  • The development, control and operation of enterprise mobile policy
  • Inventory management, device provisioning and audit
  • The enforcement of device security, authentication and encryption
  • Service management and telecom control

In the US and the UK, MDM solutions are being sought by companies wishing to embrace the collaboration and productivity gains of a BYOD (bring your own device) approach to mobility. This trend is also appearing in Australia, and trials are currently taking place within organisations in the finance and banking sector. 

Many employees are beginning to carry personal iPads for note taking and quickly accessing documentation, finding the smaller form factor more suitable when moving around the office, working from conference venues or during meetings. 

Just catching public transport during a Sydney peak hour will provide an example of how iPad ownership has exploded in recent years.

UK law firm Norton Rose is one example of an organisation trying to stay ahead of the curve by actively implementing solutions to manage mobile devices, starting with iPads.

Providing business law services from offices across Europe, the Middle East and Asia Pacific, Norton Rose needed to offer its lawyers the same access to corporate email and information on the road as in the office.

Norton Rose chose MobileIron’s MDM solution which places a server in the enterprise data centre and clients on smartphones or tablets. Using the system, administrators can control user access policy and clone data from devices to the server.

iphone info from mobileiron

“[Using MobileIron] we can wipe remotely devices, and when wiping those devices we are able to wipe just the corporate [data and applications]. If someone is leaving the firm or if the device is lost, we can wipe the entire device,” said Vlad Botic, Norton Rose technology innovation director.

In the system, traffic is encrypted from the controlled environment to the device, and the device itself is encrypted. MobileIron also offers the ability to fine tune user policy settings, as compliance regulations vary widely from country to country.

In the recent 2011 ISACA IT Risk/Reward Barometer, a survey of 125 senior IT executives from the Oceanic region revealed that most (41%) believed that the risks and benefits of employees using personal mobile devices for work activities were appropriately balanced. 31% believed the benefits outweighed the risks.

Expect to see more tablet devices in enterprise, whether they are being managed as a corporate device is the key - what is your organisation doing? Do you know how many iPads are in your organisation already?

Read more on Endpoint security

Data Center
Data Management