Mobile Device Management

Mobile Device Management (MDM) software can manage your devices, push down security policies, prevent access to resources, and basically secure your company’s assets as much as you need it to do.

Like with everything else, mobile device management software can range from bare bones manageability to high-end, practically lined-with-gold software that has all the bells and whistles.

For those already using Exchange Server 2010 or SCCM there is even the option of using the ActiveSync policies within Exchange or using the SCCM 2012 Mobile device polices to manage these devices.

Mobile Device Management:

MDM software can be difficult here's where to start.

1. Device standards – What type of devices will be allowed to access the company’s resources? Are you planning on only allowing I devices, such as the iPad & iPhone or allow a range of devices like Androids, Blackberry?

Having a defined list of what you are planning to support will set the expectations up front on what you can and cannot support which can limit which MDM to choose from. Not all MDM software are created equally, some have limited support for Android devices, and this could impact your ability to support them.

2. Restrictions and protection – What restrictions do you need and what will you allow the devices to access? What do you want to protect on your network? This is an important question to ask because it defines what the real intent is. Here are some other questions to consider:

Are you only concerned with company email residing on mobile phones?

Are you concerned about other data such as documents and photos being stored on devices or syncing to the cloud?

Are you concerned about screenshots of data from mobile phones?

What kind of resources will you allow access to?

Allowing access to resources is just as important as preventing access. Do you need a MDM solution that will allow or prevent company email from being sent from a personal account on a mobile device? If it’s a BYOD policy, will you still control access to downloading of apps or will you have a separate policy for company owned devices?

Will you require passwords or enforce screen lockouts?

Will you treat personal devices differently than company-owned devices?

Do you care what the devices access?

Allowing users to bring in their own devices can be risky, not only from a security standpoint but also from a support standpoint. If you plan on incorporating BYOD, is your support staff ready and able to help the users? Will BYOD users be under the same rules as your company owned devices? What happens when an employee that is BYOD leaves the company -- do you wipe their device or perform a selective wipe, removing only company data and preserve their personal data? Having these questions answered can help narrow your selection of MDM software because some of them may not be able to do selective wipe.

Wireless LAN or VPN access – Just about every mobile device out in the market has the ability to connect and use WiFi. Allowing devices to connect to corporate WiFi can cause additional headaches for an administrator (as I have personally experienced). When connecting mobile devices to the corporate WiFi account, the devices can have access to internal network resources such as SharePoint. If your SharePoint sites are using any type of integrated Windows authentication, users maybe prompted for their username and password when accessing these sites. This can cause some user confusion and unwanted help desk tickets because users are not aware that is this “normal” on non-Windows devices. Another concern with accessing the corporate network is that the devices now have the ability to access the Internet through your network. If you’re company uses a web filter, those filters may not work on the mobile devices, hence allowing your users to access non-business sites or stream Internet radio.

Once you are ready to start evaluating BYOD policies and MDM software, Grand Rapids Technology Source can help you ask and answer the questions that will keep your company Mobil and profitable.

Back to Blog