The proliferation of mobile devices in the workplace has become a well-established trend. But the increasing use of employees’ personal mobile devices puts IT departments in an unusual position: End-user practices, rather than strategic IT plans, are driving the adoption of the technology, and IT needs mobile device management software to handle it.
In many cases, those responsible for delivering business services, securing infrastructure and complying with regulations have inadequate tools to manage and control the influx of mobile devices. Asset management and configuration management tools that were designed for servers, desktops and laptops lack the functionality needed to support today’s mobile devices. Businesses are turning to mobile device management (MDM) software to address the specific needs of consumer devices in the enterprise.
This guide explores the role of MDM software and features to consider as you evaluate mobile device management software. It also provides tips on avoiding potential pitfalls while you plan for an MDM implementation.
MDM software has become an enterprise necessity. With so many mobile devices in the workplace, IT needs a way to manage policy, inventory and security, and MDM does just that.
According to a recent survey, 75% of IT managers noted that adequate support for mobile devices would require new security rules, 64% believe lost or stolen mobile devices pose a security threat, and 50% want to be able to restrict applications used on mobile devices. Fortunately, not all the news about mobile devices in the enterprise is negative. A Visiongain study found that business use of mobile devices can reduce demand for technical support by as much as 20%.
Another factor driving the adoption of a mobile device management (MDM) system is that many existing infrastructure and configuration management applications were not designed to support mobile devices. Sometimes an existing application can provide functions of MDM software. For example, Microsoft Exchange ActiveSync allows administrators to enforce BYOD policy and remotely wipe devices but lacks more advanced, and increasingly required, functions.
Policy enforcement is essential to protect business information assets. Of course this assumes you have the necessary policies defined, which include access control, acceptable use, encryption and data management policies.
Access control policies specify rules about which users can authenticate to a device and perform operations on that device. Corporate application users should be segmented into groups according to their roles and responsibilities. They should have the fewest privileges required to perform tasks associated with their roles. This is a best practice for information security more generally, but it extends to mobile device use by specifying which enterprise applications can be accessible to users of mobile devices. Don’t assume that because an individual has access to an application on a company-owned workstation, that person will have access to the application on a mobile device over an unsecured communication channel.
An acceptable use policy should define the types of apps that can run on mobile devices for business operations, and MDM software should enforce these rules. Some application agreements specify that a vendor can download contact information from a mobile device, and such agreements can result in corporate information leaks. Businesses need to have app control on mobile devices, and MDM software enables them to enforce access control and allowed application policies.
Common inventory management features include registering devices, assigning devices to groups, centralized dashboard reporting and billing tracking. Reporting services include a detailed description of devices.
Security management includes a range of capabilities, such as setting password requirements on devices, configuring virtual private network (VPN) settings, installing secure sockets layer (SSL) certificates for device authentication, enforcing encryption policies, disabling device features such as GPS and camera, and remotely wiping a device. Encryption and data management policies are important elements in securing enterprise data. MDM software can support the enforcement of full device encryption policies if needed. They can also provide isolated sandboxes for protected data. With this model, protected data is logically separated from other device data and removed when it is no longer needed. If a device is lost or stolen, this kind of data management can mitigate data leak risks. SSL certificates have long been used to authenticate servers and can now improve the security of enterprise systems accessed from smartphones and tablets by authenticating those devices.
Once mobile devices are in use, you need to support them. MDM software commonly features software distribution services and it often includes the ability to establish an enterprise app distribution service akin to an internal application marketplace. In addition to supporting an app marketplace, MDM software typically allows for patching and remote software distribution.
For IT departments, erasing the personal contents of an employee’s device isn’t necessarily a first choice. But if a device is lost or stolen and the only remote-wipe option that your MDM software offers is resetting to factory defaults, you may have a difficult choice to make. More advanced remote-wiping features can target enterprise data, which is segregated from personal data in a vault that allows you to erase sensitive information without affecting the personal contents of a device.
