Joshua Burke says that mobile device management is both an art and a science. Find out how to best implement an MDM solution in your organization.
Mobile device management (MDM) solutions for the enterprise are exploding into the market, and selecting an MDM solution has never been more difficult. The industry is far from mature, the client bases for most vendors are small, track records specifically around mobile are short, and costs are all over the board.
MDM generally enters organizations as a tactical need; there's some point of pain that must be resolved immediately. The important steps of planning, evaluation, trial runs, and functional requirement documents get swept aside or severely truncated. I've heard stories of organizations purchasing MDM solutions based on as little as one phone call to an existing vendor purporting to have a "mobile solution." Organizations are often disappointed with even the medium-term functionality of short-run solutions but are pressed to make it work for budgetary reasons.
Conscientious businesses take a more proactive approach to mobile device management and seek to mitigate the emergent tactical needs with solutions that will serve in the longer term. Discussions around mobility usually go through three stages:
In general terms, discussions surrounding mobility shouldn't be considered complete until the "people" stage is reached. This is an important distinction that differs from the standard IT decision matrix. Most IT decisions are based on features and service, and they answer the question, "Will hardware, software, or service X meet the following functional requirements?" After this, the discussion moves to price and service levels. IT likes it this way because it's easy to spot the winners and make logical, data-driven decisions.
Mobility doesn't quite fit this logical model. There are other factors involved that IT isn't used to handling. For example, take the fundamental decision around purchasing corporate-liable devices or allowing personally-owned devices. Is the company willing to pay for corporate-owned devices for staff and implement support structures around mobility? Can the help desk provide the additional support for a "foreign" mobile device platform?
If this sounds quasi-normal, let's upset the apple cart with a true people-focused question: Do staff want to carry around two devices? Is anyone outside of IT keen to wearing the "bat-belt" of high availability to home and office? It's questions like these that we get to grapple with around mobility. And these kinds of questions drive IT nuts.
Let's try a similar scenario around BYOD. If the company says no to corporate-liable devices, are they ready to reasonably relax controls and have some give and take with staff? Is the support desk ready to start taking a shot at fixing whatever walks through the door instead of having known device types? Now, here's the people question: How will staff respond to giving IT a relatively high level of control over their personal devices? These are just a few of the myriad challenges that surround mobile management that IT isn't used to looking at.
I'm going to boil the argument down to its most fundamental point. Tablets and smartphones are emotionally charged tools. Human beings get attached to these devices in a peculiar way that's not shared with other digital productivity tools, and mobile management strikes at the heart of this strange affection.
I point this out because mobile management isn't like any other IT initiative you've ever launched — it's far more personal in the eyes of your end users. Because of the strange relationship that people have with their smartphones and tablets, your mobility management solution needs to take this into account. Here's how one should begin.
Start your selection process as you normally would, look at the offerings, build your functional requirements and narrow your vendor list. You are likely to be surprised how widely the feature implementations vary as you evaluate solutions, no matter what the sales reps tell you about market parity.
Once that feature level discussion is over, it's time to talk devices. Some of your device options will be constrained by the solution provider. Most MDM solutions cover a wide variety of devices, but many are more specialized to a particular platform. The device discussion isn't so much about what devices are supported as it is about finding out whether the supported devices sufficiently meet the business needs.
Items to consider in the device discussion include the need for device level encryption and whether you require regulatory oversight of the device data for things like legal holds and e-discovery requests. Think about these things up front, because they are very uncomfortable when they sneak up from behind. When you're fairly confident that you've got the right mix of features and devices to meet the business needs, then it's time to move to the final stage.
The process above is where IT usually quits and moves into procurement and implementation. With mobile, this is not an adequate departure point — that is, not if you want anyone to use the provided solutions. In the words of Monty Python, "Now for something completely different." The conversation should begin to look something like this, "We have the following capabilities on these devices, but what's reasonable to expect of the staff?"
If you are provisioning corporate-owned devices, this can be a far shorter conversation — after all, the company is paying for the devices and the monthly service. There's an expectation that the organization can do what it wishes with a device it owns. However, the conversation still needs to happen.
For corporate-liable devices, the conversation revolves around getting the right mix of control and functionality so that end users aren't frustrated by the discrepancy in usable features between personal and business devices. If your company wants PIN codes, passwords enforced, or hardware encryption, then do it. But when discussions start postulating about restricting apps, denying access to web sites, and so forth, it's time to re-focus on the business need. The temptation with these tools is to do some things because you can without asking whether or not you should. With mobile, it's a critical distinction. A small handful of draconian policies will ruin your mobility initiative and color it forevermore.
On the personal device end of the spectrum, focus your attention on defining the absolute minimum to meet requirements. Your end users will thank you, and your organization will reap the benefits in the form of reduced costs and more productive employees. In the personal device space, less is more.
Consider these questions surrounding your employee-owned devices: Is it necessary to enforce measures like PIN codes on personal devices? How would your client base respond to using a dedicated mail and calendar app for work? What would the acceptance level be of some "self-service" tools for mobility, like a web portal giving limited management capabilities over personal devices in the event that a device is lost or stolen? The answers to these questions should give you a good framework for the decision points around personal devices in the workplace.
The most important thing to remember about implementing MDM in your organization is that a mobile device is not another computer. Tablets and phones become personal — we humans just can't help it. MDM can help your enterprise corral the flood of mobile madness, but it can also turn the perception of IT into the control-freak-nerd-herd if things don't roll out quite right. Do the work up front to make the policies and their enforcement something that everyone can live with, and your MDM implementation will be a success.
MDM isn't just a software solution. In the end, it's both an art and a science. The artistry of mobile device management comes when you are able to look through the lens of corporate requirements and see the person and their mobile devices on the other end, using the devices in a way that makes sense to them, not to you.