How to think about mobile device management
Ojas Rege, vice president of strategy at MDM vendor MobileIron, describes three bands of management requirements that IT should be thinking about.
The first set of requirements is around configuration and protection of lost or compromised devices. That typically requires password enforcement, encryption enforcement, remote lock and wipe, remote email configuration, certificates for identity, remote connectivity configuration (such as for Wi-Fi and VPNs, though he says this configuration capability is not essential if usage is just for email and over cellular networks), and detection of compromised OSes (such as jailbroken, rooted, or malware-infected ones).
The second set of requirements is around data loss prevention (DLP), which covers privacy controls (such as for user location), cloud-usage controls (such as for iCloud, SkyDrive, and Google Docs), and email DLP controls (such as the ability to restrict email forwarding and to protect attachments). "More regulated environments may require No. 2, and these policies are still TBD for Windows Phone," Rege notes. By contrast, iOS, BlackBerry, and Android have supported most of these needs since (respectively) iOS 4, BES 5, and Android 3, though a few -- such as managing email forwards -- are handled outside the OS by MDM clients such as MobileIron's.
The third set of requirements is around apps, such as their provisioning and data security. Although both Apple and Microsoft have mechanisms to do at least basic app management -- iOS can essentially hide an app so that it's no longer available to a user, and Windows Phone 8 can update corporate apps remotely -- mobile application management (MAM) capabilities are mostly up to the mobile management vendors to deploy, Rege says.