Jul 23 2012

States Use MDM to Secure Mobile Devices

A new crop of software enforces policies and helps government save time and money.

Like many state governments, Virginia has moved strategically into the wireless world. It currently supports about 11,000 wireless devices — roughly 60 percent are smartphones with enterprise e-mail access.

The commonwealth has long supplied many of its executive-branch agency employees with BlackBerry devices, and recently adopted a bring your own device policy. Since it was instituted, several hundred users have opted to use their iOS and Android-based smartphones and tablets for work.

“It’s only fairly recently that the marketplace has made it possible for us to securely support a device other than the Blackberry that will sync to our enterprise e-mail system for e-mail and calendaring,” says Virginia CIO Samuel Nixon Jr.

Although it was time to allow other wireless devices into the environment, doing so raises security concerns. The best way to handle that was to implement mobile device management (MDM) software to ensure that security policies were being followed. The state’s IT department rolled out Good Technology’s MDM system last October.

Today, a worker who wants to use a new mobile device on the state network submits a request for an MDM license. The user then downloads the client on the device and the software pushes down policies. Workers can access data according to permission levels, as well as their e-mail and calendars, and the Internet using a secure virtual browser.

If a unit is lost or stolen, the Good Technology MDM allows the IT staff to remotely wipe the entire device. If an employee quits or is fired, the IT staff can selectively wipe all state data, leaving personal data intact.

Because the MDM technology is still fairly new to Virginia, agencies are exploring how they can use it best.

“They are trying to figure out how they can put apps specific to their agencies on the devices to make it easier for their employees to do their jobs,” explains Mike Watson, the Virginia chief information security officer. “The important point is that the technology is there and the security is there; there are a lot of capabilities at our disposal.”

Remote Control

Installing MDM software on mobile devices has become a common way of managing and pushing policies, applications and configurations, as well as of ensuring security and keeping track of devices. Popular solutions include those from AirWatch, Absolute Software, BoxTone, Fiberlink, MobileIron, Sophos and Sybase Afaria.

“With MDM, as soon as you install an agent on the device, you have a lot more granular control,” says Mark Tauschek, lead research analyst at Info-Tech Research Group. You can do selective wipes — wiping only enterprise apps, or only e-mail, calendar and contacts. It almost always makes sense to use MDM.”

45 minutes
The amount of time an organization can save per mobile device by implementing MDM, based on managing 1,000 devices over five years

SOURCE: Source: MobileIron Mobile DeviceLifecycle Cost Savings Calculator

As the first Nevada state agency to adopt MDM, the Department of Transportation is forging the path for other agencies. Up to 1,000 of the department’s 1,800 employees eventually will have state-issued Apple iPhones or iPads, although only about 160 have them so far. Employees mainly use the devices for responding to immediate road and transportation necessities, as well as handling the planning, construction and administration duties throughout the state.

With the first batch issued to users late last year, DOT Information Security Officer Kimberly Munoz immediately began researching solutions that would enable the IT department to remotely track and wipe devices, manage inventory and reduce the overhead of pushing updates and security policies to devices. The state implemented Fiberlink MaaS360 MDM software last February.

“Before going with this solution, we had to physically touch each device to configure them with our security configurations, and it was difficult to push updates and policies,” Munoz says. “In time savings alone, we went from spending about an hour getting each unit ready for deployment to about 20 minutes.”

The department also uses the MDM software to manage prepurchased apps from the Apple App Store. If the department chose 10 copies of a particular app workers need, MaaS360 would be able to manage distribution automatically, saving time and money.

Apps Aplenty

Munoz also chose the Fiberlink solution with an eye to the future. So far, the department’s own app store has a handful of applications that users can download depending on their role. Munoz says more are coming, and the MDM will be extremely useful in managing them. For example, the department has a request for proposal out now expected to result in a custom-built app for construction crews using iPads. More will follow, she says.

The New Breed of Mobile Security

There’s an entire range of products emerging beyond MDM software that helps IT staffs manage and secure mobile devices.

Products such as Enterasys’ OneFabric Edge for Mobility and BYOD, Aruba Networks’ ClearPass and Cisco Systems’ Identity Services Engine let network administrators fingerprint devices and users and apply the appropriate network access policies automatically.

“These solutions can apply policy in an automated fashion, so when someone connects to the wireless network with a personal device, it will know who they are, what device they are connecting with and where they are,” explains Mark Tauschek, lead research analyst at Info-Tech Research Group. “It can apply rules and policies and control access for specific categories of users, as long as they are connected to the network.”

Mobile application management (MAM) is another emerging product. Unlike MDM, which focuses on securing and managing mobile devices, MAM concentrates on securing and managing the applications that those devices access. Examples include Symantec’s Nukona and IBM’s Worklight.


Become an Insider

Unlock white papers, personalized recommendations and other premium content for an in-depth look at evolving IT