Mobile Device Management From the Trenches

If your employees are BYOD (and they are), you need MDM. Here is some advice from pratitioners who have been down that road.

Before diving into an MDM solution, take some advice from enterprise IT leaders who have walked that path.

Your employees are using their own devices to access work files and tasks. Most companies know it and some still don't, but it's surely happening. Bring-your-own-device (BYOD) empowers employees and makes them happier and more productive (even though employers worry about productivity taking a hit); it may also save the company money. But BYOD comes with costs, especially in the areas of maintaining security and control.

If employees are using their own devices in significant numbers -- and you can assume that they are -- then two things are called for: a comprehensive BYOD policy, and some form of mobile device management (MDM).

Depending on the solution chosen and the depth of implementation, MDM can provide mobile device locking or wiping; selective deletion of only work files; mandatory encryption; and/or fine-grained control over who has access to what company documents.

Computerworld is running a detailed piece by Todd R. Weiss on the experiences of several organizations in developing and running MDM and BYOD programs. Weiss summarizes tips for getting started with an enterprise MDM strategy. Here is a sampling:

Decide whether workers will BYOD or will use corporate-issued devices.
Make sure that the chosen devices can handle the required level of security.
Create and implement strong security and device-use policies; communicate them to employees from the beginning.
Require and implement mandatory strong passwords.
Consider your MDM plan through the legal lens of each state and nation in which the company does business.

Weiss writes that Edelman, the global PR firm, decided the first point above in favor of company-supplied BlackBerries. The RIM devices got the nod for reasons of both cost and security. The company is able to negotiate better rates with carriers when it brings a large number of devices to a corporate account. And RIM's security features are far ahead of those provided by iOS or Android devices.

Pasadena-based Jacobs Engineering Group took a different approach, according to Weiss. The company bought phones for its 45,000 employees but stopped paying the wireless bills on them -- a policy the company calls "wireless divestiture." Jacobs worked with cellphone carriers to secure good deals for employees, and their initial resistance subsided.

Jacobs required employees to sign consent forms for the company to perform remote data wipes if a device is lost or stolen. The company provided employees with training in backing up and protecting their personal data. A Jacobs spokesman said that the remote-wipe option had been invoked "a few times."

Edelman set requirements for strong passwords on all devices, Weiss reports -- passwords must be of a minimum length and a required level of complexity. Data encryption is mandatory on the company's BlackBerry devices.

The suggestion to check the legal angles in all localities arises from Jacobs's discovery that requiring employees to start paying phone bills can run afoul of employment contracts -- which in some places, the EU for instance, are complicated to change.

MDM and BYOD policies are not simple problems to tackle. Read Todd R. Weiss's article for more nitty-gritty advice from practitioners in the trenches.