Mobility now sits at the core of government operations, making mobile device management one of the hottest technologies available today.
The variety of MDM products from makers such as AirWatch, Fiberlink, MobileIron, Sophos, Symantec and others offers an impressive range of functionality. Making the best use of MDM, however, isn't always straightforward. Simplify the task by taking the following steps.
1. Decide which users, applications and devices need to be mobilized.
Success in mobile management begins with succinct answers to a few basic questions: Who needs to be mobile, with what data and applications, on which devices and under what circumstances? Mobility shouldn't be a free-for-all: MDM exists to support necessary management and operational functions while guarding against threats. Effective security and acceptable-use policies must be in place too, along with appropriate training and regular consciousness-raising to make sure that these policies are working and enforced.
There's no reason to assume that every possible combination of mobile device and operating system needs to be allowed — indeed, support costs would be astronomical should that be the case. For that reason, it's best to limit options.
What's more, organizations must determine if they'll allow bring-your-own-device initiatives; if only agency-supplied mobile devices can be used; or if the organization's mission calls for a mixture of both. Government-owned devices are often preferable in many environments due to concerns over security, usage tracking and management. But where practical, BYOD rollouts can save money and enhance both convenience and ease of use for workers, with the understanding that some compromise for management visibility and control must be accepted. Device management, thus, needs to be comprehensive in some cases, but often can be flexible in others.
Once all of the heavy lifting of setting strategy is complete, focus on establishing MDM objectives, evaluating solutions and defining the set of allowed mobile devices. Additional policies and operational procedures may apply in certain agencies, so be sure to assemble a complete checklist before taking the next steps.
2. Understand the scope — and limitations — of MDM.
Think of MDM as an umbrella concept under which a potentially large number of functions can reside. MDM capabilities can include configuration management, local policy enforcement, security management, usage monitoring, auditing, reporting and much more. Carefully consider what functions are required and how these should be provisioned to support operational policies — and understand the value of the capabilities and any limitations — before selecting a solution.
For example, with device wiping, IT managers can remotely erase storage on a given device by authorized command upon learning that a device has been lost, stolen or otherwise compromised. While this function sounds great (if not essential) in concept, it is in fact quite limited in practice. Significant time may elapse before users report a missing notebook, tablet or smartphone. By that point, a professional thief has already acted to negate any management intervention, such as removing the battery or shielding the device from radio waves. Data may not be at risk in every case, however, because casual thieves generally seek a source of quick cash rather than valuable information.
3. Make sure MDM fits into overall IT management strategy.
MDM involves yet another management console and associated databases, so IT managers should carefully consider operational requirements and constraints when evaluating MDM solutions. On-premises management systems have been the norm in desktop and network management and may be desirable in agencies with extremely sensitive data. However, cloud-based software-as-a-service solutions offer greater convenience and scalability, with the console able to run literally anywhere IT managers desire, including on a handset.
IT should scrutinize vendor product and service licensing terms, but keep in mind that these elements are negotiable and rarely represent challenging obstacles. Similarly, elements such as device onboarding (initial configuration) and user support should be automated as much as possible to avoid overloading help desk and other IT support personnel. When properly implemented, MDM should reduce costs — make sure that remains a key objective in a mobility management strategy.
4. Consider the evolving nature of MDM.
Despite a comprehensive set of functions, MDM ultimately represents just one necessary aspect of an overall mobility management solution. Data security, for example, more properly falls under the province of mobile application or mobile information management (MAM/MIM).
Many MAM/MIM solutions increasingly offer a capability called data containerization or "sandboxing," which encrypts and manages sensitive enterprise information in isolation, even on a personal device. Cloud-based strategies such as applications implemented via HTML5 (as opposed to via local apps) or provisioned via desktop virtualization can similarly minimize what needs to be managed and may represent viable alternatives for many environments.
Mobile expense management, an offshoot of and adjunct to well-established telecom expense management solutions, can also help governments minimize wireless communications costs.
Many MDM system makers are now rolling additional functionality into more comprehensive product offerings, effectively blurring the lines between today's mobile management categories. That means the task of mobile management will get easier over time.
Regardless, excellent MDM solutions are now available on the market. With just a little advance work and careful consideration of both the operational objectives and IT strategy outlined above, these products can ease the job of overseeing mobile devices in agencies today.