IT managers diving into mobile device management (MDM) — and enterprise mobility management (EMM) — tools for the first time, whether for corporate-owned or BYOD smartphones, can find the process overwhelming. All of the interesting device management policies and cool features in today’s MDM consoles will get the creative juices flowing, but can just as easily create analysis paralysis.
Fortunately, mobile device management is something that you can start small with and grow. As with many IT projects, rapid prototyping and user feedback will increase your odds of success.
Here are the five essential steps to get you off on the right foot managing corporate-issued mobile devices.
1. Cover the Basics
MDM tools vary wildly in what they can do, but at the core, every product has the same basic settings to pay attention to immediately: password settings, device lock rules, enabling encryption and setting up remote wipe. Usually, these are common across the entire enterprise, which means that exceptions are few and far between. Get these four areas covered quickly before diving into more esoteric settings, such as restricting application stores or application whitelist/blocklists. At the same time, start developing your group and profile structure. Even if you imagine that most users will share the same profile, it’s helpful to have additional profiles you can use to test settings with members of the IT team or other early adopters.
That’s not to say the advanced policies above aren’t interesting areas to explore and important for overall security, but getting down the basic requirements first will speed implementation and reduce user frustration. As MDM deployments mature, it’s appropriate to set up different user groups and profiles and begin to experiment with other settings.
2. Compliance is a Basic
At the same time that you’re doing initial setup with the basic device settings, take time to deal with compliance issues. Most enterprises will have specific rules about settings such as operating system updates, minimum software versions and patching.
Generally, you’ll start with reporting on compliance to find out how far out-of-spec your mobile devices are and what major problems you need to solve. But as soon as possible, switch to enforcing.
3. Encourage Self-Service and Empower Users
Most MDM tools offer some level of self-service, especially if you take the time to integrate them with your corporate Active Directory (although this is not always required). Take advantage of these self-service features from the beginning, and get IT out of the middle of providing support for smartphones. MDM tools should allow users to do most, if not all, of the enrollment and client installation tasks on their own, leaving IT only the task of assigning the user to the correct group or profile. The simpler you can make it, the better off you’ll be.
Users should also have direct access to features such as remote device lock and unlock, remote wipe, passcode reset and “find my phone.” These are user-accessible from the beginning. Smartphone users are accustomed to being more independent of corporate support than laptop users, and will appreciate the greater sense of control that these features offer them. This is especially important when shifting from a BYOD environment to a more corporate-controlled/corporate-owned one, where users may be more sensitive to the loss of control.
4. Identify Specific Settings to Solve Enterprise Pain Points
Most organizations invest in some sort of MDM tool for two reasons: to reduce support costs and increase overall security controls. But every organization has its own particular mobility pain points, and device management tools may be able to help resolve some of these. It’s worth taking some time to zoom out and consider particular issues that are cropping up in mobile devices.
For example, if data usage or data overages are an issue, then a combination of reporting and device settings may help people to remain in their limits. Or, if backups are a particular issue because of certain corporate applications running on smartphones, then MDM tools can help to ensure that backup agents are installed and backups are running properly.
5. Dive into Reporting Early
The Russian proverb, “Trust, but verify,” comes around often in discussions of security, and this is why reporting is such an important part of the security process. MDM tools gather a lot of information about the status of devices, which can be helpful in proactively addressing potential security problems.
You don’t want to overdo it, but it’s worth spending time early on looking at the reports that come out of your selected tool. One particular reason: You may want to vary nomenclature or group/profile assignments to make the reporting align better with your needs.
Because smartphones may be in the hands of every employee, MDM projects also benefit from extreme transparency. Using built-in reports to help keep people informed about what is going right — and wrong — with a mobility project can help build confidence at all levels.
One common fear is that IT is “spying” on end users. Making reports broadly available will help set expectations about what is, and is not, private about these devices. That can end up triggering reactions, but it’s better to identify and resolve issues early, rather than have them pop up later in the game.
Start with these five steps, and you’ll be well on your way to an efficient and effective MDM environment before you know it.
The most secure smartphone? Learn how Samsung is setting the bar for mobile security with Knox platform on its new Galaxy S9 and S9+ smartphones.