Business security

5 Essential Capabilities of an MDM Solution

Between laptops and ultrabooks, smartphones and tablets, most employees are bringing multiple devices in and out of the office on a daily basis. While these devices are essential for today’s flexible and mobile workforce, they also present a host of challenges to IT administrators. Fortunately, most of these challenges can be handled by implementing a strong Enterprise Mobile Strategy, which should include a mobile device management (MDM) solution.

“Capabilities of Mobile Device Management Solutions are expanding exponentially, thanks in part to rapidly evolving mobile operating systems,” says Crystal Montvid, Mobility Solution Architect for CDW. “This is leading to a higher rate of adoption of these solutions within organizations. Admins need to get their mobile devices under control with a clear, simple solution that streamlines device provisioning, ensures data security, and provides secure access for both managed and non-managed devices.”

Mobile device administrators agree that there are certain elements necessary for a strong MDM platform.  Here are five capabilities any viable MDM solution must have:

1. Over-the-air distribution

Over-the-air (OTA) distribution refers to the ability to send software and OS updates wirelessly to a remote device or multiple devices, as opposed to requiring a physical connection to sync. Using OTA an MDM solution can remotely enroll, provision, configure, manage, and even retire a device. It can also remotely lock and selectively or completely wipe a device, change settings, or perform remote troubleshooting.

OTA is the same method used by major wireless carriers and mobile operating systems to deliver OS and app updates directly to an end user’s phone. These capabilities can be applied through MDM to manage both company-owned and employee-owned devices.

Often sent via SMS messages, OTA updates can remotely configure a single device, multiple devices, or any IT-defined set of devices. OTA enables the IT department to distribute new software, provide updates or provision handsets with appropriate settings. When you're shopping for an MDM solution, the breadth of its OTA provisioning capabilities should be a primary consideration.

2. Support for multiple mobile operating systems

Likely, not every user in your organization carries an iPhone. With the prevalence of BYOD, your MDM solution will almost certainly need to support multiple mobile operating systems, including iOS, Android, Blackberry and Windows Phone.  Examples of MDM software that support multiple OSs include AirWatch, MobileIron, and MaaS360.  Talking with a solutions architect from CDW can help determine the right solution for your organization’s needs.

AirWatch Mobile Device Manager ensures mobile devices are configured correctly and allows IT administrators to track the location of managed devices.

3. Security mechanisms

Corporate data should be regarded like money in a bank account. It’s valuable and shares many of the same liabilities—data is transferred easily, can be stolen electronically, and is dangerous to store insecurely. MDM software generally features a variety of security mechanisms for devices such as password protection, data encryption, GPS location, and remote wiping of corporate assets.

Many mobile device configuration settings can be managed through Exchange ActiveSync for companies that have Microsoft Exchange Server in place. A variety of MDM tools, such as AirWatch, MobileIron, and MaaS360, can also encrypt data on devices and appliances, as well as data in transit.

4. Enterprise-level application management

Mobile applications are crucial to the functionality of mobile devices, and users need access to them in order to be productive. However, with hundreds of thousands of applications available for the various mobile platforms, users may install applications that expose company resources to unnecessary risk.

A solid MDM platform gives IT admins the ability to set up an internal application store, through which approved applications can be distributed and downloaded. An internal application store ensures that users have the correct versions of approved applications and that any subsequent updates are applied as well. An enterprise application store may be run on internal systems or hosted by a service provider—either way, it can simplify the process of getting the right application for each device.

Another advantage is the ability to leverage volume-purchasing programs offered by mobile developers. When users download and install apps on their own, each app is a full-price purchase. But a company might be able to get a discount by purchasing the applications in larger volumes and offering it through the internal application store.

5. Network access control

While it might seem easier to prohibit all devices except a favored few and to enforce that policy with network scanners and firewalls, this will lead to dissatisfied users who might feel justified in attempting to circumvent policies. In addition, contractors and guests will want to be able to access the Internet while in your buildings.

Consider providing limited access for non-approved devices, at least Internet access, and help users bring their devices into compliance. After all, they’re saving the company a considerable sum by buying their own devices, and helping them be more productive is beneficial to all. Wireless access points such as the Cisco WAP4410N offer settings that can segregate devices, allowing specific authorized devices to access corporate resources while keeping all others on a guest network that allows Internet access only.

Additional systems can provide more layers of control. Network access control systems, such as the Cisco Secure Access Control (SAC) Server coupled with Cisco’s Identity Services Engine (ISE), ensure that devices have the proper software installed before they can connect to the network. They can also verify that malware protection is up-to-date and that the device is password protected. Proper network controls improve visibility of all devices and associated user activities on an organization’s physical and virtual networks and work in tandem with an MDM solution to provide a full enterprise mobility strategy.

Subscribe to the Apple @ Work Newsletter