A while ago, I did a project for one of the Big 4 in Indian telecom industry. The project was to select and implement a Mobile Device Management (MDM) solution for the organization. During the project, I evaluated most of the market leading products. Given that it’s a nascent niche, the products are evolving fast but few came close to being considered as mature. In the duration of the project I came up with several observations, which any organization undertaking a similar project could benefit from.
1. Know your environment
Before going on-board with any MDM solution, organizations must take a stock of type of devices in their environment. A full compliance will be difficult if their employees are using feature phones or versions not supported by the product. Even harder if people in senior management are using one.
2. Frame crisp requirements
There’s no point in going to a market if you don’t know what you want. As I wrote earlier, the MDM market is still evolving, if you don’t know what you want or worse just have a vague idea of it, vendors may take you for a ride.
3. Do your homework
Once you have your requirements ready, it’s a good idea to check beforehand if target devices support these. For example, some requirements may be easily supported on Android devices but not on iOS devices. A basic research about the platform capability will enable you to judge vendor’s response and product capability in a better way.
4. Conduct a thorough Proof of Concept
A Proof of Concept (PoC) is where you run candidate solutions in your environment and test it against the requirements sheet. It is essential that you test the product thoroughly to avoid any surprises at a later stage. It may be difficult and time consuming but you’ll sleep better once the product is implemented. If a PoC is not possible, then speak to some existing customers of candidate products. Ask them about their experience and after sales support.
5. Get a set of test devices
You have a good rapport with your colleagues ? Well, don’t ruin it by using their devices as guinea pigs. Ask your project sponsor to provide test devices for each target platform. Here’s why. MDM products collect certain information about the device and data residing in it. Your colleagues might not be comfortable with you intruding in their privacy. Also, most MDM products have features which perform a factory reset. This may cause them to loose their data. Only God can help you after that!
6. Do not fall for vendor promises
In your search for a perfect MDM solution, you might come across certain products which are half-baked. These might have good potential but not in their present form. A trick vendors use here is to lure the elevator with informal promises and obtain commitment from them. Do not fall for this trick and never commit until you have it engraved in stone. Ask the vendor to give it in writing with a target date of availability. You may also ask them for an official product road-map.
Mobile Device Management is an upcoming industry segment which holds a lot of potential. As the devices are getting smarter so are the MDM products. A point to remember is that MDM products can do only as much as a device allows. They don’t have a magic mantra to make features work when a device doesn’t support it. Cut some slack and go ahead full throttle.
Uday Mittal (OSCP, Associate CISSP, DCPP) is the founder of Yaksas CSC. He has over 4 years of experience in dealing with various issues related to cyber security. He is actively working towards educating people on cyber security risks and steps to mitigate them. He’s also a member of (ISC)2, ISACA and DSCI.