I’ve been working in the enterprise mobile arena for a number of years now, more recently I have been involved in working with customers, and partners in designing solutions that help them more efficiently manage their mobile assets. One area that I’ve seen quite often concerns BYOD and this is an area that’s not really considered as being a priority for enterprises. This article is based upon my experiences and I’ll endeavour to add statistics/supporting evidence as it develops.
Mobile devices are pervading every aspect of our life, from social to business uses. In the social arena, we’re seeing more subsections of MDM being made available to the public (remote package installation, remote wipe, locationing, etc). In business, MDM is more crucial and would include all of the above and many more features to ensure businesses run smoothly and efficiently. MDM can be used on any device that has a network connection, from laptops and desktops to tablets through to mobile phones. There are over 7 billion mobile devices in the world and the vast majority of these devices will fall under the category of “can be managed by an MDM platform.”
IT used to be the division in a company that dictated what devices could be used within an organisation, the providers of the applications to be used, the guys that would ensure that devices were patched, updated and secure. However, nowadays, they’re being pushed outside of their regular comfort zone and need to adapt to the era of BYOD. IT professionals are being required to be more collaborative in their approach, working with employees in supporting their needs. Gone are the days where an IT support engineer would be shut in their basement without seeing the light of day, asking users to reboot their devices when they crash. For those readers in the UK, see the “IT Crowd” on Channel 4 for more information.
However, IT departments don’t often understand how MDM tools can bring real value to their enterprises and more often than not, if the tools are in place, they’re either poorly used or not used at all. Additionally in my experience, it’s quite common for IT departments to only dedicate one person in their team to be responsible for managing an installed base.
Even when this element is outsourced (and this isn’t an easy thing to define between the companies involved), it’s not uncommon for a company that has very little skills in device management to be responsible for said management. Some companies do outsource device management to the manufacturers of the products they use, but it’s quite common for a customer installed base to consist of many different types of products, different manufacturers, different OS’s, applications, etc, etc, etc.
So already for an enterprise using mobile devices, this is a struggle. When people start bringing their own devices into the company environment for professional use, the issues are compounded. Many companies, whilst supporting BYOD unofficially, still don’t understand or correctly manage corporate policies on employee devices. Even outsourcing this element is difficult because no two companies are the same and unique processes and policies need to be defined.
It’s clear that guidelines need to be set up between employees and employers to ensure that devices brought into the workplace are used efficiently, are supported correctly and adhere to company security policies. It’s also clear that trade-offs need to be put into place between both parties, in the event that a device gets lost, damaged or stolen. Companies that don’t have these guidelines in place are opening themselves up to severe risks that could open themselves to issues such as lost documents to data protection breaches and considerable fines. There have been numerous cases around the world over the last few years of laptops being left on buses and trains through to un-encrypted USB keys being lost. If a user wants to use their own device in a corporate environment, then they should accept the rules laid down by their employers. However, all too often, employers have no rules or don’t enforce them.
It’s also evident that companies that have an MDM platform in place, rarely add employee devices to the tool to ensure corporate security. Either it’s because it’s overlooked, no guidelines are in place or employees use their devices “under cover” without IT being aware.
Gartner predicts that by 2017 that “Half of Employers will Require Employees to Supply Their Own Device for Work Purposes”. This is an amazing prediction and only highlights the challenges ahead for IT departments.
One of the major issues with BYOD is that control using an MDM platform is extremely difficult. MDM vendors can only implement support mechanisms based upon the APIs that platform or device manufacturers make available to them. Historically, Microsoft has probably been the easiest to implement in MDM solutions (especially due to its prevalence in the enterprise workspace) but other platforms such as MacOS and Android are rapidly increasing in popularity. Going out on a limb, I would say the no one MDM platform available on the market today will provide complete and homogeneous MDM functionality on a mixed installed base. So the best choice of an MDM platform (whether used in-house or outsourced) is crucial for a company to build the best possible solution that suits their needs.
The MDM market is constantly evolving and Gartner believes it won’t last  as companies are becoming more aware about mobile security and are now establishing proper BYOD policies. Gartner further believes that mobile application management and application wrapping is going to be more important to companies in the future. A number of MDM providers have started to develop solutions that will assist their customers in these areas. The main focus will shift away from the device but to the applications, security and data on those devices. By changing the focus, the mix between corporate data and personal data will become less intermingled.
The leaders in the MDM space include AirWatch, MobileIron, Citrix, SAP, Good Technology and Fiberlink. All of these firms have heavily invested in application wrapping or secure container technologies, either by themselves or by partnering with other vendors. Newcomers to the market include IBM and Microsoft. All of these names have the potential to help companies build secure solutions focused on BYOD.
There are four main issues with MDM in a BYOD environment. These being:
- Support staffing
And these pose very different challenges to IT departments.
There are hundreds of hardware vendors to choose from, offering numerous different platforms to work on. In a BYOD environment, this means that the support that’s required to be provided is constantly changing as users are more likely to change/update their devices. It’s therefore crucial for IT to state the level and type of support that they will provide to end users on specific devices.
