8 Ways MDM Can Ease IT Pain
— July 9, 2015Over the past few weeks, I’ve talked with various organizations about the possibility of implementing mobile device management (MDM). To my surprise, many IT managers and CIOs didn’t easily grasp the concept of MDM and what it can do for their organizations. I’m not sure if it’s the name “mobile device” in MDM — or that first iterations of MDM were slim on features — but there seems to be a disconnect about what MDM can do and how it’s perceived by IT professionals.
Most people I spoke with thought of MDM simply as a data-loss-mitigation tool for Bring Your Own Device (BYOD) environments that enables them to remotely wipe lost or stolen devices. And while this is true, MDM can do so much more. First of all, it’s not strictly for BYOD scenarios. In fact, many MDM implementations I’ve been a part of did not allow for BYOD. Instead, the companies wanted a way to manage and secure company-owned devices.
Another misconception that I was surprised to hear was that MDM was only for mobile devices — i.e., smartphones and tablets. This couldn’t be further from the truth. While there are some benefits to using a modern operating system, such as iOS and Android, to squeeze a few more features out of an MDM, integration of desktop operating systems has really picked up steam. In fact, every new desktop OS update and revision seems to add more MDM possibilities.
One last misconception is that MDM is strictly a security tool. In fact, most new features deal with easing the entire management of wireless devices. Automation is the name of the game here, and MDM can automatically identify devices that fall outside the bounds of corporate policies and instantly take action to patch, push, and eliminate any issues.
S3 Corp. looking to eliminate the confusion surrounding what MDM can do for you. In our list, there are probably several features that you already know. We hope you’ll learn one or two things you didn’t know before, and by doing so gain a better understanding of the state of MDM capabilities and what they might be able to do for you in the future.
Once you’ve reviewed our list, tell us whether any of these features were a surprise to you. Or, if we missed a specific MDM capability that you think is an absolute game-changer, we want to know. Tell us all about it in the comments section below.
Remotely Deploy WiFi, VPN Settings
It used to be that making changes to WiFi pre-shared keys or modifying corporate remote-access VPN settings was a logistical nightmare for mobile devices. With devices enrolled in a corporate MDM system, IT can get these configuration settings rolled out at the push of a button. Users and/or devices can be broken out in any number of ways to institute a phased deployment if desired.
Enterprise User Directory Integration
Leveraging the existing corporate structure, typically through an LDAP database such as Microsoft’s Active Directory, MDM admins can use existing, predefined user and organizational settings to manage user access and application needs.
Enforce Encryption
Whether the device owner wants to or not, MDM can force data encryption through MDM policy. This includes not only data at rest residing in the device’s storage, but also data in motion as it moves from one device (or cloud) to another.
Geo-Fencing
Geo-fencing is the concept of using location-based services to enforce different policies on a device depending on whether it’s inside or outside the designated geo-fence perimeter. Hospitals, for example, often disable the use of video or photo applications when employee devices move into patient areas. Alternatively, if a device is supposed to stay strictly within a geo-fenced perimeter, MDM can wipe a device if it is taken off premises, and send an alert to administrators when devices walk away.
Push Apps (And Keep Them Installed)
Mobile device management enables corporate users to be categorized into groups. IT can then use it to push out to their devices the applications the organization wants them to use. Even more importantly, MDM can make sure that these applications remain installed and aren’t deleted for any reason.
Wireless Network Access
Network access posture checks can be run against devices on an MDM-operated corporate network to assess the device and the software running on it. If a device has been rooted or jailbroken — or if it doesn’t meet a minimum firmware version policy set on the MDM — it can be dealt with before being permitted onto your corporate WiFi network. Common solutions are to deny access to corporate WiFi or to quarantine devices onto an isolated VLAN until they are properly patched to pass policy checks.
Select Wipe
Wiping of devices is not an all-or-nothing proposition. MDM can be used to organize and separate company applications and data from a user’s personal apps and data. When devices do need to be remotely wiped, MDM admins have control over what gets deleted and what can be left on the device.
Turn Devices Into Single-Use Tools
Smartphones and tablets are quickly becoming go-to devices to replace purpose-built hardware such as handheld scanners, navigation systems, and other single-use devices. The problem is the user, by default, has access to all the other smartphone capabilities and applications that can distract employees from doing their jobs. With MDM, a smartphone or tablet can truly be a single-use tool: IT can lock it down to the point where the only application that can be accessed on the device is the one specified.
Conclusion
As the Internet of Things (IoT) continues to take shape, it’s important to get a sound understanding of what MDM is really all about. It’s not only about BYOD, and it’s not only about security. It’s a way for administrators to manage users, devices, and data in an efficient and productive way.
Today’s MDM and Viet Nam Software Services focuses on what end users can (or cannot) do with devices and data based on corporate policies. Next-gen MDM will have to manage policies surrounding thousands, if not millions, of wireless devices that talk machine-to-machine without any human intervention. In order to get to that point, we need to put a device-management structure in place to create the framework for the IoT explosion. The more we can figure out MDM today, the better off we’ll be in the future.