Post on 06-Apr-2018
8/2/2019 RIM sConsumerization IO#102523 E-Guide 120111
http://slidepdf.com/reader/full/rim-sconsumerization-io102523-e-guide-120111 1/10
Future proofing mobile
device management
8/2/2019 RIM sConsumerization IO#102523 E-Guide 120111
http://slidepdf.com/reader/full/rim-sconsumerization-io102523-e-guide-120111 2/10
Page 2 of 10 Sponsored by
Future proofing mobile device manageme
Contents
Future proofing mobile
device management
Mobile device strategy
bypassed as
enterprises face tablet
invasion
Resources from
BlackBerry
For many companies, mobile device management (MDM) is an afterthought; however, long-term success will
require some degree of integration between MDM and the
rest of your IT infrastructure and processes. This expert E-
Guide discusses best practices for future proofing your
mobile device management. Additionally, learn what you can
expect from the tablet invasion and why a mobile device
strategy is imperative as more tablets come on the scene.
Future proofing mobile device managementBy Lisa Phifer, contributing writer
For many enterprises, mobile device management (MDM) is an afterthought -
- a band-aid to mend the operational and security gaps created by workforce
mobility. Loosely coupled systems can address near-term challenges, but
long-term success will require some degree of integration between MDM and
the rest of your IT infrastructure and processes. Here, we consider several
"touch points" where MDM must (eventually) dovetail with past and future IT
investments.
On edge: Joining the corporate network
Integration with your corporate network -- usually at the perimeter -- is
required for nearly all mobility initiatives. Most MDM servers are deployed in
the network's demilitarized zone (DMZ). Some MDMs can use a proxy server
that sits in the DMZ, interacting with a main server inside the trusted network,
providing an added layer of defense.
In either case, you must permit selected network protocols and ports
between the MDM server/proxy and mobile devices, directly or through your
wireless carrier's gateway. In most cases, you will also need to allow narrow
communication between the MDM and other trusted servers (e.g., email,
directory). Typically, this integration requires firewall rule changes, but it can
also have an impact on your threat management policies -- for example, if
your firewall scans for viruses, will it do so before/after the MDM server?
8/2/2019 RIM sConsumerization IO#102523 E-Guide 120111
http://slidepdf.com/reader/full/rim-sconsumerization-io102523-e-guide-120111 3/10
Page 3 of 10 Sponsored by
Future proofing mobile device manageme
Contents
Future proofing mobile
device management
Mobile device strategy
bypassed as
enterprises face tablet
invasion
Resources from
BlackBerry
Over the air: WLAN infrastructureMany mobile devices spend their lives interacting with the corporate network
from afar, but some devices -- particularly those with Wi-Fi interfaces -- can
also be local. In this case, your MDM may need to interface with your
wireless LAN infrastructure.
Your MDM may supply its device inventory database to your WLAN switch or
wireless IPS for access control or intrusion detection. In return, your WLAN
may supply your MDM with valuable insight into connection status and
historical activity. Today, these systems tend to interact through file
import/export and alerts, but converged devices with multiple wirelessinterfaces will lead to tighter integration.
Who goes there? Authentication and identity
MDMs can have their own user databases, but most enterprises want to
reuse existing authentication services and identity stores (e.g., Active
Directory, LDAP, eDirectory). This creates two integration points:
authentication and policy storage.
When a user tries to activate a new device or access services (e.g.,
password reset), your MDM must validate that user's credentials. For
example, your MDM might use Active Directory to log a mobile user into your
Windows domain, retrieving policy attributes that dictate what that user can
and cannot do. You may also want to use that directory to store MDM-
generated attributes -- for example, binding mobile device IDs to users.
All together now: Desktop management
If your company already uses a desktop management system like LANDesk
or Microsoft System Center, it could make sense for you to tap those
products (directly or using plug-in extensions) to configure and maintain your
mobile devices too.
