Mobile device management (MDM) technology, while still in its infancy, has come a long way in the last few years. Letting employees and associates use mobile devices has become a critical factor to a company’s success, which explains the explosion of interest in MDM systems. To that end, many of the largest companies use AirWatch on a global scale to stem the tide of mobile devices that are flooding their networks.
Headquartered in Atlanta, AirWatch has been in the MDM business since 2003 with one goal in mind—helping companies focus on using mobile technology rather than the complexities of managing it. When your business is ready to take mobile asset management seriously, AirWatch is definitely worth a test drive.
The company designed its MDM platform to be multi-tenant, highly scalable and integrated with existing enterprise systems, regardless of whether they are on-site or in the cloud. AirWatch also supports all major mobile players—Apple iOS, Android, BlackBerry, Symbian and Windows Phone—out of the box. Finally, many customers will tell you they use the product because they find it intuitive.
With the top motivator in mobility today being ROI and employee preference, it’s safe to say the Bring Your Own Device (BYOD) era is here to stay. Let’s take a look at how big businesses are using AirWatch to protect their mobile assets and data.
Whether you adopt a BYOD policy or issue corporate liable devices, the process for protecting those devices is the same, and it begins with enrolling the device into a MDM system. AirWatch lets associates activate devices in one simple step, without the need for iTunes, or any such software, in your environment.
Activation begins with a simple email or SMS to the user’s mobile device. This provides them with a provisioning URL, a login and an activation code. (If using SMS, a batch import file can be applied.)
From there, a simple challenge and response message takes place on the device. As each user visits the URL provided, the device is placed into a default location group. This lets administrators place each device into geographic or organizational subgroups. This, in turn, allowing AirWatch to push the appropriate profile for each device based on which group in which the device resides; employees in one country can be grouped together, for example, to ensure that they comply with that country’s specific privacy laws. A profile is added to the device, and the process is complete.
Once enrolled in the AirWatch console, your company’s admins can easily make changes, insure compliance and monitor the device by using the Web-based console.
AirWatch’s device enrollment process begins with the device staging procedure, which lets IT administrators quickly stage a device with the proper configuration and prepare it for deployment. This process can also be used for bulk enrollments that involve large-scale mobile device deployment.
All devices, regardless of the number being deployed, require directory-based user authentication that in turn uses AD, LDAP, SAML or any token-based authentication system. This adds the first layer of device security. This is also where all users of the device are required to read and comply with your company’s own end user license agreement. This provides both added accountability and visibility to your company’s policies and deters those associates from exclaiming “I didn’t know” when policies are not adhered to.
The entire enrollment process can have as many or as few restrictions as your business needs—from blocking device types, platforms type or version types to checking for jailbroken systems. You can easily deny certain device types from accessing your systems and networks.
Even the most basic MDM systems can require the device to be password-protected, but businesses serious about mobile device security will need to adjust the complexity of certain passcodes based on which business group uses the device. AirWatch provides the ability to configure the passcode complexity but, also, to adjust password length and add lock and wipe rules.
The security features of AirWatch extend past the passcode method of providing security and mandate encryption on the devices storage cards. This secures all data being stored on and transmitted to a device and, by providing local data backup, adds an element of data loss prevention. It also provides functionality to lock down a device to the point that users are unable to use just about any devices features, up to and including Web browsers and apps loaded on the device. Administrators can also apply rules that provide compliance enforcement, including automated responses when a device is lost or stolen.
Admittedly, applying many of these features would render a mobile device little more than a flip-phone. However, certain business groups may require such an aggressive policy, and AirWatch lets you leverage those features accordingly.
4. Device Management.
Once deployed, devices can be easily managed.
- You can update each device configuration profile, for a whole group or the whole enterprise.
- You can send a request to the device to request information, lock the device, or, when necessary, wipe it of all data remotely.
- If you’re retiring or decommissioning the device, you can quickly un-enroll that device using the Admin console.
- Finally, you can set up custom queries at custom intervals in order to report on any device information.
As stated, all devices enrolled in the AirWatch system can be configured remotely. Immediately out of the box, administrators can distribute documents between devices on the system using the “Content Locker” feature. Admins can configure device settings or user credentials allowing, in the process allowing access to certain resources on your network.
These configurations can be specific to the group or individual device certificates. Furthermore, each device can contain as many accounts as needed to facilitate access to businesses corporate email, calendars, contacts or even Wi-Fi and VPN networks. Finally, all approved apps can be controlled using the AirWatch Custom App Catalog, which lets you distribute and manage internal and external business apps.
Once your devices have been enrolled into AirWatch, with user groups configured and apps distributed, you’ll want to track and view device information in real time. AirWatch includes interactive dashboards and Web portlets for this purpose. Visibility and access are tightly controlled, as your system administrator can configure what data is collected and who can view it.
Admins, and end users, can also receive alerts triggered by specific events, which can include just about anything related to the device, such as memory space capacity or the addition/deletion of applications. Alerts can be received via email or a notification from the AirWatch dashboard. This gives senior IT management team the ability to use their own mobile devices to receive reports about employees’ mobile device use.
No MDM system is complete without the ability to support your user community remotely so they don’t have to constantly ship equipment around the world when something fails. Using AirWatch, admins can send messages to the user, and vice-versa, which makes it easy for your support team to troubleshoot issues, providing instructions and images when necessary.
Savvy end users can access a self-service portal for tasks such as clearing or changing passcodes or locating a lost device. For more complicated processes, admins can remotely control the device from their own computer screen. (Pay attention to the privacy laws in effect in your employees’ country of origin.)
Businesses in a variety of industries have chosen AirWatch for mobile device management. The company is but one of many MDM providers to consider, but AirWatch’s support for all mobile devices, robust reports and simple policy administration should put it near the top of your mobile device management list.