In his article for infoworld.com, “Data Security in a BYOD World,” security advisor Roger Grimes offers some great tips for IT departments that are struggling to address the tide of unmanaged devices that employees now regularly bring to work and use to connect to their corporate networks. Here’s some additional insight, based on what I’ve seen:
IT departments facing the ‘bring your own device’ (BYOD) reality are learning quickly that they can’t test every type of mobile device to determine if it’s up to par in terms of their organizations’ performance and security standards.
And unfortunately, virtualization technology, in this case VDI, doesn’t always translate well into mobile environments. The applications are generally not optimized for touch interfaces, so the user experience can be less than ideal. Also, not all mobile devices support the same VDI clients, so administrators have to manage multiple client-based access apps on the endpoints.
A critical component of a BYOD—or any mobile device reference architecture—is Mobile Device Management (MDM). MDM offers a view of devices on the network in terms of attributes, capabilities, and constraints. MDM allows IT departments to monitor how the devices that employees “bring” to work actually function in the enterprise environment.
With MDM solutions, administrators can address the diverse set of endpoints simply by sending emails, text messages, or URLs to users. These users can click the URLs and automatically get their devices configured for access; they don’t need to worry about downloading the right applications, entering the right settings, or encountering any setup issues.
However, some applications just don’t work well in a smartphone/VDI-only type environment—like office productivity suites, for example. In these cases, administrators must use MDM to push out and configure specific mobile applications functioning in the users’ environments. This process uses the same push methods described above and requires no user interaction. In fact, it’s sometimes called the ‘zero touch’ method because users don’t need to know anything about their environments— they simply click on the links their administrator sends them, and then type their usernames and passwords to get their devices configured.
Ultimately, IT departments are using VDI to handle application security and user context, while using MDM to manage device provisioning and user settings. It will be interesting to observe and help shape this balance as BYOD and mobile productivity continue to ramp up.
Let us know your thoughts in the comments below.