BYOD – how to manage the flood without getting swept under by the wave.
According to Gartner, 48% of employees chose smartphones without regard for IT support. It's time for security and risk professionals to rethink their approach to enterprise mobility. BYOD HAS to become BYOAD or corporate IT departments will be releasing control and security to hackers. It's possible personal devices in the workplace could become a thing of the past, but not until the new smart phone love affair cools down. There are a lot of legal questions that arise when a company allows employee property to be used at the office.
- How is the employee reimbursed for the company-used portion of his service?
- Who handles replacement if the device breaks?
- How is personal information kept separate from corporate? Is it kept separate?
- How does the corporation handle device wipes in the event the employee leaves the company?
- How would the company handle e-discovery?
- Are texts considered business property?
All of these questions and more should be discussed and policies written to support the company's stance. Otherwise, these unknowns could bite an IT group where it hurts the most – credibility and security.
MDM – Mobile Device Management is yet the latest case of many IT departments trying to capture the horse running out of the barn. Frequently, the business is out the gate leaving IT in their dust or in hard pursuit, trying to get ahead of the race. (I promise that's the last of the analogies).
It's a fine line that IT departments walk as far as locking down desktops, browsers and devices. Who can remember when desktops were locked down and suddenly people couldn't play Solitaire at lunchtime? In their minds, it wasn't because managers had requested it. "IT" DID IT. In order to be as successful as possible
- First- understand what the business wants/needs the devices for. Is it for convenience? The cool factor? Ease of doing business?
- Second – research the market to see what's currently available and what vendors are advertising as their next generation release. Without a Ouija board, that's the best you can do.
- Third – research MDM vendors to identify which fits your business model. Which companies focus on being the market leader in releasing gadgets versus who focuses on securing and segregating personal data from business? Ask the question, what is your company's risk footprint? How will Mobile Device support impact your IT department? Is containerization critical to you?
- Fourth – perform a pilot program. Document details such as ease of administration, configuration and Use. Use. Include a use-scenario for performing remote wipes.
Gartner's Magic Quadrant published their MDM Software edition in June, 2012. They reviewed approximately 20 different vendors offering Mobile Device Management solutions. Of those, you have the names you would expect to see in the Leader Quadrant, Fiberlink, Good Technology, and AirWatch. Of these vendors, all market to large enterprise environments.
- AirWatch has a strong focus on security and can easily support to scale. It has a strong administrative interface according to Gartner.
- Good Technology (the one I am most familiar with), has strong security capabilities with multi-factor authentication. It comes at a high cost per client because its mobile management component is part of an Enterprise package. Good does not support Blackberries which may or may not be meaningful to your environment.
- FiberLink's product (MaaS360) does not support an in-house solution. They have strong feedback on integration with cloud email services. The only negative that would discourage shops is that the management approach is device centric versus user centric which means that IT support requirements would be greater than with user centric products.
In the Challenger's quadrant, you find SAP and Symantec, neither of which have a strong focus on mobile device support.
In the niche player quadrant, you have a number of players including McAfee, Trend Micro, LanDesk and Amtel. Of these, McAfee and Trend Micro have strong reputations for security focus. As far as support is concerned, I've used McAfee, Trend Micro and LanDesk and have high regard for their support. For MDM however, I don't know that I would recommend any of these products. LanDesk's interface is complicated and not user-friendly. McAfee hasn't gone a long way toward making their product a priority, rather it is an offering bundled with other products. TrendMicro is focusing on their current customer-base and integrating their product with their other bundle. While this may not be a relevant point if you already are a TrendMicro shop, it's a consideration.
In the visionary quadrant, you have IBM and BoxTone. Of these, IBM is not a mobile-focused vendor, it's solution provides minimal reporting features and it only supports native device encryption. On the positive side, if you are an IBM-centric customer, you will receive world-class support. BoxTone really stood out in my estimation. They have a long history with focusing on mobile devices, particularly enterprise-sized. They are strong components of a multilayer-defense approach to security and can remediate policy and compliance violations. The only negative that was disconcerting is that application containerization is not used for native apps on the device – such as Apple email client. It does have a version of NitroDesk's TouchDown app for Android and supports Good.
Whichever MDM solution you decide upon, make sure it fits your corporate risk footprint, the IT support model you can afford and the needs of your business. Do your research. If you'd like a copy of Gartner's report, email me at cgarland@cgsolutionsofjax.com and I'll be happy to forward it to you.