Malware developers rarely miss an opportunity to exploit potential vulnerabilities, such as widespread mobile device use. MDM software security features have improved and can include automatically updating virus definitions, scanning incoming files from mobile devices for malicious content, and blacklist filtering.
Unused software licenses incur unnecessary costs, but using unlicensed software is risky as well. MDM software that track and report on application use can identify the number of licenses in use, which enables administrators to determine the number of licenses needed. This can prevent admins from purchasing too many licenses while mitigating the risk of unlicensed application use.
In some locations, bandwidth can be limited. MDM software that can throttle bandwidth usage for management tasks can reduce the risk of undermining other applications’ performance.
Vendors’ marketing hype often depicts software as ideal for your environment’s mobile management system requirements. But in practice, problems can crop up. To avoid pitfalls in your MDM software assessment and deployment, consider the following suggestions:
Understand the requirements for MDM client software on devices. Some mobile device management (MDM) systems use agentless management, while others require agent-based management. Test an agent-based mobile management system on platforms you plan to support with a variety of applications to accurately assess the impact of the client software on the device.
Test full device encryption with supported apps. Encryption may interfere with the functions of some applications. It can be particularly challenging to test the full range of apps that employees have on their devices.
Segregate data types. If you want to avoid requiring full device encryption on employee-owned devices, use an MDM system that can segregate sensitive business data from personal data.
Understand the requirements for centralized components. These requirements may include management servers, proxies, relays and other supporting systems.
Test and evaluate. Determine whether the logging and reporting functions of the MDM technology are sufficient for your requirements.
Back up devices. If mobile devices store business data, they should be backed up. This is especially important for recovery of data on a lost or stolen device. Consider how the mobile management system you choose can back up mobile devices, the flexibility of the management console for defining backup scripts, the ability of backup operations to recover from interrupted sessions.
Integrate data. Consider how data from an MDM program can be integrated with other parts of your mobile management system. MDM systems may use relational databases and publish either data models or application programming interfaces for accessing detailed information on device inventory, configurations, and operations.
Finally, plan your mobile management system evaluation and implementation based on your specific requirements.
Once you are ready to start evaluating a mobile device management system, outline security, data protection, access control and acceptable-use policies.
While these policies don’t have to be detailed, you should have a clear understanding of the kinds of features you expect, such as full device encryption, data vaulting and so on. Also consider the mobile device management system functions and reporting capabilities you expect. If your current asset management and configuration management tools meet your needs, they can be a guide for the features you want from a mobile device management system.
Next, determine which platforms that IT will support. The major mobile device offerings are Google’s Android, Apple’s iOS, Research In Motion’s BlackBerry and Microsoft’s Windows Phone.
All OSes may support your email and collaboration applications, but a smaller number may offer the right apps for your enterprise applications. Consider whether the additional cost of supporting an OS with limited business functionality is worth the marginal benefit. Also consider how well the mobile device management system you may choose support different OSes. If an OS is not in high demand, does not support important business apps and lacks comprehensive support in an otherwise promising management system, you may choose to not support that platform. Use your policy and management-based requirements and your supported platform list to create a feature-by-platform matrix. This framework can organize the results of your product evaluations. Some features and platforms are more important than others, so weigh their relative importance.
Evaluate the top-ranking product or products in limited tests. This process gives you an opportunity to assess issues with deploying server components, configuring MDM software, deploying agents, and performing basic operations, such as remotely configuring devices, performing backups on devices and generating operational reports.
Mobile devices are now a part of enterprise infrastructure and a mobile device management system can provide the asset, configuration and security management functionality they require.
But two potential problems can undermine these advantages. If the policy and mobile device management system disrupt how employees use their devices, users will likely resist. If applications used for personal purposes do not work with full disk encryption, for example, employees will be forced to choose between using those apps and having access to enterprise systems. A second problem arises when policies appear overreaching. For example, employees may understand the need to register their devices but they may also hesitate to grant access to personal data or to allow an administrator to remotely disable device features, such as a camera or GPS.
