Here we are in December, the month of last-minute purchases, budget finalization, and a rush to learn about new technologies for next year. This year, we heard about automation, machine learning, artificial intelligence, and virtual reality—the very essence of digital transformation. I ask myself what this has to do with mobility, and the answer is ‘everything’. Mobile is vital to a business, and we have seen the release of several new disruptive mobile technologies. At the same time, mobile threats are growing, and the time has come where it is no longer an option to think of mobile devices as ‘just phones’ or ‘nifty tablets’—they must be treated as the threat vectors that they are.
Exactly how mobile should be protected and managed is a real conundrum for many businesses. However, the question of who needs protection and what tools can be used has a simple answer: Everyone, and everything they can.
With offerings from EMM players big and small, how do we determine which is best? While some solutions seem attractive due to their lower price points, are they going to fit the needs of the business long term, or are will they fail to adapt to the everchanging mobile landscape?
I’ve been worked on many projects over the years that involved vetting and selecting the proper enterprise mobile management solutions for companies across all industries, and for this first post for BrianMadden.com, Jack asked me to share my thoughts on how to choose a provider. So here are some guidelines to help make a decision that can set a company up for security and protection, without compromising too much of the mobile experience.
What’s your device ownership model?
This is one of the core drivers for an EMM decision. If the devices are corporate-owned, the ability to lock down and manage them increases tenfold. If they are BYOD, there is a level of caution and care that must go into any decision on security controls. (Not to mention the need for an iron-clad end user agreement.)
This also plays into supportability. If the device models, types, and OS versions are all over the map, it is virtually impossible to find a single solution that can do what the company wants it to. Settling in on major manufacturers, OS version limitations, and device upgrade recommendations is a great way to ensure support staff aren’t trying to figure out 5-year-old Android phones and out-of-date operating systems.
What information will go on the device?
Often, this starts out simple enough. Employees want to get their email, contacts, and calendar. But then over time, they want to access document repositories, the intranet, or routine things like time cards or vacation schedules. In a vendor evaluation, ask if the potential solution is capable of this type of expansion and new capabilities. Is the vendor just supporting the basics of MDM, or are they really interested in and able to support the ever-changing landscape of mobility? I have dealt with vendors who fell behind and were outpaced by the competition. One of these platforms really had no significant changes in almost 15 years, and by the time they did make a change and innovate, their customers were already moving off the platform.
Who supports the mobile devices?
If there isn’t a dedicated mobility role that will administer the chosen solution, it may get implemented haphazardly. This often rings a death knell for any EMM effort, whether it is done with the best product on the market or one nobody has heard of. Getting the support folks the proper training is also imperative. While there aren’t many mobile certifications in the market, there are a few out there that can ensure that the company is training its staff for the mobile disruption.
What are the requirements for security, usability, management, and support?
This is a biggie. Having worked with many companies on the selection and implementation of mobile solutions, I know that asking these questions will help in the vendor selection process. Create a matrix of what capabilities are available in a broad sense, and go through them and rank the importance with different stakeholders. It may be discovered that security wants one thing and HR another.
As you can imagine with something as personal as mobility, this will have a significant effect on your choice and deployment. The mobile experience should focus on how your employees work. For example, will employees prefer a third-party email client, or a built in one? While this may seem like a simple choice, there are those that prefer a third party. It all boils down to user experience.
Be sure to look up the meaning of terms like enterprise wipe, encryption, containerization, and personas—these can have very different technical meanings from one vendor to another. For example, vendors may offer widely-different recommended approaches for things like BYOD, so it’s important to understand the ramifications and capabilities of the underlying technologies and their security risks.
Use your matrix to create a numerical ranking value for vendors. In the end, this helps put things into perspective so that you’re not sold by the shiny handouts and flashy presentations. Facts are more important than the color of the console, and it also gives a defensible decision document for the chosen solution that may be questioned in the future.
Who will implement the solution?
I recommend the outside help of an integrator, but remember, not all integrators are the same, nor do they have the right level of experience for a chosen solution. Some have been dealing with mobility for a long time, but others have come to it more recently, wanting to get in to what is now a hot space.
I recently dealt with an integrator that implemented the wrong components of a solution, then incorrectly blamed the client for using a solution that was not able to perform the tasks that they needed. The issue ultimately was with the integrator, as they were simply not well-versed in the product.
What is in the end user agreement?
In this era of privacy, hacking, industrial espionage, and the litigious few, it is imperative to have an internal end user agreement that is enforceable, easy to read, and updated for new legislation. If your company has locations outside of the United States, consideration must be given to new rules such as GDPR and the privacy policies of certain countries, not to mention the BYOD restrictions enacted by those countries.
Keep the agreement bulleted, short, and easy to read, and I recommend creating a more detailed version that will help your legal folks sleep at night, that can be referenced or given out if someone asks.
With mobility, you’ll have to decide things like what to do when a person loses their device, as they might be afraid of having their personal photos or the last voicemail from a deceased relative erased. Privacy is another key policy. Keeping the technical capabilities of your chosen EMM products in mind, spell out exactly what the company will or won’t do and what the employee can and can’t do.
The selection of any security product can be daunting. The promise that a feature or functionality is ‘coming soon’ to the market should cause a moment of pause, especially if it something that the other services have out of the box. Get vendor reference calls, too, as these can help clear up the sales and marketing talk. As always, if it sounds too good to be true, it probably is.