Choosing An MDM Solution

This article originally appeared on Stephen’s personal blog. You can visit it here.

Right now there are several types of Mobile Device Management solutions.  They all have their place when you consider security and total cost of ownership.  Some of them are going to be much more secure giving more piece of mind.  Others are going to integrate into or leverage existing systems giving you piece of mind that you are not standing up an entirely new environment that also needs to be managed and secured.

We will be focused on MDM solutions that manage Android, Apple iOS, and Windows Mobile.  Blackberry is very well known for having one of the most secure solutions already.  Until a few years ago they were pretty much the only game in town when it came to phones carrying sensitive data so I’m sure they have been under heavy attack.  Very few issues have been published about the Blackberry solution and it’s not because it wasn’t a target.

Generally every solution out there is going to allow you to push email, calendar, contacts.  You will also be able to configure other features on the device such as wifi and VPN profiles.  From a security perspective you are able to force passwords on and enforce complexity.  Finally you can wipe out the work email, calendar, and contacts that you push along with any other settings like VPN and wifi.  Or you could decide to simply wipe the entire device.  These are the main benefits of having an MDM.  Without these abilities I.T. is going to be tasked with managing and supporting all of these devices which would be extremely time consuming.

 

Regardless of which solution you choose there is still some inherent risk today unless you use this solution in conjunction with something else.

1.   Containers
 
This is the first type of MDM solution that made it’s way into corporate environments.  In a container system an application typically found on either iTunes or Google Play is installed on the device by the user. When they sign into the app with their corporate email address and password the app finds the MDM server and synchronizes policies.  Once synchronized email, calendar, and contacts are synchronized to the device.  The stand out feature here is that these services are synchronized to the app that they downloaded.   [Read more…]

Little known ways of managing mobile devices to prevent data loss

This article originally appeared on Stephen’s personal blog. You can visit it here. 

Most people feel naked without their smart phones and tablets. The adoption rates of these devices over the last five years have been explosive with an expected 10 billion by 2020, according to Morgan Stanley  (to give you an idea of the magnitude – PCs and notebooks are at about 1 billion today.) Morgan Stanley also predicts that 95% of devices purchased for business will be by employees. This means that there will soon be a diverse selection of mobile devices in the office (for example right now Softchoice’s Employee Choice model has brought hundreds of iPhones into our environment.) How is IT going to cope with this?

Device heterogeneity is a serious issue.  Similar versions of Apple’s IOS Operating System run on iPod, iPhone, and iPad devices. Android has been modified by several vendors including Samsung, HTC, and Motorola. HP recently introduced new versions of WebOS that run the Palm Pre3 and TouchPad.  RIM has also introduced the Playbook that works with Blackberry devices. Is your head spinning yet?

All of this heterogenity has left network administrators confused about how to apply one of the most fundamental principles to these devices: centralized management. Lack of centralized control and updating is an architecture built for an individual, not an enterprise. Centralized management of mobile devices is crucial as part of a Data Loss Prevention program because of they are easily lost, stolen, (and likely soon to be) compromised. 

Here are seven little known ways to implement a Mobile Device Management solution: [Read more…]