If you are a regular reader of The ITSM Lens, then you know that several of our posts have been related to BYOD in the enterprise. Many of the posts are focused around having a CMDB - the best way to track BYOD is to have a comprehensive CMDB in place. The CMDB needs to have advanced capabilities to map and manage critical resources such as business services, hardware (including BYOD), software, users, documentation, and configuration within one federated database.
I also like to blog about policies and BYOD. It can be complicated, but better to have a policy around what happens to a fired employee's smart phone before they are walked out the door. Recently, I have been seeing a lot of articles about Mobile Device Management (MDM) best practices and the tools needed to manage the BYOD from within your IT Organization.
If you are considering adding MDM to your IT Organization, Change and Release processes are vital for implementation. Check out the offer below to move your ITSM processes to the next level.
A great resource to begin your MDM best practices research is the TechTarget article: Mobile application security best practices: Leveraging MDM, MAM tools. The 4 big buckets are:
AUP (Acceptable Use Policies) need to be spelled out for users, including: which devices/operating systems can be used; which corporate networks and services can be accessed and more. These are the foundations of any MDM policy - vital to the full implementation of your MDM.
Provisioning devices with secure settings is the most important element of allowing any user device to have system access. It may seem obvious, but those shiny, new smart phones have a habit of disappearing or falling into the "wrong" hands - like an employee's teenager. A few password policies can go a long way.
Even using the basic password on an iPhone has several advantages: iOS enforces escalating time delays which discourage brute force attacks and by setting a passcode, the iOS automatically enables data protection. I have even gone so far as to use this basic password protection on my personal iPad. Although it seldom leaves the house, why leave the contents unencrypted?
There are apps and then there are the apps that the IT Organization needs to get on those devices to enhance security and regulatory compliance. Often called Whitelisted Apps, apps such as firewalls and spam filters help to make the devices more secure. Of course, if left up to the users, the device would simply open and reveal everything to everyone. You need to have the MDM counterpart tool - Mobile Application Management or MAM.
"Mobile application management tools can help IT implement this best practice by supporting over-the-air app installation and maintenance. Specifically, enterprise application packages, profiles and associated data can be uploaded to an MAM tool and bound to user/device groups."
Security monitoring is vital to your MDM policies. Ongoing monitoring of the devices will allow you to detect apps that are outdated or disabled or those that have been deleted - all security risks. It will also allow you to detect any Blacklisted apps that may be a risk for security or regulatory compliance.
As with any new or updated implementation, you need to first insure that your Change and Release processes are strictly followed. Good luck with the MDM and MAM research.
Flickr Image by USDAgov