To prevent user revolt to BYOD policy, IT departments should limit restrictions on employee-owned devices to those needed to protect business assets and clearly describe the justification for these limitations. If possible, use a tiered approach: Allow access to public and sensitive data with minimal restrictions, but require more stringent controls only for devices accessing confidential and private information or working with valuable intellectual property.
Source : Internet
In many cases, those responsible for delivering business services, securing infrastructure and complying with regulations have inadequate tools to manage and control the influx of mobile devices. Asset management and configuration management tools that were designed for servers, desktops and laptops lack the functionality needed to support today’s mobile devices. Businesses are turning to mobile device management (MDM) software to address the specific needs of consumer devices in the enterprise.
This guide explores the role of MDM software and features to consider as you evaluate mobile device management software. It also provides tips on avoiding potential pitfalls while you plan for an MDM implementation.
MDM software: Why it’s important and what it should include
MDM software has become an enterprise necessity. With so many mobile devices in the workplace, IT needs a way to manage policy, inventory and security, and MDM does just that.
The need for MDM software
According to a recent survey, 75% of IT managers noted that adequate support for mobile devices would require new security rules, 64% believe lost or stolen mobile devices pose a security threat, and 50% want to be able to restrict applications used on mobile devices. Fortunately, not all the news about mobile devices in the enterprise is negative. A Visiongain study found that business use of mobile devices can reduce demand for technical support by as much as 20%.
Another factor driving the adoption of a mobile device management (MDM) system is that many existing infrastructure and configuration management applications were not designed to support mobile devices. Sometimes an existing application can provide functions of MDM software. For example, Microsoft Exchange ActiveSync allows administrators to enforce BYOD policy and remotely wipe devices but lacks more advanced, and increasingly required, functions.
Common features of MDM software
MDM software provides at least basic functionality in four areas: policy enforcement and management, inventory management, security management and software distribution.Policy enforcement is essential to protect business information assets. Of course this assumes you have the necessary policies defined, which include access control, acceptable use, encryption and data management policies.
Access control policies specify rules about which users can authenticate to a device and perform operations on that device. Corporate application users should be segmented into groups according to their roles and responsibilities. They should have the fewest privileges required to perform tasks associated with their roles. This is a best practice for information security more generally, but it extends to mobile device use by specifying which enterprise applications can be accessible to users of mobile devices. Don’t assume that because an individual has access to an application on a company-owned workstation, that person will have access to the application on a mobile device over an unsecured communication channel.
An acceptable use policy should define the types of apps that can run on mobile devices for business operations, and MDM software should enforce these rules. Some application agreements specify that a vendor can download contact information from a mobile device, and such agreements can result in corporate information leaks. Businesses need to have app control on mobile devices, and MDM software enables them to enforce access control and allowed application policies.
Common inventory management features include registering devices, assigning devices to groups, centralized dashboard reporting and billing tracking. Reporting services include a detailed description of devices.
Security management includes a range of capabilities, such as setting password requirements on devices, configuring virtual private network (VPN) settings, installing secure sockets layer (SSL) certificates for device authentication, enforcing encryption policies, disabling device features such as GPS and camera, and remotely wiping a device. Encryption and data management policies are important elements in securing enterprise data. MDM software can support the enforcement of full device encryption policies if needed. They can also provide isolated sandboxes for protected data. With this model, protected data is logically separated from other device data and removed when it is no longer needed. If a device is lost or stolen, this kind of data management can mitigate data leak risks. SSL certificates have long been used to authenticate servers and can now improve the security of enterprise systems accessed from smartphones and tablets by authenticating those devices.
Once mobile devices are in use, you need to support them. MDM software commonly features software distribution services and it often includes the ability to establish an enterprise app distribution service akin to an internal application marketplace. In addition to supporting an app marketplace, MDM software typically allows for patching and remote software distribution.
