What is your company doing about MDM?
So as we all move forward in this mixed Mobile Device world, what steps are your companies taking to ensure that every device is complaint with current company acceptable use policies? I know that there are a few software developers out there that promise great things on Mobile Device Management(MDM), but is anyone using them? Mobile Iron, Tangoe MDM, Zenprise, Trust Digital?
It appears that in a recent converstion with our Tech Rep at Cisco, that us as administrators are all standing around scratching our heads trying to figure out how we can incorporate all of these fantastic devices into our environment. How can we determine the actual security of such devices and be able to ensure data integrity across all platforms? As we all know the customer base drives our world. So when the customer is the CEO with a new iPhone, we have to figure out how to make it work. What are you doing in your company? |
2 words. BB and BES.
If you are a publicly traded company, You can explain to the CEO that the iPhone will likely not meet audit requirements. And the customer base does not drive our world. Corporate policies drive our world. I'll deploy any device that does not contravene corporate policies. |
That doesn't hold water anymore.
The CEO and auditors want BlackBerrys and BES and iPhones and iPads. You can do secure mobile device management and if you think your employees don't already have multiple devices, you are wrong. Secure your ActiveSync environment. Discuss availability of secure VPN tunnels with your VPN environment. Write processes and proceudres around what is and is not allowed. Push down equivalent security policies to all devices. It can (and must) be done right. |
Quote:
One thing we found works better with Active sync, is to set the password attempts to 6 instead of 10. Apple has written there software that after 5 attempts, it disables the device for 1 minute, then 5, then 15, then 30, then 1 hour, then wipes it, if you leave the password attempts at 10. So by decreasing it to 6 now you will have the device wiped in 60 minutes not 2 hours. Enforce encryption on the device. I know that the device is encrypted, but the data transmission must be as well. Also WHY OH WHY would you EVER put more than one Exchange account on a device? Your policy's must be comprehensive donxxx8217;t leave any room for error. Your users must know that the device will be bricked at any point for any reason. So they are required to do backups on their own devices. Release your company of the financial liability that comes from having iTunes loaded on a company PC. Also if your company is considering allowing personally owned devices to connect to company resources check your computer usage policy. See what can or should be allowed on a personal phone with company info. Determine whether or not your company is going to pay for the personxxx8217;s data package. Most carriers up charge to have enterprise email. When looking at VPN or Citrix, know the cost. Do you have enough licenses to cover all of the new connections? Know how to use the iPhone configuration utility. It is a free download. The problem with the native utility is that to put it on a phone, the phone has to be physically connected to the PC with the policy. You may also want to consider a product for email like GOOD. It will sandbox the application and when you wipe email off, it doesnxxx8217;t touch personal info. It will also do a check for a compromised device and allow you to use the iPhone config tool to put a policy on that will configure things like VPN or recommend apps for download. Also we all need to find a way to check for hacked (jailbroken), etc. devices. Beware of vendors hawking really cool apps that connect to the web or require you to put a hole in your firewall to work. It seems that the vendors havenxxx8217;t figured it out either. Remember we are all in this changing environment together and we too must adapt or get left behind. P.S. I get my new torch tomorrow for testing.. :razz: |
Here is what I received from our Apple rep:
Mobile Device Management (MDM) - Third Party Solutions iPhone and iPad both support Mobile Device Management, giving businesses the ability to manage scaled deployments of iPhone/iPad across their organizations. These Mobile Device Management capabilities are built upon existing iOS technologies like Configuration Profiles, Over-the-Air Enrollment, and the Apple Push Notification service and can be integrated with in-house or third-party server solutions. This gives IT departments the ability to securely enroll iPhone/iPad in an enterprise environment, wirelessly configure and update settings, monitor compliance with corporate policies, and even remotely wipe or lock managed iPhone/iPad devices. Here is a list of third party mobile device management companies (in alphabetical order): AirWatch - AirWatch is a Web-based Solution with Multi-tenant Architecture John Marshall 404-925-8539 Good - Good on iPhone, iPad, and iPod Touch DC Cashman 415-652-1597 Mobile Iron - iPhone Security & iPhone Management Solution | MobileIron Mike Leigh 408-828-6885 Sybase (SAP) - Sybase iPhone Enterprise Solutions - Mobile Device Management Application & Software - Sybase Inc Chuck Vertrees 208-287-6111 Tangoe - Enable the Potential of your Smartphone Infrastructure | Software Tiffany Benson 602-570-0108 Trust Digital (McAfee and Intel) - Enterprise Mobility Management EMM | Device Agent | Trust Digital Sandrine Goodman 703-380-2324 Zenprise - Zenprise Kelly Thayer 530-277-1661 Here is a summary of the capabilities of the iOS 4 MDM APIs (enhanced now with Query and silent OTA Management capabilities): • Enrollment - user authentication, certificate enrollment, device configuration • Configuration of settings - accounts, policies, restrictions and other settings • Queries - device information, network, compliance, security, applications • Management - remote wipe, remote lock, clear passcode, configuration/provisioning profiles Capabilities are further outlined in this document: http://images.apple.com/iphone/busin...iPhone_MDM.pdf |
Ixxx8217;m surprised BoxTone isnxxx8217;t in this list too. From what I have seen, all of the vendors in this list do not have access to the iOS4 APIs. IIRC AirWatch and Trust do xxx8230; the Webinar Zen just did didnxxx8217;t showcase anything iOS4 specific so I doubt they have access xxx8230; and Good hasnxxx8217;t shown anything iOS4 specific either.
