Until recently, mobile device management in the enterprise was simple. C-level executives and other key knowledge workers got BlackBerries, and IT controlled the handsets through BES (BlackBerry Enterprise Server).
Yet things have clearly changed. Even before the recent blackout, many BlackBerry users were starting to migrate away from the platform to consumer-focused devices like the iPhone and Android.
“Even if we had wanted to, there was no way we could have kept iPhones and Androids out of our network,” said Mathew Frehner, an IT Leader for Newell Rubbermaid. “We’d been a BlackBerry shop for a long time, but people would get iPhones or iPads for Christmas and want to bring them to work. There was a lot of pressure internally, especially from executives, to allow these devices in.”
While RIM recently started to integrate the support for other platforms into BES, reviews of RIM’s cross-platform capabilities are tepid as of now. Meanwhile, RIM’s foot dragging encouraged a slew of other vendors to rush into the Mobile Device Management (MDM) game. MDM solutions offer IT a way to do the following in a centralized, controlled manner:
• Manage mixed device environments
• Distribute, update, patch and even block apps
• Manage user roles and privileges
• Enforce a variety of security and safe-use policies
• Track devices
• Remotely lock or wipe lost or stolen devices
The MDM market is a land grab at the moment, and the landscape is in a steady state of flux. Gartner estimates that the market achieved revenues of $150 million in 2010, but will grow at a CAGR of between 15 and 20 percent for the foreseeable future.
Businesses of all sizes and in all verticals are quickly adopting MDM solutions. As you evaluate various vendors, consider these five recommendations from early adopters:
1. Don’t try to swim against the tide.
Many organizations have tried to forbid the use of iPhones, Androids and iPads in the enterprise, and pretty much all of them have failed.
“It’s impossible to fight this change,” said Endre Walls, CTO for Resources for Human Development (RHD), a national human services nonprofit with 4,000 employees.
“Information is much more portable with smartphones and tablets. It’s a huge change that is foolish to fight. I don’t see companies being successful preventing this, and the benefits [of supporting a variety of smartphone platforms] are significant,” Walls said.
Even if an organization has a policy that allows corporate apps or email only on BlackBerries, all it takes is one high-level executive to change that policy, whether formally or not. CEOs, CIOs, CTOs and other top executives are often the first people asking (well, often demanding) that they be able to use their new gadgets in the enterprise. Good luck saying no to them.
2. Which mobile operating systems are most important to your employees?
The very first question to ask an MDM vendor is what mobile operating systems they support. Not every vendor supports all operating systems. In a market where 30+ global smartphone vendors offer a range of devices based on myriad mobile platforms, it’s critical that the operating systems your users clamor for are supported.
The MDM vendor doesn’t necessarily need to support every mobile OS under the sun, since iPhone, BlackBerry, Android and Symbian own about 90 percent of the market. But broad support should at least be on the roadmap, especially as BYOD (Bring Your Own Device) becomes the norm and consumer churn turns into something that both carriers and IT will need to cope with.
Walls and RHD were aware of the importance of cross-platform support and eventually selected Fiberlink’s MaaS360. RHD had considered competing solutions from AirWatch and a few other vendors, but back when RHD was comparing solutions, AirWatch didn’t have iPhone support ready.
Conversely, a number of other MDM vendors still don’t have decent Android support. MaaS360 currently supports iOS, Android, BlackBerry, Symbian, WebOS, Windows Mobile and even Windows 7.5 Mango.
3. How will MDM change your organization’s risk posture?
Security is paramount with all MDM solutions. BES is still the gold-standard with more than 400 published IT policies, but MDM vendors are catching up quickly.
Many security capabilities should be considered checkmark features, including the ability to require strong passwords, establish time-outs, enforce data encryption and remotely track, brick or wipe lost or stolen devices.
Walls said that one of the biggest benefits to be gained from MDM is visibility. This includes the ability to see whether users have password protection turned on, whether data is encrypted on the device, whether the connection to corporate email is through a secure connection, etc.
The best way to roll out an MDM solution, Walls argued, is to rely on reporting first.
“Put the thing out there so you can get reports, figure out how bad the environment is, and determine from there what your security posture needs to be. For us, it turned a tactical decision into a strategic one because we had raw data and metrics to back up certain corporate policies.”
Of course, if you plan to roll out MDM in the manner Walls suggests, be sure that the MDM solution you choose has robust reporting or even built-in BI capabilities. Not all of them do.
4. How much control will you have over mobile apps?
HeartSmartKids helps medical clinics and communities detect early cardiovascular problems in children. Its key diagnostic tool is the Smart Heart Cart, a touchscreen system that helps doctors, nurses, parent and even the children themselves pinpoint risks, identify problematic behaviors and plan for a healthier lifestyle.
Based in Colorado, many Smart Heart Carts are located in rural mountain towns, leaving HeartSmartKids’ IT staff with few ways to control and update the devices. The carts used to be based on touchscreen kiosks, similar to the POS systems used in restaurants, with the typical device costing about $1,000.
Kevin Gilbert, founder and CEO of HeartSmartKids, figured that his organization could cut costs simply by switching to iPads. Controlling a bunch of iPads in remote locations was a more difficult challenge than controlling kiosks, though.
“We needed a solution that would keep all of our devices identical and up to date, while also blocking certain activities, such as downloading games, and preventing someone from walking off with our new iPad,” Gilbert said.
After trying out both AirWatch and Silverback, HeartSmartKids selected the MDM suite from Trellia. The Trellia solution gives HeartSmartKids the ability to track the devices, push out OTA updates, perform configuration changes remotely, block apps from downloading and remotely lock or wipe devices.
“Now, we know what exactly is on every machine. At locations where it’s difficult to work with the clinic’s IT staff, we just add a cellular connection so we can remotely control the device without having to jump through hoops to enter their network,” Gilbert said.
After deploying Trellia MDM, Gilbert notes that Smart Heart system is much more mobile, no longer tethered to a specific clinic and network. This opens up new use cases, such as offering Smart Heart iPads to YMCA after-school programs, where the devices can be shared among a number of different sites.
5. What happens if the vendor is acquired by or merges with another company?
In a space as new and as rapidly changing as the MDM market, it would be foolish to not expect mergers, acquisitions and failures. While not as drastic as a business failure, mergers and acquisitions can be difficult to navigate. The customer support rep you had on speed dial may now be buried behind a help-desk maze.
Not long after Newell Rubbermaid selected Trust Digital’s MDM solution, Trust Digital was acquired by McAfee. One of the reasons Newell Rubbermaid had selected Trust Digital over such competitors as MobileIron, Good Technology and SAP was that they considered Trust an MDM innovator. Yet once acquired, a thought leader can get lost in the million and one other products the global conglomerate offers.
“There were some growing pains, especially support-wise,” Mathew Frehner, an IT Leader for Newell Rubbermaid admitted.
“We had been very close with Trust, and their support was great. It took a little time for McAfee to come up to speed and figure out how to route questions to the appropriate person. To be fair, I’m sure if some other vendor had acquired Trust, we’d have had the same issues.”
Frehner didn’t think the growing pains would have driven him to another vendor had he known about the acquisition ahead of time, but it’s something he cautioned others to be aware of.
Pretty much everyone I talked to touted the customer support of their chosen MDM vendor. It’s naïve to expect that the close-knit, bend-over-backwards customer support you get from a startup will always be there, however, acquisition or not.