Mar 04 2014
Mobility

MDM Paves the Way for the Mobilization of Businesses

Needham Bank of Massachusetts and others reap the benefits of mobile device management to rein in employee-owned smartphones and tablets.

A self-described “early adopter of everything,” James Gordon was in line for the first iPhone back in 2007. That same year he joined Needham Bank, headquartered in Needham, Mass., as first vice president of IT.

When Apple released the iPhone 3G in 2008 with a Microsoft Exchange connector, Gordon canceled the bank’s contract for Palm Treos and standardized on the latest iPhone model. He leveraged the management controls that Exchange offered at the time, including remote erase, to support the new smartphones.

What Gordon really needed was a full-fledged mobile device management (MDM) solution so he could profile the bank’s fleet of devices to determine how they were used and what applications they were running, but that would have to wait a few more years.

In 2010, Gordon rolled out iPads, the same year Apple introduced iOS 4, which incorporated MDM features and APIs for integration with third-party mobile management applications. “We knew iOS 4 was a game changer, so we waited for MDM providers to successfully use the APIs to integrate their products,” says Gordon.

Gordon Needham
Photo: Jason Grow

"As a small department, we have to choose which battles we fight, and we can’t fight on all three fronts simultaneously," says James Gordon, Vice President of IT for Needham Bank.

In 2011, Gordon’s patience paid off when he and his staff deployed MobileIron’s Anyware MDM product along with remote email access for bank employees’ iPads and iPhones.

Corporate email is often the entry point for organizations that want to provide mobile access to business applications. As IDC analyst Ben Hoffman notes, “Sixty-one percent of SMBs provide mobile access to corporate email, while 34 percent enable file access and sharing.”

The Multipronged Approach to Mobility

Business mobility hardly had time to settle in before bring-your-own-device (BYOD) blew up. While IT staffs have their hands full attempting to get a handle on the trend, the latest mobile enterprise management (MEM) products on the market — as well as managed services providers experienced in matching ­offerings to customer needs — are boosting SMBs’ ability to manage the ever-growing influx of mobile devices.

When Innovative Technology moved into its new state-of-the-art facility in Amesbury, Mass., Rich Hillard, the Boston-based IT consultant who runs the small business’s IT operations, recommended they take the opportunity to move as much as they could to the cloud. And that’s exactly where Innovative, a 27-employee manufacturer of glovebox solvent and gas purification systems for research and industrial applications, has run the majority of its voice, data and applications since 2012.

For the 20 employees who use corporate-liable smartphones, Hillard takes a two-pronged technology approach to MDM. First, he leverages Microsoft Exchange Server’s Active Sync: When a user gets a new smartphone, the contents of their Exchange mailbox — email, calendar and contacts — are automatically synced to Exchange Server. They then receive a security alert requiring them to authorize Active Sync to take whatever security measures are deemed necessary to protect device data, including remote wipe.

Next, Hillard installs a GFI VIPRE anti-virus/anti-­spyware agent on the smartphone, which continuously scans the device’s files for viruses and malware. With these solutions, Innovative is able to remotely remove sensitive data from the smartphone and completely wipe it if needed.

“Exchange and GFI allow us to remotely wipe all corporate data from the mobile device without touching personal data,” he says. “It’s standard practice if someone gets terminated or quits, but it also protects both the company and the employee at all times.”

Hillard has also implemented Media Access Control (MAC) lists, blocking access to Innovative’s wireless network if a smartphone’s MAC address isn’t authorized. “We don’t want people to just walk into the building and get on the corporate Wi-Fi, so even if someone has an SSID [service set identifier] and password, they can’t get on if the hardware isn’t authorized,” he says.

Pick Your BYOD Battle

Unlike Needham Bank and ­Innovative Technology, Woodard & Curran, a Portland, Maine-based engineering, environmental and operations management firm with 800 employees in offices throughout the United States, has yet to settle on a specific MDM solution. At this point, the company generally accommodates an employee’s device of choice — for which it extends a stipend to an ever-growing number of workers — through the deployment of a mobile virtual private network (VPN).

Woodard & Curran’s IT staff will, on occasion, use more sophisticated mobile management tools for project-specific devices, according to Duff Collins, senior vice president for remediation services and a sponsor of the mobility effort. They’re considering all options to expand MDM deployment as the business’s BYOD adoption becomes more widespread.

“There’s a lot of concern among employees about that level of control, however,” says Collins. “That’s a critical conversation, and we need to treat everyone’s opinions with respect.”

Needham Bank’s Gordon works closely with users to educate them on the services his team — which now stands at five — can provide to the bank’s staff, which has nearly tripled, from 57 to 170, since he came on board.

“We let employees know that while they can use the devices they want, they will probably miss out on all the mobile features we’re deploying because we don’t have the capabilities to feature-match everything with Windows Phone and Android on top of iOS,” says Gordon. “As a small department, we have to choose which battles we fight, and we can’t fight on all three fronts simultaneously.”

This extends to internal mobile apps developed for iOS, as well as the mobile content management software Gordon deployed in 2013. With the MDM solution, IT can manage mobile content through the bank’s branded “NB Exchange” portal, where employees access content-sharing and collaboration tools using MobileIron’s Web@Work enterprise mobile web browser. “This corporate mobile browser does a reverse proxy back into the data center, so users don’t even need to use a VPN to get to SharePoint,” says Gordon.

The tools enable employees to edit Microsoft Word, Excel and PowerPoint documents on their iOS device. About 60 employees can also use the bank’s remote-access channel via any device to access their virtual desktops anytime, from anywhere.

“With mobile access, email is just the tip of the iceberg,” says Gordon. n

Jason Grow
Close

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.