Mobile Device Management Checklist

Ideally, IT should be at least aware of every smartphone and tablet used in an organization, from activation to retirement. Accomplishing this requires a cohesive plan for mobile device management.
As business use of smartphones and tablets continues to grow, inadequate IT oversight and control is having negative effects. Up to one-third of companies acknowledge that smartphone use is being hindered or slowed because IT admins cannot manage the devices to the extent they would like, according to a 2012 Osterman Research study; the situation is even worse for tablets.

Mobile devices: Out of sight, out of mind

For the past decade, IT departments turned a blind eye to mobile handhelds, believing that cell phones were too limited and PDAs saw too little use to warrant attention. But today's increasingly powerful converged mobile devices have blown past both barriers, leaving IT in the hot seat. After all, you cannot secure what you don't manage, and you cannot manage what you don't see.

Mobile device management (MDM) can help your business plug this gaping hole by enabling remote visibility and control over smartphones and other handheld devices carried by your workforce. But MDM can also be a frustratingly vague term, applied to a diverse collection of products. The first step is to define precisely what you want an MDM system to do for your mobile workforce. The following checklist can help you identify your needs and common MDM capabilities that could address them.

Mobile asset inventory

Clearly, your MDM must maintain a list of devices to be managed -- that is, your mobile asset inventory. But what should your inventory include, and how will it be maintained?

• Device inventory: What physical details do you need to track? Beyond the basics (device ID, hardware model, firmware version), an MDM can help you record and report on related assets like wireless adapters and removable memory.
• Inventory classification: How do you want to group those mobile devices? For example, an MDM might auto-classify your devices by mobile OS/version or state (e.g., unknown, authorized, provisioned, decommissioned).
• Inventory maintenance: How do you want to update your inventory to reflect adds, changes and deletes? An MDM might be used to periodically poll devices, check for changes at network connect, or carry out admin-initiated audits.
• Physical tracking: Do you need to know not just who carries each handheld but precisely where that device is located? With many smartphones now supporting GPS, location-based MDM features become feasible.
• Database integration: Do you already have inventory systems that manage other assets (e.g., desktops, phones)? If so, you may want to integrate managed mobile device records into a common database using inventory exports or reports.

Mobile device provisioning

Managing a device through its lifecycle begins with activation and provisioning. How will each new device become an authorized, capable member of your handheld fleet?

• Supported platforms: Device management depends on many characteristics, including operating system and vendor/model/version. What platforms (e.g., Apple iOS, Google Android, BlackBerry OS, Microsoft Windows Phone) and minimum models/versions (e.g., Samsung SAFE devices running Android 4+) must you support? Make device-independent management choices wherever possible and practical while establishing baseline acceptance criteria for specific business uses (e.g., hardware-encrypted devices with remote find/wipe capability).
• Device registration: How will you enroll mobiles to be managed? MDMs can help administrators register company handhelds (e.g., directory add) or let users register their own devices (e.g., enrollment portals), or some combination thereof.
• Agent activation: How will MDM software get installed and activated on each new device? Some mobile devices ship with native MDM (e.g., Apple iOS, BlackBerry OS); others may require employees to visit an app store or an IT-managed Web portal to download and install an MDM agent. The latter is often accomplished by texting or emailing a URL to each enrolled device to complete over-the-air installation.
• Device configuration: How will you override factory/carrier defaults? For example, you might want to require passwords, add registry keys, or rewrite menus to eliminate non-business applications. MDMs can apply your "standard config" to each device after initial activation or hard reset.

Mobile software distribution

Many MDMs go beyond device inventory and configuration, providing tools that deliver and update mobile applications. This may not be Job 1, but it should be a close second.

• Software packages: How will you bundle related applications for purposes of configuration and delivery? MDMs can help you define and deploy those packages, helping to resolve platform, memory, and application dependencies.
• Application distribution: Do you want software and updates to be downloaded from public app stores (e.g., Apple iTunes, Google Play), pushed transparently to managed devices by an enterprise app store, or some combination thereof? Each mobile OS enforces its own rules regarding user permissions required to install and update apps, but MDMs can help IT automate related processes (e.g., prompting users to install required public apps).
• Mobile optimizations: Must your strategy accommodate unreliable or limited WANs? Some MDMs offer compression, incremental updates, and bandwidth management (attempting or resuming installation only over fast, low-cost links).
• Change control: How often will your mobile applications need patching or update? Define how deployed packages will be maintained so that changes are applied without resulting in user pain or weeks of effort to fix failed updates.

