Look for tight integration with email, CenterBeam's Pirooz advises. Some MDM software can disable an account that was hacked but can't take down the user's mailbox itself, he says. One reason he likes Tivoli Endpoint Manager for Mobile Devices is that if it detects a jailbroken device, it can shut down the person's mailbox. In this way the person can't get his email from any device until he comes forward to resolve the issue.
The tools are changing quickly, so it's also important to reassess, Pirooz says. He was required to use Tivoli Endpoint Manager in his previous position at EDS and wasn't impressed. But since then IBM acquired and integrated BigFix into Tivoli. "Now it's much better," he says.
Written policies Do you have a written mobile-use policy in place? Yes - 68% No - 30% Don't know - 2% Source: Computerworld survey, April 2013, base 97
Most of the prominent MDM tools also support the creation of an enterprise app store -- a feature that IT executives say their users find helpful. Hillarys has one in-house-developed app its sales representatives can download, but its store also includes other recommended Android apps for download, including Flashlight and Tape Measure. "Rather than forcing them to go to Google Play it's easier to just point them to a corporate area with all of the apps we recommend," Bond says.
At Skanska, Roman uses AirWatch to both push out homegrown enterprise apps and to provide access to others on demand through an app store, which has both a corporate and public apps page. Users belong to groups based on location, and each group has different policy controls that lock out or enable certain features based on the needs and regulatory restrictions in each region.
"In some places we're not allowed to have a camera active on the device. In others, management doesn't want anything but business resources on the phones so we whitelist or blacklist apps." The app store, he says, provides quick access to apps that the user knows are approved.
Limitations and disclaimers