If organizations needed a license to drive their mobile device management (MDM) strategy, many would still be working on their learner's permit. A lot of businesses are still going on test drives as they transition from basic MDM to more complex strategies that support bring your own device (BYOD), corporately-owned personally enabled (CoPE) and other user-centric models.
Staying with the driving analogy, automatic transmissions can intuitively shift faster than any driver, but there will always be purists who believe that a manual transmission is the only way to drive. Similarly, some might think a manual policy is the best route to a strong corporate mobility program, but manually verifying every app, certifying every device and monitoring every access point on the road to MDM is impossible. The good news is there are plenty of opportunities to unify and automate the processes while maintaining control.
Here are a few tips:
Stop Treating Portable Devices Differently
Although there are baseline differences between a computer and tablet or smartphone, user behavior is relatively constant — people want to stay connected and be able to access information when they want it. So it makes sense to leverage existing security protocols regardless of form factor.
Review the profile that's already in place for a user's computer. Note the level of security, permissions and other applications they need to perform their job. Whenever possible, extend these to their mobile device. Note the applications that are black or white-listed and ensure any mobile app versions are installed or blocked from their portable devices as well.
Forget Devices – Think Users
When you align your MDM policy with your existing desktop strategy, you will provide all IT administrators with a single protocol to learn and enforce. This will create efficiencies across the team, freeing up time to focus on business-enablement and user productivity.
By focusing on the profile of the user, you can provision their device(s) with the exact tools they need to work efficiently. For example, all employees may use Microsoft Office, the company intranet and a dedicated VPN client. However, individual departments will also have unique requirements. The marketing department may need to provision Radian6 for the PR team, Adobe Creative Suite for the design team and a content management application to facilitate file sharing.
So remember to configure your MDM profiles based on the way people work versus the devices they use. This will allow you to implement your MDM program quickly and efficiently.
Secure Access Not Data
The need to access information is one of the key reasons behind the mobility explosion and there will always be sensitive corporate data that could be at risk.
But continually building sandboxes around new sources of data is a never-ending task. Instead, focus on how users access data.
Successful MDM policies should allow to define device status and behavior that you deem suspicious. If a device exhibits any of these symptoms, then it should be automatically dropped from management, effectively blocking access to corporate servers and data.
This model is especially effective if you intend to support a BYOD program. Since you’re focusing on access versus data — nothing is deleted from the device. So if it's an employee-owned device, their personal data will not be removed or disturbed.
Overall, you should focus on the user experience, productivity and business enablement to build an MDM policy that works for both the enterprise and employees.