Enterprise mobility management (EMM) encompasses the management of devices, apps, content and security, and allows businesses to deal with situations that could otherwise end in disaster, such as a senior employee losing a device that contains lots of commercially sensitive data. It also simplifies the logistics of rolling out and maintaining large fleets of devices, allowing IT support teams to ensure that every mobile device has the correct apps installed and that they are kept updated. A similar, and more modern, term is unified endpoint management (UEM), which extends EMM to include desktop computers, printers, and IoT and wearables devices.
When deciding on an EMM solution, Ojas Rege, chief strategy officer at EMM provider MobileIron, says you should “first look at what employees need to access and take into account that you don’t want to lock down devices. With the increasing consumerisation of IT, employees expect the same functionality at work that they get from the devices and apps they use at home. Therefore firms should consider all users when looking to implement EMM.
“Secondly, ensure that your enterprise’s requirements are aligned with the vendor’s solution. EMM is a combination of mobile device, application, content and security management, and you must decide which of these elements is most important to your business. Once you understand your requirements, you can look at a technology strategy and assess what your risk profile is.”
Achi Lewis, EMEA and India director at NetMotion Software (a company specialising in mobile performance management and operational intelligence), says: “The most important part [of EMM is] discussing how the customer wants to work and how they set the rules – ‘we want this person to have access to here, we want this person to have access to these websites and these internal documents, we don’t want to have these people doing this at this particular time’ – and it’s often forgotten or missed by customers.”
Leigh Moody, SOTI’s managing director – UK, Ireland and South Africa, says one of the more commonly encountered pitfalls occurs when a company assumes there is a one-size-fits-all approach to device management, when devices running older operating systems, such as Android 4, may not support functions such as remote control or remote wipe; and these deficiencies can’t be overcome by an EMM platform.
He adds that the full benefits of EMM don’t materialise when it is just being used for email management or allowing people to connect back into the office remotely on their smartphones – the return on investment is much greater when it is being used to reduce the need to have three or four different management platforms, for example.
If the EMM solution you are considering will be used to support business-critical applications or devices, Moody says it is important to understand whether or not it has the feature-set that you need and can support you going forwards – through adding feature requests to its roadmap, for example.
He adds that “a number of EMM providers on the market are static – they have a product-set and they don’t invest in it – if you require something that’s not out of the box, they might add it in two years’ time, while others will continually roll out a roadmap of products and services that complement their current customer base”. Moody says one of SOTI’s customers – a “very large fast-food chain” – recently asked for a specific feature and the company was able to create a beta version for them to test in just eight weeks.
A matter of trust
Turning to security, MobileIron’s Rege says: “A trend in the EMM space is the rising use of machine-learning algorithms to detect and respond to possible threats. For example, MobileIron’s Threat Defense solution uses machine-learning algorithms optimised to run continuously, detecting threats even when the device is offline.
“EMM focuses on device administration and policy enforcement, while mobile threat defence provides on-device protection from cyberattacks. It incorporates machine learning and other artificial intelligence (AI) technologies to accurately protect, detect and remediate possible threats.”
Rege adds: “Applications such as MobileIron Threat Defense enable enterprises to completely secure corporate and employee-owned devices so that users can be more productive, with mobile devices that are protected against advanced threats. The application requires no action from the user to deploy or activate it, so there is absolutely no disruption to productivity.” He says trust models are changing as traditional network perimeters dissolve, “with cloud becoming the back end and mobile becoming the front end”. He adds that this approach, which has quickly become commonplace for most professionals, poses security problems, as the traditional arbiters of trust, such as firewalls, VPNs, web gateways, and locked-down Windows PCs, are side-stepped in this model.
Rege claims that this has led to a need for a new architecture: the zero-trust model. This begins by treating all devices, or ‘hosts’, as if they are internet-facing, and considers the entire network to be compromised. It then establishes trust by combining user trust with contextual trust: OS, device, app, network, time, location. “Establishing trust in a zero-trust world as the centrepiece of an automated compliance model gives users the freedom they need to get on with their work without losing company data,” he concludes.
Joel Windels, VP of global marketing at NetMotion, says it is working in the short term to provide companies with visibility into the individual domains that users are accessing – in terms of their reputation and the risks they pose; for example, seeing if users are visiting domains that have hosted malware in the past or are being used as a landing page for phishing attacks. “By using a reputation score or risk score based on the actions of users at a domain level, we’re going to be able to create policies that save users from [situations] where they’re taking risks that they might not realise.”
In the longer term, it is seeking to use machine learning to help IT network administrators “make better decisions without having to trawl through lots of data and different dashboards”.
Bring your own?
One of the concepts that often crops up in conversations around EMM is bring your own device (BYOD) – the label for when companies allow employees to bring their personal devices into the workplace and use them to access company data and applications. There are obvious benefits to this approach, such as reduced capital outlay, together with potential boosts to employee morale and productivity – a 2013 study by Cisco found that globally, BYOD saves employees 37 minutes of productive time a week (rising to 81 minutes in the US).
