Smartphones, tablets and mobile devices, in general, have experienced strong growth in the past years in terms of distribution and use, both in the private sector and in the business environment.
The increase in the technological characteristics of the devices and the increasingly appealing cost for each type of user has made it possible to introduce and use these devices in an intensive way to carry out the daily work activities, as well as surfing the web rather than phoning and exchanging messages with other people.
For these reasons, companies have for some time been confronted with the introduction of mobility within their own perimeter and the security challenges also determined by the promiscuity with which people use their personal devices for business purposes.
The now ultra-inflated phenomenon of BYOD ( Bring Your Own Device), is one of the possible forms of use of mobility and one of the risk elements to consider when it comes to information security in the business environment.
In this context, the Mobile Device Management ( MDM ) solutions are born and developed, with the aim of managing all the mobile devices that revolve around a specific company and its employees in an effective and simple way. To a lesser extent, MDM systems are used in the home, by advanced users who want to activate particular security features.
Over time, the general concept of mobile device management has expanded, differentiating in specific areas that have received different names further to MDM, including Mobile Application Management (MAM), Mobile Content Management (MCM), Mobile Email Management (MEM ), Mobile Browsing Management (MBM), etc. However, instead of extricating ourselves in these acronyms, in this article we will speak generically about MDM to indicate the whole world that belongs to mobility.
Common aspects of Mobile Device Management solutions
The context of MDM technologies and software continues to evolve, even though most software is stabilizing on a number of features considered to be fundamental. Between these:
- the ability to manage and protect a diverse range of devices with different operating systems, then Android, iOS, Windows Phone, BlackBerry, Symbian, etc.
- the ability to perform actions in real time, including configuration and updating of device imports. This includes the so-called Policy Enforcement and Compliance functions, ie the functions to limit the downloadable applications through whitelist and blacklist, rather than monitoring access to Web services and Social Networks, apply company policies and detect any violations of policies, etc.
- the implementation of security countermeasures, including password, device lockout, remote wiping, encryption of local data in the phone memory and external memory cards, digital certificates, firewalls, antivirus and anything else necessary for information security
In addition, there are increasingly features to support file synchronization and sharing, for secure file distribution, synchronization, and backup of information, as well as specific functions for business operations.
The best MDM solutions
As the demand for MDM solutions grows, the offer of vendors has also clearly grown, so much so that a number of possibilities are available on the market, each with its own strengths and weaknesses. As mentioned, generally, solutions are aligning relatively to the basic management functionality, while more differences are found in advanced functions such as containerization, application management, and document sharing.
The solution delivery models have also evolved, leaving space for both centralized classic solutions and distributions provided as Software-As-A-Service.
The choice of the most suitable MDM solution then passes from field experimentation or careful selection and analysis of the cost/benefit ratio. Several analysis companies help this choice by providing informative reports on the merits and defects of the best-known MDM solutions.
Of these companies, of course, there is also Gartner, which has long been following the MDM market and distributing information about it. The following is the 2016 “Magic Quadrant for Enterprise Mobility Management Suites”, which photographs the state of the art of MDM solutions.
In this article, we will go to deepen the solution VMware AirWatch, which over the years has gone from independent product to part of the VMware portfolio.
The undoubted advantage is that this solution is increasingly integrated with the VMware world, virtualization and all its facets, and is considered by Gartner as one of the best solutions in this area.
AirWatch is now a solid software, which can be integrated with many applications and third-party systems and, in daily use, very effective in terms of the centralized administrative console. In fact, all the functions described above can be configured from the console and all devices are constantly monitored, possibly entering the details of each of them.
In addition to the management interface, AirWatch is also particularly appreciated for its mobile app, since in the end, the biggest impact of an MDM solution is that on the user side. The app is available for all major mobile operating systems, including Android that we will use in this article.
Once the AirWatch Agent has been downloaded from the reference app store and installed on the device, the first step required is authentication. You can select between different methods, including access via username and password, email or QR Code.
Downstream of authentication, the app will show all the permissions that the user must accept to allow management through MDM solutions. The list is very substantial and includes the ability to delete all data, even without warning, change the screen lock mode, define password rules, manage encryption, manage Wi-Fi, configure the mail client and define other restrictions, as shown in the figure.
Once these steps have been completed, the app will actually be ready for use and can begin the process of initial configuration and use.
In most cases, the first configuration is the encryption of the device, which is one of the most effective security mechanisms. The process can be very long, also in relation to the size of the internal memory of the device and of the SD card, if provided. The same app suggests if the phone is not sufficiently charged, to connect it to the power outlet and in any case to recharge at least 80% of the total capacity.
The last step, before the actual encryption process, is to choose whether to encrypt all the memory space or only the one actually used by the data. Finally, the user must enter the device unlock PIN for confirmation and the system will start encrypting (restarting the device several times).
When the device is encrypted, and we have confirmed the acceptance of the app’s permissions, we can proceed to the next configurations. In fact, the MDM system will install all the allowed applications, among those that have been assigned to the user for the performance of his activities.
At the end of the installation of the app finally, our agent will show us a summary screen from which we could see different information:
- the status of the device
- compatibility with the planned policies
- the list of installed profiles
- the list of apps
- other information, including the agent version
The device is now fully ready for business use in complete security, is encrypted, can only install allowed apps and can be remotely managed via the centralized console.