How to manage and protect mobile devices in the enterprise
Modern IT and security leaders are faced with the challenge
of provisioning, managing and securing mobile devices in their
corporate environments. Now with smartphones, tablets, PCs and
Macs in the workplace, IT needs a single platform that’s capable of
managing all devices—no matter what kind.
Although it may sound complex, the approach you can take to
manage these devices is relatively simple. Just follow these 11
steps and you’ll be on your way to effectively managing mobile in
the enterprise.
11 best practices for MDM
1. Check yourself before you wreck yourself :
Before you begin thinking of the various ways you’re going to manage your
devices, you first need to understand what types of devices are in your
environment. Here are some questions all IT professionals should ask in their
initial assessment:
• What kinds of devices am I managing?
• Apple iOS or macOS? Google Android? Microsoft Windows?
• How many devices are in my environment?
• Where do I go for a definitive number?
• What use cases do I have in place for my devices?
• What specific applications (apps) do I need for specific tasks?
• What are my devices connecting to internally?
• Microsoft Exchange ActiveSync? Microsoft Active Directory? Google Apps? EWS? IBM® Notes® Traveler?
Only when you’ve answered these questions can you begin planning the next
steps for your MDM implementation.
2. You don’t have to go it alone
Before you actually take the initial steps on your mobile journey, what’s
ahead can seem daunting. You’re pressured to make sure that all devices are
accounted for and running properly—but you aren’t sure how you’re going to
keep track of it all.
Make sure to evaluate an MDM tool that has a strong partner network that you
can rely upon to execute your strategy—or that has the framework in place to
support you before you begin your rollout.
3. Try before you buy
No matter what, it should be easy to get started with your MDM solution. Make
sure yours offers free access to a full-production (not “lite” or limited) portal
where you can begin enrolling devices and testing features in minutes. For
added convenience, make sure the portal has a cloud delivery model, so you
can get started right from your favorite browser.
As you begin to familiarize yourself with the portal and begin taking specific
actions, ensure that you’re also closing the loop with the device(s) you’re
testing.
• Was the enrollment process quick, easy and seamless?
• Are the policies you configured and pushed out going into effect?
• Is it easy to find, access and use the mobile apps that were pushed down to devices?
4. Knowledge is power
When reviewing a solution’s technical support capabilities, you should ask yourself:
• What kind of support do I have?
• At a minimum, the solution should have a dedicated help desk number or an online chat feature that will enable you to speak with a support representative immediately.
• Is there an owner’s manual?
• Portal guides and documentation on how to make the most of your experience are key to a successful rollout.
• Are there how-to videos if I don’t have time to read an owner’s manual?
• Whether you’re a visual learner or have a very busy schedule, video tutorials may be the easiest way to get step-by-step guidance you need, and should be included in your solution’s offering.
You should never feel like you’ve been left in the dark, and there should be plenty of areas where you can go to achieve MDM enlightenment. Ask questions—get answers. It should never be more difficult than that.
5. Going from big picture to nitty gritty
Here are three best practices to consider in selecting your MDM solution,
crafted around the bare necessities:
• Be sure your reporting and inventory tool consolidates all of your enrolled devices and associated information into easy-to-follow reports. You will come to rely on your daily updates, so these should be generated automatically without manual input.
• Beyond the advantages of instant accessibility afforded by cloud MDM, there should be no hardware to buy, install or maintain—and no associated fees. The platform should be automatically updated with new features at your disposal.
• The ability to search for anything and everything with ease is key to a cloud-based solution. You should be able to access your devices, integrations, reports, apps and secure documents all with the simple click of a mouse.
6. Automate, report and re-mediate
With sensitive data on both corporate and employee devices, you should be
able to know and control what is accessed. Reporting tools must provide in depth
information about device inventory, security risks and compliance. Here
are some things to consider when it comes to reports:
• Devices can report their locations over a period of time, so you can see where they’ve been.
• If a device is out of compliance with your corporate policies, reports and alerts can be generated and immediately sent to the IT staff.
• Remediation should be swift and automatic for violations including device lock, selective wipe or appropriate corporate actions by the human
resources department. All these can be viewed with a simple report that can be exported for your enterprise records.
7. Lock. It. Down.
With the rise of bring-your-own-device (BYOD) initiatives, organisations run the risk of exposing their corporate information on employee-owned, personal
devices. However, your MDM solution should offer some form of enterprise data containment. The idea is to separate work from play, so your IT team has more
control of what the user has access to—and, more specifically, who has access to the data on that device. Your MDM solution should be able to set up specific
guidelines for accessing secure data, and it should take actions in case of a potential breach such as lost or theft of a device.
When considering secure containment, ask yourself:
• What should I do if a device is lost or stolen? How can I protect my organisation’s data?
• How can I lock down my corporate data?
8. Only the right apps
With the advent of a custom home screen, your organisation can dictate what apps will appear on your corporate devices and limit users from non-essential
apps. Android and iOS devices can enable a device “kiosk,” where users can see only enterprise-approved apps, and nothing else. Limiting access to apps
means there is less of a chance of a user breaking corporate policy; the result is to make it easier to manage the device. Also, when there aren’t any games
or non-enterprise approved apps on the device, users will be more productive.
9. Policies: The spice of life
When mapping out your MDM strategy, it’s wise to keep in mind what kind of device policies you’re going to need. An MDM solution should offer a customisable
policy that can be built upon previous iterations—not to mention accommodate an unlimited number of policies. This way, you can have fully customised policies
set for the specific needs of your enterprise at a moment’s notice. As an added bonus, your MDM should offer cloud-sourced benchmarking capabilities that allow
you to compare your configurations to those of your peers with the same company size or in the same industry.
• Why are multiple policies recommended?
• Policies can be applied to an individual user/device, a defined group or everyone in the enterprise. Multiple policies can also be used if and/or when a device is out of compliance and security measures must be taken.
• What should I look for in a policy?
• You should be able to easily change detailed aspects of the device’s behavior to match your organization’s needs. You also should be able to set up profiles for Wi-Fi, email and virtual private network (VPN) capabilities.
10. “You used how much data?!”
All too often, a major pain point with company-owned devices is cellular data usage. With the rise of streaming video and music services, data usage
can grow out of control pretty quickly, and you’ll be stuck with the bill. Your MDM solution should be able to integrate with all of the major carriers in
your region.
11. Plays well with others
Your MDM solution should be able to integrate with mobile device manufacturer solutions, such as Android work profiles, Samsung Knox, Apple’s Device Enrollment Program (DEP) and Apple’s Volume Purchase Program (VPP). These integrations will be key ingredients to your MDM success because they can make overall management easier and save you time, money and stress.
Delivered from a best-in-class IBM Cloud on a mature, trusted platform, MaaS360 helps to manage a wide variety of devices for multiple users from a single console, and to provide integration with solutions from Apple, Google, Microsoft and other suppliers of management tools. IBM works hand-in-hand with these suppliers not only to provide integration but also to ensure that integration can occur as soon as new tools or updates to existing tools are available.
Interested in MaaS360 ?
Start a no-cost 30-day trialStart a no-cost 30-day trial
