by Earl Follis, Ed Tittel

How to Ensure SAM and SLM Compliance in Mobile Environments

Apr 09, 20147 mins
CareersData and Information SecurityMobile Device Management

Software asset management and software license management aren't just for on-premises assets. Find out how they can help you ensure compliance with software policies and agreements across mobile devices as well.

As our newly coined adage states: “If you allow it, they will come … and they will bring their tablets and smartphones with them.” Many companies have already come to grips with the reality that bring your own device (BYOD) is what their users really, really want.

That said, there are some prescriptive management considerations that might not be part of a technical evaluation aimed at integrating mobile devices into a corporate network, be those devices either user- or corporate-owned assets.

Ensuring compliance with corporate policies and regulatory requirements is a key consideration, and planning how your organization will manage compliance on mobile devices is an ongoing concern for technology managers and executives. Software asset management (SAM) and software license management (SLM) on mobile devices are two concerns that must also be addressed to avoid transforming BYOD into “bring your own disaster” (instead of the more typical interpretation).

The BYOD concept continues to grow as users expect their personal mobile devices to be accepted in, integrated with and supported by corporate IT shops the world over. Many companies have performed their own cost/benefit analyses and see an opportunity to preserve capital budget by implementing BYOD policies in the workplace. Other companies see an easier, better-controlled road by providing mobile devices to those users whose job roles justify such expenses.

In reality, using mobile technology in a corporate environment poses a unique set of challenges above and beyond immediate issues of security, compatibility and support. Compared to a secure, IT-issued and controlled desktop hard-wired to a corporate network, most mobile devices possess few of the intrinsic security capabilities found in deskbound systems. Fortunately, SAM and SLM tools now available run on a variety of mobile platforms, including Apple’s mobile products and Android-based mobile devices.

Mobile SAM and SLM Software Critical in BYOD Environments

mobile device security

Mobile SAM and SLM solutions must offer the same features and capabilities that non-mobile SAM and SLM software does. The goal is to include mobile devices in the software asset discovery and management process while also managing software licenses on such devices. Given that software license purchases are typically negotiated by a central procurement department and leverage volume discounts for all users, it’s imperative that mobile licenses be included in corporate software purchases so as to maximize volume discounts.

[ How-to: Mitigate Business Risk Using SAM and SLM Tools ]

[ More: How to Secure USB Drives and Other Portable Storage Devices ]

If your mobile device policy accommodates BYOD, SAM software becomes critical to your corporate network. This is thanks to the lax security in many mobile apps as well as significant security exposure in third-party mobile apps purpose-built to mine personal data from mobile device users.

Even if a mobile app mines data only from something as seemingly innocuous as a Twitter feed or Facebook app on the mobile device, that could expose enough personal data to allow bad actors to reverse-engineer corporate passwords.

Consider SAM and SLM When Crafting BYOD Policy — and Vice Versa

One driver for continued adoption and expansion of mobile devices is that it grants users some control over their mobile computing experiences. The benefits to the company and the employee of a BYOD policy are well documented, but a no-holds-barred BYOD policy can also pose significant compliance issues that may outweigh those perceived benefits.

If a company cedes to users the decision to bring any mobile device into a corporate IT environment, and if the company allows those users to expect seamless integration (and support) within a corporate IT environment, then the job of monitoring SAM and SLM on mobile devices gets exponentially more difficult, if not impossible.

Companies must strike a balance between the wishes of the user community and the absolute corporate requirement to manage compliance on all mobile devices, including BYOD. As a result, a company’s BYOD policy is likely to support only certain types of mobile devices, platforms and operating systems for corporate use.

[ Case Study: 5 Mobile Security Lessons From the Department of Defense ]

[ Analysis: BYOD Security Concerns: Does IT Protest Too Much? ]

Recognizing that all mobile devices must be managed to ensure SAM and SLM compliance, many considerations must be factored into any discussion of supporting mobile devices on the corporate network. Which mobile platforms are compatible with SAM and SLM software while integrating into the corporate SAM and SLM infrastructure?

If you’re lucky, your current SAM and SLM software vendor offers software that runs on a variety mobile devices, usually via an agent installed on the mobile device. If not, you must either find a vendor whose software can be integrated into existing corporate SAM and SLM software or replace that corporate SAM and SLM software with software that supports both mobile and non-mobile SAM and SLM platforms.

SAM, SLM Present Challenges on Mobile Devices

If your company lets users bring their own mobile devices, someone must install SAM and SLM agent(s) on them all. This is as much an internal process question as it is a technical one. What if 100, 1,000 or 10,000 users sign up for the new BYOD program? How will all those SAM and SLM agents get installed on all those mobile devices?

(Of course, your company may choose to provide mobile devices to employees with business requirements for their use. If so, you can include installation of SAM and SLM software as part of your normal staging and deployment process for new computers or devices.)

Another challenge in ensuring SAM and SLM compliance for mobile devices is the variety of mobile devices and operating systems available. As with any software designed for mobile use, SAM and SLM software may not support every specific hardware platform that users might present in a BYOD scenario, such as an old iPad II or an Android-based tablet from a specific manufacturer. Likewise, your SAM and SLM software may not support every released version of iOS and Android that users might run.

[ Reality Check: Security Managers Still Don’t Get Mobile Security ]

[ Commentary: How IT Can Scare Off BYOD Monsters in the Closet ]

Here’s where thorough compatibility testing of mobile hardware and software helps control which mobile platforms (and OSes) you support in any BYOD program. Even different versions of Android offer widely divergent features and compatibility options, so you might only be able to support Android flavors or versions for specific smartphones and tablets. This is one of the biggest factors driving companies to provide mobile devices to users on the go, rather than jumping through the many hurdles that BYOD imposes.

Mobile SAM and SLM Can Give Orgs Competitive Advantage

SAM and SLM management for mobile devices is a complicated issue that can’t be ignored. As the popularity of mobile devices continues to explode, a viable, practical SAM and SLM management plan for those devices becomes increasingly critical.

Whether mobile devices are company-provided or user-owned, an established process to install SAM and SLM agents offers a smooth transition to a fully compliant, mobile workforce at the lowest possible cost. Regular audits of software assets and license usage on mobile devices will likely lead to reduced costs across-the-board for procurement and administration as well.

Finally, proper planning and execution of a mobile device strategy can create a competitive advantage for your organization. It helps avoid an expensive exercise in futility — or, worse, exposing your company network to unnecessary security risks or damage to brands and reputation.