Advanced MDM software features to consider
As MDM software offerings improve, you can distinguish between the technologies based on more advanced features, including additional security controls, better data protection, software license management and bandwidth optimizations.For IT departments, erasing the personal contents of an employee’s device isn’t necessarily a first choice. But if a device is lost or stolen and the only remote-wipe option that your MDM software offers is resetting to factory defaults, you may have a difficult choice to make. More advanced remote-wiping features can target enterprise data, which is segregated from personal data in a vault that allows you to erase sensitive information without affecting the personal contents of a device.
Malware developers rarely miss an opportunity to exploit potential vulnerabilities, such as widespread mobile device use. MDM software security features have improved and can include automatically updating virus definitions, scanning incoming files from mobile devices for malicious content, and blacklist filtering.
Unused software licenses incur unnecessary costs, but using unlicensed software is risky as well. MDM software that track and report on application use can identify the number of licenses in use, which enables administrators to determine the number of licenses needed. This can prevent admins from purchasing too many licenses while mitigating the risk of unlicensed application use.
In some locations, bandwidth can be limited. MDM software that can throttle bandwidth usage for management tasks can reduce the risk of undermining other applications’ performance.
Avoiding snags in mobile management system selection
Vendors’ marketing hype often depicts software as ideal for your environment’s mobile management system requirements. But in practice, problems can crop up. To avoid pitfalls in your MDM software assessment and deployment, consider the following suggestions:
Finally, plan your mobile management system evaluation and implementation based on your specific requirements.
Mobile device management system planning and policies
Once you are ready to start evaluating a mobile device management system, outline security, data protection, access control and acceptable-use policies.
While these policies don’t have to be detailed, you should have a clear understanding of the kinds of features you expect, such as full device encryption, data vaulting and so on. Also consider the mobile device management system functions and reporting capabilities you expect. If your current asset management and configuration management tools meet your needs, they can be a guide for the features you want from a mobile device management system.
Next, determine which platforms that IT will support. The major mobile device offerings are Google’s Android, Apple’s iOS, Research In Motion’s BlackBerry and Microsoft’s Windows Phone.
All OSes may support your email and collaboration applications, but a smaller number may offer the right apps for your enterprise applications. Consider whether the additional cost of supporting an OS with limited business functionality is worth the marginal benefit. Also consider how well the mobile device management system you may choose support different OSes. If an OS is not in high demand, does not support important business apps and lacks comprehensive support in an otherwise promising management system, you may choose to not support that platform. Use your policy and management-based requirements and your supported platform list to create a feature-by-platform matrix. This framework can organize the results of your product evaluations. Some features and platforms are more important than others, so weigh their relative importance.
Evaluate the top-ranking product or products in limited tests. This process gives you an opportunity to assess issues with deploying server components, configuring MDM software, deploying agents, and performing basic operations, such as remotely configuring devices, performing backups on devices and generating operational reports.
Mobile devices are now a part of enterprise infrastructure and a mobile device management system can provide the asset, configuration and security management functionality they require.
Mobile device management system drawbacks
For employers, a bring your own device (BYOD) policy can be advantageous because the company can consolidate hardware and reap some savings. For employees, using their own devices enables an easy shift between work and personal tasks.But two potential problems can undermine these advantages. If the policy and mobile device management system disrupt how employees use their devices, users will likely resist. If applications used for personal purposes do not work with full disk encryption, for example, employees will be forced to choose between using those apps and having access to enterprise systems. A second problem arises when policies appear overreaching. For example, employees may understand the need to register their devices but they may also hesitate to grant access to personal data or to allow an administrator to remotely disable device features, such as a camera or GPS.
To prevent user revolt to BYOD policy, IT departments should limit restrictions on employee-owned devices to those needed to protect business assets and clearly describe the justification for these limitations. If possible, use a tiered approach: Allow access to public and sensitive data with minimal restrictions, but require more stringent controls only for devices accessing confidential and private information or working with valuable intellectual property.
Source : Internet
No comments:
Post a Comment