The process of implementing enterprise mobility management software requires admins to make many important decisions, mostly pertaining to the different components that comprise an EMM plan. The most important factors to consider are the choice between a BYOD -- alternatively known as CYOD, or choose your own device -- and a corporate-owned, personally enabled policy, as well as security needs, content management and the need for unified endpoint management.
BYOD versus COPE devices
The first step in implementing EMM software is to decide on a policy supporting either BYOD or corporate-owned, personally enabled (COPE) devices, but administrators must have a plan for device management before they implement either a BYOD or COPE program.
COPE requires an admin to install profiles from a mobile device management (MDM) server onto a phone or tablet. There is a tighter level of control in this implementation. MDM services come packaged with the ability to control the device -- including its camera, lock screen enforcement and the number of password attempts -- and push out apps and settings, such as email.
Devices powered by Android allow blacklisting, whereas iOS-powered devices do not. This gives Apple end users the freedom to install any app. However, an administrator can still see every app installed on an Apple device.
The process of supporting BYOD is slightly different. A BYOD policy implies that any device can be brought into an organization. A COPE policy will highlight a set of specific devices that have been tested and are in alignment with corporate policies.
For instance, standard features with COPE include email and product information management services. BYOD also provides the ability to control a device with policy enforcement. It is recommended that you look for services to manage BYOD devices that include a clear separation of personal and professional data.
The separation of personal and vocational data is a notable challenge for an EMM suite. Apple makes it particularly tough for companies to split personal and private data. Methods to approach this problem include:
- providing minimal policy management for BYOD or CYOD devices;
- moving all services and apps to a cloud platform -- such as Google G Suite or Microsoft Office 365/Intune; and
- encapsulating enterprise apps.
Networking requirements and remote access needs
There are three big networking-related questions that enterprises must answer when selecting an EMM product.
- How effective is the existing Wi-Fi network?
- How does the company accommodate remote employees?
- In using the 80/20 rule, how much do the 20% exception use cases affect the company's decision process?
When employees connect their devices to a corporate network, it increases the network demand. For instance, almost all the users in a company will voluntarily upgrade their phones every September when Apple releases the new iOS. Each version comes in at around two GB, which will inevitably put a strain on any network.
Companies must also take into account that mobile devices and cloud services are easily corruptible. The function of a phone or tablet is to view data, but a good mobile security practice is to move data off the device as quickly as possible. The movement of data between the cloud and a device is a challenge facing all networks.
Additionally, enterprises must choose EMM software that can manage the increase in employee devices. Many users carry two or more devices, such as a smartphone, tablet or smartwatch, in addition to a laptop. Users will connect their devices to the network, so it is worth completing a wireless network assessment before buyers select EMM software.
Companies looking to provide access to enterprise data should first check email services from outside of the company network and determine whether their content is accessible or not. Enabling access to content provides more opportunity for users to get work done, but the chosen method for content control will have an impact on the level of security you will need to apply. VPN with single sign-on or Identity as a Service are two of the security options available.
Buyers must also take into account whether or not devices should be restricted to a particular location, such as a warehouse. Admins should consider what will happen to a tablet if it is removed from a warehouse -- will the tablet automatically wipe itself? If so, how far from the location will the tablet be able to wipe itself? The EMM suite that a company selects will be able to control these features.
The line between managing PCs and mobile devices continues to blur. A reflection of this blurring line is the proliferation of unified endpoint management (UEM). UEM is an approach to secure and control PCs, smartphones and tablets from a single console. The goal of UEM is to control the ever-increasing number of devices connecting to the network.
Considerations for buying UEM software should include the following:
- Does UEM support Windows, Android and iOS?
- Is there support for server OSes, such as Linux?
- Is the UEM product mature or is it simply a collection of products stitched together?
To be clear, the UEM market is still relatively new, so be sure to consult with current users when evaluating a product.
Scalability of EMM software/support for new technology
A good EMM software suite contains not just one tool, but rather a collection of tools.
The hardware market is going through a period of massive growth and change. With that in mind, a company must ensure that its selected EMM suite is capable of supporting new technologies as they become available, such as:
- Advances in smartphones and tablets
- Wearable devices
- Enhanced printers
- Smart displays/TVs
- Smart logistics
Many companies see EMM software as a commodity. To that effect, several software companies are now bundling EMM-like services into other core products.
Prior to making any decisions, buyers should make note of their company characteristics, such as their required level of security, and use these factors to narrow down the list of vendors.