Tactical Advice

How to Set Up a Mobile Management Plan That Works

A solid mobile-device policy and management platform can mitigate risk and ease administration.
This story appears in the Summer 2012 issue of BizTech Magazine.

The proliferation of mobile devices in the enterprise has introduced many new challenges to IT administrators. The sheer number of potential new nodes with network access creates cause for alarm. Couple that with the notion that these devices are out and about in public, and it creates a recipe for many sleepless nights. To alleviate anxiety and mitigate risk, an organization should implement mobile-device management strategies and technologies.

Successful MDM implementation calls for a carefully considered mobile-device policy that outlines requisite device security and points the way to the right MDM solution. An MDM platform should be flexible, keep pace with market changes and support organizational requirements rather than forcing a business to conform to its limitations.

Develop a Mobile-Device Policy

Mobility management in any organization rests atop the strong foundation of a mobile-device policy. Intended to protect both employees and employers, the policy should outline expectations, from the procurement of devices to their appropriate use to loss or theft and everything in between. Developing and maintaining a policy may seem tedious; however, it will lay the ground rules for engagement, promote higher user satisfaction and lead to a more even-keeled experience.

A well-written mobile policy should explain what types of devices are covered under its terms. The policy should also state whether an organization allows a “bring your own device” (BYOD) environment or provides corporate-owned gear. Expense options should be clearly outlined based on supported scenarios, designating how much of the hardware, data, text, roaming, voice and additional services will be covered by the company versus the employee. It should also state carrier preferences and restrictions, if any.

If the organization intends to restrict certain devices or operating systems, spell that out in the policy. The policy should cover who is responsible for updates to the device. It’s also important to clearly restrict jailbroken or rooted phones on the network because of the support issues and risks associated with such devices. A mobile policy should also be very clear about procedures upon an employee’s departure — both voluntary and involuntary. It should also outline procedures in the event of loss or theft.

Mobile policies will vary from organization to organization, but at a minimum, they should cover the above areas. Failure to do so could result in challenging and costly situations. A mobile policy will not only prevent some of these situations but also will provide the policy requirements that an MDM platform needs to support. Finally, it’s wise from a legal perspective to ask employees to consent to an acceptable-use policy during enrollment of the device as a condition of gaining access to the corporate network.

Enforce Basic Device Security

There are a few key “must haves” to ensure device and data security. First, local data encryption is a must for mobile devices connecting to the corporate network. This will block physical access to the data and places limits on what devices are allowed on the network. However, the risks of not implementing encryption far outweigh user inconvenience.

Strong passwords should also be required and should include a minimum of eight characters. Longer passwords are better but not always practical for the average user. Strong passwords contain a mix of upper- and lowercase letters and at least one number and special character (!,@,#,$). Passwords should never contain user names or common words and should be significantly different from previous passwords.

Devices should also be configured to lock automatically after a specified period of inactivity. This should include locking the screen, keypad, voice activation and voicemail. Also consider remotely locking and/or wiping a device after a certain number of failed login attempts or if a device becomes lost. Lock the device first before wiping it, because this will help encourage reports of lost devices if users believe there is hope of finding it.

It’s also important to segment corporate and personal data on the device, especially if the organization supports BYOD. Besides being a potential legal issue, segmentation greatly simplifies the delineation between corporate and employee. This allows IT the flexibility to secure, manage and wipe corporate data and applications without touching personal data such as pictures, e-mail, music and games.

Select a Flexible MDM Platform

Devices are rapidly evolving. Whether or not the organization decides to implement a BYOD environment or sticks with corporately owned devices, it needs to plan for a diverse ecosystem of hardware. Additionally, the lines between tablets, notebooks and smartphones are becoming increasingly blurred. At a minimum, an MDM platform must support a mobile-device policy and enforce basic device security. It also needs to be flexible enough to evolve and manage a wide array of devices, operating systems, malware and organizational changes.

From a security perspective, an MDM platform should allow for easy device configuration. The fewer the clicks, the better. The MDM solution should provide the capability to configure encryption, remote lock, authentication and VPN settings. These configurations should be able to be set from a role or policy-based perspective.

An MDM platform should also provide a smooth and intuitive process for bringing mobile devices onboard. This will reduce a great deal of support issues and user frustration. It’s also important to be able to query the entire mobile inventory of apps and devices. The platform should also allow a swift deprovisioning of devices and users, and must also be able to retrieve or wipe corporate information from an employee’s mobile device and restrict further network access.

An MDM platform needs to provide analysis and alerts. When users near policy limits for security, roaming and usage, a proactive notification should be sent. It is also useful to have the option of reviewing history and logs to identify trends and resolve issues. Organizations should be able to leverage out-of-the-box reports as well as create custom reports.

By taking the time to identify current and future device ecosystems, organizational liability and security requirements, organizations should be able to identify possible MDM platform candidates from the currently crowded field.

Sign up for our e-newsletter

About the Author

Benjamin Robbins

Benjamin Robbins is a founding partner at Palador, a consultancy that focuses on providing strategic guidance in the areas of mobility, apps and data. You can follow him on Twitter @PaladorBenjamin. Robbins resides in Seattle and blogs regularly at remotelymobileblog.com

Security

Heartbleed: What Should Your... |
One of the biggest security vulnerabilities has almost every user and every industry...
Why Businesses Need a Next-G... |
Devices investigate patterns that could indicate malicious activity.
Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....

Storage

The New Backup Utility Proce... |
Just getting used to the Windows 8 workflow? Prepare for a change.
How to Perform Traditional W... |
With previous versions going unused, Microsoft radically reimagined the backup utility in...
5 Easy Ways to Build a Bette... |
While large enterprises have the resources of an entire IT department behind them, these...

Infrastructure Optimization

Businesses Must Step Careful... |
Slow and steady wins the race as businesses migrate IT operations to service providers,...
Why Cloud Security Is More E... |
Cloud protection services enable companies to keep up with security threats while...
Ensure Uptime Is in Your Dat... |
Power and cooling solutions support disaster recovery and create cost savings and...

Networking

Securing the Internet of Thi... |
As excitement around the connected-device future grows, technology vendors seek ways to...
How to Maximize WAN Bandwidt... |
Understand six common problems that plague wide area networks — and how to address them.
Linksys Makes a Comeback in... |
The networking vendor introduced several new Smart Switch products at Interop this week.

Mobile & Wireless

Mobility: A Foundational Pie... |
Other technologies rely on mobile computing, which has the power to change lives, Lextech...
Now that Office for iPad Is... |
After waiting awhile for Microsoft’s productivity suite to arrive, professionals who use...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.

Hardware & Software

Review: HP TippingPoint S105... |
Next-generation firewall can easily replace a stand-alone intrusion prevention system....
New Challenges in Software M... |
IT trends such as cloud, virtualization and BYOD pose serious hurdles for software...
Visualization Can Help Busin... |
Companies need to put their data in formats that make it consumable anytime, anywhere.