"We are all just prisoners here of our own device." -The Eagles, "Hotel California"
Continue Reading Below
"Bring-your-own-device" (BYOD) is a friendly and inviting phrase but IT is not a potluck. Whether you're choosing mobile device management (MDM) software or integrating MDM as part of a broader enterprise mobility management (EMM) strategy, you can't forget or abdicate your responsibilities: protecting your company's data and working toward its larger business goals.
The days are long gone when you could do those jobs by standardizing on one or two laptop models for traveling employees and a virtual private network (VPN) for access through the firewall. Email marketing website EmailMonday reports that a whopping 65 percent of total email opens occurred on a smartphone or tablet in Q4 2015.
If that statistic doesn't make you sweat, then try these from a 2015 report from EMM policy management company SOTI, vendor of Editors' Choice SOTI MobiControl. According to the report, 73 percent of employees say they've accessed corporate data from a public or free Wi-Fi connection. In addition, 65 percent have used consumer cloud storage such as Dropbox or Google Drive for work files, and 65 percent have forwarded a work document to a personal email address.
In May 2013, the federal CIO Council (an inter-agency task force for governmental IT) filed a Mobile Computing Decision Framework that boils mobile implementation down to four stages:
- Assessing mission requirements.
- Balancing the available budget and need for security with what or how much users will be able to do with mobile information.
- Rating legal, financial, privacy, and other risks.
- Selecting the right device, application, and infrastructure solutions.
With the framework in mind, we've listed seven steps we consider essential when taking the MDM plunge.
1. Go Back to Square OneMobile tech moves too fast for five-year plans [are you thinking about wearables and the Internet of Things (IoT) yet? You should be.] It's too important to simply tack on or append to your overall IT strategy. Data protection vendor Druva's Sarah Beaudoin put it well: "The role of mobile is to improve existing interactions or to provide disruptive innovation."
That requires you to reassess your IT mission, thinking about things such as who your employees and customers are, where and when they do business, and what they're looking for when they access your website or servers. Instead of asking, "How do we support Android phones?," ask "How can we use mobile to improve the business's bottom line?" What new interfaces, apps, or infrastructure upgrades are needed? Truly embracing MDM requires a change in organizational thinking.
2. All AboardThe nightmare scenario is a row of silos—one mobile solution for human resources (HR), another for finance, another for legal, and so on. To bring everyone on board, and to save you from trying to support every employee on every possible device, all relevant departments should be represented in strategy sessions. With everyone on the same page going forward, you can create a unified mobile strategy.
Avoiding departmental differences doesn't mean that your goal is a one-size-fits-all platform. It's more one-size-fits-each-employee-type, depending on user roles, requirements, device of choice, and travel frequency and distance. A part-time telecommuter who needs access to email is different from an exec who needs access to back-end data while jetting between the London and Tokyo offices.
3. Put It In WritingEliminate uncertainty and educate staff with a compliance policy document and user agreement that spell out things like employee eligibility, supported devices, and user rules and responsibilities. The last might include reporting a lost or stolen device immediately, performing regular app upgrades, or even light troubleshooting. Impress upon employees the fact that they share responsibility for securing company data on handhelds.
4. Teach Your Workers WellSimilarly, don't distribute or deploy mobile devices without adequate training. Compliance with established access and security procedures is a must. In the case of BYOD gear, stress the separation of personal and company data and the need to back up the former in case you have to wipe a lost or stolen device.
If your MDM software provides a secure browser, then you'll want to disable the native browser and train employees in the use of the secure one. If you've configured a network-attached storage (NAS) server as your own cloud storage, teach them to use the company cloud instead of Dropbox. If employees are using workarounds to bypass secure procedures, find out why—what interface snags or pain points, such as the lack of single sign-on (SSO), are causing them to dodge IT policy—and fix them before proceeding further.
5. Don't Bite Off More Than You Can ChewWe said earlier that trying to support every user on every device brings nothing but pain and chaos. Roll out with a limited or pilot program with a subset of employees and devices. If you're doing it right, it'll be scalable to a larger population.
Another subset to embrace is a limited library of mobile apps. While it may be impossible to keep Pokemon Go off BYOD handhelds, you can set up a secure in-house app store for your own and selected third-party apps and upgrades. This will help you make the most of your chosen MDM software's over-the-air push capabilities.
6. Find the Right User ExperienceYour business may be too small or lack the resources to create your own apps and update them at the fast pace of mobile. That doesn't stop you from creating your own intranet or website with a responsively designed user experience (UX) for assorted small screens. Later, you can convert browser-based apps to native ones.
7. Who, What, and WhereMany MDM platforms offer geofencing capability that can add a new dimension to mobile security, automatically taking action or requiring a different level of sign-on security if a device is taken further than a set distance from company HQ; some can restrict operations based on time of day as well. As you make your mobile plans, consider location and your local versus traveling workforce as part of role-based authentication.