BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
The onslaught of employee-owned devices in the workplace offers numerous benefits to the modern enterprise yet it also introduces a slew of problems, namely when it comes to security. Preventing data loss, controlling access, mobile malware infections and lost or stolen devices are just a few of the worries that plague corporate IT security departments.
A decade ago, MDM products managed uniform fleets of corporate-procured BlackBerry phones or Windows handheld devices. But each of those products dealt with a single mobile operating system, creating homogeneous "stovepipes" that could not expand to encompass new consumer-grade phones launched by Apple and Google.
And so, the MDM industry adapted by creating next-generation technologies to deliver "single pane of glass" control over today's increasingly broad and diverse mixture of smartphones, tablets, ultrabooks and other mobile devices.
These heterogeneous MDM technologies behave as universal translators, conveying IT queries and commands to a variety of mobile devices over the air, using the notification services each mobile operating system's ecosystem offers. With a heterogeneous technology, IT gains a single, unified system capable of rapid expansion to embrace new mobile device types and OS versions.
Overcome BYOD risks with MDM
Deploying heterogeneous MDM products allows an enterprise to secure and control mobile access. In an Aberdeen Group study on mobility, respondents listed these specific advantages:
- Consolidation of control over mobility initiatives
- Proper configuration of devices before employees are granted access
- Creation of economies of scale over large, diverse device populations
- Reduced per-user support costs
- Reduced risk of lost or stolen devices
- Enforcement of mobile security policies
- Verification of ongoing policy compliance over-the-air
A specific example of the impact of mobile devices on IT security is when Apple iPhones first entered the market, and subsequently the workplace. Initially, IT departments lacked tools to manage them throughout their lifecycle. Often, IT security departments granted exceptions for limited mobile access via these iOS devices. Then, they developed ad hoc device management processes to fill the gap. A similar phenomenon occurred when Google Android devices grew popular with consumers. As business units clamored for flexibility and support, IT started to lose its grip on mobility initiatives.
An MDM product capable of managing all devices -- independent of ownership and spanning all mobile operating systems -- breaks down these barriers to put IT back in the driver's seat. While IT no longer unilaterally chooses every supported device, heterogeneous MDM products help IT ensure the safety of all.
Moreover, today's MDM products don't stop with classic device management -- that is, manipulating device settings and tracking their whereabouts. Instead, they offer a broad array of basic and advanced capabilities, ranging from security policy enforcement to mobile application management. Although capabilities differ from one MDM strategy to the next, most offer tools to help IT satisfy the business needs and reduce the risks that come along with mobility.
For example, 72% of LinkedIn's information security community members responded to a 2013 survey that they had experienced adverse bring your own device (BYOD) impacts in the past year, including malware cleanup costs, repair time, business disruption, lost productivity, premium services and regulatory fines. Perhaps this explains why 70% of respondents cited security as their top criteria for successful BYOD deployment.
Using MDM to enforce corporate and compliance regulations
MDM technologies can help IT configure security settings in accordance with corporate policy and prevent those settings from being modified -- be it intentionally, accidentally or as a byproduct of malware infection. Moreover, MDM products can help IT automatically apply different security policies to types or groups of devices in order to support both corporate and BYOD use cases.
When a device becomes noncompliant, an MDM product can deliver IT visibility and provide a near real-time path for taking manual or automated action. For example, an MDM product may be used to quarantine an infected device to prevent further mobile access to corporate assets, or to wipe that device to avoid future corporate data exfiltration or premium service fees.
Ultimately, MDM products are powerful tools that IT can use to develop and automate new mobility management processes. However, realizing the benefits requires crafting processes to meet business needs. In Aberdeen's study, 73% of best-in-class respondents had used mobility management to enact a formal process for decommissioning lost, stolen or end-of-life devices. Two-thirds had established processes governing corporate use of BYODs or used full lifecycle management to ensure security policy compliance.
Lifecycle details can vary from one company to the next, or even within a given company for different users, roles and devices. However, the business and technical benefits of implementing full lifecycle management are far more universal. By minimizing IT involvement, mobility can be extended to larger workforces at a lower cost. By supporting self-enrollment and fully automated provisioning of BYODs, workers can become productive at a faster rate. When an auto-enrolled BYOD is lost or stolen, MDM control is already in place to quickly and safely decommission the device, and the employee has already agreed to an acceptable-use policy that grants IT permission to take such actions.
In fact, assessing workforce mobility needs and designing lifecycle management processes to satisfy them are critical to selecting the right MDM technology. In the next article of this series, we will explore the technologies you should be aware of as well as the questions you should be ready to ask to reap maximum benefit from your investment in any heterogeneous MDM product.
About the author:
Lisa Phifer owns and is president of Core Competence Inc., a consulting firm specializing in leading-edge network technology. She has been involved in the design, implementation and evaluation of networking and security products for over 25 years. She has advised companies large and small regarding needs, product assessment and the use of emerging technologies and best practices.