How to manage consumer devices on your network

Your user community is connecting to your corporate email system using all kinds of consumer devices, from iPhones to iPads and Android-based smart phones. Do you know what devices are coming into the network? Do you know what applications are on these devices? Do you have any means to control them, preferably based on your standard policies? Fiberlink Communications has new Mobile Device Management services that can help.

Smartphones and other devices such as the Apple iPad have clearly reached critical mass. The iPad alone is expected to reach sales of 65 million units this year. While we call them consumer devices, a hefty percentage are owned by people who want to use their phone or tablet computer to access corporate e-mail and other applications. Chances are good that you are already dealing with workers at your organization wanting to connect their devices to your network.

Given these devices truly are meant for consumers, they weren't necessarily designed with network connectivity and operations in mind. I consulted my mobile computing experts, Jim Szafranski and Joshua Lambert of Fiberlink Communications, to get some tips on how to provision these devices for your network and how to manage them once they are on. Fiberlink is an industry leader in providing services to manage mobile computing.

First, the good news. In creating iOS, the operating system that runs both the iPhone and the iPad, Apple worked closely with Microsoft to ensure these devices work well with ActiveSync, the utility that connects most smartphones/tablets (except Blackberry) to Microsoft Exchange. That means it's pretty easy to give Apple devices access to Exchange e-mail, and to control them once access is established.

Now, the not so good news. Android-based devices are a bit more challenging when it comes to compatibility with ActiveSync. For example, it's easy to fake a passcode through an Android device, leading to security vulnerabilities. As Fiberlink's Lambert puts it, "Android needs a lot of help to make it enterprise-class."

Of course, this isn't even a consideration for a consumer when he's buying his device, but it's something to keep in mind if your company is going to buy a fleet of devices for executives or sales people.

Szafranski says he's having many "rich conversations" with customers over the best way to provision these devices for enterprise use. Companies are accustomed to having corporate standards for user profiles for desktops and laptops and having an easy way to distribute and manage the applications and settings of those profiles. Again, these consumer devices don't really fit that mold. Because users go to public "app stores" and download whatever they want using a personal account, it's practically impossible to control (or even know) what people put on their smartphones and tablets. About all companies can do is put together a list of approved applications and tell users what's on the list. The app stores are carrying an increasing number of applications that are enterprise-worthy.

As part of its broad cloud-based Management as a Service solution called MaaS360, Fiberlink now has Mobile Device Management (MDM) services for both Android-based and iOS-based devices. Using an MDM service, you can gain visibility into the mobile devices that people using to connect to your network. One common complaint of system administrators is that they have no idea what kind or how many mobile devices are connecting to the enterprise, and MDM provides that insight.

MDM can reveal information such as the model and operating system of the device; the home network/current network; the installed applications; the device ID, including phone number, the International Mobile Equipment Identity (IMEI) number, and e-mail address; device restrictions; installed policies; and security policies. Once you have this information, you can do things like:

• Report on all mobile devices connected to your Exchange server.

• Block devices that may represent a security risk.

• Enforce policies for passwords and encryption.

• Perform basic Help Desk operations, like password reset and remote wipe.

For example, you can see if a device has an application like Dropbox, which provides the means to copy information from the network to the mobile device. While you might not be able to force the user to remove Dropbox, you can certainly disable his ability to log onto your network via that device, and even wipe the device clean if necessary.

MaaS360 provides daily operational dashboards that tell you what you have as far as mobile devices, and lets you get your arms around planning and strategy. Without a tool like Mobile Device Management, you could be flying blind with these proliferating smart phones, and that presents a risk to your business.

Linda Musthaler is a principal analyst with Essential Solutions Corporation. You can write to her at


About Essential Solutions Corp: Essential Solutions researches the practical value of information technology, and how it can make individual workers and entire organizations more productive. Essential Solutions offers consulting services to computer industry and corporate clients to help define and fulfill the potential of IT.

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2011 IDG Communications, Inc.