February 13, 2012, 1:45 PM — This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.
Enterprise IT and security teams are stretched thin by the growing number of mobile device types invading the enterprise -- many owned by employees -- the variety of OSs and the sheer volume of mobile apps users are requesting. Questions abound.
How, for example, will IT ensure corporate intellectual property remains intact? Who has responsibility for updating, distributing and securing mobile apps being developed by various departments and/or geographic divisions? How do enterprises gain an acceptable balance of security and corporate resource-access across all of the leading mobile platforms (Android, BlackBerry, iOS and Windows Phone)?
CLEAR CHOICE TEST: How to protect smartphones and tablets
GARTNER: How to get a handle on mobile device management
Organizations seeking to address these issues are increasingly turning to mobile device management (MDM) software. The MDM market is evolving rapidly, meaning vendors that previously had first-mover advantage have had to evolve to support new platforms and the enterprise's shifting needs. In addition, new disrupters have tried to enter the MDM space with repurposed product, primarily from adjacent markets such as mobile services management (MSM), mobile security (endpoint/VPN), and telecom expense management (TEM).
Regardless of its origin, the complete MDM solution should address the complete enterprise mobile security, device, data and app life cycles.
Securing enterprise mobility with MDM typically involves four primary phases. Phase 1 focuses on provisioning, during which devices "inherit" an enterprise persona, as determined by the mobile IT and security staff in charge of enterprise mobility. This phase includes leveraging all existing corporate network infrastructure to help avoid resource complexity and duplication.
Many of the devices being provisioned are personally owned mobile devices that are also used for business apps. This bring-your-own-device (BYOD) trend is one of the more dramatic results of the consumerization of IT, in which consumer preference, not corporate initiative, drives the adoption of technologies in the enterprise.
Mobile IT has increasingly allowed BYOD to drive employee satisfaction and productivity through the use of new technologies, while simultaneously reducing mobile expenses. However, many newer smartphones, tablets, and their apps were not built with enterprise requirements in mind, so IT teams often feel uncomfortable about security and supportability. [Also see: "Can employee-owned devoices save companies money?"]
BYOD has many complex and hidden implications, such as the need for privacy policy, separate policies for corporate vs. personal devices, and certificate-based identity, for which a strategy needs to be defined in advance of implementation. For example, MDM software ideally uses an enterprise's existing certificate authority to secure the device, thus leveraging security and network investments IT has already made. In fact, the MDM software can serve as the centralized certificate authority server for corporate resources, including ActiveSync (email access).