However, as MobileIron’s Rege points out: “When employees are using personal devices for work, the lines between what is both a safe and appropriate use of data can quickly become blurred. Without a robust security and device management strategy in place, the organisation’s sensitive data, and possibly even its reputation, is quite literally in the hands of the employee. In such a scenario, that employee would need to be extremely well trusted, but even then, accidents happen. It requires strong security policies and systems to ensure that sensitive corporate data doesn’t fall into the wrong hands and that employees’ personal data doesn’t leak into their company’s systems.”
Rege cites a report by Crystal Market Research, which predicts that the BYOD market will grow at a compound annual growth rate (CAGR) of 15.4 per cent between 2012 and 2022.
However, not every one is convinced that BYOD is on the way up. “I read and hear a lot of stuff that BYOD is growing, [and] the EMMs seem to perpetuate this narrative,” says Windels. “[The BYOD approach] probably comes from a mix of things; for example, traditional computing started in the workplace and ended up becoming a consumer product, whereas mobile smartphones started as a consumer product that ended up in the workplace.
“[This] has meant that lots of organisations with high-profile and senior employees ended up having a lot of employee power, and [when that’s high], the employee gets to choose, provision and buy the device and put their mobile contract on expenses, and that’s why you see a lot of BYOD deployments in a lot of law firms, professional services, even financial services.
“The problem is that in high-risk organisations and sectors, [BYOD is] becoming an almost untenable risk, because you are effectively [putting] all of your visibility and control as an IT/cybersecurity team outside your organisation.”
Because of this, Windels expects that over the “next couple of years, it’s going to become much more heavily corporate-assigned”.
Do as you say
Ironically, the people most likely to be in a position to push for BYOD policies can also be the most vulnerable to cybersecurity attacks. A recent report from The Bunker, a UK secure cloud, managed services and data centre provider, states: “Many senior executives ignore the threat from hackers and cybercriminals and often feel that security policies in their respective organisations do not apply to their unique position. However, in reality, their often-privileged access to company information makes their personal accounts extremely valuable to exploit and heightens the need for extra care.”
Between October 2013 and December 2016, business email compromise (BEC), aka “CEO fraud” – scams that purport to originate from an owner, CEO or other high-ranking employee and try to trick recipients into performing wire transfers or making large payments – accounted for around $5.3bn in global losses.
The platform push
We have discussed procuring EMM and some of the issues around device security, but what are EMM vendors’ current challenges? SOTI’s Moody explains that one is around optimising the user experience, as employees and administrators expect that EMM will make their job easier and ensure cybersecurity but without imposing barriers, slowing down their productivity or narrowing their options when it comes to applications, devices or content – “so it’s really making things easy for people, especially if you’re in a BYOD environment”.
Another challenge that might not be a surprise to our regular readers is the cloud. Moody says some EMM providers are struggling to move away from offering traditional on-premise solutions to cloud-based services that can provide the same level of functionality and service, and he notes that opting for the latter cuts down on the number of platforms that need to be managed.
Moody says: “We’re being asked a lot more for access to metrics and datasets which are outside the common ones such as battery life. We’re being asked to predict how long a device or its consumables, such as batteries, will last before they have to be replaced.”
He adds that this demand for extra datasets is also coming from vertical sectors that aren’t EMM mainstays (typically regulated industries such as finance, law and insurance), such as retail and healthcare, and these have more requirements for specific use-cases than they had in the past.
He also notes that IoT’s novelty and its rapid growth “has put a lot of pressure on EMM providers to incorporate IoT device security and endpoint management into their portfolios”.
NetMotion’s Windels says that as the market has matured, it has become much more difficult for EMM vendors to differentiate themselves from the competition. “A few years ago there was a bigger gap between the different vendors in the market, and today [they’re] really trying to break out from this commoditised space where it’s very difficult to distinguish which vendors are more feature-rich [and/or] better priced than [others].”
He adds that “the big blind spot that EMM has today is the network itself. [EMM has a lot of visibility] into the device and the apps and the configuration, but [not] in terms of the network traffic that’s happening, the data flowing into and out of each device”. He adds that to address these issues, EMM vendors will have to partner with other vendors to find technologies that complement their core competencies. He therefore expects that there will be an arms race as EMM vendors try to transition from offering products and individual solutions to platforms. “Look at something like Salesforce today where most of its functionality comes from its partner ecosystem. That’s where EMM is going to [move] towards as we approach the next couple of years.”
Lewis adds that this requires the creation of a universal architecture that allows the various solutions to work together. “At the moment what we have in a number of EMM vendors is a number of technology alliances that allow products to work alongside but not together. And that’s where [they’ve struggled]. You need to be able to integrate those technologies very closely [and allow them to exchange data].”
We have seen that when it comes to EMM, it is important to consider the age of the devices you are looking to manage, that the tension between senior executives and IT departments can have implications for security, and that EMM/UEM is expected to become more of a collaborative effort. As we move into the 5G era, it will be interesting to see how these trends pan out.