I have been investigating technology that might enable a company to develop a ‘Bring Your Own Device (BYOD)’ policy or more advanced management of company owned tablets and mobile devices.
The days of one or two corporate standard mobile devices seem to be fading fast, bye-bye Blackberry market share, hello personal choice.
As I see it, the main leap forward recently in this area is to separate the data from the device.
Blackberry made huge gains in the enterprise by integrating with Exchange, allowing push email and allowing administrators to remote wipe in case of loss. The blackberry methodology allowed you to quarantine the device, modern MDM solutions allow you to quarantine the data. For example, in the case of loss I don’t need to wipe the whole device (which might not be owned by the company) I can just wipe the data and apps that belong to the company.
Corporate IT is now free from the shackles of standardized devices and users have much more flexible and personal access to IT resources.
I have included some key features to consider when selecting Mobile Device Management (MDM) solutions. Bear in mind that this market is moving fast and new developments are occurring all the time. I suspect the list below will become out of date fairly soon but it should provide you with a good starting point as you begin to explore your requirements.
- How is the solution deployed? SaaS, Appliance, Installed on Windows, MAC, Unix, on a virtual machine?
- What licensing options are available, MDM solutions are commonly perpetual license or subscription
- What support levels are available? e.g. 12 x 5, 24 x 7 etc.
- How does the solution scale in large enterprises? multiple locations, location specific administrators, role-based administrators
- What fault tolerance can be built into the system? standalone server, ability to fall-over to another server, load balancing.
- How do I add new users? via a web portal? a freely available app? API, Bulk upload etc.
- How do I authenticate new users on the system? Active Directory, Open Directory, Other LDAP, User Upload
- Device Coverage: Android, Blackberry, Symbian, Windows Mobile, Windows Phone 7, Windows Desktop, Mac Desktops, Linux Desktops
Users and Profiles
- Mobile Configuration Features: Require password, device restrictions, exchange account seeding, WIFI configuration, VPN ( L2TP, Cisco Anyconnect, Juniper, F5), “Push” Retail Apps, Encrypted Mail, Sandbox Email, Prevent iCloud, Wifi Autojoin
- On-Demand Features: Remove Passcode, Remote Lock, Remote Wipe (Full wipe / selective wipe), Camera Control, Push a Text Message
- Profile Features: Start on Date, End on Date, Versioning, Rollback, Triggered by Inventory
- App Management: Push Web App, Catalogue on in-house Apps, Recommended Retail Apps, Apple VPP Integration
- Administration Console: Web, API or SDK, Destop App
- Alerting: Alert when no Response, Alert when Roaming, Alert on Forbidden App, Jailbreak/Rooting Detection,
- App Security: Blacklist / Whitelist / Corporate Appstore
- Device Inventory Management: App Memory, Device History, Geolocation, Status
- Integration: Apple GSX, Microsoft BPOS, Good
- Certificate Features: Enterprise SCEP Integration, Local CA with SCEP, Apply Certs to Exchange, Apply Certs to VPN, Apply Certs to Wifi, Disk Encryption enforcement
- LDAP Features: Dynamic Policies by LDAP Group, Dynamic Policies by LDAP OU, Dynamic Policies by LDAP Attribute, Custom Message by LDAP Attribute
For MDM policy considerations see ‘What to include in a Mobile Device Policy‘.
What have I missed? If you would recommend any other features or considerations please leave a comment below. Thanks, Martin
About Martin Thompson
Martin is also author of the book "Practical ITAM - The essential guide for IT Asset Managers", a book that describes how to get started and make a difference in the field of IT Asset Management.
On a voluntary basis Martin is a contributor to ISO WG21 which develops the ITAM International Standard ISO/IEC 19770.
Learn more about him here and connect with him on Twitter or LinkedIn.