1 Enterprise Mobility Vision Checkup The 10 Keys to Seeing 20/20 on Your EMM Vision Mobile devices, BYOD initiatives, cloud applications, and new technologies have ushered in fundamental changes in the way corporate IT needs to think about and manage endpoints. Accelerite
2 Introduction Almost every industry is being reshaped by mobility and cloud applications. In schools, mobile devices and cloud applications are helping to enrich the learning experience and improve collaboration. In healthcare, practitioners and patients increasingly rely on mobile devices and cloud applications to access real-time medical information, consult with peers across the globe, and make diagnoses all in ways that help improve patient care and outcomes. Yet, across every industry, the fundamental IT mobility challenges are roughly two-fold: 1. How does IT enable mobility without compromising security? 2. How can IT scale to manage the rapidly expanding number of devices, device types, and platforms without adding headcount or incurring runaway costs?
3 Time For A Mobility Management Vision Checkup Perhaps you are well on your way to categorizing risks and identifying mobility management capabilities you sorely need. You may even have basic MDM and some other mobility features, but have you: A. Clearly identified what your organizations wants to get out of mobility? B. Scoped out a plan to help realize those organizational mobility aspirations? C. Identified a comprehensive solution that will allow you to securely enable your mobile enterprise today, as well as easily adapt and scale as the endpoint universe, and your needs, continue to evolve? This white paper will equip you with the knowledge you need to focus your mobile enterprise vision and to choose the right, long-term mobility management solution for your organization. We will: Briefly reflect on some data on risks in the mobile landscape Identify some shortcomings of current mobility management approaches and feature sets (i.e. standalone MDM) Provide you with parameters with which to gauge your needs across 5 mobility management feature categories Identify the 5 management functions to prioritize in evaluating your next mobility management tool
4 Recent Data Reveals Mobile Device Risks, Confirms Corporate IT Fears While in the past, corporate IT provisioned all the tools an employee needed to do his or her job, today s workers increasingly expect to use the tools (devices and apps) of their choosing, and when their needs are not satisfactorily met, they will frequently try to circumvent IT. In fact, an alarming 66% of respondents in a January 2015 Ponemon Institute Study fessed up to downloading mobile apps without their employers approval. Additionally, only 19% of these employees made sure the apps did not contain viruses or malware, and just 22% say they think such behavior puts their company at risk. 1 In a March 2015 report based on the analysis of hundreds of thousands of mobile applications installed in corporate environments, researchers found that the average global enterprise had an astonishing 2,400 unsafe mobile applications installed. 85% of these unsafe applications were said to expose sensitive device data, and over one-third of the applications performed highly suspicious actions, such as checking to see if the device is rooted, recording phone 2 calls, and transmitting sensitive information to overseas locations for no identifiable reason. IT departments are increasingly feeling the heat, and are wary of how to best navigate this dynamic mobility landscape. In another recent Ponemon survey of 703 US IT and IT security practitioners, 75% of respondents believe their mobile endpoints have been the target of malware over the last year, and over two-thirds cited cloud applications, difficulty 3 enforcing endpoint security policies, and BYOD as top factors for increased endpoint security risk in However, while IT recognizes the risks, rather than closing the gap, many organizations are losing ground in addressing mobile endpoint security and management.
5 MDM Provides Some Essential Functionalities but has Shortcomings As mobile devices started hitting networks, MDM tools arose to configure, track, and enforce basic security requirements (i.e. enforcing device passcodes and antivirus, disabling built-in cameras), while also performing actions, such as remote wipe. For today s mobile enterprise, basic mobile device management (MDM), is no longer enough. Think of MDM as a set of features not a comprehensive mobility solution. MDM only works at the device-level, essentially creating a device superuser, which can feel invasive to the users and actually discourage mobile adoption. MDM also has shortcomings when it comes to overall mobile security, such as preventing data leakage, and in enabling the complex workflows required by today s mobile workforce. Over the past couple of years, an alphabet soup of additional capabilities have bubbled up on the mobility scene, including, MAM (mobile application management), MCM (mobile content management), and more, to layer on security, content and enterprise information management capabilities. Today, mobile solutions may include advanced document management features, employee collaboration features, location-aware management, elaborate containerization mechanisms, and more. With the breakneck pace of mobility and endpoint evolution (think wearables and IoT), it may seem that just when you get your head around one concept, a new acronym materializes that seems to promise the next must-have feature.
