Everyone has a smartphone, laptop and tablet these days, so having a solid strategy for secure device management is essential.
The management challenges of mobile devices have plagued organizations for years. In the past, many of these challenges were rooted in the proprietary nature of the devices themselves and the device management software. Consequently, many companies were locked into using a single, specific type of device.
For example, imagine your organization wants its employees to run an application that only exists for the Windows Phone 7 platform. After purchasing a few Windows Phone 7 devices, your IT team might realize you need a better way to manage those devices. You select Microsoft System Center Mobile Device Manager (MDM).
After a while, your company decides it needs to use an app that only runs on the Apple iPhone. While there’s nothing stopping your company from purchasing a handful of iPhones, you won’t be able to manage them with MDM. You’ll have to invest in a management tool designed for managing iPhones.
As you can imagine, this type of situation could turn into a support nightmare. All of a sudden, your help desk is required to support multiple mobile OSes and multiple management tools—never mind the costs incurred in licensing these tools and training your support staff to use them.
Slowly but surely, things are beginning to change. There are now several different tools on the market capable of managing different types of devices. Even Microsoft is getting in on the act. It’s doing away with MDM and instead integrating mobile device management capabilities directly into System Center Configuration Manager (SCCM) 2012. This new version will continue to support Windows Phone 7, but will also offer management support for the iPhone and for Google Anroid-based phones.
Now that Microsoft and other companies are providing cross-platform management for mobile devices, the problem is solved, right? Not so fast. There are still a number of issues you must consider in order to achieve effective mobile device management.
It’s easy to assume that controlling mobile devices all boils down to the management software you choose. But there are other factors you have to consider as well. The first major issue is the type of mobile device or devices you plan to specify for approved and supported use within your organization.
The mobile devices you deploy and need to support will have a direct impact on the management software you choose, but there’s much more to it than that. You’ll select mobile devices based on a number of different criteria.
Often a company will choose a mobile device based on its need to run a particular application. Application availability is an important factor when choosing mobile devices, but it’s certainly not the only one. Security is another major concern. Some organizations prohibit the use of mobile devices that don’t support encrypted storage.
The best approach for deciding which mobile devices your organization will use involves establishing a set of requirements to which the mobile devices must adhere, and then seeking out devices that meet those criteria.
Even if a mobile device fully meets your established criteria, allowing all employees to use that device is not always desirable. Try to minimize the number of different types of devices that are being used in your organization. The greater the variety of mobile devices that are in use, the higher your support costs will be. If you find there are a lot of different mobile devices that will meet your needs, select a handful of devices that offer the greatest set of capabilities and allow only those devices. Of course, the list of approved devices will evolve over time as technology changes.
It’s easy to think of the task of establishing an acceptable use policy for mobile devices as merely being a part of the seemingly endless corporate bureaucracy. However, a carefully considered and consistently enforced acceptable use policy can actually help simplify your mobile device management.
One company recently decided to cut costs by modifying their acceptable use policy to state that only certain executives were allowed Internet access while roaming. Although this policy change was designed to reduce roaming costs, it also helped to reduce support calls.
Some employees had previously experienced problems accessing their company e-mail while roaming (presumably on cellular networks that don’t support data transmission). Once the acceptable use policy had been changed to prevent employee devices from being used while roaming, these problems went away.
Your acceptable use policy can reduce support costs in other ways, too. For example, it’s common for an acceptable use policy to stipulate which device features are permitted. Some organizations have gone as far as disabling features such as mobile device cameras, Bluetooth links and storage cards. If such features are disabled, then the help desk doesn’t have to worry about supporting them, and support costs go down.
There are other ways that you can use your acceptable use policy to drive down support costs. For instance, you might prohibit users from downloading and installing apps. By doing so, you eliminate support issues related to buggy applications or applications infested with malware.
Another thing you can do to ease the burden of mobile device management is include mobile devices in your asset-management system. At the very least, you’ll need a way of keeping track of which devices have been provided to which users. This helps prevent employees from taking their mobile devices with them when they leave the company.
Your asset-management system can also streamline tracking important statistics related to mobile devices. Asset-management software capabilities vary from one product to the next, but you might be able to track things like which device model received the most support calls, and which users have had mobile devices lost or stolen on multiple occasions.
Limiting the different types of mobile devices used in your organization will make it much easier to manage mobile device configurations. One of the best things you can do to ease the burden of mobile device management is establish a baseline configuration for each type of device your organization uses. This baseline configuration typically includes things like an approved application set and configuration settings. For example, you could pre-configure the device’s Wi-Fi connection to attach to your network.
Once you’ve established a baseline configuration that meets your needs and has been thoroughly tested and proven stable, you can add that configuration to whichever configuration management solution you use. That way, you can easily provision new devices with your baseline configuration, rather than having to set devices up manually.
This saves time and decreases the potential for human error. Any time you set up a device manually, there’s always the chance that the person who’s configuring the device will forget to implement a setting or install an application. You can count on devices provisioned from a baseline image to be identically configured.
It’s easy to think of a configuration management system as a tool for provisioning new devices, but a good configuration management system can also help bring down your mobile device support costs. To see why this is the case, consider how configuration management systems have changed desktop troubleshooting.
Once upon a time, when a user would call the help desk with a problem, the help desk would send a technician to fix the user’s PC. Depending on the severity of the problem, the repair could take anywhere from a few minutes to a few hours. More complex repairs, often those involving data recovery, could take days.
This approach is expensive. Not only is there the cost of sending the support technician to work on the user’s PC, but there are also intangible costs associated with lost productivity. The user is often out of commission until the problem is fixed.
Furthermore, there might be other users experiencing problems. They may not even receive assistance until the technician fixes the previous caller’s problems. If the technician gets backlogged because of a particularly difficult problem or an exceptionally heavy support volume, costs related to lost productivity can quickly compound.
Organizations have eventually realized it’s far more efficient to focus repair efforts on desktop images. Rather than trying to troubleshoot software problems, technicians simply re-image desktop PCs. This process resolves the user’s problems quickly and with minimal effort. You can and should use this same approach for mobile devices. If a user is experiencing problems with a mobile device, simply re-provision that device from the baseline image.
One of the key issues you’ll need to address within your acceptable use policy is whether or not users can store data on mobile devices. Many people view this as a security issue, but it’s really a logistical issue. If users store data on their mobile devices, you’ll need a process and policy for backing up that data.
Mobile connectivity is nearly ubiquitous, so it’s advisable to encourage users to store anything important on the network where it can be backed up. Even though there are applications for backing up mobile devices, many of these applications will only work when the devices are connected to a cradle or when the device is connected to a Wi-Fi network.
You can’t count on a user doing either of these things on a regular basis. You’re generally better off requiring users to store data on the network where it can be centrally backed up.
Some organizations let users store personal data such as photos, video or music on mobile devices, with the understanding that such data won’t be backed up. Keep in mind, though, that if the organization owns the device, they’re ultimately responsible for the content. This can be problematic if a user were to put bootlegged movies or music on their mobile device.
You can see the importance of policy development and enforcement. The impact goes far beyond maintaining a consistent mobile device infrastructure.
Brien Posey, MVP, is a freelance technical author with thousands of articles and dozens of books to his credit. You can visit Posey’s Web site at brienposey.com.