Management

5 Considerations for Mobile Device Management

Take careful steps when enrolling agency devices into mobile device management.

Joel Snyder, Ph.D., is a senior IT consultant with 30 years of practice. An internationally recognized expert in the areas of security, messaging and networks, Dr. Snyder is a popular speaker and author and is known for his unbiased and comprehensive tests of security and networking products. His clients include major organizations on six continents.

Mobile device management, also called enterprise mobility management or unified endpoint management, increases security by enforcing compliance with organizational policies on mobile devices.

1. On-Premises or in the Cloud for MDM Tools?

Go with a cloud-first strategy to deliver better service with a lower overall cost. On-premises may be required in certain circumstances; for example, if an MDM is tightly linked to an endpoint security product already running on-premises. If possible, though, save time and money by putting this important — but not business-critical — function in the cloud.

Click the banner below to get access to customized content by becoming an Insider.

2. How Can We Balance Agency Security and Individual Privacy with MDM?

For agency-owned devices, there’s no conflict: Don’t give up security on an agency laptop just because someone might also want to do some occasional online shopping from the same device. For BYOD, think of MDM as an agreement with end users: In exchange for control over some aspects of their mobile devices, they get the convenience of accessing sensitive information on their own phones. If they’re uncomfortable with that deal, they can decline to participate in MDM, but they also won’t be able to connect to agency-trusted networks or information systems.

3. Where Do I Start When Defining Policy? MDM Gives Me Too Many Settings.

Focus on MDM policy elements with a direct impact on overall security: device lock, app store access, password and biometric policies, and software patch and update settings. Those get pushed immediately to everyone. Then, divide users into groups in the MDM console, including a group of early adopters outside of IT. Slowly incorporate additional MDM policies by pushing to early adopters first, then roll out agencywide once you are confident there are no negative side effects.

LEARN MORE: 3 areas of focus for protecting federal IoT devices.

4. Deployment Looks Like a Nightmare. I Don’t Want to Touch Every Mobile Device.

Investigate “zero-touch” programs for agency devices. With both Apple and Android, hardware resellers like CDW coordinate with hardware vendors so that devices automatically “know” they’re part of the agency and preload basic configurations (including MDM enrollment) when they are first turned on and after a factory reset. This cuts deployment costs while increasing security for lost or stolen devices.

5. How Do I Handle Devices with Old Software?

MDM works with a broad range of devices and OS versions, but old devices and old software can be a problem. However, smartphone software is constantly under attack, so keeping devices patched and updated should be part of agency security policy. Any device so old that it can’t run MDM software shouldn’t be handling sensitive data in the first place.