Care home operator manages Apple estate with Absolute

Software firm offers the right MDM solutions for LNT Group to manage a fleet of iPhones without needing individual iTunes accounts.

Software firm offers the right MDM solutions for LNT Group to manage a fleet of iPhones without needing individual iTunes accounts.

LNT Group, which operates Ideal Care Homes, has deployed a mobile device management (MDM) system from Absolute Software to manage a fleet of iPhones.

As Computer Weekly has previously reported, LNT Group, decided to migrate from BlackBerry and develop an Apple-only estate.

Leigh Ellis, development team manager, says: “We were seeing a large increase in people who wanted to use their own iPhone and Android smartphones. The chairman wanted to give everyone a phone, which would enable staff who work at the care homes to have a two-way communication with head office”.

In December 2011, the company decided the best approach would be to standardise with iPhones. These were rolled out to 1,700 staff in June 2012. In terms of security, Ellis says LNT Group wanted to ensure everyone could access email and certain documents securely. “We needed to set guides to determine what people could access,” Ellis explains.

IPhone app development

Ellis started with no experience of programming the iPhone but ended up developing the iLNT app after only five months. He says: “I did a computing degree. I had Java experience, but I had not used the Objective C programming language that Apple uses for the iPhone.” He took a one-week course on iPhone programming and taught himself how to develop apps for the iPhone. The software he ended up developing needed to integrate with the company’s back-end HR system, which involved building a back-end web server.

Some documents were time and location specific. For instance, document access was restricted at weekends. “We started thinking about the constraints such as what we wanted to block and the potential problems that would arise with these security measures,” Ellis says. Most lapses in security occur when someone needs to access something that was not considered when the security strategy was drawn up. To accommodate this request, security becomes relaxed.

Finding the right provider

With the roll-out of iPhones, Ellis looked at what could be done to restrict access. He admits that in this respect, iOS was quite limited. “There was an API but it was not easy for an end-user to configure,” he says. Luckily, a search on the internet revealed there were quite a lot of MDM solutions, upwards of 37 providers. He says: “We narrowed this down to a small number that did exactly what we needed.”

In terms of feature set, the company wanted a dynamic live inventory. Previously LNT attempted to manage 100 devices on a spreadsheet, which needed to change manually, and it was not accurate.

Each device required individual hands-on attention from IT for typical maintenance requirements such as updates. This was time consuming and left the deployment vulnerable to human error and other potential inconsistencies.

Ellis says LNT Group wanted MDM software that could maintain a live connection with the phone to improve manageability. “We also wanted automatic email configuration to push email down to the phone and we wanted to push down apps without the need to set up an iTunes account for every user, which would have been time consuming,” he says. Another requirement concerned data loss prevention: the MDM software needed to lock stolen and lost phones and enforce passcodes to provide stricter access controls.

Ellis narrowed down the 37 to a shortlist of four. He then looked at the benefits of each product and selected Absolute Manage from Absolute Software.

Specialising in iphone management

Absolute Software specialises in firmware-embedded endpoint security and management for computers and ultra-portable devices. Its Computrace persistence technology is embedded in the firmware of computers, netbooks and tablets from manufactures including Acer, Asus, Dell, Fujitsu, HP, Lenovo, Samsung and Toshiba.

Absolute Manage allows organisations to remotely manage and secure endpoint devices from a single console, including PC, Mac, iOS, Android and Windows Phone devices. One of the main reasons for going with Absolute Manage was because of how the product manages iPhone apps. Absolute Software offered app enrolment without the need for iTunes and it also gave LNT group the ability to enrol employee-owned devices, which would enable the company to offer staff the ability to use their own smartphones.

Ellis says: “It did not take very long to enrol 1,700 phones compared with other products. With 10 people, we got all the phones setup in a day and we didn’t have to plug the iPhone into a computer. All configuration was achieved over Wi-Fi.” In terms of the back-end, Ellis says it was unnecessary to make changes to the firm’s Active Directory to build policies for access. Absolute Manage integrates seamlessly with the Windows Active Directory so that existing employee details could be imported to Absolute Manage for consistency across the organisation so there was no need for IT to perform manual data entry.

Absolute Manage allows LNT to wirelessly configure, query and wipe or lock managed devices. For example, it provides policy-locked configuration profiles so that noncompliant devices (jail-broken, blacklisted apps installed) are blocked from accessing the corporate networks and email.

Ellis adds: “We used Absolute Safe to define policies based on documents.” To support applications on the iPhone, Absolute Software provides its own app store which Ellis rebranded as the LNT Appstore. Ellis says the company uses this to distribute its own iLNT employee portal app, as well as suggest apps staff may like to use. One of these is the Facebook Page Manager app which care home managers can use to access the Facebook page of care homes.

The advantages of the app

 The iLNT employee self-service app enables staff to see their clock-in hours and request holidays. Since staff are also shareholders, employees can also use iLNT to access their share certificate. The iLNT app additionally serves as a communications tool, allowing head office to send news updates to staff.

Following the iPhone roll-out, Ellis says the LNT group is now looking at rolling out iPads to each care home to provide access to Skype. He is also planning to develop a care home app which will be used to provide training videos.

The LNT Group’s roll-out of iPhones represents the way IT would traditionally provide IT equipment to employees. Some businesses may be tempted to avoid the cost of the device totally, where employees use their own devices. MDM products such as Absolute Manage can secure these devices but the business needs permission to install software on the employee’s device.

Then there is the reimbursement minefield. According to research from Nucleus Research that looked at US communications charges, in a well-managed corporate environment the monthly telco bill per employee would be no more than $65. However, staff using their own devices would have their own mobile contracts.

Nucleus Research estimates that employee reimbursement on telco costs would be $75 or more.

From a financial perspective, the big winner in BYOD (bring your own device) is the network operators. Instead of dealing with the might of corporate procurement, bargaining power is diluted back to the individual employee who lacks the time, knowledge and buying power to drive a hard bargain. By driving support back to the carriers, enterprises also lose control of their technology and data and gain additional dependence on the supplier, the report stated. By issuing devices to staff, LNT Group has avoided this hidden cost. It also means the company gets around the tax implications that would occur if a business subsidised device purchases.

Read more on Mobile software