As tablets and mobile devices began to flood the enterprise, IT
vendors and management took a predictable approach. Much like the desktops and
laptops already connected to the corporate network, IT regarded the tablet as
another “asset” to be tracked, managed, updated, and logged. A whole crop of
software tools has emerged that attempt to bring desktop- and laptop-like
management to these highly mobile and often disconnected devices, creating
frustration for the IT staff who are told to manage these devices and for the
users who are trying to accomplish various tasks.
The concept of device management seemed sensible during the
dawn of IT, when most IT departments were part of or offshoots of finance, and
early desktop computers and associated peripherals were very expensive. This hardware was truly an asset to the company, requiring careful
tracking, oversight, and depreciation. Data were also generally localized to the
devices, making theft of the device an even more pressing concern.
Now, devices are increasingly playing the conceptual role of
dumb terminals, with application software and data stored outside the device.
This might come in the form of a modern cloud application or enterprise data
that are captured in ERP, CRM, and other transactional systems. Many devices access the enterprise services that store and manipulate data
rather than performing those tasks locally.
This is even more common with mobile devices, where limited
storage and processing power often necessitate lightweight applications that
access the computing power of an enterprise backend or cloud. In the extreme,
yet not uncommon case, application and desktop virtualization truly renders the
device a “dumb terminal” that does nothing more than present a screen.
A $1,500 solution to
a $300 problem?
If sensitive enterprise data are stored externally to a
device, and tablets are now cheaper than a boardroom chair or piece of artwork
(assets that are tracked with far less rigor than tablets in many
organizations), why are we spending so much time and money attempting to
Arguably, there are still data on these devices, such as local copies of corporate email that might contain sensitive
information. However, does the risk of unauthorized access to the average user’s
email account and the loss of a $300 piece of hardware necessitate specialized
technologies and a cadre of staff to implement and monitor them? Most security
people would argue that there’s a far greater risk of an employee giving away
passwords to an authoritative voice on the other end of a phone than a
carefully orchestrated theft of a mobile device.
MDM as a Band-Aid
In some ways, Mobile Device Management (MDM) represents a Band-Aid solution to consumer
tablets and mobile devices entering the enterprise. The “old way” at most IT
shops assumes the endpoint as a trusted and secured component of the IT
infrastructure, and they believe that maintaining the integrity of the endpoint is a battle
worth fighting. In the new world, endpoints are merely terminals that are accessing services — they require authentication and good application and data
design but assume and requiring nothing from the endpoint itself.
Rather than frantically trying to gain control of a
doubling or even quadrupling of endpoints (if most of your users acquire
a smartphone, tablet, or both), assume endpoints are an unknown and untrusted
commodity and that the services your enterprise provides should act
accordingly. With this mindset, your company’s applications will be ready for
any type of endpoint, be it a tablet or a partner interface, and you’ll save yourself the headache of trying to apply 1980’s device management to increasingly
prolific, mobile, and personal end-user devices.