Developing a Strategy to Manage Mobile Devices
By Samuel Greengard
As mobility has taken root and the walls of the workplace have disappeared, there has been a profound shift in the way organizations approach information technology. Workers are no longer chained to desktops, and there's no need to track down an Internet connection. Ubiquitous WiFi and cellular networks have transformed enterprise communication and collaboration into a 24x7x365 proposition.
However, this new era of connectedness also places enormous pressure and stress on IT. "We have entered an entirely different environment where BYOD [bring your own device] and consumer technologies rule," observes Daniel Eckert, managing director of Emerging Technologies at consulting firm PwC. "Although a mobile infrastructure is relatively easy and cost-effective to build and maintain, it raises new and sometimes difficult challenges. There's a need to manage people, devices and data."
Enter mobile device management. Although the term MDM is often associated with software applications that offer technical controls over devices—including the ability to register smartphones and tablets on a network, control how data flows on and off these devices, and wipe them in the event of a security breach—there's the more general issue of developing a strategy that maximizes business opportunities while minimizing IT challenges and risk.
"Organizations must develop a comprehensive mobility framework," says Patrick Rusby, research analyst at IT research firm Analysis Mason.
The migration to a post-PC world is occurring faster than anyone could have imagined. Smartphones and tablets now permeate the workplace: Gartner predicts sales of 1.2 billion of these devices in 2013—a 50 percent spike over last year. Sales of smart devices now make up 70 percent of the overall computing market.
What's more, workers are loading a growing array of apps onto their devices and are increasingly relying on them for both business and personal use. Within this new model, "An IT department requires a very different understanding of technology use," Rusby says.
An IT department must take a fundamentally different view of resources within a BYOD environment, Rusby adds. "It's critical to start from the position that the business must enable the use of devices rather than block them," he points out. "The most successful BYOD strategies do not impede employees desiring to use their personal devices for work, but they do ensure that enterprise security concerns are met." In some cases, organizations must also adopt policies and rules about how specific apps and services can be used.
Make no mistake, it's a new frontier of IT and business. PwC's Eckert points out that the new mobility environment crosses all sorts of boundaries. It touches on infrastructure and network issues, the types of applications and mobile apps an organization uses, human resources and policies, and security.
"[Mobility] expands and redefines the traditional boundaries of IT and the relationship people have with technology and work," he explains. Eckert believes that within five years, "Everything will be built for mobile channels, and organizations that fail to act will watch the competition bypass them."
As a result, it's critical to build a mobile and wireless infrastructure that supports collaboration and knowledge sharing but has strong controls in place, including policy and technology protections. Among other things, an enterprise must establish secure authentication, deploy endpoint security, and use an MDM tool that can track devices and allow system administrators and HR staff to register and unregister them on the network. It's also critical to lock and wipe devices that are lost, stolen or otherwise compromised.
"There must be a corporate certificate on the device to ensure that it's secure," Eckert says.
Mobility Means Business
One organization that has put mobile device management at the center of its strategy is Memorial Hermann Healthcare, a not-for-profit health care provider with 12 hospitals and 40 professional office buildings scattered around Houston. The organization— ranked among the nation's top 15 health care providers—has 5,500 affiliated physicians and 21,000 employees.
Overall, physicians, allied health professionals and staff use more than 40,000 edge devices, according to John Barr, consulting technology architect. "Wireless technology has become a critical tool in providing efficient care and improving patient safety," he says.
The facility relies on mobile technology for basic communication, as well as an array of specialized capabilities, including wireless charting and review of electronic medical records (EMR), physician order entry, medication administration and scanning specimens for labs. Some doctors and others bring their own devices to work, while the facility issues devices to many others.
However, the hospital is heading toward a BYOD approach. "Physicians and others will be able to use their own iOS and Android devices," Barr says. That's a job that IT executives don't take lightly, especially since the facilities are spread across a 50-mile periphery and numerous types of devices enter the picture.
"There are huge concerns over patient safety and protecting health information," Barr explains. "Today's mobile devices—smartphones and tablets—are replaceable. We cannot afford to have protected health information floating out and winding up in the wild. We must be able to protect against human carelessness, as well as external threats."
Memorial Hermann is addressing mobile device management by focusing on policies, procedures and tools that span operating systems, devices and functional requirements. For example, the facility is now looking for ways to more effectively sandbox sensitive data so that it drops off a device when the user leaves the wireless network. "Once they are off the network, it's extremely difficult to manage the device and protect the data," Barr explains.
The organization also has put strong protections in place. A Honeywell Remote MasterMind solution manages handheld barcode scanners and mobile devices, and an AirWatch MDM solution tracks smartphones and tablets, including Android and iOS devices. The latter software blocks jail-broken devices from the network.
If an employee violates the policy, their device is automatically wiped. In addition, system administrators can view devices and activity from a central dashboard. They also can push out updates and notifications on an as-needed basis and access device metrics and statistics to quickly diagnose issues.
Securing the Enterprise
Research firm Analysis Mason describes four essential elements of a BYOD framework. The first involves implementation, including device policy, connectivity enablement and policy, device logistics and provisioning. The second element revolves around application enablement, including customer app development, mobile customization and configuration, integration, data synchronization and application allocation.
The third centers on management, including device and OS application management. The final element dives into security, including device authentication, data backups and protection, remote lock and wipe, secure connectivity, malware protection and partitioning.
Mobile device management must also deliver a framework that can adapt to today's rapidly changing market and business conditions. This means designing "a flexible and responsive approach that makes it possible to on-board devices quickly."
MDM is also about embedding a strategy into policies and workflows. Crucial tools and features such as authentication, sandboxing, and remote lock and wipe capabilities are essential. Many organizations, including IBM and Intel, are also introducing app stores that allow employees to download approved software.
Developing a policy framework is even more challenging in the global arena, PwC's Eckert says. As organizations dive deeper into BYOD, they often discover that it's necessary to have someone to oversee the initiative in a more holistic way.
"If you're doing business in 40 or 50 countries, every one of these countries will have different rules and regulations," he points out. As a result, large multinational firms must build policies and rules that not only match the laws of a specific country, but also "follow a person as they travel. Otherwise, they put the company at risk legally and also create security threats," he adds.
Likewise, business and IT leaders must increasingly consider how devices and apps function in different countries and situations—along with which services will work and not work. For example, in countries that block social media sites or deem certain types of activities and communication illegal, an organization might shut down access or block use of an app based on preset rules and conditions.
"More advanced companies are focused on managing the service and type of access, rather than simply providing an app and letting people use it however and wherever they want to use it," Eckert says.
Finally, regardless of whether an enterprise operates in a local or global environment, there's a need to understand how data travels and where it is stored. Cloud computing and third-party servers may require remote access through VPNs or an encrypted network. In some cases, it may be necessary to encrypt data on the mobile device as well.
For example, some organizations temporarily store data in an encrypted cache on a mobile device or render files read-only based on the device profile or a machine ID. As Eckert puts it: "It's important to approach the issue from a number of directions but ultimately maintain a focus on the data."
In the end, one thing is certain. Mobile device management has emerged as an essential component of IT. The opportunities and challenges surrounding the use of smartphones, tablets and other devices will continue to grow in the months and years ahead.
"We have reached the point where almost every IT project has a mobile component," Eckert concludes. "Executives must understand that the mobile infrastructure and governance models they adopt now will play a major role in determining the shape of their organization in the future."