Here's what to look for in MDM software and what limitations IT still faces in letting employees use personal devices for work.
The Features To Watch Closely
So when it comes down to picking the right MDM product for your company, the core security features aren't going to separate one from another. All MDM providers can let you remotely wipe the device, turn features such as the camera on and off, and enforce passcode requirements. The iPhone and Android operating systems pack more than 35 standard policy options, and every MDM vendor implements them.
What makes the difference is all the other stuff, such as deployment capabilities, integration with your environment and ease of use. That's where we focus our product analyses and where you should focus yours. Here are some key factors to consider:
>> Deployments: Assess how efficiently the MDM agent can be deployed on a new device. Deploying new phones isn't a one-time job; it's never-ending. Is your IT team going to face a blizzard of requests, complaints and workarounds every time a new iPhone or Samsung Galaxy comes out? Make sure your tool can keep up.
>> Whitelist and blacklist filtering: You'll have apps that every employee must install, some that are banned and some apps that you insist are updated to at least a certain version. Application filtering and whitelists and blacklists let you control this process based on the device type.
>> Custom app stores: People are trained in their personal lives to use the default Apple or Google app store for their devices, but your company might want to create its own store for in-house custom apps. Apple's and Google's approval processes might take too long for your company, or you may not want your app public. If so, look closely at MDM's support for installing custom, unapproved apps and setting up a company app store experience.
>> App security screening: Apps can be malicious. What is the MDM vendor doing (if anything) to assess apps -- is it offering built-in scanning or application vetting?
>> Browser security: If supported, mobile Web browsing can be filtered to lower the risk of attack on a device. Is the MDM provider you're considering implementing this level of security?
>> Encryption levels: Every device manufacturer supports encryption, but the levels differ. Do you have to encrypt the entire device, or does the MDM provider let you encrypt only company data or specific files and folders?
>> Data wiping: For employees who use their personal phones to access company data, you may want the ability to erase that company data without wiping the entire device. Capabilities vary.
>> Auto-provisioning of devices: If a help desk engineer must spend considerable time with every new mobile device that needs access to company data, it's a recipe for disaster. Look closely at the MDM software's self-service and auto-provisioning capabilities.
>> Architecture: Does the vendor take a sandbox, virtualization or integrated approach? This is important in understanding the vendor's technology and future road map.
>> Location capabilities and network access restrictions: What if you want to let employees use their device's camera for personal use but not when they're at the office? You'll need a policy based on location. Look at whether the MDM software you're considering supports such policies and how robust those policies can be.
>> Inventory management: Once you have hundreds of mobile devices under management, how easy is it to search, find and modify individual devices? Press on the type and rigor of filtering capabilities provided.
>> Reports: Check for built-in reporting in such areas as new devices provisioned, apps out of compliance and devices that haven't checked in for a day or a week.