The right solution should effectively enable the organisation to have a clear and real time snapshot of all devices in the field at any given time (including hardware types, OS’s, firmware status, applications, etc, etc).
Bringing devices under management in a corporate environment will be time consuming. IT staff would need to work closely with employees to ensure that the right information is gathered from a device to ensure that it can be brought under the MDM platform umbrella. IT support staff would also need to be educators to employees, showing them how to use their devices effectively, keep devices secure and to help them understand company policies and security procedures.
Gone are the days where a company could provide a single “Gold” image that would fit all devices, bringing devices under management automatically. IT staff would also need to be specialised on various OS’s or have general IT skills on a broad range of OS’s. Depending upon the size of an organisation will dictate how this is implemented. Training of IT staff needs to be continuous, making sure that they’re as up to date as possible.
Maybe this should have been the first point to discuss but all the points above are important and should be developed when implementing BYOD. Securing devices from infections (such as viruses, malware, etc) is extremely important. This all helps in ensuring that they’re best protected from attacks, loss of company data and so forth. No device can be protected 100% but by securing devices, this can go a long way to increasing security. Users should accept that company security policies will be applied to their devices. Personally I believe that if a user wants to use their own device in a corporate environment, that they shouldn’t be given the choice about what protection or security the company wants to impose. If this is a contentious issue for companies, then something that may ease the stress on behalf of both employee and employer could be application wrapping or secure container technology.
This is one of the areas in which many MDM companies are investing (basically by wrapping an application on a device, it provides an additional layer of security so that if a device is lost or stolen). There are a number of companies that I know of that use these sort of technologies, including Good Technology, Air Watch and Mocana.
This added level of security would help ensure that if a device is lost or stolen, that the corporate elements would be inaccessible or, if the device is reachable, deleted.
Even if application wrapping isn’t implemented, general security policies such as strong passwords, encrypted data, etc, should be enforced as a matter of course on employee devices. Again, don’t give the employees a choice!
One of the most important areas of any MDM solution that focuses on BYOD is that of security management. A standardised platform with standardised policies will reduce the risks to the organisation as a whole and will also make management of such risks easier to handle.
An area which should be considered is that of geolocationing of devices for on demand tracking. This is very much a sensitive area which will need, on the one hand, corporate clarity and on the other hand, user acceptance of such a policy. Again, based upon personal experience, IT departments that are managed or run out of the US tend to forget that laws outside of their geographic scope are different and could open companies to lawsuits. Once this has been decided, clarified and accepted by users, there are numerous benefits to both parties. Device tracking should enable users to more easily locate lost or stolen devices, but will also (if a device is network reachable) enable remote locking/wiping. Basically a policy that would render the device unusable to a third party if found.
In general, corporate environments that already have existing policies in place for desktops, laptops and servers, can easily extend these policies to employee devices in a BYOD context. However, the right MDM platform will need to be chosen and integrated into the corporate environment.
This does suppose that there is an existing IT systems management tool already in place. If not, then this is the first point of call. Already, the right tools (such as BMC Remedy or Tivoli) will make the life of the IT department much less stressful as they will provide general IT functions such as systems monitoring, backups, maintenance, etc. The right MDM tool for the company should seamlessly (as far as possible) integrate with the systems management tool, so that security policies, maintenance, administration become as painless as possible. Additionally, much of the work provided by the MDM tools needs to be as automated as possible, especially in a large installed base.
Ideally, policy enforcement needs to be simple to manage. IT staff should be able to centrally monitor all aspects of a corporate IT environment (everything: email, file storage, web browsing, device encryption statuses, device location and so forth). Obviously the data to be monitored would depend upon the company involved, regional laws, etc. Centralised monitoring would make the job of managing a multitude of devices much easier, improve operational efficiencies, provide consistent policies and lastly, enable IT to focus their skills on more important projects.
One final point around policies. Policies are not to be written and forgotten. They should be constantly reviewed to ensure they’re kept up to date to adapt to an ever changing environment to ensure maximum efficiency and minimum upset to employees.
To sum up, BYOD is an area that is overlooked by many companies today. It’s been said many times over the last few years that companies will start to improve their perception of BYOD and start to develop and implement the right methodologies for managing non-corporate devices in corporate networks. This uptake is still quite slow but based upon Gartner’s predictions, the urgency is there.
As for the implementation of a solid MDM platform, whilst there is a clear need to ensure that devices on a corporate network are monitored, there is a clear need to ensure that they are managed efficiently too. There is a shift away from standard mobile device management to application wrapping and secure container technologies. The issue for corporations today is that there are numerous MDM platforms available and, unfortunately, they can’t do everything that a company requires. The choice of MDM platform has to be based upon specific requirements.
Oh, and I talked at the beginning about statistics. Here are some:
This is my first major article on MDM and BYOD. I hope that I’ve made the reading clear. Comments are welcome.
2,040 total views, 1 views today