09:47 AM

Mobile Device Management: What's Still Missing

MDM can help extend IT management all the way to the new edge of the enterprise network. But it's only one part of the solution really needed to maximize enterprise mobility.

After re-reading my last column on Mobile Device Management (MDM), it occurred to me that any discussion of this clearly vital topic in enterprise IT is incomplete without a little more context. MDM most certainly is not dead, but it is ill-defined, amorphous, and incomplete with respect to the totality of a solution required by a successful mobile enterprise today.

What's missing? Well, as I noted, MDM itself is whatever a given vendor in the field is shipping these days. Device wipe? Sure, but in a world of personal liability (a/k/a BYOD), it sure would be nice to avoid deleting those pictures of the kids and someone's music collection in the process. And while we can argue that security is an obvious goal here, without real-end-to-end tracking of sensitive data, what's to prevent someone from simply making a backup copy onto an insecure device?

And what about implementation strategy? Is mobile device management something one operates in one's data center, a service one buys from a carrier or operator, a service provided by a third party on a device/network-independent basis, or perhaps an open-systems mix-and-match solution based on standards that--oh, wait, we really don't have standards here yet. My mistake.

[ Learn more about MDM. Read Top 5 MDM Must-Do Items. ]

It gets worse--let's consider the other pieces required for something resembling a complete enterprise mobility solution:

Policy--First, you do have a Mobility Policy in place, right? This is a statement of what IT operations can be performed while out of an enterprise facility, and how these operations can be performed. What networks are allowed? What apps can be used (or not, as in blacklist)? Is BYOD allowed? And, of course, all of this must be in concert with an enterprise's overall Security Policy. And you do have one of those, right?

Expense--It doesn't matter if you supply handsets (corporate liability) or, as is increasingly the case, embrace Bring Your Own Device, some tracking of how money is being spent on network access is vital. It's important that this be as close to real-time as possible in order to spot negative trends before they become a big hit to the bottom line. And policy enforcement via software would also be nice--there's no point in racking up cellular minutes when, for example, a lower-cost Wi-Fi option is available.

Applications--I'm still not convinced that commercial apps of any form have much of a place in enterprise mobility. There's too much risk for malware, increased support costs, and simple distractions at work here. And I believe that the future of enterprise mobility is in Web and cloud services, not apps that are platform-specific and expensive to develop and maintain. We'll debate this for some time, I'm sure, but if you're going to allow apps, some form of management here is also vital.

And that's just for starters. I've proposed the term Mobile Operations Management (MOM) as the all-inclusive catch-phrase for describing all of the elements required for a successful enterprise mobility implementation--successful being defined as secure, cost-effective, appropriate, visible, enabling, and manageable. But no matter what we call all of this, enterprises everywhere need to think about strategy, and not just assume that an MDM solution (again, whatever that is) is all that's required.

Management is going to remain one of the key themes in mobility for 2012, and certainly for some time after that. With the edge of the enterprise network now anywhere an authorized mobile user and device might be, the opportunities for trouble are greater than they've ever been. But so are the opportunities for reward, and thus, despite the challenges, enterprise mobility management, whatever it might turn out to be, must remain on the front burner at IT shops, both large and small, everywhere.

Craig Mathias is a Principal with Farpoint Group, a wireless and mobile advisory firm based in Ashland, MA. Craig is an internationally recognized expert on wireless communications and mobile computing technologies. He is a well-known industry analyst and frequent speaker at industry conferences and trade shows.

The Enterprise Connect conference program covers the full range of platforms, services, and applications that comprise modern communications and collaboration systems. It happens March 25-29 in Orlando, Fla. Find out more.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
12/13/2011 | 3:04:20 PM
re: Mobile Device Management: What's Still Missing
I think mentioning the policy first is critical. I would add that MDM is still missing the component of user support. Many of our clients (http://www.gill-technologies.c... enjoy the removal of having to support individual user challenges, allowing their IT team to focus on more pressing issues.
Any type of custom reporting that makes the job easier and time effective for those responsible is critical. Additionally adding individual accountability for those corporately paid devices by exposing the user to the actual costs involved, adds a lot of benefits to an organizations management and reduces the expense.
User Rank: Apprentice
11/29/2011 | 2:54:49 AM
re: Mobile Device Management: What's Still Missing
Glad you covered the expense side of mobile management. Many IT shops eliminate expenses from their P & L when companies provide options for employees to opt out of the corporate plan (BYOB), but often times the costs show up in expense reports and the actual cost is significantly higher than when on the corporate plan.

In fact the number one issue I find in my work as a mobility consultant is "no discount" applied to BYOB plans paid for by individuals. It's not well known that most BYOB plans qualify for a discount of up to 24% with no contract changes required. This discount alone would pay for most any MDM software and still show a significant cost savings.It might be wise for IT Shops to engage the eyes of a trained mobility consultant/auditor to help manage the expense side.
User Rank: Apprentice
11/28/2011 | 4:37:04 PM
re: Mobile Device Management: What's Still Missing
There are MDM solutions out there that are paving the way for the rest. MaaS360 for example offers users a selective wipe to avoid losing our favorite music & photographs we are sentimental about. Regarding mobile stategy formation, this platform's simplicity of use eases the process of policy implementation for IT departments that have yet to get too serious on this front. All on one screen, MaaS60 makes it easy to manage apps (whitelist/blacklist/push apps, etc...) and control wireless expenses as well. Take a tour today and see for yourself: http://bit.ly/tourMaaS360
Register for Dark Reading Newsletters
White Papers
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2015-10-15
The Direct Rendering Manager (DRM) subsystem in the Linux kernel through 4.x mishandles requests for Graphics Execution Manager (GEM) objects, which allows context-dependent attackers to cause a denial of service (memory consumption) via an application that processes graphics data, as demonstrated b...

Published: 2015-10-15
netstat in IBM AIX 5.3, 6.1, and 7.1 and VIOS 2.2.x, when a fibre channel adapter is used, allows local users to gain privileges via unspecified vectors.

Published: 2015-10-15
Cross-site request forgery (CSRF) vulnerability in eXtplorer before 2.1.8 allows remote attackers to hijack the authentication of arbitrary users for requests that execute PHP code.

Published: 2015-10-15
Directory traversal vulnerability in QNAP QTS before 4.1.4 build 0910 and 4.2.x before 4.2.0 RC2 build 0910, when AFP is enabled, allows remote attackers to read or write to arbitrary files by leveraging access to an OS X (1) user or (2) guest account.

Published: 2015-10-15
Cisco Application Policy Infrastructure Controller (APIC) 1.1j allows local users to gain privileges via vectors involving addition of an SSH key, aka Bug ID CSCuw46076.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.