Mobile Device Management
When choosing a Mobile Device Management (MDM) solution there are many features that need to be considered, along with pricing and hosting models. The world of MDM can be cumbersome and confusing, so it is important to understand what is out there.
The list of features that are available in any MDM solution can be extremely long, and difficult to compare due to differences in the naming standards across products. At a minimum you should look for features that are named, or described as the following.
As with any mobile solution on the market you want to make sure the one you pick will support your users. With the variety of mobile devices out there, you want to make sure you pick a provider that will support your current needs, as well as has a track record of quickly providing support for new devices as the mobile world evolves.
- Password: Access to enterprise data and applications should be password protected.
- Remote Control: You should be able to remotely lock the device, and possibly wipe all data. This feature is sometimes listed as two features called “Remote Wipe” and “Remote Lock”.
- Hack Detection: The MDM should be able to detect if a device has been “Jailbroken” for iOS or “Rooted” for Android. This could pose a huge security risk if these devices are allowed to connect to your network.
- Remote Configuration: A good MDM will offer you the ability to remotely provision devices. From some central management console you should be able to apply settings like WiFi and Firewall configurations, as well as push out software updates. Some of the more comprehensive solutions provide the ability to update the device OS as well.
- Other Secure Features: There are a variety of other features that MDM solution providers will offer to integrate with your existing security policies. These include the ability to implement Multifactor Authentication, Device Firewall and Malware protection, Single Sign On (SSO) support, and separation of data (The ability to keep enterprise data separate from other device data).
MDM Solution providers will often list out the integration points that could possibly be applied in your environment. This includes the ability to integrate with existing MS Exchange and AD/LDAP servers, ActiveSync and device specific protocols like Samsung SAFE and KNOX.
End User Support
Many MDM providers will also provide help desk support for your end users. These are usually provided under a Maintenance Agreement, but you should look into the specific provider contracts for the exact details.
Management & Reporting
As with any enterprise system you are evaluating, you should take into account the administration side of the software. If it takes your IT staff major effort to bring a device online, the system will not be a viable one. Most MDM providers have a management and reporting dashboard. You should contact the providers and ask for demonstrations of their management and reporting features before making any investment.
Deployment & Licensing
With all MDM providers the licensing costs will vary based on installation type and number of devices. Just about every provider out there offers both on-site installation and cloud services. The choice to go with on-site or cloud is entirely up to your organization structure. If you have the support staff to support an on-site install you could save some money in the long run. However, if you have a smaller IT staff, then allowing the provider to host your solution might be more economic for you.
Most MDM providers offer both “Per Device” and “Per User” pricing, where a user is limited to a set number of devices. Once again, you need to evaluate your organization and what services you are trying to provide to your user base and make the choice that best fits your organization.
After reviewing the MDM market and analyzing the features and pricing of each, here are the top 3 MDM solutions on the market. This is based on the most features offered, devices supported, and pricing options available.
Device Support: Android, iPhone, Windows Phone, Blackberry, Symbian, as well as computers running Microsoft Windows and Mac OS X.
Security Features: Airwatch offers a solution for ever security feature listed above except for Device Firewall and Malware Detection. However they do offer Malware Detection software through a third party.
Enterprise Integration: Airwatch integrates with all major enterprise platforms including MS Exchange, AD/LDAP, ActiveSync, and Samsung SAFE and KNOX. They additionally support Microsoft CA and SCEP.
End User Support: Tiered support based on pricing. The levels range from Self-Help, Reactive Support (On demand help desk), to Proactive Support which includes direct staff to review Business Plans, as well as Road Map reviews.
Management & Reporting: They offer a web based admin portal, real time dashboard, mobile alerts, and integration to 3rd party management packages. For reporting, they offer device level analytics.
Deployment & Licensing: Their MDM solution is offered in both Cloud Based and On-Site deployments. Their licensing varies based on the features you select. They offer multiple licensing models as well, per-device and per-user up to 3 devices each.
Device Support: Android, iPhone, Windows Phone as well as computers running Microsoft Windows and Mac OS X. They also offer support for some older mobile OS versions like Windows Mobile, Windows CE and Embedded.
Security Features: Soti offers all the security features listed above.
Enterprise Integration: Offers integration with all major enterprise platforms including MS Exchange, AD/LDAP, ActiveSync, and Samsung SAFE and KNOX.
End User Support: Tiered support based on pricing. The levels range from a reactive help desk to proactive enterprise services.
Management & Reporting: Soti offers a web based admin portal, with a real time dashboard, and mobile alerts. They also offer integration to 3rd party management packages. They also offer device level analytics.
Deployment & Licensing: Soti offers both on-site and cloud basd options. The licensing varies based on the features and pricing models selected. They offer per device or per user pricing.
Device Support: Android, iPhone, Windows Phone, Blackberry, Symbian as well as computers running Windows.
Security Features: Good offers all the security features listed above, with the exception of Malware Detection and Firewall on the device.
Enterprise Integration: Supports integration with MS Exchange AD/LDAP, ActiveSync and Samsung SAFE. Samsung KNOX was under development at the time of this post.
End User Support: They offer a support product that covers Self-Help for end users, all the way up to preventative analysis of your existing system to avoid future issues.
Management & Reporting: Good offers a web based management portal as well as real time dashboard and mobile alerts. They also offer integration to 3rd party management packages. They also offer device level analytics.
Deployment & Licensing: They offer Cloud and On-Site deployments. Their pricing models are either per-user or per-device.
There are many MDM providers on the market, the 3 identified above offer the most robust set of features, pricing and deployment options. There are other options out there provided by Amtel, Blackberry, Computer Associates, Citirx, Dell, Microsoft, Symantec and others. It is always advised that you look into any product you purchase to make sure it fits your feature needs as well as budget.