My recent column about the risks of "bring your own device" programs and employees trading in phones hit a nerve with readers concerned about the pace of new devices coming to market. One asked a simple but powerful question: "What should we do to keep up?"
While I still recommend getting major new devices into the hands of your help desk staff, the strategic answer is this: Sit tight if you can, because the world of mobile security in general, and mobile device management in particular, is changing in a big way. And if we're not careful, enterprise IT will be left with nothing but a bunch of cashed checks for on-premises systems that are behind the times.
See, most MDM providers are entering the cloud, and not for the reason you'd expect. If a vendor wasn't cloud-based from the get-go, it likely created cloud-based offerings this year or is moving toward cloud-based services instead of on-premises appliances. Sure, many are looking to cash in on the cloud craze and sell their wares directly to you. But the bigger piece of the reasoning behind this move is simple: Carriers badly want to provide MDM and mobile security to businesses at an additional per-phone, per-month fee. MobileIron has a partnership with AT&T, Verizon with BoxTone, and Good has partnered with Sprint to provide such services. More vendors are likely to announce deals soon.
For IT, this approach eliminates many of the problems associated with managing new devices, deploying apps, and updating on-premises software. It also negates management headaches such as help desk issues, as carriers have device information well before MDM vendors and are usually staffed with people who know the devices inside out. Best of all? No more worrying about where to get capital budget for MDM software, as it will just be another fee on the cell phone bill.
Well, OK, that might be a mixed blessing.
MDM vendors love the idea of partnering with carriers as it opens up the SMB market, and even security-conscious individual users, without the incremental sales and deployment costs it would have taken to recruit these customers.
For carriers, it's a value add and a way to fatten up that monthly bill. In case you haven't noticed, carriers have been courting top MDM players like a Big 10 recruiter wooing a four-star wide receiver. In my response to the reader's question, I stressed that while MDM as an industry may not exist as we know it three years from now, this software is still worth the investment today if you pick the right product and build the proper processes. When I work with clients who are trying to choose vendors or develop requests for proposals, I almost always steer them toward a hosted or cloud-based model so the processes and other infrastructure that they build now will port.
So what should you look for in a hosted MDM provider? Here are six areas to focus on:
1) Have BlackBerrys? You need a BlackBerry Enterprise Server, which isn't normally included in hosted MDM software offerings. Some vendors support BES, others don't, so make sure you check and ensure that this is in your budget if you don't have a BES now. Without the Enterprise Server, BlackBerrys cannot sync calendars and contacts, they can only receive email. And if your users can't get full functionality, they'll push all the harder for BYOD.
2) Ask how quickly the vendor adds support for new devices. The main benefit of hosted MDM is that support for new devices, and changes/updates for existing systems, should be rolled out immediately, or pretty darn close. If you have a BYOD program, this is especially critical. Consider a cloud service-level agreement.
3) Ask how user authentication will be performed on the device. Most MDM systems enable integration with Active Directory, LDAP, or other directories. This is another area where user experience is essential to adoption, and integrating cloud-based MDM may be difficult--or even against your current security policy. Make sure the security team is involved in the authentication-integration process.
4) Remember: Cloud-based MDM providers use the cloud! Make sure you do your due diligence on the data center, processes, and security stance of the MDM vendor, just like you would any other cloud service. You do vet cloud providers, right?
5) What about self-service customization? Many hosted MDM vendors provide some type of self-service portal for users. Make sure it can be customized with your company logo and company-specific information, otherwise it won't be as useful to employees.
6) Watch for sneaky fees. Right now, Verizon requires a $30-per-month fee for use of certain MDM technologies. This trend is sure to accelerate. Make sure you get all the potential fees up front from vendors before signing anything.
Read our new report, State Of The IT Service Desk: Change Management Remains Key. Download the report now. (Free registration required.)