Unfortunately, the mobile device management (MDM) market is a mess. Any enterprise that has recently conducted a market assessment has likely come to the conclusion that there isn’t a single product available that meets all the requirements of a typical enterprise looking to manage and secure mobile devices.
For this reason, some enterprises are starting to turn to managed mobility services, which involves outsourcing responsibilities for MDM to vendors who are able to cost-effectively aggregate best-of-breed services for resale as a bundled service offering. In this tip, we'll examine managed mobile services, including what they are, how they work and what to look for when considering an implementation.
What are managed mobility services?
Managed mobility services provide organizations with the ability to outsource some or all responsibilities for mobile devices. Some of the services offered by MMS vendors include:
- Device ordering and provisioning
- Inventory and expense management
- Managed security services
- Application management
While many organizations are interested in more than one of these capabilities, it is important to start by setting priorities and outlining the detailed requirements for an MMS deployment prior to selecting a vendor. It’s easy to get sidetracked by the secondary benefits of the service and lose sight of the primary reason for deploying this technology. If an organization fails to structure conversations appropriately, it’s common for vendor salespeople to concentrate on the bells and whistles of these services while glossing over shortcomings that might be critical to the deployment process.
The MMS vendor landscape is growing, with two different types of vendors filling the space. First, the major wireless carriers all provide managed mobility services; Verizon, AT&T and Sprint/Nextel all have service offerings. Second, a growing number of carrier-agnostic vendors are appearing on the market, including big names like Motorola, IBM and HP. Organizations considering a MMS deployment should develop a field of vendor candidates from both categories.
It’s also important to recognize that the cost structures are different for managed services than implementing or building your own MDM. Managed services typically involve a recurring operational expense, while hosting your own MDM solution requires the typical large capital investment followed by recurring maintenance fees; committing to a long-term services contract may seem more affordable than a one-time big-ticket purchase, but that may not always be the case.
Managed mobility security services
Of the four MMS benefits mentioned earlier, security managers will want to focus on the managed security services offered by MMS vendors. These services mirror the capabilities of self-deployed MDM products, and many MMS providers leverage the same MDM products available to enterprises by allowing organizations to hand off tactical management responsibility.
Here’s a list of some security capabilities offered by MMS vendors:
- Encryption of mobile devices to protect against data loss in the event a device is lost or stolen.
- Requirements for the presence of certain applications on mobile devices.
- Limitations to the mobile applications that users may install on mobile devices, implemented through either a white list or blacklist approach.
- Requirements for the use of a secure PIN to open mobile devices from a lock-screen and configurations to have devices automatically wiped after a specified number of failed attempts to enter the correct PIN.
- The capability to remotely lock or wipe devices from a central console when users report them as stolen.
The major MMS players all support the “big three” of mobile devices: Apple iOS, Android and BlackBerry. Some vendors also support less commonly used platforms, such as Windows Mobile and WebOS. It’s important to keep in mind that regardless of whatever vendor is chosen, the capabilities of a MMS platform will be limited by the security services supported by your device vendors, so be sure to reach out to device vendors and existing service providers to discuss managed mobility services compatibility before forging ahead with a deployment.
Considering a managed mobility service deployment
Organizations considering a managed mobility service deployment, despite whether security reasons for doing so are primary or secondary issues, should ask a number of questions as they develop a set of requirements and consider different vendors:
- Does the vendor support all of the mobile devices used in the enterprise environment? If not, will the organization discontinue the use of those devices or accept the fact that they are outside of the managed environment?
- What security policies does the organization want to enforce on mobile devices? How does the MMS support that enforcement and what is required to change a policy?
- Does the vendor allow users to enroll personally owned devices that access corporate data? What capabilities exist for these devices?
- How do users interact with the MMS service when they require support? Are both self-service and help desk options available?
Managed mobility services offer enterprises a wide range of benefits by allowing the outsourcing of the tedious work of device management. When properly selected and deployed, these services can not only improve the cost effectiveness of mobility efforts, but the can also provide significant security benefits.
About the author:
Mike Chapple, Ph. D., CISA, CISSP, is an IT security manager with the University of Notre Dame. He previously served as an information security researcher with the National Security Agency and the U.S. Air Force. Chapple is a frequent contributor to SearchSecurity.com, and serves as its resident expert on network security for its Ask the Experts panel. He is a technical editor for Information Security magazine and the author of several information security titles, including the CISSP Prep Guide and Information Security Illuminated.