That meant getting users to come around to accepting a new sensitivity about the data on their phones, he says. "It's a balance of privacy versus the company's security. People are very unaware of the risks that are posed with the smartphones right now," including hacking, data capture and other security threats with smartphones. Users are typically not thinking about those kinds of risks when they use the devices.
Remote wiping and similar security measures are also used at Carfax, Matthews says, and employees are notified that data wipes can be performed if the devices are lost, stolen or used inappropriately. At the same time, he says, the company also wants to give its workers some freedom to use their devices responsibly.
For instance, Carfax allows employees to use the devices for non-work-related things like watching videos on the road, he said. "People will definitely do the right thing" and not abuse their freedoms with inappropriate behavior and usage, he says. "You just need to give them some guidelines and that's what we've done so far."
A moving target
One of the biggest pain points when it comes to MDM is time pressure because, with mobile devices, there is always something new and different to cope with, says SAP's Bussmann. And there can be a lot of need for IT support.
When SAP began its mobile deployment project in 2010, demand from workers was already high, starting with the first controlled deployment of 1,500 devices, he explains. To cope with this, the company decided to provide the initial user support for those first devices via Web 2.0 using wikis and online help portals. This was a method to reduce demands on the IT teams and give users the help they needed on demand, he said.
It was just the right approach.
"We had only two or three months to enable those devices so we didn't have time for setting up traditional support," Bussmann says. "You look at the Apple devices. There's no big menu there to operate them; they're very intuitive. This approach is similar to that."
At first, Bussmann admits, he wasn't sure that users would accept this non-traditional help system. "To be honest, I told my guys that I'm not sure the users are going to go for that. But there's been a change of user behavior, definitely."
At Edelman, one of the biggest challenges of the MDM strategy has been that the target is constantly moving, Iatonna says. "It's not possible to have a solution for every smartphone out there because there are so many models. You can't have the resources for all of it." Their answer is found in AirWatch, which covers the bulk of the devices on the market and reduces the company's risk to an acceptable level, he says.
Iatonna looked at several different MDM vendors before choosing AirWatch, he says, but one of the biggest lessons he learned was that the marketplace is relatively immature. "There's a ton of people rushing to market right now. Often times what I was seeing from vendors was a significant gap between what is promised and what is actually available as a real feature in a product. Maybe that's a reflection of how quickly the handset market is changing."
When employees do come in with their personal tablets or other devices and want to use them for their jobs, it's also important that workable policies are in place for things such as support expectations. Users may want device support in areas where the a company isn't able to provide it, so those things have to be discussed ahead of time, he said. "The waters are still very muddy," Iatonna says.
MDM lessons learned
Examine how your MDM usage policies will be viewed wherever your company does business, from state to state in the U.S. and in other nations, says Jacobs' Carmody. By asking employees to pay for their mobile bills or devices, you might be affecting changes in employment contracts that could require further reviews with labor unions or other agencies, she explains. If it's not in an existing contract as part of their employment, then you have to follow the contract as it is, she says, especially in locations including Europe, where contract changes are harder to complete.
Another good idea: Put policies into place that lay out which applications will be approved and permissible on employee devices so users can get support as needed, Carmody suggests.
In the larger scheme of things, your MDM deployment could even help you as IT moves more toward the cloud and the possibility of virtual desktops for workers, Carmody says. The lessons you learn -- especially about mobile security -- today can help you with such future initiatives, she explains, so be sure to share that information broadly within the IT team.
At Carfax, one unexpected benefit of the move to more productive mobile devices has been that some workers are now using them instead of their previously issued laptops, Matthews says. "This year I expect that some workers will tell us that they don't need their laptops anymore," which will have the side benefit of simplifying maintenance and support for the IT staff, he explains.
One lesson has become very clear, according to Matthews. "Don't let your fears keep you from trying things," he says. "You will see different ways to reach out to customers that you wouldn't have seen if you didn't look at these mobile devices."
For example, he says, "We have created mobile sales and marketing applications that allow our field reps and customers to have much more valuable conversations with more real-time information," including customer-specific data. "This allows our reps to be much more effective and efficient in how they manage their activities and customers."
In addition, make sure you have a real long-term strategy and understand your needs before you start the project, Netcentric analyst Benedict says. "Don't even bother to implement mobile technology if you don't have a mobile management strategy -- it will be totally wasted."
The way to do that is to become fully educated in what's possible, Benedict says. "Go to big conferences, view webinars, read books and bring educators in to teach and show what's available. Don't build a strategy based on your limited knowledge." Learn about what is possible, he adds.
Analysts: Where MDM can still get better
Mobile management applications have come a long way in the last year or so to help enterprises, says the 451 Group's Hazelton, but there's still more that can improve.
Today, the big needs are managing the devices and handling email, but enterprises are already looking ahead to provide custom provisioning of applications and data to the right people in their organizations so the entire mobile environment can be more secure and more easily managed, Hazelton says.
One other enterprise need that's seeing progress is the creation of private application stores that are providing analytics apps and management tools for mobile enterprise applications, Hazelton explains.
"There's definitely a lot of demand for MDM," he says. "It really answers a pressing pain point for IT departments." But so far, only about 20 to 25% of the marketplace has such strategies in place for iOS and Android devices, based on his research. The numbers are certainly higher for BlackBerry users, he explains, because those devices have been around longer and use RIM's enterprise-ready applications.
"It's most exciting," he says. "You have all this energy around smartphones and enabling them. Enterprise mobility is here for the rest of our careers."
Overall, Carfax's Matthews says, "we tell our employees that it's all one life and you can manage it however you want to do work and your personal stuff. We get a lot more out of employees that way. I think they're happy personally because they don't see this device as tethered to them and they can do other things in between work assignments."
Tips for creating an enterprise MDM strategy
Enterprise IT leaders who have been working to build MDM programs inside their companies offer these ideas for how to get started.
Decide what devices your workers will use, whether they'll be corporate-issued devices or bring-your-own devices that will be supported by the company.
Make sure that whatever devices you choose can handle the level of security that your business requires.
Create and implement strong security and device use policies and be sure to communicate them with employees from the start. Be sure that your devices include remote wiping capabilities and automatic remote alerts that can tell you if unauthorized users are trying to access or hack the devices.
Require and implement mandatory strong passwords to keep them as secure as possible.
Examine how your MDM plan terms will be viewed legally wherever your company does business, from state to state in the U.S. and in other nations, to be sure that you abide by all applicable laws.
Explain to employees which applications will be approved and permissible on employee devices.
Don't be surprised if there is some disgruntlement from some employees when the new MDM strategy is implemented. Make sure to educate, train and, if possible, offer some benefit with the new approach.
Remember that your MDM plan will never be finished, but will need to constantly evolve as new devices and technologies are introduced.
- Todd R. Weiss
Todd R. Weiss is an award-winning technology journalist and freelance writer who worked as a staff reporter for Computerworld.com from 2000 to 2008. Follow him on Twitter, where his handle is @TechManTalking, or email him at email@example.com.
This story, "Mobile device management: Getting started" was originally published by Computerworld.