6 Today, a collection of the core must have, along with many other nice-to-have, workforce mobility capabilities are commonly known as enterprise mobility management (EMM). As the mobile landscape continues to briskly evolve, what exactly belongs in an EMM solution, as well the definitions of its various components (MCM, MAM, etc.) are still blurred and very much up for debate. Also, while some pure-play EMM providers may offer a massive catalogue of features, many are of unproven, even questionable, value. However, what it ultimately boils down to is knowing the features and capabilities that your organization needs today, while also recognizing that the rapidly expanding and morphing device universe means you need a solution that will allow you to flexibly scale as your needs change. Many organizations find themselves caught in the trap, or endless cycle, of adding new mobility management capabilities with additional pieces of software tools or hardware in parallel, rather than having it all managed from a single integrated platform. Thus, current approaches to enterprise mobility management are suboptimal, or even outright counterproductive, in the following ways: Relying on multiple tools for various endpoint functions increases complexity and IT administrative burden With multiple tools in use, policy application can become inconsistent and difficult to coordinate Each tool s release cycle will be different, resulting in IT being inundated with upgrades and changes all the time Reports and dashboards between tools will essentially be separate, resulting in loss of valuable insights that IT could otherwise gain from a holistic, integrated dashboard Administration, infrastructure, and license costs will increase significantly with each separate tool How do you find a stable, long-term mobility management fit for your organization? What you don t want to do is have to go back to the drawing board every time the industry takes a turn and the definition of enterprise mobility, whether it subtly or dramatically, changes with each piece of innovation. Bring Your Workforce Mobility Vision into Focus A critical evaluation of tools and planning to identify your truly indispensable features from the start can mean the difference between a well-timed entry into mobility adoption as opposed to mobility morphing into a blunt instrument that turns out to be expensive and overly onerous to manage for IT. Focus on your near-term needs, but choose a future-proof solution that will provide both flexibility and scalability should your mobility management needs change over time.
7 How Can You Confidently Identify the Right Solution for Your Enterprise? Mobility & Cloud Applications Have Caused a Seismic IT Shift TODAY IN THE RECENT PAST Laptops & PCs Employees By dozens Browser-secured Corporate LAN/WAN On Server Internal Corporate-owned DEVICES NETWORK Admin-driven USERS Behind firewall APPLICATIONS DATA Laptops & PCs Corporate LAN/WAN Employees By hundreds Device local store Corporate-owned Smartphones Public Wifi Cellular User-centric Customers On endpoint Outside firewall Unsecured Third-party & internal Tablets Hotspots Vendors BYOD Partners Even amidst the seismic IT landscape shift that has ushered in today s mobile-first, cloud-first world, the principal needs of IT remain fairly consistent. IT departments want to: Efficiently configure, manage, and retire devices. Reliably distribute apps, software and updates that support their business. Ensure security and compliance on endpoints. To poise your organization to successfully enable the mobile enterprise, IT needs to focus on ensuring that any mobility management solution they evaluate delivers the core functionalities across these 5 key spheres: device, user, application, data, and network.
