So far, I have talked about the Platforms, Procurement and Policies that make up a good mobile technology strategy. In this post, I will be talking about a piece of the plan that not only comes into play during your planning stages, but also is a day to day part of your organization’s operations: Provisioning.
Provisioning mobile devices consists of everything from getting the devices out of the box and ready for deployment, creating and managing device profiles, configuring and enforcing device settings, and finally, establishing a method to monitor and report on your organization’s devices. It is the last step in your organization’s strategy before you put the devices in your users’ hands. All of this can sound like a daunting task to figure out. There is a mix of items that involve some strategic planning when you first decide to bring mobile to your organization and grunt work such as getting devices out of the box, creating an inventory and activating all of the devices. With one useful tool though, you can simplify a lot of your Provisioning Tasks – Mobile Device Management (MDM). A Mobile Device Management (MDM) system is the best Provisioning tool for mobile devices. Additionally, MDM is useful for maintenance, inventorying and decommisioning your mobile devices. If your organization has a large number of mobile devices to support, a proper MDM system is almost a necessity to properly configure and support them.
Depending on the needs of your organization, MDM can be used to help with almost all of your Provisioning needs except for getting the devices out of the box and activating them. For that, you will still have to get hands-on with the devices. Most mobile devices require activation as well, though the activation method varies depending on the device platform. Android, Blackberry and Windows Phone 7 devices can be activated directly on the device. iOS devices still require connection to a computer running iTunes to be activated. One step that can speed up this process is setting up an activation station with iTunes configured in an activation-only mode. That sets iTunes to only activate the device without syncing it with the computer, which greatly speeds up the process.
Once your devices are activated and ready to configure, then it is time to get them configured to comply with your organization’s policies. Network settings, email accounts, security restrictions and other settings could make this a time consuming process, especially for a large organization. This is where MDM makes your job easier. Create your provisioning profile once in the MDM, and then add the device to the MDM. The joining process varies from one system to the next, but it is still much less time than doing each device by hand. A good MDM solution also makes it easier for your organization to be flexible in configuring mobile devices. The needs of a sales representative are not the same as those of your trainers, IT staff or executives. You can create a separate configuration profile for each role, and then assign the devices to the proper role. This type of configuration gives your organization greater granularity of control over who has access to what on their devices.
While each mobile platform has their own methods on how to build and deploy configuration profiles for their devices, typically, third-party platforms offer more flexibility as they often support multiple mobile platforms. One platform offering that most people are familiar with may be changing that strategy. With their purchase of Ubitexx, RIM has announced that it will add support for iOS and Android devices to their BlackBerry Enterprise Server (BES) platform. For organizations that have a long term investment in BES, this may provide a chance to broaden their support for other devices.
Another question comes up if your organization has decided to support a Bring-Your-Own-Device policy (BYOD). Users with personal devices that have already been activated and set up may not conform to your organization’s policies. In a recent survey, only 35% of companies are maintaining a strict limit on mobile devices accessing their networks, but nearly half either do not have or do not enforce a security policy on user-supplied devices. Creating an official BYOD policy for your organization that requires all devices to be registered with your MDM system will help keep your network more secure. You will be able to implement and enforce your policies on those devices, as well as protect your information when they leave the organization. For users that are worried about losing personal data because of your MDM’s remote wipe capability, many systems now offer the ability to sandbox personal information from your business organization and wipe only the private data from your organization.
Is it possible to do all of this without a Mobile Device Management system? Of course, but it becomes much more time consuming and difficult to enforce. For a small organization, it may be possible to get away with developing configuration profiles manually and apply them before deploying the device, but that will not prevent a user from modifying those settings. It also becomes nearly impossible to enforce your security policies when you have a BYOD policy without a management system. It doesn’t hurt to plan for growth. If you implement MDM when your organization or mobile deployment is small, you are establishing a good foundation for the future.
Now that you have Provisioned your devices and have them in the users’ hands, you will need to figure out how to get your organization’s apps and information to the devices. In my next post, I will talk about how you can Publish to your mobile devices.