Mobile Device Management: The 2018 Landscape22nd Aug 2018
We all knew we would end up here; the sheer number of network connected devices on both corporate and domestic systems is staggering when compared to that of just a few years ago.
For WiFi provision, in the hospitality sector for instance, this rapid increase in device adoption has put the pressure on bandwidth, performance, and, ultimately, user/guest experience. We have written a great deal about the pressure on hoteliers and hotel operators to overcome this multi-device landscape and the never-ending hunger for WiFi access, but for other business verticals the performance of their networks is just one of a number of concerns.
Add to this the burden of multi-device management, the maintenance of up-to-date security configurations and an increasingly mobile workforce and you have a far more complex IT landscape on your hands. (For more on this, see our blog about Endpoint Security.)
Tackling mobility with MDM
Mobile Device Management (MDM) is not exactly ‘new’. Those in the industry will have been familiar with the term for some time, but it is fair to say that this ‘sub-sector’ of business IT is growing up FAST! One only has to consider the extent of the task facing the large enterprise for a short period of time before the scale and requirement for a robust solution becomes glaringly obvious -
'Multiple mobile devices running multiple operating systems from a range of service providers; personal and business-owned devices accessing your network from countless different locations is (or could be) an IT administrators nightmare.'
So, with such a lot to consider, we have put together a broad overview of the MDM situation for any business or individual seeking to regain some control over their mobile devices and their remote workers.
The following is a question and answer session with Will South, Technical Director at Ensign Communications.
Q1. What exactly is MDM?
Well, at its core Mobile Device Management is two things:
Firstly, it is a means of maintaining the correct software build or configuration on a range of devices and, secondly, it is a mechanism through which to deploy these devices.
Although these two functions are clearly quite separate, both are supremely useful to any enterprise with a large – and undoubtedly – growing number of devices.
Q2. What is the minimum number of devices needed to justify an MDM investment?
Well, there isn’t what you might call a ‘hard-and-fast’ number, but we would recommend 20 or more to be a decent baseline – although, having said that, MDM deployments for businesses operating around ten devices are not uncommon.
The main factor to take into account, rather than the number of devices, is the frequency and criticality of device repair-and-replace or changes to the configuration or software build of the device. For operations in which devices are likely to repaired and replaced in either moderate or large quantities an MDM software solution would be the ideal way to ensure the correct configurations are applied to new and/or replacement hardware.
Q3. What is the level of investment required to deploy an MDM Solution?
As with most business technologies, the cost of the solution can vary quite significantly. The MDM solution market has evolved quite rapidly in recent years and because of this we are seeing far more choice than has previously been on offer.
As you might expect, the more 'cost-effective' the MDM solution the fewer features you can expect, but this isn’t necessarily a bad thing. Our advice would be to define what exactly you need your MDM solution to do before making a selection; this way you will not pay a premium for features that are surplus to your business needs.
With regards to pounds and pence, the cost of an MDM solution can again vary and will depend on whether you opt for an ‘on-premises’ solution or a cloud-based MDM solution. Cloud-based MDM will commonly cost around £4 per month/per device.
Reframing your MDM investment:
As opposed to costing your MDM solution in simply monetary terms, it may be better to think more about the investment in terms of the time and resource that will likely be required to deploy the software effectively and then offset this against the time saved and risks avoided once implemented.
Ultimately, MDM is about simplifying management and mitigating risks whilst improving the overall productivity of your workforce; for this reason a purely capex view might not give you the full picture.
Q4. How does MDM help to improve Enterprise Security?
It is fair to say that the need to mass-update or mass-configure multiple devices is a bigger problem for businesses now than it was a decade ago. Given the rapid evolution of network security, which was often an afterthought is the past, the facility to remotely manage Operating System (OS) updates is a major benefit of mobile device management.
As anyone reading this will be aware, there are far more (irksome) OS updates now than ever before. With MDM removing the bulk of the ‘pain’ associated with updating ‘en masse’, the security conscious enterprise can mandate an OS update across all devices under their one virtual roof. In this instance, businesses are able to leverage MDM in order to eliminate the omnipresent problem of human error (or just plain apathy).
