By Jason Purviance, Chief Information Officer, ModeOne Technologies

Today, most employees use smartphones to conduct business or communicate with customers or clients. Because of this, companies must protect their data on the devices from unauthorized access or transmission to third parties and ensure that employees adhere to all data and technology use policies, whether they bring their own device (BYOD) or use a company-issued phone.  Using mobile device management (MDM) software, businesses can protect their data on smartphones, including customer lists, financial information, intellectual property, and strategic plans.

What to look for in an MDM Solution

The process to identify and select MDM software is no different than that for evaluation of other enterprise software. The key is to ask the right questions that will help you meet minimum requirements for security, compliance, compatibility, cost, administration, and user experience.  Doing so will ensure you deploy an MDM software that balances safety and usability and receives high user adoption. Otherwise, you may create more problems for both end-users and administrators than you resolve. 

Following are many of the key questions you should consider and ask:

Security. Does the solution support password policies and encryption for data in transit and at rest? Will it protect company data and allow you to wipe data from a remote mobile phone if it is lost or stolen, when a data breach occurs, or should a bad actor operate it?  These features will help keep your company’s sensitive data secure from unauthorized access and data breaches.

Compliance/Monitoring. Does the solution support internal compliance policies for privacy and data use? Is it compliant with applicable laws, regulations, guidelines, and industry standards, such as the General Data Protection Regulation (GDPR), the Health Insurance Portability and Accountability Act (HIPAA), and the Payment Card Industry Data Security Standard (PCI DSS)? If not, your company may incur costly fines and fail to pass security audits. Does the MDM allow the monitoring of the devices to check for data leakage out of unauthorized or unapproved applications? Do you know if your employees are transmitting sensitive data via messaging or other apps?

Compatibility. Is the solution compatible with all your current mobile devices and any new or different models/brands you may consider procuring? Or do you want a single device management system that rules and manages all endpoints, including PCs, Macs, and Linux computers? 

Cost. What is the total cost and pricing model for the MDM? Look at the life-cycle cost of the software, including licensing fees, implementation costs, and maintenance costs. MDM providers generally charge per user per device per month and use several volume-based models, ranging from “all-you-can-eat” for a single fee to “pay-as-you-go” based on actual usage.  Volume assessments are very important.  Do all your employees need MDM software, or just those who require mobility and quick access to critical applications and data, such as a sales organization? Also, you may already have a solution that you are not aware of.  Find out if your current software licenses include an MDM software component, such as a Microsoft 365 E5 license with Intune?

Administration. Is the MDM easy to administer? Does it offer a satisfactory return on investment (ROI)? Are there self-service tools that reduce IT burden and relieve them from being involved, e.g., password resets? Can your organization efficiently integrate the MDM with other computer resources, such as calendars, email, and productivity apps? Or does it require external vendor support and consultation? Does the MDM have granular controls to apply feature groups per device manufacturer? The security controls for iPhones may differ from those for the many versions of Android phones from different manufacturers. 

User experience. Can you keep it simple and convenient for users? The best security provides various layers of protection based on the risk profile of running an application or using critical data. Do you want users to enter a PIN or biometric data whenever they pick up the phone or open an app? Looking for MDM software controls to balance security and usability would be best. Every company will face a different balancing act, with security on one side of the scale and usability on the other. Imposing too much security on mobile devices can adversely impact user adoption and reduce employee device use and productivity, creating yet another problem known as Shadow IT.

Shadow IT

When presented with technology that is difficult to use, employees will take matters into their own hands and choose the path of least resistance.  Shadow IT occurs when employees adopt information technology outside the control of the IT department.

Employees may bring their own device (BYOD) without permission and use company data on a personal device running uncertified apps, such as social media apps, open-source software, and cloud-based services. Shadow IT can create several additional security, compliance, productivity, and financial risks. Ask some Wall Street firms that failed to maintain and preserve electronic communications.

Using personal devices for business can expose critical data to malware attacks and data breaches. It can lead to disclosing personal and private information in litigation if an employee’s phone becomes the target of a discovery request. The devices may not comply with the company’s security policies and regulations and enable business transactions on uncertified applications and communication channels. Personal devices also distract employees and can decrease their overall productivity.

Conclusion

When evaluating potential MDM solutions, investigate viable options for security, compliance, compatibility, cost, administration, and user experience. Ensure the solution you ultimately select balances security controls and user experience to maximize user adoption and generate a quick, satisfactory return on investment.