MDM: 10 Best Practices to Get Started
By Jim Szafranski
Mobile employees are no longer the exception–they’re the norm. They require access to corporate networks at all times, regardless of where they are located.
Today’s mobile employees use corporate-issued and personally-owned smartphones, tablets, and laptops for network access. It is all about convenience and productivity for the employee, but for organizations, it can be an IT nightmare.
Personal device ownership and usage in the enterprise are growing rapidly, but many organizations are struggling to keep up. They are up against the daunting challenge of how to fully provision, manage, and secure both corporate-issued and personally-owned devices in corporate environments.
IT departments understandably want to add a degree of rigor, but it doesn’t have to be difficult. The good news is that with the right amount of preparation, enterprises can seamlessly manage thousands of mobile devices.
Here are 10 mobile device management best practices that enterprises should consider when rolling out a device management strategy:
1. Set realistic policies
Don’t turn a blind eye to personally-owned devices. Be realistic and expect that employees will use their own devices to gain network access. Employees can easily integrate their personal devices with corporate mail using ActiveSync functionality. Just Google “Setting up iPhone on Exchange”and see how easy it is for employees to set it up. Require employee-owned devices to be secured and managed by the enterprise, and create policies and procedures to deny access to jailbroken or modified devices.
2. Learn which employees are mobile and what they are doing
It is hard to make decisions and quantify risks about mobile devices without first having solid data on the devices in use. An all too common example is when an enterprise can’t stop a former employee from using a corporate device because IT is completely unaware that it was even happening in the first place.
A lightweight reporting and inventory tool can help enterprises keep tabs on how mobile devices are being used and by whom. These types of tools should work for help desk troubleshooting, be accessible outside of IT, and include strong application inventory and search capabilities.
3. Think security: enforce strong passwords, encryption, and remote wipe
Make sure that devices require a strong password and encryption is enabled. Also, restrict sensitive data from being exported to mobile devices and be sure that devices are set up to automatically lock after 5 to 15 minutes of inactivity and automatically wipe after multiple failed login attempts or if the device is reported lost.
4. Make Bluetooth hidden or non-discoverable
Bluetooth seems to be the most used method of wireless connection but it’s still a highly infrequent security risk. An enterprise’s policy should require users to turn their devices to non-discoverable mode when not in use. Users will need to put it into discover mode to pair with their car or new headset, for instance, but their policy should require them to turn it back to non-discoverable when they are finished with that one-time action.
5. Plan for a single console, multi-platform mobile device management solution
When selecting a mobile device management platform, choose one that can manage PC/Mac form factors and handheld devices. This will reduce infrastructure costs, improve operational efficiency, and create a single user view into devices and data.
Enterprises should be sure that their reporting and inventory tool consolidates both existing BlackBerry and multi-platform mobile device management solutions. This will prevent enterprises from having to perform manual processes to access business intelligence on mobile devices.
Also, consider a Web- or cloud-based mobile device management solution. Enterprises will save money with a cloud-based solution over a LAN-oriented solution.
6. Include mobile device inventory and policy status in operations reviews
Report on and discuss mobile device inventory and policy status in IT operations reviews–and be sure to include personal devices. This is a good way to gain exposure to future resource needs.
7. Enable cost management for network usage
Multi-national businesses need the ability to monitor and limit international data roaming, since those costs can quickly reach thousands of dollars per trip. With U.S. pricing plans introduced by AT&T for iPhones and iPads, usage tracking and restriction will become a requirement for domestic connectivity. Verizon also has iPhones and Android devices, so anything other than flat rate unlimited could result in pricey fees.
8. Manage application restrictions
Most handset vendors do a good job of limiting applications to certified and approved applications, but some enterprises may have an additional need to restrict the type of applications allowed on corporate-approved devices. Most mobile device management solutions provide this functionality.
Enterprises can also set up their own enterprise app stores to restrict the available app options and ease the delivery of applications to devices. This is not a requirement, but it is something that enterprises can explore after other mobile device management best practices are in place.
9. Provide a backup and recovery service
Enterprises should consider using a backup and recovery solution if any of their users work with critical and unique data beyond e-mail. Android devices may require this type of solution; however, it is not critical for iPhone or BlackBerry users.
10. Limit data transfers and separate corporate and personal information
Some businesses find it valuable to restrict downloading attachments or prevent the copying of data to removable media. Implementing these policies can be very difficult and the data classification exercise is nearly intractable. An alternative is to create separate virtual containers for business and personal data and applications.
Mobile devices are here to stay. Organizations can either drag their feet and risk the liabilities of not supporting corporate and personally-owned devices, or employ these best practices that satisfy end users and IT alike.