Q&A: Managing Mobile Devices
From security issues to integrating heterogeneous devices, mobile device management is fraught with challenges.
IT faces a variety of challenges when managing mobile devices, from a variety of operating systems to integrating functionality with existing applications. From security issues to creating an integrated mobile management program, we explore the issues and best practices with Mark Gentile, president and CEO of Odyssey Software, a mobile management software provider.
Enterprise Strategies: What are some of the biggest challenges IT faces in managing mobile devices?
Mark Gentile: Of the challenges faced by IT, I think the biggest issues are centered around the rapidly growing number of mobile devices used in the enterprise, the variety of operating systems for these devices, the mix of corporate and personal mobile device assets being used, and how these issues are managed.
Today’s mobile device marketplace is full of choices, from device form and function to operating systems and networks. This wide and disparate offering is extremely challenging for the IT department to manage. For example, ensuring applications are regularly and consistently updated across the enterprise can be a problem for many enterprises. Increasingly, employees prefer to use their personal mobile device which may be different than the enterprise’s issued device, or they are reimbursed by the company for a device of their choosing.
In either instance, the device often has a different operating system from the corporate standard. With this scenario comes the additional challenge of providing security on non-company-issued assets that are utilizing company data and applications. With the convergence of mobile device functionality (communications and computing functions in one), IT managers want to ensure mobile users are limiting their use to company-approved applications and communications on company-issued devices.
How has IT been managing mobile devices, and what are some suggestions for doing so more efficiently and cost effectively?
In the past, IT used point solutions for the mobile device management (MDM) and another management systems for servers, laptops, and desktops. Today, companies are seeking to manage their mobile devices with the enterprise-wide management system to leverage their investment and optimize the efficiency and deployment of their IT staff and help desk personnel.
What are the top tips you'd give a company considering their first mobile device management solution?
Here’s what I would advise.
- Determine what line-of-business application(s) remote users will need -- both task workers and knowledge workers -- and what type of network will deliver the best option for maximizing productivity.
- Look for a product that can provide depth of features while managing multiple operating systems without adding more infrastructure. No product can manage all mobile device operating systems with the same depth of features, so you must identify which operating systems are most critical to your enterprise’s operations and choose the MDM product that delivers the most robust set of features.
- Leverage the investment you have in the enterprise’s existing (PC/laptop/server) management platform by integrating a mobile device management product instead of investing in a standalone MDM solution. Not having to invest in dedicated servers or consoles for your MDM solution reduces the investment in infrastructure, minimizes the need for additional IT/help desk training, and reduces points of failure.
- Ensure your solution can scale to meet the growing needs of your company. Run a pilot and stress the product with real-world scenarios. Look for solutions that provide a migration path to new or upgraded management platforms.
- When comparing MDM products, be sure to take into consideration the hidden costs of a MDM deployment, including the time and effort IT and the help desk invest to provision, troubleshoot, and repair devices -- including the costs associated with returning devices from the field and maintaining a spares inventory. Not all MDM products address these functions or provide sufficient depth of capability. Also, benchmark current day costs, capturing the less obvious ones, and compare how competitive MDM products reduce those costs.
New IT initiatives are hard to get funded these days. What benefits can the enterprise expect from such solutions?
Enterprises can realize significant benefit in worker productivity and efficiency, as well as a reduction in costs associated with the Help Desk and IT departments with a comprehensive MDM solution. Here are just a few examples of MDM features that can show immediate benefit to an enterprise:
Regular, automated provisioning: streamlines the IT process of updating configurations and applications on all devices, as well as automatically repairing corrupt files and applications, allowing the IT department to monitor and provision the device while the device is in use so users remain productive. Since many help desk calls are associated with configuration problems, having an automated provisioning process reduces the number of support calls.
Application manager: improves employee productivity by keeping employees focused on corporate approved applications and reduces the frequency of help desk calls associated with application support.
Remote, interactive support: allows the help desk to diagnose and resolve issues while the device is in the hands of the mobile user -- keeping the mobile user productive and eliminating the cost to return the device.
How does the variety of mobile devices and platforms affect how such devices are managed -- and what solution IT selects?
The multitude of mobile devices and operating systems available in today’s market presents an enormous challenge to the IT department. As we discussed, the mix of corporate-issued and personal devices creates provisioning, maintenance, policy, and security issues that must be addressed to keep employees productive and corporate information protected. Unfortunately, each device platform has different management characteristics so there isn’t a “one-size-fits-all” solution to MDM, although there are solutions that provide multiple operating system management capabilities, with varying levels of functionality.
