Top 5 MDM Must-Do Items - InformationWeek
03:30 PM
Connect Directly
Ransomware: Latest Developments & How to Defend Against Them
Nov 01, 2017
Ransomware is one of the fastest growing types of malware, and new breeds that escalate quickly ar ...Read More>>

Top 5 MDM Must-Do Items

Whether mobility is a problem or an opportunity depends not on software but on your policies.

I delivered a keynote last week on risk management. More than 300 CISOs attended this conference, and the major topic of discussion was still mobile security and mobile device management. I say "still" because that's been the case at every speech I've given this year. During the Q&A session, one questioner expressed his opinion that the MDM field is growing fast, with 20-plus vendors offering a flood of technologies—all of which seem to do the same thing, albeit in slightly different ways.

I understand his frustration, and I will most likely get hate email for saying this, but he's right. MDM technology is all pretty much the same; maybe 10% of features are unique, usually around self-registration capabilities and enhanced encryption. And I don't see that changing, even though Google and IBM got in the game this week, each announcing it will have an MDM product available soon.

So assuming it doesn't much matter which MDM vendor you partner with, what does determine your mobile device management project's success? It's all about planning, process, and policy enforcement, and there are five critical factors here.

1. Establish a mobility council. The best mobile device management projects have limited IT involvement. Establish a mobility council made up of an odd number of people from a bunch of areas of the business, and with only one person representing IT. Have this council provide input on policies, applications, and processes, and have each member spread the message from the top down. IT's role? Translate the MDM technology speak into understandable business terms. Never say, "We can't do that." Say you'll find a way to minimize risk without curtailing opportunity. Then do it.

2. Decide who is paying for the MDM software. Most organizations I work with that are allowing use of personal mobile devices ("bring your own device," or BYOD) are charging the per-year cost of the MDM user license back to the business unit, or even the employee. This approach can lower costs overall, because the business will think about who needs this capability, and eliminate a lot of the hit on IT's budget. Make sure the organization is ready for this type of chargeback system, though. If not, it will cause a whole lot of pain. Many smaller business units won't be happy about having to pay for something that used to be "free." It's the role of the mobility council to explain your reasoning.

3. Define how new devices will be registered. Does the MDM software provide a self-service registration option, or will IT need to be involved? This is an area of some differentiation, so ask vendors about the process required and whether you can automate, combine steps, or otherwise reduce the time and effort to register devices within the MDM software. An enrollment process that is slow, complex, or otherwise painful will cause users to push back against loading the MDM client on their devices. This step is so important that failing at it could literally make or break your mobility plans. To ensure success, use mobility council members as beta testers, ensuring that you get technical and nontechnical users. Ask for blunt feedback.

4. Document the device replacement/repair process. We've discussed how the wireless store is one of your biggest mobile threats. If you're not implementing BYOD, keep hot spares in the office. If you are implementing BYOD, make sure remote employees are authorized and informed before they bring a used-for-work device in for replacement. This is a major issue for many organizations, as most users are accustomed to just stopping by an AT&T store and replacing a phone. Without a process, your sensitive corporate data just went into a bin in the carrier's back room.

5. Work out how you will handle encryption. Do you require encryption of data on mobile devices for compliance or regulatory reasons? Some MDM systems can provide this capability, as we discuss in our MDM Buyer's Guide, or enhance the native encryption on a phone, but make sure you have a policy that aligns with regulations before you go off and implement encryption on employee devices. Also, many times the use of encryption means employees must adjust the applications they use; for example, they may need a new email app. If so, ensure that you've had mobility council members or IT test the app and that you have new procedures documented and available to users. You don't want the help desk to get bogged down teaching people how to use their calendars or add attachments to a message.

MDM technology may lack differentiation, but it can work--if the IT team doesn't end up alienating users and motivating them to bypass your controls.

Read our report, State Of The IT Service Desk: Change Management Remains Key. Download the report now. (Free registration required.)

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
Michael A. Davis
Michael A. Davis,
User Rank: Apprentice
2/1/2012 | 1:20:23 AM
re: Top 5 MDM Must-Do Items
Vocio, when the IT team does not properly include the user community in the process of deploying MDM and just tells them "use a 6 character password on your lock screen" and enforces it, it pisses them off and they end up trying to circumvent controls rather than working with them. This was the main reason I recommended the mobility council.

I too have done many mobility projects (security being the main driver for it) and most of the time the users are the ones that complain enough about a control that they get management to make IT/security modify the control. When IT explains the control, why it is needed and works with the users, there is less control change.
Michael A. Davis
Michael A. Davis,
User Rank: Apprentice
2/1/2012 | 1:17:52 AM
re: Top 5 MDM Must-Do Items
I didn't mention any vendors on purpose. This wasn't meant to be a piece on vendor features. My thoughts on GOOD's MDM solution is that is does what all the other do so it would be a viable MDM solution
User Rank: Apprentice
11/22/2011 | 12:15:24 AM
re: Top 5 MDM Must-Do Items
Michael great points but I'm not sure about the comment "but it can work--if the IT team doesn't end up alienating users and motivating them to bypass your controls."

As a mobility consultant I spend a lot of time with enterprise clients creating solutions (controls) for devices because most IT decision makers feel device security supersedes alienating users.

As an IT manager/CIO/IT Director I'd rather alienate a user than have to explain to board members and the CEO why sensitive corporate data was made public, or fell into the wrong hands.

The goal is to aim for a sweet spot where a business can control corporate data and employees can have the freedom, but a lack of control, where one could exist, and then having sensitive corporate data exposed, would seem to be contrary to the mission of IT in my opinion.

User Rank: Apprentice
11/17/2011 | 3:39:39 AM
re: Top 5 MDM Must-Do Items
Ironic that your oversight not mentioning GOOD technology is the very solution to all your above bulletpoints. Either your are ignoring their solution, or missing "it" entirely. It's like forgetting that Google does search and your whitepaper is on Alta Vista.
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
Digital Transformation Myths & Truths
Transformation is on every IT organization's to-do list, but effectively transforming IT means a major shift in technology as well as business models and culture. In this IT Trend Report, we examine some of the misconceptions of digital transformation and look at steps you can take to succeed technically and culturally.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll