Risk
11/23/2011
09:47 AM
Commentary
Commentary
Commentary
Connect Directly
RSS
E-Mail
50%
50%
Repost This

Mobile Device Management: What's Still Missing

MDM can help extend IT management all the way to the new edge of the enterprise network. But it's only one part of the solution really needed to maximize enterprise mobility.

After re-reading my last column on Mobile Device Management (MDM), it occurred to me that any discussion of this clearly vital topic in enterprise IT is incomplete without a little more context. MDM most certainly is not dead, but it is ill-defined, amorphous, and incomplete with respect to the totality of a solution required by a successful mobile enterprise today.

What's missing? Well, as I noted, MDM itself is whatever a given vendor in the field is shipping these days. Device wipe? Sure, but in a world of personal liability (a/k/a BYOD), it sure would be nice to avoid deleting those pictures of the kids and someone's music collection in the process. And while we can argue that security is an obvious goal here, without real-end-to-end tracking of sensitive data, what's to prevent someone from simply making a backup copy onto an insecure device?

And what about implementation strategy? Is mobile device management something one operates in one's data center, a service one buys from a carrier or operator, a service provided by a third party on a device/network-independent basis, or perhaps an open-systems mix-and-match solution based on standards that--oh, wait, we really don't have standards here yet. My mistake.

[ Learn more about MDM. Read Top 5 MDM Must-Do Items. ]

It gets worse--let's consider the other pieces required for something resembling a complete enterprise mobility solution:

Policy--First, you do have a Mobility Policy in place, right? This is a statement of what IT operations can be performed while out of an enterprise facility, and how these operations can be performed. What networks are allowed? What apps can be used (or not, as in blacklist)? Is BYOD allowed? And, of course, all of this must be in concert with an enterprise's overall Security Policy. And you do have one of those, right?

Expense--It doesn't matter if you supply handsets (corporate liability) or, as is increasingly the case, embrace Bring Your Own Device, some tracking of how money is being spent on network access is vital. It's important that this be as close to real-time as possible in order to spot negative trends before they become a big hit to the bottom line. And policy enforcement via software would also be nice--there's no point in racking up cellular minutes when, for example, a lower-cost Wi-Fi option is available.

Applications--I'm still not convinced that commercial apps of any form have much of a place in enterprise mobility. There's too much risk for malware, increased support costs, and simple distractions at work here. And I believe that the future of enterprise mobility is in Web and cloud services, not apps that are platform-specific and expensive to develop and maintain. We'll debate this for some time, I'm sure, but if you're going to allow apps, some form of management here is also vital.

And that's just for starters. I've proposed the term Mobile Operations Management (MOM) as the all-inclusive catch-phrase for describing all of the elements required for a successful enterprise mobility implementation--successful being defined as secure, cost-effective, appropriate, visible, enabling, and manageable. But no matter what we call all of this, enterprises everywhere need to think about strategy, and not just assume that an MDM solution (again, whatever that is) is all that's required.

Management is going to remain one of the key themes in mobility for 2012, and certainly for some time after that. With the edge of the enterprise network now anywhere an authorized mobile user and device might be, the opportunities for trouble are greater than they've ever been. But so are the opportunities for reward, and thus, despite the challenges, enterprise mobility management, whatever it might turn out to be, must remain on the front burner at IT shops, both large and small, everywhere.

Craig Mathias is a Principal with Farpoint Group, a wireless and mobile advisory firm based in Ashland, MA. Craig is an internationally recognized expert on wireless communications and mobile computing technologies. He is a well-known industry analyst and frequent speaker at industry conferences and trade shows.

The Enterprise Connect conference program covers the full range of platforms, services, and applications that comprise modern communications and collaboration systems. It happens March 25-29 in Orlando, Fla. Find out more.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
GeorgeGill
50%
50%
GeorgeGill,
User Rank: Apprentice
12/13/2011 | 3:04:20 PM
re: Mobile Device Management: What's Still Missing
I think mentioning the policy first is critical. I would add that MDM is still missing the component of user support. Many of our clients (http://www.gill-technologies.c... enjoy the removal of having to support individual user challenges, allowing their IT team to focus on more pressing issues.
Any type of custom reporting that makes the job easier and time effective for those responsible is critical. Additionally adding individual accountability for those corporately paid devices by exposing the user to the actual costs involved, adds a lot of benefits to an organizations management and reduces the expense.
Vocio
50%
50%
Vocio,
User Rank: Apprentice
11/29/2011 | 2:54:49 AM
re: Mobile Device Management: What's Still Missing
Glad you covered the expense side of mobile management. Many IT shops eliminate expenses from their P & L when companies provide options for employees to opt out of the corporate plan (BYOB), but often times the costs show up in expense reports and the actual cost is significantly higher than when on the corporate plan.

In fact the number one issue I find in my work as a mobility consultant is "no discount" applied to BYOB plans paid for by individuals. It's not well known that most BYOB plans qualify for a discount of up to 24% with no contract changes required. This discount alone would pay for most any MDM software and still show a significant cost savings.It might be wise for IT Shops to engage the eyes of a trained mobility consultant/auditor to help manage the expense side.
harringbones
50%
50%
harringbones,
User Rank: Apprentice
11/28/2011 | 4:37:04 PM
re: Mobile Device Management: What's Still Missing
There are MDM solutions out there that are paving the way for the rest. MaaS360 for example offers users a selective wipe to avoid losing our favorite music & photographs we are sentimental about. Regarding mobile stategy formation, this platform's simplicity of use eases the process of policy implementation for IT departments that have yet to get too serious on this front. All on one screen, MaaS60 makes it easy to manage apps (whitelist/blacklist/push apps, etc...) and control wireless expenses as well. Take a tour today and see for yourself: http://bit.ly/tourMaaS360
Register for Dark Reading Newsletters
White Papers
Cartoon
Latest Comment: LOL.
Current Issue
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-6213
Published: 2014-04-19
Unspecified vulnerability in Virtual User Generator in HP LoadRunner before 11.52 Patch 1 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1833.

CVE-2013-6214
Published: 2014-04-19
Unspecified vulnerability in the Integration Service in HP Universal Configuration Management Database 9.05, 10.01, and 10.10 allows remote authenticated users to obtain sensitive information via unknown vectors, aka ZDI-CAN-2042.

CVE-2012-0871
Published: 2014-04-18
The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on the X11 user directory in /run/user/.

CVE-2012-6646
Published: 2014-04-18
F-Secure Anti-Virus, Safe Anywhere, and PSB Workstation Security before 11500 for Mac OS X allows local users to disable the Mac OS X firewall via unspecified vectors.

CVE-2013-4279
Published: 2014-04-18
imapsync 1.564 and earlier performs a release check by default, which sends sensitive information (imapsync, operating system, and Perl version) to the developer's site.

Best of the Web