Since no one solution does it all, and buying multiple solutions to cover all device options within the enterprise is unreasonable from an infrastructure investment as well as an operational perspective, IT should do a thorough analysis of what devices are being used, how they are being used (what applications are used most and for what business need), and what the enterprises future needs are to determine which operating systems are critical to manage. With that information, IT can choose a solution that best delivers the most comprehensive management to optimize employee productivity.
Security is a big issue, since mobile devices are more likely to be lost or stolen than desktop systems. What security features to protect sensitive corporate data should be included in a mobile device management service?
Look for a solution that includes lock and wipe functionality, as well as an application manager. “Lock” is a security feature that locks the device, either automatically (when a device is out of range or unused for a specified period of time) or remotely from the enterprise once it has been notified the device is lost or stolen. “Wipe” is a security feature that removes sensitive data from a mobile device either manually while the IT person can still connect to the device, or automatically based upon specified, pre-defined rules should the device become out of band (disconnected and unreachable) for some period of time.
An application manager function allows IT to control which applications can be used on a device and can automatically shut down an unapproved application if it’s opened. When a device’s functionality is limited to specific line-of-business applications, it makes the device unattractive for theft.
Can a coordinated mobile device management program be integrated with existing IT systems or do they stand alone?
Yes, one MDM product can be integrated into an existing IT system. For example, our company’s Athena leverages the investment in Microsoft Systems Management Server 2003 and Systems Center Configuration Manager 2007 with functionality that extends the management capabilities of these base platforms, without the need for additional servers, or consoles -- which other device management products require. This “single-pane-of-glass” benefit means no additional infrastructure cost to the enterprise, and training for IT and help desk personnel is minimal.
What problems do IT administrators typically face when implementing a mobile management system, and what best practices can you suggest to prevent such problems?
There are a few potential problems IT administrators could face at the onset of an MDM deployment, but most can be anticipated and resolved in the near term. However, there are some issues that aren’t obvious and may take some time to surface but clearly present significant, long-term problems for the IT department. Here are two I feel are in that category:
Problem: The management product doesn’t scale as the number of devices is increased. The initial deployment worked well but as more devices are added the system fails or performance deteriorates.
Solution: I recommend that you pilot the system before you select the solution to deploy to determine strengths and weakness of the product, then do an analysis of adding a larger number of devices. How will the weaknesses in the pilot play out in a larger deployment? Can the solution scale without a degradation of functionality?
Problem: The management product can’t be expanded with capabilities to match the enterprises growing needs.
Solution: A thorough analysis of competitive products, in conjunction with a long-term plan for future needs of the mobile devices within your enterprise, should determine whether a MDM product will have the capabilities to grow with the enterprise’s needs. For example, some products may have the ability to collect basic hardware and software inventory, which fits your enterprise needs now, but what if your device management needs expand to require detailed network health metrics, does the product you choose have incremental features to meet those or other needs?
As part of a management solution, an enterprise has the opportunity to establish mobile policies. What is the best strategy -- and what are the best practices -- for setting up policies for a mobile device management initiative?
Policies for the management and use of mobile devices do need to be established, clearly communicated and strictly enforced as part of a successful MDM program. Policies relating to the use and management of the company’s mobile devices vary from one enterprise to the next so there isn’t a set of “best practices” that work for everyone. For example, a publicly traded company may have more stringent policy requirements dictated by Sarbanes-Oxley than a privately held company. Each company needs to determine the policies required to be in order to make their deployment run smoothly. A good place to start is to mirror the policies defined for laptop computers, then make adjustments for any specific mobile platform features such a disabling camera, SD memory cards, text messaging, etc.
What role does Odyssey play in the mobile device management market?
Odyssey develops products that compliment and extend the native functionality of industry standard platforms, such as Microsoft Systems Management Server 2003 and System Center Configuration Manager 2007. Our products offer a unique architectural approach that integrates seamlessly into the existing management console so no additional servers or consoles are required. Athena, Odyssey’s flagship product, provides vital functions specifically designed for comprehensive, over-the-air remote management of enterprise deployments.
Athena’s rich feature set provides critical device management capabilities such as asset and health reporting, interactive support functions such as remote control, and automated provisioning and unattended installation of updates -- features that aren’t native to these enterprise management platforms. Enterprise customers utilizing Athena for comprehensive remote device management benefit by leveraging their investment in these enterprise management platforms and their inherent scalability, security and reliability. In addition, Odyssey’s support and maintenance program facilitates migration to new releases and supports new enterprise management platforms as they become available with no additional licensing costs.