Enterprise-lead adoption: A controlled roll out by the IT staff
User-lead adoption: Tech-savvy employees bringing in their own devices and connecting to the company network for email and access to other sensitive data.
The challenge for the IT department in either scenario is the same - how do you manage these devices, make sure security is enforced and data protected while maintaining a fluid user experience? The practice around client device management traditionally has been focused on Desktops and Laptops, for the most part in managing a Windows OS. Mobile devices and their OSes are new beasts that have a bad rap as a “nightmare” to manage. Luckily there are efficient and cost-effective ways to manage iPads and iPhones. The most important ingredient of the “Secret sauce” that is Mobile Device Management for iOS: the Configuration Profile.
In my last article, I highlighted the enterprise-level security features in iOS that make them ideal for business. On the device itself there’s a plethora of restrictions that can be enabled, and for connectivity you have many secure Wifi and VPN options. All of these can be set using Configuration Profiles with Apple’s iPhone Configuration Utility (iPCU for short) – a free download from Apple that works on both Mac OSX and Windows.
Now, how do you get those Configuration Profiles onto the device? If the device is physically connected to the system running iPCU it’s a simple drag’n’drop (like many things on OSX!) but obviously that’s not going to work in a larger, more extensive mobile workforce. Luckily there’s ways to deliver the profiles wirelessly, or “Over the Air” by either email or a weblink. These steps require user interaction, but very minimal touch and go interaction that will take only seconds. Since each Profile needs to be signed by the creator, the user knows where it came from and that the profile can be trusted.
As for installing applications that the enterprise requires on each user device, the best strategy is to host a secure website with links to the applications – again just touch and go. The site itself can be a “Web Clip” sitting on the iPad or iPhone which looks just like any other App but points the user specifically to the site on Safari. And how do you get the Web Clips onto those devices? Again, using a handy Configuration Profile, again all achievable Over the Air.
So we know the magic ingredient, but does that alone make the sauce? For most organizations creating and distributing the Configuration Profiles is just the first step. You’ll need to have an efficient process to send, remove and update the Profile across a multitude of devices, perhaps not all of them are iOS. That’s when you turn to a full-featured Mobile Device Management (MDM) Solution.
MDMs will let you not only manage iOS and other device platforms through a single pane of glass, they will also let you Query and Manage the devices so you can capture that data about the endpoint you’re use to seeing when managing your Desktops and Laptops. Applications, security settings, 3G network and carrier information, even the make, model and serial number of the device can be discovered. Remote wipes are easier to manage, and you also have the power to Remote Lock the device. Security policies can be enforced by user role and even geographical location based on compliance laws.
You may have also heard about how MDMs will allow you to do a “selective wipe” of the device – as in wipe out the corporate information but leave the user’s personal settings intact. The way that is achieved by MDMs is simply by removing the MDM enrollment profiles – corporate email, VPN and security settings – and not actually doing a full remote wipe. This way, the sensitive information in email is removed (since it’s accessing the server anyway and doesn’t reside on the devices) while personal email and all other settings remain. The user doesn’t have to worry about losing their iTunes library or Angry Birds high-scores.
There’s no shortage of MDM solution vendors to choose from including best-of-breed security names like McAfee, Symantec and Sophos that have incorporated their MDM solutions into their existing central management console that also controls AV and security for desktops and laptops. Some of the niche players include AirWatch, with their brilliant web-based management console, and Good Technology that leverages their own email, calendar and web browser to provide additional layers of security. In fact, Good is unique in their use of a device agent – the other above mentioned solutions require no agent on the iOS device itself.
Gartner recently published the Magic Quadrant for MDM solutions - of the 60 vendors out on the market today, 23 responded and are rated to give businesses a quick glimpse of the marketplace.
Still, you shouldn’t have to decide on your own. Working with Softchoice you can pick the solution that’s right for your business, and with the proper planning take full control of your mobile devices with the same level of confidence that you manage your Desktops and Laptops.