The ‘splitting’ or ‘segmentation’ of smart devices is another core feature of many MDM solutions which is of significant benefit to businesses seeking to secure their endpoints.
As an example a suitable MDM solution, when paired with Samsung’s ‘Knox’ application (built into most Samsung phones) is able to literally divide a phone into personal and corporate roles.
Administrators are able to manage mobiles in both corporate and personal modes -the idea being that should a device be lost or stolen, the enterprise can remotely remove any corporate data safely and without wiping the entire device.
Q5. What other challenges does MDM overcome?
Much of the benefits of mobile device management are made clear in the previous section but the crux of the matter is this:
The best way to ensure efficiencies, where business-owned devices are concerned and to avoid any nasty cybersecurity surprises is to maintain watertight device continuity.
Previously, achieving this kind of continuity – or, ‘common build’ - has been a great challenge for businesses but with the rate of technological change such as it is, a solution was badly needed.
Ensuring that all devices benefit from this ‘common build’ with MDM makes management and the evolution of enterprise device protocol a far simpler task and dramatically decreases the time and cost of major updates.
In short, MDM overcomes the continuity challenge facing businesses in a multi-devices, multi-configuration world.
Q6. What about Mobile Application Management (MAM)?
Well, in a nutshell, MDM is a great, but is really most effective where corporate-owned devices are concerned; things get trickier with employee-owned devices are thrown into the mix.
In the age of IOS and Android, many employees will want to use their own personal phone for work and leisure purposes – ‘BYOD’ if you like. This is all well and good, as long as they are happy for enterprise IT staff to have full visibility and control over their property – and, moreover, to have the ability to delete data from it whenever they see fit.
Not ideal and certainly not likely!
MAM gets around this by going a whole level deeper than MDM, to the Application layer (as if you hadn’t already guessed!). With the software only applied to specific corporate applications, IT can apply policies, lockdown, wipe or simply control them without having to make broad changes to the device.
There are certainly some downsides to MAM, such as the limitations on applications that it can be applied to, but the idea is sound and will surely evolve as MDM has had to do.
Q7. Where does EMM come into all this?
The combination of mobile device and application management solutions has led to a yet another acronym, ‘EMM’, which broadly encompasses this field of burgeoning technology. Enterprise Mobility Management essentially describes the addition of Mobile Application Management features to Mobile Device Management products.
Q8. So who is MDM FOR?
Well, aside from businesses operating 20 or more devices, there is a little more logic you can apply in order to determine whether or not an MDM solution is right for you and your business.
In Ensign’s experience, most businesses technology decisions fall into one of two categories; those that are mission-critical (and thus perform a vital, non-negotiable function) and those that are ‘nice to have’, advantageous but not essential to successful operational fulfilment.
In terms of MDM application within specific business verticals, the warehouse, transport & logistics and retails spaces can really stand to benefit from a bespoke MDM Solution. Having said that, a modern education environment, whether it be a school, college or university, utilising tablets in their hundreds will most certainly need MDM in order manage device configuration issues.
Q9. What about free MDM Solutions?
There are certainly some free examples of MDM on the market, Apple do offer a very niche MDM product and Cisco Meraki offer a free MDM product which, again, is very limited when compared to the major players.
Understanding what it is you and your business or organisation hopes to get from MDM deployment is the best way to ensure the right product is selected. The free MDM solutions mentioned above may well do all that you require but it is just as likely that they will not.
Q10. What does the future hold for MDM?
The Internet of Things is already a massive challenge and promises to become even more troublesome.
We have a scenario in which two opposing forces exist – an IoT device needs to be really easy to configure and really easy to enrol onto a network but equally, it must be secure…historically these two things have not gone hand-in-hand - watch this space!
Are you considering an MDM Solution for your business? Give our team a call on 01929 557 422 for a friendly chat.
For advice on Mobile Device Management and associated systems, to the deployment of security solutions like Next Generation Firewalls and Endpoint Network Security, please contact Ensign Communications for a chat with our technical team.