The wrong move can make or break your enterprise mobility management implementation. Broad device support, automated enrollment and single sign-on are must-have features.
With mobile becoming a mature technology deployed by nearly every organization, whether through BYOD or corporate-issued devices, enterprise mobility management implementation is imperative. There are many product choices, and every IT department has unique needs and concerns. To find the best match, organizations should examine these five key EMM implementation considerations.
Device support
Unlike in the good old days of the standard Windows PC, not every mobile device has the same OS, architecture or other characteristics. With so many Apple iOS devices in the enterprise and a growing Google Android installed base, companies must find a way to secure both OSes on as close to equal terms as possible.
Android — particularly the large number of different versions of Android in the installed base — and iOS are different creatures, but most EMM tools have found a way to effectively manage both. Still, look closely at any tools to make sure there is equivalence and that they can support the organization’s strategic security goals across platforms.
Automated enrollment
With so much continuous change — the average useful life of a corporate mobile device is 12 to 18 months — it’s important to find low-cost ways to allow users to switch devices without heavy-duty IT involvement.
The best way is to implement an automated self-service feature for users to switch devices as needed and enroll them in EMM services. This approach can keep mobile’s total cost of ownership in check, and without it, the number of IT support personnel required will grow dramatically as device numbers increase.
Many EMM products have such self-service enrollment capabilities, but they don’t all work the same.
Single sign-on
The average mobile device user has to access five to seven corporate apps, and that number is growing. Expect a large uptick in support calls for lost passwords and login credentials.
Single sign-on (SSO) technology can dramatically reduce the amount of these calls, as well as the number of passwords that users have to remember. Further, SSO allows companies to set and enforce access policies equally across a variety of apps.
EMM tools often have SSO capabilities built in, but not all corporate apps can yet handle SSO effectively.
Protected workspaces
Some of the biggest concerns for organizations considering EMM implementation are keeping information safe and eliminating exposure to loss of corporate data. With so many different device security capabilities, it’s becoming increasingly difficult to do so uniformly.
One way to deal with this problem is to fully enable a protected workspace that secures the browser, email and other apps. Many EMM vendors, including BlackBerry, Citrix and VMware, offer this capability. It essentially installs a secure vault on the device and runs all corporate apps within that vault to prevent data leakage. Sometimes, this technology relies on the native capabilities of the device, but it can also install its own protected workspace.
Deployment model
When it comes to EMM implementation, many organizations overbuy by purchasing a complete suite license for each user and then only deploying basic capabilities, such as asset tracking and device wipe. Should they instead deploy basic mobile device management, which, in many cases, is free or close to free?
In most cases, the answer is no. Most organizations that only use a basic level of EMM capabilities are not fully protecting themselves against the high cost of data breaches and security incidents. Policy enforcement, geofencing, mobile application management and more are all essential components necessary to fully protect mobile devices and their data.
Feel free to contact E-SPIN for Enterprise Mobility Management infrastructure and application security, infrastructure availability and performance monitoring solution.
Related article:
