A BYO policy makes for happier employees -- and it's got nothing to do with booze. Once unheard of in the corporate world, it's becoming more common for workers to bring their own mobile devices to work. The move away from company-owned and -managed mobile equipment, however, also means that IT departments' ability to prescribe and control enterprise mobile devices is diminished. And that is forcing CIOs to rethink mobile device management (MDM).
So, where to start? Not with the vendor, experts say. As is almost always the case when choosing new technology, the quest begins empirically: with the business.
For CIO Dick Escue, who oversees IT for St. Louis-based RehabCare Inc., the problem that launched an enterprise-wide deployment of Apple iPod Touches to some 10,000 therapists was specific and urgent: The internally built application they used in the field to capture the time and treatment they gave to patients was hard to maintain. In addition, the corporate-owned and -managed Palm Pilots that ran the app were going out of service.
On the plus side, selecting MDM vendor MobileIron two years ago was not terribly complicated, Escue said. "These guys were the closest to having support for Apple. They almost had everything we needed, and they jumped on the opportunity --10,000 devices deployed nationwide! -- and did what it took to really hammer this thing out," he said.
Paul DeBeasiresearch vice president, Gartner Inc.
Today, vendor expertise, although still uneven, has matured; and some of the features RehabCare required of the MobileIron tool would not have to be supplied today, Escue said, because now they are built into the Apple iOS.
Not all use cases will be as immediate and obvious as RehabCare's. Paul Debeasi, research vice president at Gartner Inc., recommends organizations first choose three or four things that they absolutely must do with the mobile device. "Get a good understanding of those use cases, because all of your decisions will flow from there," he said.
For example, does your company need to provide mobile device support to sales executives? Does it need to give distributors mobile access to inventory, ordering and pricing information?
The next step is to dissect what each group of mobile users will need to do with the mobile device: How mobile are they? What is the sensitivity of the information they have access to, and what is the security of their computing environment? Are users in a facility that is locked and guarded, or are they working from Starbucks because they are always on the road?
With the use case defined, IT then can analyze which application architectures make sense for the device, given the work that needs to get done and the levels of security and network service that are required. "There are a lot of interdependencies," DeBeasi said.
Can your MDM vendor do this?
With business use case scenarios in place, Gartner recommends vetting mobile device management vendors in seven categories:
- Applications: Can the vendor's MDM product manage the deployment, maintenance and use of mobile applications? IT staff should be able to install, update, configure, back up, monitor and wipe enterprise applications, DeBeasi said. At a minimum, the system must control the apps that users access; when the devices they use are corporate-owned, the system must be able to control users' personal apps as well.
- Security: Does the product provide such security features as authentication, encryption and device wipe? Its authentication mechanisms should mirror those on the client computer system. Encryption must team up with an authentication mechanism. The system should be able to wipe the device completely; preferably it also should be able to perform a selective wipe. Anti-malware systems and firewalls are options.
- Policy: Does the mobile device management system allow the enterprise to define, enter and monitor its mobile policies? The system should be able to segment policies by user groups, enforce separate policies for company-owned versus employee-owned devices, and manage policies based on a particular hardware model.
- Device: Does the system give you the ability to manage mobile devices' underlying hardware and operating systems (BlackBerry, Windows Mobile, iPhone, Android, Symbian or webOS)? It also should be able to enable and disable removable media and preferably, cameras and Wi-Fi, Bluetooth and Global Positioning System hardware as well. Malware used to "jailbreak" devices remains a vexing problem, but MDM tools should be able to detect and isolate smartphones running a nonstandard version of the operating system.
- Service: Does the system provide mobile service deployment and maintenance? It should support help desk functions, and preferably, it should analyze mobile service use.
- Integration: Does the system integrate with existing systems, such as your identity server? It should integrate with Microsoft Exchange ActiveSync and the organization's identity management systems. Integration with BlackBerry Enterprise Server, Lotus Notes and mobile unified communications products is desirable.
- Platform: Does it provide such core functions as centralized administration, Over the Air provisioning, monitoring and vendor templates to simplify provisioning? For some organizations, system redundancy and the ability to produce an audit trail are important.
Let us know what you think about the story; email Linda Tucci, executive editor.
Enterprise mobility: Ubiquitous business? Or death by 1,000 cuts?
The next frontier in IT disaster recovery plans: Mobile devices