Mobile security management

On handhelds, device and security management tend to converge. Many MDMs offer basic security features that are missing from mobile OSs or related to device tasks.

• User authentication: How will you authenticate users before granting access to mobile devices? Some MDMs can be integrated with enterprise directories while addressing mobile needs like network-disconnected authentication.
• Password policy enforcement: How many login attempts will you allow before requiring reset? Can emergency calls bypass authentication? Many MDM agents can enforce these and other password policies that go beyond OS-provided PINs.
• Remote device wipe: Do you need the ability to wipe clean a remote mobile device? For example, an MDM can often delete data or hard-reset a lost smartphone on next server connect or upon receipt of an SMS "kill pill."
• White/black lists and device restrictions: An MDM involved in application management may require certain business applications and ban other applications. Similarly, an MDM that controls device settings can help you disable risky interfaces and wireless options.
• Secure communication: How will sensitive MDM traffic (e.g., configuration changes, software packages) be protected? Some MDMs provide their own secure channels rather than relying on OS or third-party protocols.

Mobile data protection

Data just might be the most sensitive corporate asset on any mobile handheld. MDMs can help you preserve and protect that mobile data.

• Data encryption: Do you want to enforce policies that use hardware or software encryption to prevent unauthorized access to data stored on mobile devices? Most contemporary mobile devices provide hardware encryption capability; others can enforce your policies by installing or activating third-party encryption (e.g., secure data lockers, self-encrypting enterprise applications).
• Backup/restore: How will you prevent data loss when a mobile device is damaged or stolen? Most mobile devices support scheduled over-the-air backup of selected settings and content to a cloud backup service for subsequent restoration by authorized users. Consider whether you also need to back up enterprise application data to an IT-controlled backup server.
• Data tracking: Do you need to maintain an audit trail of corporate data copied to and from mobile devices? Some MDMs can control and report on sensitive files transferred during over-the-air synchronization or onto removable media.

Monitoring and help desk support

Mobile device total cost of ownership can far exceed hardware/software purchase. Over time, MDM should pay for itself by reducing maintenance and support costs. How?

• Self-help: Can some admin tasks be cost-effectively shifted away from IT? Some MDMs offer self-help portals for user-initiated device enrollment, password reset or recovery, optional package download, and data restoration from backup.
• Diagnostics: When problems arise, what will your help desk need to see? MDMs can play a big role by providing not just intended settings but real-time status and health information (e.g., memory, battery, network connectivity).
• Remote control: When remote users need assistance, what can your help desk really do? Many MDMs include remote-control features (e.g., screen sharing) that let support staff interact with an off-site handheld in real time.
• Audit and compliance: Do you need to prove that mobile devices comply with your stated policies and/or industry privacy regulations? MDMs can help you automate remote assessment, remediation, and compliance reporting.
• Activity reports: How much insight will you need into mobile user activities, including interaction with business servers and networks? Most MDMs provide historical reports -- but look closely to see whether they capture what you need to know. 

Probably an organization does not need everything on this checklist, and any single MDM product is unlikely to cover all of these bases. Instead, treat this checklist as though it were a menu, introducing you to a foreign cuisine. Some considerations are simply variations on traditional desktop management needs, while others may be new and unfamiliar. Try a few MDMs to gain field experience with mobile user and device requirements before settling on an enterprise mobility management strategy for your workforce.

Source : Internet

Guide to mobile device management software

The proliferation of mobile devices in the workplace has become a well-established trend. But the increasing use of employees’ personal mobile devices puts IT departments in an unusual position: End-user practices, rather than strategic IT plans, are driving the adoption of the technology, and IT needs mobile device management software to handle it.
In many cases, those responsible for delivering business services, securing infrastructure and complying with regulations have inadequate tools to manage and control the influx of mobile devices. Asset management and configuration management tools that were designed for servers, desktops and laptops lack the functionality needed to support today’s mobile devices. Businesses are turning to mobile device management (MDM) software to address the specific needs of consumer devices in the enterprise.
This guide explores the role of MDM software and features to consider as you evaluate mobile device management software. It also provides tips on avoiding potential pitfalls while you plan for an MDM implementation.

 

MDM software: Why it’s important and what it should include

MDM software has become an enterprise necessity. With so many mobile devices in the workplace, IT needs a way to manage policy, inventory and security, and MDM does just that.

The need for MDM software

According to a recent survey, 75% of IT managers noted that adequate support for mobile devices would require new security rules, 64% believe lost or stolen mobile devices pose a security threat, and 50% want to be able to restrict applications used on mobile devices. Fortunately, not all the news about mobile devices in the enterprise is negative. A Visiongain study found that business use of mobile devices can reduce demand for technical support by as much as 20%.

