Mobile device management (MDM) is a year-round request, but with the holiday season closing in, Shane Snider is gearing up to accommodate -- rather than lock down --
Securing and supporting devices from Research In Motion Ltd. has been pretty easy for Snider, executive vice president of IT at Shawnee Mission, Kan.-based SkillPath Seminars Inc. Using a BlackBerry Enterprise Server and some custom solutions, SkillPath gives its employees access to email and some master IBM mainframe data. More recently, Snider decided to allow access to email on employee personal devices by deploying Good Technology Inc.'s mobile security software for iOS and Android devices.
Snider also plans to implement an approved mobile apps company portal to give SkillPath's 230 employees access to "Webified" mainframe apps so they can access information on the mainframe. Snider acknowledges, however, that it’s hard to find one solution that meets all of his company's mobile device security and support needs across such a wide variety of devices.
That could be because the MDM space is immature, according to Christian Kane, an analyst at Forrester Research Inc. in Cambridge, Mass. The key is to choose a mobile device management solution that is device- and operating system agnostic, something that "most, if not all" MDM vendors have or are working toward, he said.
Some firms are ignoring mobile devices, which is the worst approach, Kane said. Even at a basic level, devices should be password-protected. IT should have the ability to remotely wipe corporate-owned devices. Most IT shops can track who is connecting to your email server on an unmanaged device through ActiveSync or an MDM solution, he said.
Don't turn a blind eye to MDM costs
More users on an email server can mean more headaches, however -- both in information security concerns and cost management. "At first you don't think it will cost you to keep adding users if you're running Microsoft Exchange, for example, because there's no extra licensing cost for adding a mobile user," said Phillip Redman, an analyst at Stamford, Conn.-based Gartner Inc. "But more and more users added means more and more data that you have to control. Where is that data going? No doubt that by supporting 100% of your mobile users vs. 25%, management costs will go up. Not all mobile platforms are as easy to manage as others."
If you are going to open up email to mobile users, don't allow email or email attachment forwarding from corporate systems to third-party email providers like Google or Yahoo, advised Redman. Close any open email ports and open them only on a permission-by-permission basis.
And those Android devices that will show up after the holidays? Lock them down now, said Redman. Unlike iOS apps, Android apps aren’t vetted. "Anyone can write them and add something in there to track passwords or other corporate information," he said.
Snider shared this concern: When a questionable application was found on an Android device at SkillPath, the problem was resolved quickly, he said.
All in all, Snider said he’s going to take it as it comes. Some requests have been odder than others -- like for access to email and company information using a quasi-smartphone.
"That one surprised me,” he said, explaining that he’d never seen the device before. “But we are small enough that we can look at all requests on a one-by-one basis." The request was filled. This plan works smoothly for his manageable base of internal user devices, but -- adding another wrinkle to Snider's mobile device strategy -- the organization employs up to 500 contractors in its technology training business. When these folks start asking for access to training materials and customer information on their mobile devices, Snider said he'll likely re-evaluate his MDM strategy.
"If what we have doesn't cover all the devices and access situations, we'll have to buy another piece of software. That will make it three solutions we are working with, which makes it a lot more complicated."
Let us know what you think about the story; email Christina Torode, News Director.