Smart Phone Management

droyden · 15 Jul 2011 at 13:35

Just wondering what everyone uses for their Smart Phone Management tool, we are currently using BES although are seeing more and more people requesting alternative devices (iPhone/Android).

Can anyone share their experiences for multi device management?

J.B · 15 Jul 2011 at 20:02

Someone told me there is an iPhone plugin of some kind for BES but I've not actually looked into it in anyway so they might of been wrong.

When I was a sysadmin if people requested other phones they could have them but they weren't allowed emails on them. Simple as that really

bigredshark · 16 Jul 2011 at 10:44

http://www.apple.com/iphone/business/integration/mdm/

droyden · 16 Jul 2011 at 11:15

Yeah, although easier said than done when directors want the new pretty phone and the clients want them encrypted

Chief Wiggum · 16 Jul 2011 at 11:22

We're using 'good' email app on our non BES devices. Sorts out the email and browser access and can be remote wiped. Not sure of the pricing though, I'm only an end user

droyden · 16 Jul 2011 at 11:35

Its primarily the policy control and remote wipe features I'm interested in, most/all devices now have some sort of exchange integration

zoomee · 16 Jul 2011 at 11:46

We've been using Exchange to enforce policies as we mainly have a fleet of WM6.5 devices at the moment but that is going to end soon.

BES is obviously just for Blackberries.

Good Technology offer a pretty good solution which encompasses all devices, Theres also MobileIron to check out for multi-device management.

I'm just evaluating MSSCM to see what its functions are - not having much luck though atm tbh!.

Depends how far you want to go - Complete management of devices, sandboxing of corporate information, or just simply allowing users to connect to email.....

ONE thing to bear in mind that I use to 'destroy' most mobile management solutions - Is the product lifecycles of smartphones and how the third-party companies can keep up with it. For example - One company talked the talk (so did Good technology) about how they have clients for all devices and are fully tested, I asked how far behind the product lifecycles they are and that quickly shut them up lol: When a new phone is released (and users love to get the latest phones as soon as they are out), most companies are usually 3 months behind, by the time they get round to releasing a FULLY certified and tested client - a new version of the phone comes out - never ending circle.

hth

Ev0 · 16 Jul 2011 at 13:27

Good have been around for a long time so their products should be reasonably mature, but still never found anything as neat as the BES solutions when I worked doing that kind of thing.

We used to use Intellisync for managing our windows devices which wasn't bad, but not great. Then for encryption we used Utimaco Safeguard (now owned by Sophos).

zoomee · 16 Jul 2011 at 23:43

yeah we tested Credant for encryption use (also has some basic device management) but they were 6 months behind in terms of supported clients for new devices. That and the fact their software REALLY bogged down and complicated useage we decided against it.

droyden · 17 Jul 2011 at 15:41

Thanks guys, very helpful. I've signed up for callbacks from a few companys so will see how that goes. Good point about the lifecycles though!

zoomee · 17 Jul 2011 at 21:29

droyden said:
Thanks guys, very helpful. I've signed up for callbacks from a few companys so will see how that goes. Good point about the lifecycles though!

You'll regret signing up for callbacks! Them sales people are forever on my back!!! - Just don't know how to take NO for an answer lol - gl

droyden · 17 Jul 2011 at 23:38

hehe yea, but then I always give out the reception number for that reason, or setup a temp number then disconnect it afterwards

bigredshark · 18 Jul 2011 at 13:32

zoomee said:
ONE thing to bear in mind that I use to 'destroy' most mobile management solutions - Is the product lifecycles of smartphones and how the third-party companies can keep up with it. For example - One company talked the talk (so did Good technology) about how they have clients for all devices and are fully tested, I asked how far behind the product lifecycles they are and that quickly shut them up lol: When a new phone is released (and users love to get the latest phones as soon as they are out), most companies are usually 3 months behind, by the time they get round to releasing a FULLY certified and tested client - a new version of the phone comes out - never ending circle.

hth

How's that a problem? If it's a company device you don't provide anything which isn't client with your security solution, if it's a personal device it isn't authorized to access corporate resources unless it meets the security policy. It's only a problem if you allow it to be one - if you hand out new devices before you've got a security solution for them or if you allow users to use personal devices ad-hoc. It's not a technical issue, it's a policy issue.

zoomee · 18 Jul 2011 at 17:27

bigredshark said:
How's that a problem? If it's a company device you don't provide anything which isn't client with your security solution, if it's a personal device it isn't authorized to access corporate resources unless it meets the security policy. It's only a problem if you allow it to be one - if you hand out new devices before you've got a security solution for them or if you allow users to use personal devices ad-hoc. It's not a technical issue, it's a policy issue.

Well you clearly don't know what Good's technology solution is aimed at - i.e. A 'Bring your own device' model. My organisation isn't as dictatorish as yours lol

- Our IT department aims to be technology enablers not prohibitors.

The last thing to mention about this point is software/rom's on devices - This can change over the course of a devices lifetime so for example - You have an SGSII on Android 2.3 - with a fully certified client by Company X. The same device supplied a week later has a newer ROM 2.4 - When Company X turns around and argues with your support team that this version isn't supported (yet) - Then you'll know what I'm talking about.

bigredshark · 18 Jul 2011 at 23:03

zoomee said:
Well you clearly don't know what Good's technology solution is aimed at - i.e. A 'Bring your own device' model. My organisation isn't as dictatorish as yours lol - Our IT department aims to be technology enablers not prohibitors.

Allowing access to corporate information from devices you don't control and can't define policy on? It's not a matter of preference, it's in breach of any number of policies and laws we have to comply with.

You might be lucky enough not to have that worry but personally I don't think 'bring you own device' is a good idea if you value information security...

zoomee · 19 Jul 2011 at 10:42

I'm with you 100% on that dude. It's getting our management team to understand that! - its half the problem lol.

The Good solution actually uses its own seperate client on the devices - operating in a sandboxed type system, keeping calendar, and emails etc seperate from the rest of the device. Allowing a remote wipe whenever we feel like it - keeping their own stuff intact. I'm not saying its ideal as I'm sure our security guys would have a fit!

Another problem with their "Bring your own device" model - is mainly cost. Aswell as extra administration over the system itself theres also a larger strain on human resources and looking after 'paying the users' for their own data useage - i.e. £10 a month for using their own data bundles. The organisations I've spoken to about it, have quickly highlighted that!

I'm also not happy about the extra support that would be required from such a solution - My support team would have to be able to deal with allot more devices, than just the 'standard offering' we currently have. So you can see I'm not in favour of the "Bring your own device" model at all!

Anyways gl hf!

Ev0 · 19 Jul 2011 at 11:31

It totally depends on where you work/what type of company you are on if the above works or not.

As BRS says, if you're subject to legal stuff, compliance issues etc, then it's not a matter of IT choosing to be awkward, there are very real penalties if you do not comply!

You can still 'enable' very nicely whilst also keeping control. Unless you're setting up a BES to CESG standards as then everything is pretty much turned off

J.B · 19 Jul 2011 at 14:52

Ev0 said:
You can still 'enable' very nicely whilst also keeping control. Unless you're setting up a BES to CESG standards as then everything is pretty much turned off

I've had to do that before, those guys didn't cut any corners with that document!

Ev0 · 19 Jul 2011 at 19:57

J.B said:
I've had to do that before, those guys didn't cut any corners with that document!

It's easy though, quick tip is just set everything to disabled, job done

A[L]C · 15 Jan 2013 at 17:36

What did you go with in the end? I'm in the process of rolling out Mobi from Soti for our corporate devices