Mobile Device Management On The Edge

Our survey shows we're moving at a breakneck pace toward pervasive mobility. Here's how to stay safe.
Focus also on granular manageability. Different mobile platforms, and even individual versions therein, will always offer different and ever-changing levels of security. Your MDM vendor must be willing and able to consult with your IT team on the relative risk of allowing various iOS versions vs. Android 2.x vs. Android 3.x vs. Windows. IT shouldn't have to know the particulars of each individual platform--that's a full-time job in itself. Ideally, the MDM system will abstract this complexity, implementing controls under the hood. Directory integration is also vital. Whenever possible, the mobile policy pushed to a user's device should be tied to membership in a directory-based group, such as in Microsoft Active Directory. If an employee quits and is removed from the central directory, a typical HR process, this action should initiate a partial wipe of enterprise data from the device. In addition, look for:

>> Self-service: IT teams already have too much on their plates. The ability to provision devices via self-service portals is a big plus. Or say a user steps over the bounds of a policy by installing a blacklisted app. The MDM system should notify the user of what he needs to do to bring his device back into compliance.

>> Scalability and failover: These considerations are particularly important if you're running your MDM system on-site as opposed to as a SaaS offering. On-premises MDM systems need to be servicing the communications that rely on them 24/7. Building in fault tolerance is expensive, but important.

>> Reporting: Insist on audit and compliance reporting as well as usage analytics and inventories.

Finally, because the trend is toward personally owned devices, if an MDM system can't differentiate between enterprise data and personal data, don't buy it. What happens if you wipe a smartphone owned by a former employee and he doesn't have a backup of his contact lists? Are you liable for the loss? Ensure that the MDM product lets IT remove enterprise digital certificates, email and VPN profiles, enterprise-specific apps, and other corporate data while leaving pictures of the user's Cancun getaway intact.

MDM systems can help you manage multiple mobile device platforms before the problem spins further out of control--and results in a career-halting data breach. But before you buy any self-proclaimed miracle cure, commit time and resources to defining how you envision these devices interacting with your data. Control is the hallmark of a successful mobile device management program. As you develop policies, your end goal should be certainty that all data and connectivity profiles--VPN or Wi-Fi--that provide entree to corporate networks are completely secure, even when your company is on the bat-out-of-hell track to full mobility.

Grant Moerschel is a co-founder of WaveGard, a vendor-neutral technology consulting firm.

Go to the sidebar:
Lessons From Our MDM Buyer's Guide

Visit our
Mobile Security Tech Center

Editor's Choice
Joao-Pierre S. Ruth, Senior Writer