Another factor driving the adoption of a mobile device management (MDM) system is that many existing infrastructure and configuration management applications were not designed to support mobile devices. Sometimes an existing application can provide functions of MDM software. For example, Microsoft Exchange ActiveSync allows administrators to enforce BYOD policy and remotely wipe devices but lacks more advanced, and increasingly required, functions.

 

Common features of MDM software

MDM software provides at least basic functionality in four areas: policy enforcement and management, inventory management, security management and software distribution.
Policy enforcement is essential to protect business information assets. Of course this assumes you have the necessary policies defined, which include access control, acceptable use, encryption and data management policies.

Access control policies specify rules about which users can authenticate to a device and perform operations on that device. Corporate application users should be segmented into groups according to their roles and responsibilities. They should have the fewest privileges required to perform tasks associated with their roles. This is a best practice for information security more generally, but it extends to mobile device use by specifying which enterprise applications can be accessible to users of mobile devices. Don’t assume that because an individual has access to an application on a company-owned workstation, that person will have access to the application on a mobile device over an unsecured communication channel.
An acceptable use policy should define the types of apps that can run on mobile devices for business operations, and MDM software should enforce these rules. Some application agreements specify that a vendor can download contact information from a mobile device, and such agreements can result in corporate information leaks. Businesses need to have app control on mobile devices, and MDM software enables them to enforce access control and allowed application policies.
Common inventory management features include registering devices, assigning devices to groups, centralized dashboard reporting and billing tracking. Reporting services include a detailed description of devices.

Security management includes a range of capabilities, such as setting password requirements on devices, configuring virtual private network (VPN) settings, installing secure sockets layer (SSL) certificates for device authentication, enforcing encryption policies, disabling device features such as GPS and camera, and remotely wiping a device. Encryption and data management policies are important elements in securing enterprise data. MDM software can support the enforcement of full device encryption policies if needed. They can also provide isolated sandboxes for protected data. With this model, protected data is logically separated from other device data and removed when it is no longer needed. If a device is lost or stolen, this kind of data management can mitigate data leak risks. SSL certificates have long been used to authenticate servers and can now improve the security of enterprise systems accessed from smartphones and tablets by authenticating those devices.

Once mobile devices are in use, you need to support them. MDM software commonly features software distribution services and it often includes the ability to establish an enterprise app distribution service akin to an internal application marketplace. In addition to supporting an app marketplace, MDM software typically allows for patching and remote software distribution.

 

Advanced MDM software features to consider

As MDM software offerings improve, you can distinguish between the technologies based on more advanced features, including additional security controls, better data protection, software license management and bandwidth optimizations.

For IT departments, erasing the personal contents of an employee’s device isn’t necessarily a first choice. But if a device is lost or stolen and the only remote-wipe option that your MDM software offers is resetting to factory defaults, you may have a difficult choice to make. More advanced remote-wiping features can target enterprise data, which is segregated from personal data in a vault that allows you to erase sensitive information without affecting the personal contents of a device.

Malware developers rarely miss an opportunity to exploit potential vulnerabilities, such as widespread mobile device use. MDM software security features have improved and can include automatically updating virus definitions, scanning incoming files from mobile devices for malicious content, and blacklist filtering.

Unused software licenses incur unnecessary costs, but using unlicensed software is risky as well. MDM software that track and report on application use can identify the number of licenses in use, which enables administrators to determine the number of licenses needed. This can prevent admins from purchasing too many licenses while mitigating the risk of unlicensed application use.

In some locations, bandwidth can be limited. MDM software that can throttle bandwidth usage for management tasks can reduce the risk of undermining other applications’ performance.

 

Avoiding snags in mobile management system selection

Vendors’ marketing hype often depicts software as ideal for your environment’s mobile management system requirements. But in practice, problems can crop up. To avoid pitfalls in your MDM software assessment and deployment, consider the following suggestions:

Understand the requirements for MDM client software on devices. Some mobile device management (MDM) systems use agentless management, while others require agent-based management. Test an agent-based mobile management system on platforms you plan to support with a variety of applications to accurately assess the impact of the client software on the device.

Test full device encryption with supported apps. Encryption may interfere with the functions of some applications. It can be particularly challenging to test the full range of apps that employees have on their devices.

Segregate data types. If you want to avoid requiring full device encryption on employee-owned devices, use an MDM system that can segregate sensitive business data from personal data.

