Thinking About Tomorrow’s Challenges Today
Advertorial: mobile devices have become normal work equipment. Sensitive company data must be protected automatically, says Baramundi
IT departments face numerous hurdles when it comes to administering mobile devices as securely and reliably as PCs or laptops. An integrated client lifecycle and mobile device management solution can help keeping an overview of all devices and securing valuable company data.
IT departments that have traditionally spent their time managing Windows clients and servers now also need to manage mobile devices and their platforms – iOS, Android or Windows Phone 8, for example. Even established desktop platforms such as Windows are developing in the direction of mobility, a trend currently visible in the modern Windows 8 UI apps. Manufacturers constantly launch new products. Keeping pace with these continuous changes brings new challenges for the IT department.
Working across platforms – Managing across platforms
Mobile devices are adept at common tasks such as reading or writing emails or browsing the Internet, and accordingly, mobile devices have been complementing traditional PC workstations at ever-growing rates. Today, the typical employee uses both a classic Windows client and a smartphone or tablet. For example, a user may begin to draft an e-mail message on a mobile device while on the road, and then continue the task on a desktop PC at the office. When different devices are used for the same task, then all of them should ideally have the same programs, files and rights. Security guidelines for this process also need to be considered holistically.
For IT managers, this is likely to mean performing the same administrative duties for all the platforms involved, and ensuring consistency. Most IT departments use classic client lifecycle management (CLM) systems to manage the workstations. From this starting point, we can differentiate between three classes of mobile device management (MDM) tools: dedicated MDM products, combined CLM-MDM tools and integrated CLM/MDM solutions.
Dedicated MDM products are relatively new solutions that focus exclusively on the management of mobile devices and offer no options for desktop operating systems. Their functional scope is oriented to the options that platform manufacturers provide for managing their devices. Yet their exclusive focus on mobile devices means that the IT department needs a separate solution for managing PCs, notebooks, and servers. There are certainly tools for each arena that are easy to use and, individually, offer optimal results, but the constant need to switch between them nonetheless increases complexity and the workload.
Combined CLM-MDM products offer a first approach to solving this problem. In these products, a classic CLM supplier is adding MDM components from independent manufacturers and creating a new package. However, the customer should pay close attention to the depth of the integration: is it merely commercial – i.e. is the CLM provider simply selling the MDM components alongside its own – or has the manufacturer invested in technical integration? Is there a common UI or are there still two? Is the operating concept homogeneous or are there differences? Is the master data shared or does certain data have to be compiled twice?
Integrated CLM-MDM products offer a more elegant option for the joint management of clients and mobile devices. “Integrated” here refers to all those solutions in which a CLM manufacturer has expanded the functional scope of its product from classic clients and servers to mobile devices. The advantages: both parts of the product are from just one manufacturer, and administration of all devices is possible using just one product. Operating concepts and UIs can be provided in a significantly more homogeneous fashion, there is no need to maintain a second solution, and standard security policies are easier to enforce in one integrated system.
If we consider different types of devices together rather than in isolation, it seems only logical to seek out management solutions that cover the administration of both desktop clients and mobile devices. Mobile devices will not fully replace traditional platforms in work settings any time soon, so businesses need solutions that can combine both worlds. With a comprehensive solution, IT departments will be perfectly prepared for developments in mobile technology that are yet to come, whatever they may be.
Requirements of management solutions
Key functions of mobile device management solutions are:
- Locking and unlocking
- Complete deletion of devices and memory cards
- Activation of device encryption
- Identification of firmware manipulation (jailbreaks, rooting)
- Compliance dashboards, rules and automated responses
- Hardware information
- Installed apps, profiles and certificates
- SIM card information
- Roaming status
- Security settings
- Software distribution and configuration
- Installation and deinstallation of apps
- Configuration of WLAN and VPN
- Setup of Exchange accounts
- Camera deactivation
Enforcment of Compliance Guidelines
Tools with appropriate overviews offer an advantage in continuously ensuring the compliance – that is, adherence to company IT guidelines – of devices. The idea behind this is that the IT department determines the technical rules in line with the company’s guidelines and continually monitors compliance with them. In the event of violations, the administrator can then respond in a targeted fashion or even set up automatic functions to ensure that a preconfigured activity is carried out immediately when a compliance violation is detected. This type of compliance monitoring uses basic functionalities of the MDM solution and offers dashboards for visualization purposes as well as configurable rules.
Aggregated diagrams offer the IT administrator a rapid overview of all devices and make it possible to drill down to the affected device. The administrator can then approach the affected employee and, for example, ask him or her to deinstall unauthorized apps, or, if necessary, directly withdraw profiles that permit access to the company network. It is even possible to completely delete a device via remote wipe, although intervention this drastic is usually restricted to events such as the loss or theft of a device.