But a single device management system may not be a good fit for your
mobile workforce. Perhaps you need to support more diverse mobile devices,
or perhaps you have already invested in a pure-play MDM that focuses on
mobile needs. In those situations, you many still find opportunities to reuse
8/2/2019 RIM sConsumerization IO#102523 E-Guide 120111
http://slidepdf.com/reader/full/rim-sconsumerization-io102523-e-guide-120111 4/10
Page 4 of 10 Sponsored by
Future proofing mobile device manageme
Contents
Future proofing mobile
device management
Mobile device strategy
bypassed as
enterprises face tablet
invasion
Resources from
BlackBerry
policies, practices and staff to simplify maintenance and promoteconsistency, for both administrators and end users.
Layer defenses: Mobile security solutions
Many MDM solutions incorporate a few security features -- for example,
some present their own login screen to authenticate device access and
enforce policies regarding password length, complexity, update and
recovery. However, MDMs do not necessarily provide all the security
measures you may need to deploy on a given mobile device.
For example, a growing number of businesses want to encrypt data storedon mobile devices. Although some MDMs do this, many do not. Furthermore,
you may want to use third-party data encryption that delivers cross-platform
support for smartphones, PDAs and laptops. Even so, there may be
opportunities for integration, like using your MDM to install the encryption
program and verify correct configuration and operation. Similar possibilities
exist for other third-party security solutions (e.g., VPN, antivirus).
Keep your eye on the ball: Event monitoring
Most MDMs collect a wealth of information about mobile devices and their
activities for purposes of reporting, alerting and auditing. Of course, you
probably already have numerous event sources throughout your corporate
network -- and perhaps even a central event management system to analyze
them.
MDMs can fit into that "big picture" by supplying real-time alerts (e.g., traps,
email) and historical logs describing mobile devices and their activities. This
integration point may eventually leverage standards -- for example, the Open
Mobile Alliance (OMA) Device Management (DM) standard specifies a
Generic Alert to convey client- or server-initiated management alerts.
Means to an end: Mobile applications
A well-oiled MDM can help you meet your business goals, but ultimately what
really matters is whether mobile users can reach business applications. For
example, your users may need to reach your Microsoft Exchange or
8/2/2019 RIM sConsumerization IO#102523 E-Guide 120111
http://slidepdf.com/reader/full/rim-sconsumerization-io102523-e-guide-120111 5/10
Page 5 of 10 Sponsored by
Future proofing mobile device manageme
Contents
Future proofing mobile
device management
Mobile device strategy
bypassed as
enterprises face tablet
invasion
Resources from
BlackBerry
Communicator server; and your MDM can play an important role in makingthat application accessible to mobile users.
For starters, your MDM may deploy packages, settings and policies required
for mobile devices to access those servers. Some MDMs also play an active
role by serving as a gateway to connect mobile users to back-office
enterprise servers, applications and data. Others can be paired with mobile
application offerings from the same vendor to provide value-added features
(e.g., push email delivery).
Over time, mobile devices will become an integral part of enterprisenetworks. Although close-knit integration of management services, policies
and IT practices will not be achieved overnight, it will be necessary as more
workers replace desktops with laptops and then leave their laptops behind in
favor of handheld devices. The sooner you start thinking about potential
MDM integration points, the faster you will accomplish unification and the
less you may be forced to rework along the way.
Mobile device strategy bypassed as enterprises face tablet
invasion
Unless you live in a cave, you and your company are likely being impacted
by the massive tablet invasion—be it with the iPad, Xoom, PlayBook or the
many other tablet devices becoming available. Some end users obtain their
own tablet device and then demand to bring it to work and use it with
corporate apps. Others, especially higher-ranking executives, can demand
that IT furnish them with a connected device to supplement—or in some
cases replace—their laptops. But our research at J. Gold Associates
indicates that most enterprises are dealing with the tablet invasion on an ad
hoc basis. Indeed, few companies we have spoken to currently have a
mobile device strategy in place to deal with this massive influx of non-
standard, and often non-protected, tablet devices.