8 Here are some guidelines to ensure that you can identify the focused, must-have features for your organization and get the right bang for your buck from your mobility implementation without getting sidetracked or overwhelmed by complex, time-consuming, and expensive features. 1. Devices In most cases, it is more critical to secure the corporate data on the device as opposed to just the device itself. In the recent past, data was well secured in the ERP backend; whatever data did come out of ERP was safeguarded within a controlled and standardized browser environment. Today, with the rise of mobility and the cloud, data resides on the device local store and outside any system-controlled security zone of the enterprise. So, where does that leave you? When evaluating mobility management solutions, prioritize device registration, configuration, and management capabilities. More complex, device-level security services could potentially enhance your security posture, but may only make sense for organizations in instances when you have a compelling reason to secure and control the entire device, such as bulk device purchase for students, hospital staff, or delivery services staff, etc. that need to be fully locked down for regulatory, security, or legal reasons. The corporate landscape is littered with the carcasses of failed BYOD initiatives undone either by stringent device-level policies that rendered the devices difficult to use, or by MDM solutions and their agents demanding too much control of the personal device, to which end users are usually reluctant to accede. 2. Applications Today, it s at least as much about mobile applications as it is about devices. Applications have undergone an upheaval from being web-based, running on the browser and essentially safe behind a firewall, to running outside the firewall and directly onto the endpoint. While enterprise-class applications, such as Dropbox, SalesForce, and Office 365 are designed to minimize security risks and maximize productivity, many consumer-grade applications suffer from various technical flaws that could result in errors, or even data loss. For instance, FireEye reported that a stunning 73% of the 1,000 most downloaded free Android apps in Google Play do not check server certificates when communicating 4 with the server, and 77% of those apps ignore any SSL errors generated when communicating with the app server. These present gaping vulnerabilities that can be exploited by man in the middle (MitM) and other attacks. Additionally, some applications (social media, games, etc.) can sap productivity as well as introduce malware. Application distribution and lifecycle management capabilities provide a powerful set of business productivity tools for the enterprise that can help provide a competitive edge, improve efficiency, reduce costs, and more. Look for tools that allow you to deploy, configure, update, secure, and retire applications for groups and individual users. Advanced features, such as location-based app policies, geo-fenced apps, app social features, app development, and runtime management have their use cases, but can also create unnecessarily convoluted workflows that might ultimately be counterproductive to implement. Again, it all depends on your enterprise s needs. To get the most from your mobility management investment, partner with your business teams to help identify, understand, and prioritize your requirements around app management. Discerning what is imperative versus what is strictly nice to have can make a huge difference! This will ensure that you get the necessary set of features for your organization, which will, in turn, make your mobility implementation more focused and affordable.
9 3. Application Data Security of application data is a vital aspect for an EMM solution. App wrapping / containerization, passcode protection, data leak prevention, encryption, and the ability to selectively wipe business data from a user s device without wiping personal content are all desirable features to have in a mobility management solution. Often, applications are capable of securely handling and managing their own data. So, while security of application data is critical, first consider how applications are architected and integrated into your organization, and determine if some of the security is, or can be, built into the applications rather than being added on top of them as an afterthought in your application management solution. Additionally, building the mobile apps with some forward planning and discipline can go a long way in ensuring that data on endpoints is secure. 4. Users To foster and support a successful mobile and BYOD-friendly enterprise, the user workflows should be seamless across any devices a particular worker may use. However, this goal can be complicated even further in the many instances when users may encompass not just employees, but often vendors, partners, and customers as well. The more inconvenient and intrusive the corporate features, the more likely your mobility management implementation will seesaw over into productivity strangling, rather than productivity enabling. To deliver on a smooth workflow for your users, key in on the ability for seamless integration with your existing directory services, groups and roles, which will ensure consistency of policies being applied on users and their devices. Also, put a high value on features that enhance the employee experience and satisfaction. For instance, demand self-service features that simplify enrollment and onboarding, and provide the ability to establish a self-service app store, with role, or employee-based, access rights for certain apps. In addition to enabling productivity and boosting employee satisfaction, intuitive, invisible-to-the-user workflows can significantly reduce the administrative burden on your IT team and free up money, while allowing IT members to be deployed to tackle higher value initiatives. 5. Network Work is no longer confined solely within the corporate walls of the business LAN/Wi-Fi connectivity. Today, employees may have many alternatives to working from the corporate office they may work from home, a coffee shop, or while on-the-go. They could use a cell network, public Wi-Fi, or a Hotspot. This externalization of the network presents one of the principal challenges that traditional endpoint management tools encounter when trying to support the mobile-first, cloud-first world. Here, issues IT may confront include speed of delivery, bandwidth usage, deployment architecture imposed on the organization, and authentication challenges, to name a few. Validate that your endpoint management solution is capable of delivering its services across these changes in network without compromising on the quality of experience, bandwidth costs, your organization s security posture, robustness of enterprise architecture, and other such considerations. Beyond these five areas (device, user, application, data, and network) there are several tool-level capabilities to consider in order to future-proof your mobility management deployment.
