This is the second post in a series highlighting BYOD, taking a look at what concerns and procedures organizations need to evaluate as they embrace devices in the workplace.
Last time, we discussed how limiting the range of mobile device and operating system choices can improve overall IT security and integrity while reducing support costs. But there’s another factor that plays into the device-selection process, and that’s a given organization’s choice of an enterprise mobility management (EMM) solution.
EMM is an umbrella term for a wide range of essential mobility-management capabilities, as follows:
- Mobile Device Management (MDM) – Often used synonymously with EMM, MDM is in reality limited to configuration management, bulk backup, and related device-specific tasks.
- Mobile Application Management (MAM) – Far more important is managing which applications, both local on a given device and in the cloud, that can be run against organizational data. This often includes whitelist/blacklist functions and an enterprise app store to assure that only trusted applications are used.
- Mobile Content Management (MCM) – And perhaps most important of all is the ability to control access to and manipulation of organizational data on mobile devices via a set of permissions and related controls. For example, restrictions can be placed on a given user with respect to accessing, printing, e-mailing, and copying a given file.
- Mobile Policy Management (MPM) – This function provides a mapping between organization IT and mobility policies and mobile operations.
- Mobile Expense Management– This capability optimizes for the cost of mobile communications. For example, users might be directed to a Wi-Fi service when available in place of using cellular data.
- Identity Management (IDM) – Finally, contemporary security management is based upon specific user identities, as defined by user credentials (authentication) and even the use of specific devices. Authorization to use IT services is appropriately tailored, controlled, and logged according to IDM. Note that IDM isn’t limited to mobile situations and should really be viewed as the next step in the evolution of the traditional security strategic framework known as AAA– authentication, authorization, and accounting.
These components of EMM are available in varying combinations and ranges of capability via products and increasingly cloud-based subscription services from a (very!) broad range of vendors. The first step in vendor selection here is always to map local policies and operational requirements to a required set of solutions.
And the challenge here is that the vendor with the best set of tools for a given case might not support every mobile device/OS pair in use within the organization.
As we previouslydiscussed, a further restriction on BYOD device selection is likely to be the availability of a sufficient degree of support by the selected EMM vendor. And, since EMM is essential to cost control, security, and integrity, some restrictions on device/mobile OS choice should be expected. Fear not, however – all major EMM solutions support Android and iOS, although new OS releases may see a degree of lag here. The bottom line: the selected EMM solution can be a very important gating item and consideration in an organizational BYOD policy – and one in which compromise really shouldn’t be an option.
Check out all posts in this series:
BYOD Success: Aligning with Enterprise Mobility Management strategy