Companies should examine multiple issues when evaluating what to do
about the growing demand and installed base of tablets. We are seeing a
8/2/2019 RIM sConsumerization IO#102523 E-Guide 120111
http://slidepdf.com/reader/full/rim-sconsumerization-io102523-e-guide-120111 6/10
Page 6 of 10 Sponsored by
Future proofing mobile device manageme
Contents
Future proofing mobile
device management
Mobile device strategy
bypassed as
enterprises face tablet
invasion
Resources from
BlackBerry
rapidly increasing number of companies that allow user-obtained devices—tablets and smartphones, but usually not laptops—to be brought into the
organization. In fact, about 25% to 35% of enterprises currently have a "bring
your own device" (BYOD) policy in place, and we expect that to grow to over
50% in the next one to two years.
As a consequence of the tablet invasion, corporate-sensitive data assets are
being put under increased security risk. In fact, most tablets (and many
smartphones) currently have the processing power and memory storage
capability of PCs that were put out just a few years ago. Subsequently, a
significant amount of sensitive corporate data—such as business email,customer databases, corporate presentations and business plans—is making
its way onto these devices. And this is often taking place without oversight
and/or without implementation of the inherent protection levels we have
come to expect on PCs, including complex passwords and user
authentication, encrypted data files and VPN connectivity.
Most preferred enterprise tablet?
At this point the only clear winner in the enterprise tablet space is theiPad.
That said, the battle is not yet over. Both Android tablets—particularly the
Moto Xoom and the Samsung Galaxy —have a shot now that the newer
devices with Honeycomb are on the market, and both are adding enterprise-
specific capabilities beyond base-level Android. The BlackBerry PlayBook is
also getting interest from RIM shops where the advantage of having a
uniform mobile device platform is attractive.
In the short term, momentum is clearly with iPad, but PlayBook—which is
outselling Xoom—and the other Android tablets are nipping at iPad’s heels.
In the longer term, I think the market will be more diverse, possibly making
room for marginal players like Microsoft and its Windows 8 tablet.
It is quite common for users to lose their mobile devices. In fact, we know of
one corporate executive who went through three iPads in six months and
another who had six different iPhones within a one-year period. While these
may be extreme examples, imagine the type and amount of sensitive data
contained on these devices. With 32 GB to 64 GB of storage now
8/2/2019 RIM sConsumerization IO#102523 E-Guide 120111
http://slidepdf.com/reader/full/rim-sconsumerization-io102523-e-guide-120111 7/10
Page 7 of 10 Sponsored by
Future proofing mobile device manageme
Contents
Future proofing mobile
device management
Mobile device strategy
bypassed as
enterprises face tablet
invasion
Resources from
BlackBerry
commonplace on these devices, just how much of your sensitive data can bedownloaded and lost?
The Ponemon Institute estimates that each exposed personal data record on
a lost or stolen mobile device costs a company $258 to remediate. So
someone losing 10,000 records will cost a company $2.58 million, not to
mention any additional penalties that a regulatory agency might impose due
to lack of compliance (regulated industries take note).
Based on the numbers of laptops lost each year (5% to 10%), and the
number of smartphones lost each year (15% to 25%), we estimate that mostorganizations will see tablets go missing—either lost or stolen—at a rate of
10% to 15% each year. For example, a company with 5,000 users will lose
250 to 500 laptops per year, and once tablets are widely deployed, as many
as 500 to 750 tablet devices could go missing each year. In the wake of this
tablet invasion, it is imperative that companies create a tablet security
strategy that protects the most valuable asset—no, not the tablet device, but
the data residing on the tablet. While the device may cost several hundred
dollars, the data could be worth millions.
What should a company do to accommodate user choice while protecting its
data assets and preventing potentially costly and damaging losses? First, it
must create a detailed mobile device strategy that addresses the various
mobile device types, the individual capabilities and functions of the
respective device types, the ability (or inability) to secure the devices, and
the user classes that are permitted access to various devices, apps and
corporate data.