|
So would you all entertain a solution that was built to encompass all of the OS's/device types? What would you look for?
Would you like the program to be as user friendly as possible with sync to the device password? In other words would you like a secure app, with device password authentication? You can require a password on the iphone/droid, but if you are using something like Good, you still have to put in a password to get into email. So now its not the same experience as Active Sync. Would you want one console to administer that pushes out your policy and translates it to whatever platform the user has? Would you want an approval process built into it that would add people to your console, then allow them to self enroll? Would you want your users to have to connect to VPN for all web traffic, so that they are restricted by your firewall rules? How are you going to limit hourly employees from accessing email after their work hours? Would you want the console to have roles, like BES? Would you have this console be web based like BES? Would you want it to integrate into your BES management? So it would be a one stop shop for management? Would you like to have your own app store, where your users could go out and pick up recommended apps? What is your wish list for Mobile Device Management? |
I have a webex with Zenprise tomorrow. Will let you know what they say. They claim to be able to do selective wipes, Remote control for win & android not apple, jailbreak/Rooting detection.
They have also changed their pricing structure to per device not per mailbox. So I will let you all know how it goes. |
Re: What is your company doing about MDM?
We are actually looking at both Mobile Iron and Airwatch as our MDM solution for other smartphones. MDM from these companies have come a long way in the last 3 months. I don't think it will ever replace the BES but it finally has the flexibility to comply with our policies.
|
Re: What is your company doing about MDM?
What I have seen is that if you plan to manage Blackberry devices in the enterprise and manage iPhone in the enterprise, using a software like AirWatch is the best solution. I especially like the insight they have into working with Apple products like the iPad.
|
Re: What is your company doing about MDM?
We've got a whopping two Apple devices in our organization now, though neither of them have any sort of enterprise access on them at the moment, so there are no policies in place for the devices. They are just toys at the moment until we figure out if there will be future adoption or not.
As it stands, our iPad may go the way of the Dodo if the Playbook ends up being half of what RIM says it will be. So far, the only thing I've really had to deal with has been BES. Since our organization has used Blackberry exclusively for close to a decade now. If we DO end up continuing to adopt non-BB devices.... Then I will need to look into some of these solutions myself. |
Re: What is your company doing about MDM?
FYI, Airwatch was purchased by Motorola.. So expect the same sort of assimilation of their product as many other Moto purchased companies....
|
Re: What is your company doing about MDM?
Quote:
|
delete
|
Re: What is your company doing about MDM?
check out Trellia Networks for MDM solution
|
Re: What is your company doing about MDM?
This is a response from the AirWatch PR team. AirWatch has not been purchased by Motorola. The company is privately held and 100% funded by its executive leadership team. AirWatch has been recently recognized by Gartner as a leader in mobile device management software. AirWatch has a global presence with over 1000 customers. AirWatch will be exhibiting at BlackBerry World in Orlando May 3-5 and Interop in Las Vegas May 8-12.
Please contact AirWatch if you have any questions. 866.501.7705 | | air-watch.com |
Re: What is your company doing about MDM?
Thank you Airwatch for clearing that up. I just assumed when the Motorola rep said it, well... you know how that goes.. I wonder who they did purchase though?
|
Re: What is your company doing about MDM?
We did go with MobileIron though after looking at all of the different solutions. They fit our needs better than anyone else we looked into.
|
Re: What is your company doing about MDM?
I think b52junebug may have confused Good with Air-Watch. Good was purchased by Motorola a few years back. They did nothing with it then sold it again.
If you are wanting the same level of security as BES, Good is probably the only option right now in the MDM market. Like BES they don't use active sync and go via a NOC. |
Re: What is your company doing about MDM?
Quote:
You are correct in talking about the fact that Good sandboxes the experience, however the biggest complaint is that because it is sandboxed, it decreases the user experience. So you have to ask, Security or Mulitple logins, other issues with having a Sandboxed solution. |
All times are GMT -5. The time now is 04:56 AM. |
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2024, vBulletin Solutions Inc.