Patrick Gray explains how you can save yourself the headache of trying to apply 1980's device management to increasingly prolific, mobile, and personal end-user devices.
As tablets and mobile devices began to flood the enterprise, IT vendors and management took a predictable approach. Much like the desktops and laptops already connected to the corporate network, IT regarded the tablet as another “asset” to be tracked, managed, updated, and logged. A whole crop of software tools has emerged that attempt to bring desktop- and laptop-like management to these highly mobile and often disconnected devices, creating frustration for the IT staff who are told to manage these devices and for the users who are trying to accomplish various tasks.
Services, not hardware
The concept of device management seemed sensible during the dawn of IT, when most IT departments were part of or offshoots of finance, and early desktop computers and associated peripherals were very expensive. This hardware was truly an asset to the company, requiring careful tracking, oversight, and depreciation. Data were also generally localized to the devices, making theft of the device an even more pressing concern.
Now, devices are increasingly playing the conceptual role of dumb terminals, with application software and data stored outside the device. This might come in the form of a modern cloud application or enterprise data that are captured in ERP, CRM, and other transactional systems. Many devices access the enterprise services that store and manipulate data rather than performing those tasks locally.
This is even more common with mobile devices, where limited storage and processing power often necessitate lightweight applications that access the computing power of an enterprise backend or cloud. In the extreme, yet not uncommon case, application and desktop virtualization truly renders the device a "dumb terminal” that does nothing more than present a screen.
A $1,500 solution to a $300 problem?
If sensitive enterprise data are stored externally to a device, and tablets are now cheaper than a boardroom chair or piece of artwork (assets that are tracked with far less rigor than tablets in many organizations), why are we spending so much time and money attempting to manage them?
Arguably, there are still data on these devices, such as local copies of corporate email that might contain sensitive information. However, does the risk of unauthorized access to the average user’s email account and the loss of a $300 piece of hardware necessitate specialized technologies and a cadre of staff to implement and monitor them? Most security people would argue that there’s a far greater risk of an employee giving away passwords to an authoritative voice on the other end of a phone than a carefully orchestrated theft of a mobile device.
MDM as a Band-Aid
In some ways, Mobile Device Management (MDM) represents a Band-Aid solution to consumer tablets and mobile devices entering the enterprise. The “old way” at most IT shops assumes the endpoint as a trusted and secured component of the IT infrastructure, and they believe that maintaining the integrity of the endpoint is a battle worth fighting. In the new world, endpoints are merely terminals that are accessing services — they require authentication and good application and data design but assume and requiring nothing from the endpoint itself.
Rather than frantically trying to gain control of a doubling or even quadrupling of endpoints (if most of your users acquire a smartphone, tablet, or both), assume endpoints are an unknown and untrusted commodity and that the services your enterprise provides should act accordingly. With this mindset, your company’s applications will be ready for any type of endpoint, be it a tablet or a partner interface, and you’ll save yourself the headache of trying to apply 1980’s device management to increasingly prolific, mobile, and personal end-user devices.