Until recently, mobile device management in the enterprise was simple. C-level executives and other key knowledge workers got BlackBerries, and IT controlled the handsets through BES (BlackBerry Enterprise Server).
“Even if we had wanted to, there was no way we could have kept iPhones and Androids out of our network,” said Mathew Frehner, an IT Leader for Newell Rubbermaid. “We’d been a BlackBerry shop for a long time, but people would get iPhones or iPads for Christmas and want to bring them to work. There was a lot of pressure internally, especially from executives, to allow these devices in.”
While RIM recently started to integrate the support for other platforms into BES, reviews of RIM’s cross-platform capabilities are tepid as of now. Meanwhile, RIM’s foot dragging encouraged a slew of other vendors to rush into the Mobile Device Management (MDM) game. MDM solutions offer IT a way to do the following in a centralized, controlled manner:
• Manage mixed device environments
• Distribute, update, patch and even block apps
• Manage user roles and privileges
• Enforce a variety of security and safe-use policies
• Track devices
• Remotely lock or wipe lost or stolen devices
The MDM market is a land grab at the moment, and the landscape is in a steady state of flux. Gartner estimates that the market achieved revenues of $150 million in 2010, but will grow at a CAGR of between 15 and 20 percent for the foreseeable future.
Businesses of all sizes and in all verticals are quickly adopting MDM solutions. As you evaluate various vendors, consider these five recommendations from early adopters:
1. Don’t try to swim against the tide.
Many organizations have tried to forbid the use of iPhones, Androids and iPads in the enterprise, and pretty much all of them have failed.
“It’s impossible to fight this change,” said Endre Walls, CTO for Resources for Human Development (RHD), a national human services nonprofit with 4,000 employees.
“Information is much more portable with smartphones and tablets. It’s a huge change that is foolish to fight. I don’t see companies being successful preventing this, and the benefits [of supporting a variety of smartphone platforms] are significant,” Walls said.
Even if an organization has a policy that allows corporate apps or email only on BlackBerries, all it takes is one high-level executive to change that policy, whether formally or not. CEOs, CIOs, CTOs and other top executives are often the first people asking (well, often demanding) that they be able to use their new gadgets in the enterprise. Good luck saying no to them.
2. Which mobile operating systems are most important to your employees?
The very first question to ask an MDM vendor is what mobile operating systems they support. Not every vendor supports all operating systems. In a market where 30+ global smartphone vendors offer a range of devices based on myriad mobile platforms, it’s critical that the operating systems your users clamor for are supported.
The MDM vendor doesn’t necessarily need to support every mobile OS under the sun, since iPhone, BlackBerry, Android and Symbian own about 90 percent of the market. But broad support should at least be on the roadmap, especially as BYOD (Bring Your Own Device) becomes the norm and consumer churn turns into something that both carriers and IT will need to cope with.
Walls and RHD were aware of the importance of cross-platform support and eventually selected Fiberlink’s MaaS360. RHD had considered competing solutions from AirWatch and a few other vendors, but back when RHD was comparing solutions, AirWatch didn’t have iPhone support ready.
Conversely, a number of other MDM vendors still don’t have decent Android support. MaaS360 currently supports iOS, Android, BlackBerry, Symbian, WebOS, Windows Mobile and even Windows 7.5 Mango.
3. How will MDM change your organization’s risk posture?
Security is paramount with all MDM solutions. BES is still the gold-standard with more than 400 published IT policies, but MDM vendors are catching up quickly.
Many security capabilities should be considered checkmark features, including the ability to require strong passwords, establish time-outs, enforce data encryption and remotely track, brick or wipe lost or stolen devices.
Walls said that one of the biggest benefits to be gained from MDM is visibility. This includes the ability to see whether users have password protection turned on, whether data is encrypted on the device, whether the connection to corporate email is through a secure connection, etc.
The best way to roll out an MDM solution, Walls argued, is to rely on reporting first.
“Put the thing out there so you can get reports, figure out how bad the environment is, and determine from there what your security posture needs to be. For us, it turned a tactical decision into a strategic one because we had raw data and metrics to back up certain corporate policies.”
Of course, if you plan to roll out MDM in the manner Walls suggests, be sure that the MDM solution you choose has robust reporting or even built-in BI capabilities. Not all of them do.