Best BYOD management: Containment is your friend
For the products that do support iOS, Apple's legendary secrecy about OS enhancements means containerization vendors receive no advance notice and must scramble every time Apple releases an update. The bottom line: Users may have trouble accessing corporate resources if they upgrade their personal iPhone too quickly or frequently. "iOS changes often cause service interruptions while Good Technology's products are modified, tested, then released for our end users," says Terry at University Hospitals.
Directory integration is another area where tools are still evolving. "We'd like to see more integration with Active Directory and with PeopleSoft or whatever the source of record is to control user profiles," Terry says. "Ideally, tighter integration that would disable access automatically or restrict access to published applications based on a user's role." Today businesses may need to turn to integrators such as Vox Mobile to provide that level of integration.
Containerization is also limited in terms of troubleshooting and general support issues if the enterprise doesn't have visibility into the performance of the total device, argues Steve Chong, manager of messaging and collaboration at Union Bank, which uses Good for Enterprise. Is the problem related to signal strength? Has the user run out of storage space? Is there a way for IT to remotely access the phone to diagnose issues?
"We need all of that without having to have multiple agents installed on the phone," he says, because each agent adds complexity and uses up resources.
"Having agents on the phone means that it needs to be constantly on all the time for data gathering, but that means that it will consume phone resources," Chong says. Also, it's "software that now needs to be managed and updated on users' phones."
Today many businesses, if they have a BYOD program at all, either aren't using MDM or are using a very basic tool such as Microsoft's Exchange ActiveSync, which allows mobile access to the user's Exchange email and calendar. "The next phase is getting to MDM. Then [IT staffers] can look at application security and management," Redman says.
At West Virginia University, the cost of tools outweighs the risks -- at least for now. Yohn says the school uses only ActiveSync to support its 4,500 faculty and staff. He'd like to do more, but says licensing costs for the containerization tools he researched would have exceeded $100,000 annually. "We'll wait until prices fall, or something happens and we determine that we need to make this investment," he says.
At CareerBuilder, a jobs website and staffing firm, individuals who want to use their own phones can connect by way of ActiveSync, but downloaded data is not encrypted unless the user chooses to do so at the device level. Further, IT doesn't offer any support for users connecting with their own smartphones.
Users can also install, on their own, apps to access SaaS applications such as Concur and Salesforce.com. "We defaulted to that," says senior vice president of information technology Roger Fugett. But with nearly half of CareerBuilder's 2,600 employees now bringing their own devices, Fugett says he's taking a hard look at the potential risks and how to mitigate those. Containerization and general MDM tools are on his radar.
The coming consolidation
Containerization is rapidly becoming a necessity for supporting BYOD, and the technology is evolving rapidly, says Stephen Singh, a director at professional services firm PwC. "It works relatively efficiently and meets the regulatory compliance needs for many of the customers we speak with."
In most shops, containerization is -- or should be -- one part of an overall MDM strategy. Going forward it should be possible, for example, to apply one set of policies to the entire device, another to a protected container where app stores deposit applications, and a third to specific corporate apps, with variations depending on the user's role or group.
Indeed, Symantec says its Odyssey MDM tool can be used to enforce a device-level password while Nukona applies application-specific controls.
Containerization is already starting to be absorbed into the major MDM platforms. Symantec plans to merge into its Nukona containerization and Odyssey MDM acquisitions into its Altiris offering for managing servers, desktops and laptops; and Mobile Iron now offers its own APIs for application integration. "In the next six months we'll see more application security and management integrated into MDM systems," says Redman.
Eventually, he says, MDM will broaden into a "systems management platform for the enterprise" that includes security, content management, application management and application development, and it will extend to laptops and desktops as well as tablets and smartphones.
That's high on the wish list at Union Bank, which relies on two different consoles to manage BlackBerry and other mobile devices. "I want a universal dashboard. There's no technology that does that today," Chong says.
BNY Mellon has already started down that road. "We chose MaaS360 because we can run it across our full mobility network, whether a laptop, phone or tablet," Perkins says. "I can provision access to all of those devices at once, knowing that each has a different graphical paradigm. That's the way we think people will be moving."
Singh sees an even broader convergence of management tools that provides ubiquitous access for any end user device over any medium, including desktops, laptops, desktop and application virtualization, remote access and unified communications as well as mobile devices. "We're not that far off from a universal console. We see convergence occurring in three to five years," he says.
That may seem like a ways off, but it's important to plan for that vision now so that containerization, MDM and other tools acquired today don't end up overlapping or becoming redundant over time. "Look at the big picture. Solving the problem for mobile device management isn't just about selecting a vendor," Singh says. "It's about applying a solution across multiple platforms and instances."
Read more about Bring Your Own Device (BYOD) in Computerworld's Bring Your Own Device (BYOD) Topic Center.
- 15 Non-Certified IT Skills Growing in Demand
- How 19 Tech Titans Target Healthcare
- Twitter Suffering From Growing Pains (and Facebook Comparisons)
- Agile Comes to Data Integration
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
MDM and beyond: Rethinking mobile security in a BYOD world
Regardless of who purchased the mobile device, if it's being used for
business purposes, it needs to fall under IT's umbrella of protection.
Delivering Enterprise Information Securely on tablets & smartphones
A technical how-to guide-updated for Android 4.2,iOS 6.1, and Windows
Phone and Surface 8
- Best Practices for Making BYOD Simple and Secure BYOD goes mainstream: Formalizing consumerization-and getting it under control
- Pay-as-you-Grow Data Protection: IBM Tivoli's Full-featured Data Protection Suite for Small to Medium Businesses IBM Tivoli Storage Manager Suite for Unified Recovery gives small and medium businesses the opportunity to start out with only the individual solutions...
- Meg Whitman presents Unlocking IT with Big Data During this Web Event you will hear Meg Whitman, President and CEO, HP discuss HAVEn - the #1 Big Data platform, as well...
- The New Way to Work Knowledge Vault This Knowledge Vault focuses on how, in today's increasingly virtual world, it's more important than ever to engage deeply with employees, suppliers, partners,... All Bring Your Own Device (BYOD) White Papers | Webcasts