Understand the requirements for centralized components. These requirements may include management servers, proxies, relays and other supporting systems.

Test and evaluate. Determine whether the logging and reporting functions of the MDM technology are sufficient for your requirements.

Back up devices. If mobile devices store business data, they should be backed up. This is especially important for recovery of data on a lost or stolen device. Consider how the mobile management system you choose can back up mobile devices, the flexibility of the management console for defining backup scripts, the ability of backup operations to recover from interrupted sessions.

Integrate data. Consider how data from an MDM program can be integrated with other parts of your mobile management system. MDM systems may use relational databases and publish either data models or application programming interfaces for accessing detailed information on device inventory, configurations, and operations.

Finally, plan your mobile management system evaluation and implementation based on your specific requirements.

 

Mobile device management system planning and policies

Once you are ready to start evaluating a mobile device management system, outline security, data protection, access control and acceptable-use policies.
While these policies don’t have to be detailed, you should have a clear understanding of the kinds of features you expect, such as full device encryption, data vaulting and so on. Also consider the mobile device management system functions and reporting capabilities you expect. If your current asset management and configuration management tools meet your needs, they can be a guide for the features you want from a mobile device management system.
Next, determine which platforms that IT will support. The major mobile device offerings are Google’s Android, Apple’s iOS, Research In Motion’s BlackBerry and Microsoft’s Windows Phone.
All OSes may support your email and collaboration applications, but a smaller number may offer the right apps for your enterprise applications. Consider whether the additional cost of supporting an OS with limited business functionality is worth the marginal benefit. Also consider how well the mobile device management system you may choose support different OSes. If an OS is not in high demand, does not support important business apps and lacks comprehensive support in an otherwise promising management system, you may choose to not support that platform. Use your policy and management-based requirements and your supported platform list to create a feature-by-platform matrix. This framework can organize the results of your product evaluations. Some features and platforms are more important than others, so weigh their relative importance.
Evaluate the top-ranking product or products in limited tests. This process gives you an opportunity to assess issues with deploying server components, configuring MDM software, deploying agents, and performing basic operations, such as remotely configuring devices, performing backups on devices and generating operational reports.
Mobile devices are now a part of enterprise infrastructure and a mobile device management system can provide the asset, configuration and security management functionality they require.

 

Mobile device management system drawbacks

For employers, a bring your own device (BYOD) policy can be advantageous because the company can consolidate hardware and reap some savings. For employees, using their own devices enables an easy shift between work and personal tasks.

But two potential problems can undermine these advantages. If the policy and mobile device management system disrupt how employees use their devices, users will likely resist. If applications used for personal purposes do not work with full disk encryption, for example, employees will be forced to choose between using those apps and having access to enterprise systems. A second problem arises when policies appear overreaching. For example, employees may understand the need to register their devices but they may also hesitate to grant access to personal data or to allow an administrator to remotely disable device features, such as a camera or GPS.

To prevent user revolt to BYOD policy, IT departments should limit restrictions on employee-owned devices to those needed to protect business assets and clearly describe the justification for these limitations. If possible, use a tiered approach: Allow access to public and sensitive data with minimal restrictions, but require more stringent controls only for devices accessing confidential and private information or working with valuable intellectual property.

Source : Internet
 

The mouse that roared, and launched a PC revolution

A look at the world's first mouse, which Douglas Engelbart and William English invented and which Engelbart introduced to the world 45 years ago today.

Types of Cloud Services

Types of Cloud Services

IaaS:{Infrastructure as a Service}

• IaaS is moving from lower-risk pilot programs and into production environments.
• Organisation's stated plans to adopt IaaS in the near future reinforce the importance of IaaS in an overall portfolio of infrastructure service offerings.

PaaS:{Platform as a Service}

• Platform as a service {PaaS}adoption clearly indicates the growing strategic importance of public cloud services for organisations that are adopting cloud infrastructure to support their business needs.
• Current and anticipated adoption rates of PaaS are leading indicators of a more substantive move to cloud environments and represent an opportunity for service providers to deliver PaaS-oriented solutions to help their clients make this move.

SaaS:{Software as a Service}

• Software as serivce {SaaS}adoption,particularly in large enterprise application suites, will continue to reduce the total potential market available for application outsourcing.
• SaaS adoption in the near term offers consulting and implementation services opportunities for IT services providers, as well as ongoing integration and configuration.
• The move to SaaS will help drive additional revenue to the application outsourcing market by drawing applications to external,cloud-based implementations where they would otherwise be considered only for internal depolyment.