Mobile Device Management: Getting Started
Cora Carmody, the senior vice president of information technology at Pasadena, Calif.-based Jacobs Engineering Group, says her company looked at mobile devices from a different angle--that of expense management. As the recession took its toll, Jacobs continued to look for ways to cut costs until finally the cellphone bills of some 45,000 workers became an enticing target, she says.
The company had acquired several other businesses and was bringing in new users who all had different mobile vendors and devices, so the IT group decided to look at it and find better ways of making it work.
Their answer was what Jacobs calls "wireless divestiture" -- in other words, buying the devices for workers but then requiring workers to pay their own monthly bills. Workers are given calling cards for travel and can also expense extraordinary calls if needed, Carmody explains.
Jacobs has saved about $15 million annually since reorganizing its mobile device strategy, Carmody says.
At first there was some grumbling about the new strategy, Carmody admits. But the company met with mobile vendors to work out good deals for employees when they signed up for new service contracts, so because the financials were in their favor, employees started gradually accepting the new arrangement over time.
"You can expect some complaints and backlash at the start," she says, "but we are also pleasantly surprised that some people recognized the new choices that they had" in terms of different types of service contracts--"and appreciated that."
Jacobs worked up front with mobile vendors to obtain discounted rates to allow employees to move to whichever carrier and plan fit their usage and travel patterns best, according to Carmody. "Previously employees were carrying two devices; one for Jacobs support and one as their own personal device." By consolidating to one device, employees' mobile situation has been simplified considerably.
Keeping Company Data Safe
Security at Edelman includes requirements for passwords that are secure as possible, Iatonna says. That means that all smartphones and tablets must use passwords that are complex and include a minimum number of characters, along with mandatory data encryption. After a certain number of unsuccessful passwords are entered, the device automatically resets and erases all data. This situation hasn't happened yet, he says.
Another piece of advice, from Jacobs' Carmody: Be prepared to confirm for users that any devices they are considering can meet both the security and work needs of the business. "That gives people the freedom to do what they want to do while protecting company security," she says. "It's one of those building blocks for the idea of bringing your own technology to work."
In general, the company allows Jacobs email to be viewed on personal devices, while all other key corporate applications can be accessed only via the Jacobs corporate portal. "This provides a high measure of security for managing corporate data and eliminates the need to help end-users manage data volumes on their personal devices," Carmody explains. "We, of course, also employ stringent cybersecurity practices that guard against access should a device be lost or stolen. Finally, we have a robust process for reporting lost or stolen assets that ensure immediate response to protect data in those situations."
At Carfax, access to corporate data is controlled through application privileges and passwords; users have access to corporate data and applications based on their job need and role in the company, Matthews said.
At Jacobs Engineering, employees are required to sign consent forms that allow the company to perform remote wiping of all data if the devices are lost or stolen, even personal data personal email, photos and games. The agreement says the company will delete it all if a device is lost or stolen.
The need for remote wiping has happened a few times, Carmody says.
"In those cases all data is lost," she explains. Jacobs works hard to educate the user population about its corporate policy and conditions governing end-user device use. "We also go the extra step and educate end-users about backing up and protecting their personal data" in case it has to be remote-wiped someday, Carmody says.
Some MDM tools allow devices to store critical business data in a special, secure "container," says Chris Hazelton, an analyst with The 451 Group. Business data is not retrievable outside of the container, and can only be accessed through rich passwords and other access protocols, making it much more secure. It can also be removed remotely by the business if the device is lost or stolen, without removing a user's photos, contacts and other personal information.
Both Edelman and SAP use this technique; Edelman uses AirWatch to perform selective wiping of enterprise data, while SAP uses its own Afaria application, which can wipe just the corporate data and leave the personal information alone, according to Bussmann.
One of the biggest support challenges for Edelman's IT team, Iatonna says, is when employees do get permission to use personal iPads or iPhones for their jobs. The difficulty then becomes educating users that their personal photos, emails and other data could be lost in the event a remote wipe is needed on those devices.
"You have to make sure that the level of support is defined so that you are not responsible for personal data loss," Iatonna explains. "The way that we've tried to mitigate that is that if you want Edelman data on your personal device you have to agree to have the MDM software installed on it and you need [to sign] a waiver as well."
Edelman employees weren't used to that level of control and they were uncomfortable with it because it involved their personal devices, he says. "People said, 'Well it's my phone and you can't expect me to enter a password and have a screen lock after five minutes.' It was always discussions like that."
That meant getting users to come around to accepting a new sensitivity about the data on their phones, he says. "It's a balance of privacy versus the company's security. People are very unaware of the risks that are posed with the smartphones right now," including hacking, data capture and other security threats with smartphones. Users are typically not thinking about those kinds of risks when they use the devices.
Remote wiping and similar security measures are also used at Carfax, Matthews says, and employees are notified that data wipes can be performed if the devices are lost, stolen or used inappropriately. At the same time, he says, the company also wants to give its workers some freedom to use their devices responsibly.
For instance, Carfax allows employees to use the devices for non-work-related things like watching videos on the road, he said. "People will definitely do the right thing" and not abuse their freedoms with inappropriate behavior and usage, he says. "You just need to give them some guidelines and that's what we've done so far."
Next page: Mobile deployment strategy at SAP