This becomes the basis for an enterprise's mobile strategy that will maximize
the security of corporate assets while minimizing the total cost of ownership
(TCO). Indeed, while overlooked by many organizations, the actual cost of
the mobile device is only 15% to 25% of the TCO, which can often reach
$2,000 to $3,000 per user/per year for many smart devices. Creating a
mobile device strategy should be mandatory for all organizations, especially
in the wake of the tablet invasion. A mobile device strategy is not just about
security, it's also about operational excellence and cost containment.
8/2/2019 RIM sConsumerization IO#102523 E-Guide 120111
http://slidepdf.com/reader/full/rim-sconsumerization-io102523-e-guide-120111 8/10
Move up to MORE
Welcome to the next generationof mobile device management
Introducing BlackBerry® Mobile Fusion. Available early 2012,
BlackBerry Mobile Fusion brings together:
• Market-leading BlackBerry® Enterprise Server 5.0.3 management
capabilities for BlackBerry® smartphones
• New management capabilities for BlackBerry® PlayBook™ tablets
built on BlackBerry Enterprise Server technology
• Mobile device management for smartphones and tablets running
Android and iOS operating systems
BlackBerry Mobile Fusion will also support future generations
of BlackBerry operating systems.
© 2 0 1 1
R e s e a r c h I n M o t i o n L i m i t e d .
A l l r i g h t s r e s e r v e d .
B l a c k B e r r y ® , R I M ® ,
R e s e a r c h I n M o t i o n ® a n d r e l a t e d t r a d e m a r k s ,
n a m e s a n d
l o g o s a r e t h e p r o p e r t y o f R e s e a r c h I n
M o t i o n
L i m i t e d a n d a r e r e g i s t e r e d a n d / o r u s e d i n t h e U . S .
a n d c o u n t r i e s a r o u n d t h e w o r l d .
A l l o t h e r t r a d e m a r k s a r e t h e p r o p e r t y o f
t h e i r r e s p e c t i v e o w n e r s .
www.blackberry.com/mobilefusion
Get the details
Join us for a free webcast where
our BlackBerry® experts will
help you understand how
BlackBerry Mobile Fusion will
change the way you manage
mobility within your
organization.
8/2/2019 RIM sConsumerization IO#102523 E-Guide 120111
http://slidepdf.com/reader/full/rim-sconsumerization-io102523-e-guide-120111 9/10
Page 9 of 10 Sponsored by
Future proofing mobile device manageme
Contents
Future proofing mobile
device management
Mobile device strategy
bypassed as
enterprises face tablet
invasion
Resources from
BlackBerry
Resources from BlackBerry
How To Regain IT Control In An Increasingly Mobile World
The BlackBerry PlayBook tablet’s Good Bones
Creating the Enterprise-Class Tablet Environment
8/2/2019 RIM sConsumerization IO#102523 E-Guide 120111
http://slidepdf.com/reader/full/rim-sconsumerization-io102523-e-guide-120111 10/10
Page 10 of 10 Sponsored by
Future proofing mobile device manageme
Contents
Future proofing mobile
device management
Mobile device strategy
bypassed as
enterprises face tablet
invasion
Resources from
BlackBerry
Free resources for technology professionalsTechTarget publishes targeted technology media that address your need for
information and resources for researching products, developing strategy and
making cost-effective purchase decisions. Our network of technology-specific
Web sites gives you access to industry experts, independent content and
analysis and the Web’s largest library of vendor-provided white papers,
webcasts, podcasts, videos, virtual trade shows, research reports and more
—drawing on the rich R&D resources of technology providers to address
market trends, challenges and solutions. Our live events and virtual seminarsgive you access to vendor neutral, expert commentary and advice on the
issues and challenges you face daily. Our social community IT Knowledge
Exchange allows you to share real world information in real time with peers
and experts.
What makes TechTarget unique?TechTarget is squarely focused on the enterprise IT space. Our team of
editors and network of industry experts provide the r ichest, most relevant
content to IT professionals and management. We leverage the immediacy of
the Web, the networking and face-to-face opportunities of events and virtualevents, and the ability to interact with peers—all to create compelling and
actionable information for enterprise IT professionals across all industries
and markets.
Related TechTarget Websites