Managing mobile devices encompasses more than the seemingly simple aspects of combining familiar laptop management tasks with newfound modes of mobility.  I mean, enterprise laptop management consists of very mature practices so why are IT professionals so concerned about managing the new breed of mobile devices?  Well, today’s mobile devices are much more prolific, more heterogeneous, have both personal and enterprise ownership models, and are increasingly used as both a primary computing vehicle as well as companion devices.

Organizations have tried – and failed – to apply draconian IT tactics to BYO and mobile devices.  Imagine walking into the office on the first day with your new BYO device and having your IT department grab it and install “required management software” that takes control over all your settings and allows IT to render all data on the device unusable whenever they want.  As a user, would you accept this?  While strict device security measures are required for some use cases, this is not the way to manage a BYO program.

Unfortunately, this how mobile management has been looked at for the past few years. The reality is that device management is a familiar way for IT to gain and maintain control.  The more complete answer is that device management is simply one component to consider in the context of an overall mobile management strategy.

 There are three major models for device, app and data management:

  • Mobile Device Management (MDM) – Management of mobile phones, tablets, embedded systems, printers.
  • Mobile Hypervisor – Split personality switching between personal and work.  The virtual equivalent of carrying two phones.
  • Mobile Application Management (MAM) – Granular management of applications and data. 

What is the key way to determine which technology is best for you?  If you manage it, you must own it.  If an enterprise needs to manage all aspects of the device, the enterprise needs to own the device.  This is identical to the familiar enterprise owned and managed laptop model.

Is MDM appropriate for BYO?  No.  To BYO users, MDM stands for More Draconian Management.  Note that BYO, by definition, implies a personally owned experience.    Note that these three major models aren’t exclusive. In fact, MAM is complimentary to MDM and provides more granular control over applications and data than current MDM solutions.  

The following two examples highlight mobile management use cases in healthcare and government.

  • Healthcare. Today’s physicians are typically highly mobile independent contractors who work for multiple practices, clinics and hospitals. To maximize productivity and mobility, many physicians are also BYO users – and often iPad users. Compounding mobility is the fact that healthcare usage involves some of the most sensitive data: personal healthcare information (PHI).
    Using Citrix CloudGateway (which integrates with XenDesktop and ShareFile), the physician connects into their personalized set of applications delivered and managed via the enterprise appstore. When local applications are desired, native mobile apps are already available in the appstore – wrapped with all the required configuration and security settings to run natively on the physician’s iPad. A doctor who works for two different hospitals, simply visits each practice’s app store to select desired apps and automatically have the unique apps required for each hospital appear in separate groups or accounts on the device. Each hospital’s IT organization manages the required versions and updates to their set of apps and places them in their respective app stores. And, for physicians that require access to their data, ShareFile allows for seamless access to data whether the physician is using an iPad or a healthcare workstation.
  • Governments. Governments require the ultimate control over their sensitive data.  The lure of tablets and smartphones has been strong with government employees, but these devices must remain strictly managed government owned devices with clearly defined control boundaries.  Not all government employees work with secrets that require the ultimate security, but the one-size fits all approach to device security doesn’t reflect this reality.
    Beginning with a hardened operating system and MDM, governments specify configuration settings that require device encryption and strong passwords for device access.  Cameras, removable storage, and Bluetooth are disabled.  Siri and other dictation services are forbidden.  Devices are also protected by security suites to thwart malware. Strong mobile security, right?  The problem is that device-level security is often over-restrictive and doesn’t allow employees to use these devices in the right ways in the right situations.  What if the worker needs to get on someone else’s network or requires an external application?  A more granular set of security measures would greatly improve the user experience and provide for more specific security measures.
    To optimize for mobile productivity and security, devices, applications, and capabilities are provisioned and managed based on role.  Policies provide granular control over native mobile and HTML5 apps based on factors such as the type of device, type of network, user passcode, login frequency, and whether or not a device has been jail-broken.  Location-based access is enabled, allowing for usage of sensitive applications or data only in secured locations.

When used together, CloudGateway (an enterprise mobility management solution which includes MAM capabilities), XenDesktop, and ShareFile benefit workers and IT by simplifying the provisioning, lifecycle account management, delivery and visibility into the usage of both internal and external applications.  Security features provide for single sign on (SSO) across application boundaries, password management, role-based provisioning/de-provisioning and cross-provider visibility.  These features combine to increase security effectiveness and give IT management and control needed in the Cloud Era.

We would love to hear from you. What types of mobile devices are used in your organization – BYO or enterprise-owned? How are you managing these mobile devices? Tell us about the benefits and challenges you are experiencing. Everything we hear from you helps us make our product better!

Also, special thanks to Kurt Roemer and Bruce Franson for their help with this blog!