can overshadow the upside. Productivity can rise for users even as it plummets for admins. MOBILE DEVICE MANAGEMENT: 4 MAIN CONSIDERATIONS Properly extending endpoint management to include mobile devices entails four administrative functions: 1. Enroll 2. Inventory 3. Configure 4. Secure For mobile devices, different considerations and practices apply to each of these functions. Enroll First, unlike the typical endpoints of PCs and other devices attached to the network, IT knows that smartphones and tablets do not run agents. So, how can IT ensure that the hardware and software used to manage endpoints can locate and connect to mobile devices? The simplest way is with an app built for the...
can overshadow the upside. Productivity
can rise for users even as it plummets
for admins.
MOBILE DEVICE MANAGEMENT:
4 MAIN CONSIDERATIONS
Properly extending endpoint
management to include mobile devices
entails four administrative functions:
1. Enroll
2. Inventory
3. Configure
4. Secure
For mobile devices, different
considerations and practices apply to
each of these functions.
Enroll
First, unlike the typical endpoints of
PCs and other devices attached to the
network, IT knows that smartphones and
tablets do not run agents. So, how can IT
ensure that the hardware and software
used to manage endpoints can locate
and connect to mobile devices?
The simplest way is with an app built for
the respective operating system. If the
organization provides the device, it can
install the app before giving it to the user.
In the case of BYOD, the user should be
able to install the app as easily as from
an app store or internal portal. In either
event, smooth, uniform enrollment is
important enough to ensure that users
have no excuse for not installing the app
and that IT does not need to intervene for
each installation.
Inventory
Once the devices are enrolled, admins
should be able to see and report on
every mobile device connected to
the network.
In many environments, endpoint
inventories may not include mobile
devices (especially personally
owned devices), putting admins at a
disadvantage in several ways:
• Mobile devices could be accessing
wireless networks or corporate
resources. Every admin would want the
ability to ascertain that, and seeing the
3
devices in the inventory is a fast, efficient
way to do so.
• Every organization should be able to
quickly and satisfactorily answer the
question “How many mobile devices
do we own and who has them?” An
inventory of endpoints that includes
all owned mobile devices is useful in
tracking them down.
• A full endpoint inventory shows not only
the traditional characteristics like make,
model, OS version and update status,
but also mobile-specific attributes like
IMEI, secured status and whether the
device has been rooted.
Collecting that information in a report is
instrumental as admins try to determine
which platforms to support, which mobile
devices are non-compliant and whether
any are vulnerable.
Secure
No device should be on a network
unless it is secure. The same endpoint
management features that enforce
security policies, like requiring a
passcode, should extend to any
mobile device that needs access to
corporate resources.
Every organization
should be able to
answer the question
“How many mobile
devices do we own
and who has them?”
Configure
Managing endpoints includes being able
to configure devices over the network.
Even in the heterogeneous environment
of multiple operating systems and mixed
ownership, admins in smart companies
maintain as much homogeneity as
possible within platforms (OS version,
patches) and across platforms (enterprise
applications) for several reasons:
• The ability to configure helps admins
install certificates for access to
corporate resources.
• Admins can uniformly install and maintain
the applications or apps employees
need to do their job.
• They can configure basic parameters for
access to the network, email and global
address lists.
• Policies govern access based on
employee attributes and need to be
enforced on all devices.
• Platforms and applications are
continually due for updates that plug
up vulnerabilities.
• Admins should be able to set automated
plans that roll out whenever attributes or
circumstances change, without having to
touch each device.
The main goal of configuration is
to manage mobile devices as just
another kind of endpoint, regardless of
the manufacturer.
Of course, some policies work only
with mobile devices owned by the
organization. Users are less likely to
allow the installation of necessary
software on a device they own and
less inclined to risk corporate access
to personal data on the device. But if
circumstances warrant, admins should
retain the prerogative to lock a device,
remotely wipe it, locate a lost device
and reset it to factory settings to protect
company data and assets. Endpoint
management should enable MDM down
to that level.
FITTING MDM INTO EXISTING
ENDPOINT MANAGEMENT
Given the need to extend endpoint
management to MDM, organizations face
three options :
1. The ideal option would be a single
product to manage all devices
everywhere on the network. Such
products are still rare, large, complex
and cumbersome.
2. At the other end of the spectrum is the
least desirable option of a dedicated
MDM product. It would enroll, inventory,
configure and secure all mobile devices
perfectly, but it would manage them
specifically as mobile devices rather than
broadly as endpoints, and it would live
alongside and separate from the existing
endpoint management system.
Single Product
Managing All Devices
Admins should retain
the prerogative to lock
a device, remotely
wipe it, locate a lost
device and reset it
to factory settings to
protect company data
and assets.
Dedicated MDM
Product
Figure 2: Three options for MDM management
3. The happy medium is a product
designed to integrate with a traditional
endpoint management system, fitting
MDM into full endpoint management.
In the third option, the lowest level
of integration would allow inventory
from one console. The next level up
would allow inventory and control of
devices from a single console. The
highest level of integration would
allow the organization to purchase any
quantity of mobile devices it needed
to manage, separately from traditional
devices. But it would allow the full enrollinventory-configure-secure suite of
functions through a single pane of glass,
maximizing the productivity of IT admins.
That highest level applies to all
endpoints: PCs, laptops, smartphones,
tablets, servers, printers and
network devices. Complete endpoint
management plugs the vulnerabilities
that jeopardize security and give IT
admins headaches.
4
MDM Integrated with
Endpoint Management
ABOUT KACE CLOUD MOBILE
DEVICE MANAGER
With KACE Cloud Mobile Device
Manager, IT admins can protect their
network from BYOD and mobile security
threats. They can enroll, inventory,
configure and secure mobile devices
on the most common platforms. The
SaaS-hosted product allows admins
to take inventory, manage passwords,
and locate, erase and reset mobile
devices easily.
The KACE Cloud Mobile Device
Manager integrated with the KACE
Systems Management appliance offers a
comprehensive inventory of all network
endpoints – traditional and mobile – from
a single console. This helps customers
transition smoothly to unified endpoint
management of all the devices used
by employees.
EXECUTIVE SUMMARY The IT Service Management function has entered a new era. Long regarded as the set of practices and solutions for ensuring that technology is best meeting the needs of users, it now serves as the vehicle that will deliver value in...
Executive Summary Higher levels of complexity, coexistence, and constant change in today’s data center make understanding business applications, services, and their underlying infrastructure nearly impossible using traditional discovery and...