Organizations should conduct a detailed analysis before choosing a mobile device management solution. With perhaps dozens of different products to choose from, each with varying features and capabilities, IT departments face a lot of choices and trade-offs.
MDM software has some characteristics in common with enterprise resource planning (ERP) software in that it is a strategic platform for controlling significant assets, bundles many functions together and reaches into the farthest-flung parts of an organization, namely the mobile endpoints carried by employees.
Basic MDM Functions
Making an informed purchase decision of an MDM solution requires information. What are the criteria for selecting the right one? Start by comparing their basic functions.
Enrollment and authentication: These features bind the mobile device, the user and the organization. The IT department sets up the MDM to respond to each user according to a role-based set of parameters. To get started, users typically download an app, which leads to a sign-in screen for the MDM site. Employees use their organizational credentials, in most cases tied to an Active Directory or similar directory service.
App provisioning: This function occurs at the catalog. From there, a user downloads the container or sandbox, within which the apps corresponding to the user’s role are placed. Most MDM products accommodate both custom enterprise apps and third-party apps with which the enterprise has made a licensing arrangement.
Security: This is a function both of the MDM itself and of the apps. The initial provisioning of a device includes creating the logical section within the device memory that keeps enterprise apps and data segregated from employees’ personal content — the container or sandbox.
Beyond basic sandboxing, apps may be designed to enhance the separation. For example, many setups don’t let users cut and paste to and from sandboxed apps, or they prohibit users from attaching enterprise documents to personal email and vice versa.
Some MDM solutions let IT managers limit the number of pages or files downloaded, and require passwords to access online files.
The mainstream mobile operating systems support encryption, some with software, some with Trusted Platform Module (TPM) hardware. MDM can make sure users encrypt their devices using built-in passcode functions. The passcode acts as the decryption key.
The MDM tool lets administrators restrict devices to designated Wi-Fi networks and also send an alert if they are jailbroken.
Remote access management: This provides an essential way for the IT department and network administrators to control devices. As an application, MDM gives IT admins a dashboard through which they can view the status of devices. More than simply monitoring devices, MDM lets the IT staff remotely disable or even wipe a device that is reported lost or stolen. The same functionality lets IT staff reset or otherwise fix devices without having to physically handle them.
Many MDM publishers are adding the ability to view, provision and manage desktop PCs. In effect, they become total endpoint management solutions.
Mobile expense management (MEM): Some MDM solutions also can compile cost data for mobile devices — their usage of voice and data plans. MEM is an important component in total mobility management, as mobile service bills are now so complicated that they challenge organizations to understand them completely.
General management: These functions allow the IT team to establish settings for privacy, software usage and license monitoring. Administrators also can create and maintain app white lists, which compile a roster of apps that are approved for use, or blacklists of prohibited applications.
Enterprise data management: Depending on an enterprise’s policies, the IT staff can configure the MDM solution to limit the drives, directories and files to which a given device has access. Using containerization and controls on files, MDM can keep the distribution, sharing, editing and synchronizing of enterprise information within a secure end-to-end environment for both organization-supplied and employee-owned mobile devices.
Just as users have secure containers within their devices, they can also be given access to secure file space in the data center or cloud.
Before deploying any MDM system, IT staff must make the fundamental choice of whether to use a cloud solution or one hosted by the organization. Not all vendors offer both options.
Want to learn more? Check out CDW’s white paper, “MDM: Managing the Evolution.”