10 Look for: 6. A unified platform Trying to manage a number of mobility and endpoint management point solutions in parallel is not ultimately a scalable approach. Look for a solution that allows you to integrate all, or as many as possible, of the mobility management and other endpoint (PCs, servers, etc.) management features you need through integrated, single pane of glass management. Having one tool to manage all of your mobility and endpoint management needs confers many benefits, including more holistic visibility and reporting, more consistent application of policies, reduced scope for misconfigurations, and vastly simplified administration. 7. Policy-based enforcement Policy enforcement is the keystone of a healthy mobile enterprise and endpoint ecosystem. The tool you employ should have powerful, easy-to-use, policy management capabilities, and you should make sure it integrates seamlessly with your existing directory services (Active Directory, etc.). The policies should be centrally configurable and enforceable across all the diverse endpoints (laptops, desktops, tablets, smartphones, etc.) in your enterprise. 8. High-levels of automation Automation can be an IT admins best friend, allowing IT teams to be redeployed to more value-generating activities, as well as reducing scope for manual errors, reducing staff training costs, ensuring consistency of IT policy implementation, and improving overall time-to-compliance for IT. Look for mobility and endpoint management solutions that can address automation on the device (i.e. inducing devices to self-heal ), for the end-user, and for the admin (i.e. providing non-compliance alerts). 9. Scalability You should evaluate at least two measures of scalability. At the solution level, how easily will the mobility management tool(s) let your organization scale to manage from 300 devices to 3,000 devices or from 30,000 to 300,000 devices? The next measure of scalability to focus on is at the administrative level or stated another way how many devices can you manage per administrator? A tool that empowers one admin to manage 30,000 devices versus one that needs one administrator for every 1,000 devices, can liberate valuable IT resources that can be redeployed elsewhere. Too many organizations go in with the mindset that they need something now and find out after deployment that their solution has serious limitations when it comes to elasticity and scalability. 10. Breadth of devices and platforms supported Does the mobility management solution cover all the devices you need to manage today? Does it support Android and ios devices equally well? If your organization should want to allow additional device types at some juncture, will the tool be able to accommodate your needs without having to add additional software or hardware? With a clear scope and the right policies, you will be poised to identify and deploy the right too one that puts you on strong mobility management footing from Day 1, while also allowing you to smoothly adapt and scale as new wrinkles to the ever-evolving mobile-first, cloud-first world emerge.
11 Not Seeing 20/20 Yet on Your Mobility Management Vision? Need help from an expert on how to sharpen your mobility management vision? That s what we do. Contact us at or 1 (877) to see a demo or to get a consultation today. About Radia Mobility Management Radia Mobility Management, an Accelerite solution, offers fully integrated mobile device, application, content management (MDM, MAM, MCM), security, and more to enable seamless workflows across a variety of devices and platforms, while ensuring compliance at all times. With Radia, IT administrators can configure corporate-owned and BYOD mobile devices, deploy and manage applications, perform remote actions, view reports, and ensure overall security and compliance across all their mobile 3endpoints. Organizations can deploy Radia Mobility Management as a standalone solution, or use the all-in-one Radia Endpoint Manager console to manage their mobile endpoints alongside all of their other enterprise endpoints, including PCs, servers, virtual environments, industry-specific devices, and more. About Radia Endpoint Manager Radia Endpoint Manager, an Accelerite product, provides a unified approach to managing a diverse variety of endpoints such as PCs, servers, smartphones, tablets, virtual environments, industry-specific devices, and more through its policy-based, desired state automation. Resources 1. The Security Impact of Mobile Device Use by Employees. Conducted by Ponemon Institute (sponsored by Accellion). January Average Large Enterprise Has More Than 2,000 Unsafe Mobile Apps Installed on Employee Devices Sourced from Veracode.com. View full article here. March 11, State of the Endpoint Report: User-Centric Risk. Conducted by Ponemon Institute (sponsored by Lumension). January SSL Vulnerabilities: Who listens when Android applications talk? FireEye. View full article here. August 2014.