The ITAM Review

News, reviews and resources for worldwide ITAM, SAM and Licensing professionals.

Mobile Device Management (MDM) Buyers Guide

Separating Data from Devices facilitates Bring Your Own Device (BYOD) and freedom of choice in mobile devices

I have been investigating technology that might enable a company to develop a ‘Bring Your Own Device (BYOD)’ policy or more advanced management of company owned tablets and mobile devices.

The days of one or two corporate standard mobile devices seem to be fading fast, bye-bye Blackberry market share, hello personal choice.

As I see it, the main leap forward recently in this area is to separate the data from the device.

Blackberry made huge gains in the enterprise by integrating with Exchange, allowing push email and allowing administrators to remote wipe in case of loss. The blackberry methodology allowed you to quarantine the device, modern MDM solutions allow you to quarantine the data. For example, in the case of loss I don’t need to wipe the whole device (which might not be owned by the company) I can just wipe the data and apps that belong to the company.

Corporate IT is now free from the shackles of standardized devices and users have much more flexible and personal access to IT resources.

I have included some key features to consider when selecting Mobile Device Management (MDM) solutions. Bear in mind that this market is moving fast and new developments are occurring all the time. I suspect the list below will become out of date fairly soon but it should provide you with a good starting point as you begin to explore your requirements.

Infrastructure

  • How is the solution deployed? SaaS, Appliance, Installed on Windows, MAC, Unix, on a virtual machine?
  • What licensing options are available, MDM solutions are commonly perpetual license or subscription
  • What support levels are available? e.g. 12 x 5, 24 x 7 etc.
  • How does the solution scale in large enterprises? multiple locations, location specific administrators, role-based administrators
  • What fault tolerance can be built into the system? standalone server, ability to fall-over to another server, load balancing.
  • How do I add new users? via a web portal? a freely available app? API, Bulk upload etc.
  • How do I authenticate new users on the system? Active Directory, Open Directory, Other LDAP, User Upload
  • Device Coverage: Android, Blackberry, Symbian, Windows Mobile, Windows Phone 7, Windows Desktop, Mac Desktops, Linux Desktops

Users and Profiles

  • Mobile Configuration Features: Require password, device restrictions, exchange account seeding, WIFI configuration, VPN ( L2TP, Cisco Anyconnect, Juniper, F5), “Push” Retail Apps,  Encrypted Mail, Sandbox Email, Prevent iCloud, Wifi Autojoin
  • On-Demand Features: Remove Passcode, Remote Lock, Remote Wipe (Full wipe / selective wipe), Camera Control, Push a Text Message
  • Profile Features: Start on Date, End on Date, Versioning, Rollback, Triggered by Inventory
  • App Management: Push Web App, Catalogue on in-house Apps, Recommended Retail Apps, Apple VPP Integration

Administration

  • Administration Console: Web, API or SDK, Destop App
  • Alerting: Alert when no Response, Alert when Roaming, Alert on Forbidden App, Jailbreak/Rooting Detection,
  • App Security: Blacklist / Whitelist / Corporate Appstore
  • Device Inventory Management: App Memory, Device History, Geolocation, Status
  • Integration: Apple GSX, Microsoft BPOS, Good
  • Certificate Features: Enterprise SCEP Integration, Local CA with SCEP, Apply Certs to Exchange, Apply Certs to VPN, Apply Certs to Wifi, Disk Encryption enforcement
  • LDAP Features: Dynamic Policies by LDAP Group, Dynamic Policies by LDAP OU, Dynamic Policies by LDAP Attribute, Custom Message by LDAP Attribute

For MDM policy considerations see ‘What to include in a Mobile Device Policy‘.

What have I missed? If you would recommend any other features or considerations please leave a comment below. Thanks, Martin

email

About Martin Thompson

Martin is owner and founder of The ITAM Review, an online resource and community for worldwide ITAM professionals.

Martin is also author of the book "Practical ITAM - The essential guide for IT Asset Managers", a book that describes how to get started and make a difference in the field of IT Asset Management.

On a voluntary basis Martin is the Chief Agitator at the Campaign for Clear Licensing, a contributor to ISO WG21 which develops the SAM International Standard ISO/IEC 19770 and board member of Free ICT Europe which supports the ICT secondary market.

Learn more about him here and connect with him on Twitter or LinkedIn.

2 Comments

  1. Mark Boggia says:

    Hi Martin, One issue that I see coming up the whole time is platform support, ie. what platforms does the MDM solution support and what features are enabled on which platform, for example remote control is typically available on Symbian and Windows mobile devices. The other issue notably for IPads is that the use case that comes up is mostly not around an application, but rather data, or specifically documents. i.e. how can I show the latest catalog to a customer on my IPad and how can I do that securely ? Regards, Mark

  2. Sarang Kelkar says:

    Hi Martin,

    There are a couple of points which I think should be given consideration to:
    1. Compliance Reporting Features: Including Patch status, Antivirus (if applicable), Applications installed against the company policy, etc.
    2. Compliance Enforcement: What actions can be taken in case a device is found to be non-compliant. E.g. Alert, Escalation, Access Denied, Device Wipe.

    Regards,

    Sarang

Leave a Comment