Mobile Device Management

The explosive popularity of mobile email devices like smartphones and iPads can lead to security problems if not managed properly. In the corporate world, we want at the very least to be able to enforce passwords on devices and remotely wipe mobile devices if they are lost or stolen.

There is also the emerging scenario of devices left in semi-secure environments. Imagine an iPad configured with a corporate email account and left around the house to be toyed with by the children and their mischievous friends.

Here is a quick overview of some of the Mobile Device Management options available on the most common platforms:

  1. Blackberry Enterprise Server has had “IT Policies” for some time. It fact, they really set the standard in this area, Mobile Device Management is old news to BB admins. This should come as no surprise given RIM’s deep commitment to the enterprise.
  2. Microsoft Exchange 2003 is getting old to compete well in this area. However, SP2 allows password enforcement, and the “Microsoft Exchange Server ActiveSync Web Administration Tool” provided by Microsoft, although very basic, can do remote wiping of ActiveSync devices.
  3. Exchange 2007 and 2010 introduce “Exchange¬†ActiveSync mailbox policies” which have a myriad of great management options. Of course you can wipe the devices using the Exchange Management Shell and enforce passwords and password complexity, but some of my favorites include enforcing storage card encryption and
    setting inactivity time before the phone locks. You can even do things like disable the camera if you are feeling like a real control freak. Of course, not all phones will be able to enforce all of these options.
  4. Google has been playing catch-up to enable these enterprise MDM features in Android and they now support a few of the essential options. They are also starting to roll out these features (including device location discovery) for Google Apps users via the “Google Apps device policy.” It looks like they can even password enforce and remote wipe any phone with Google Sync installed.
  5. iPhones have been pulled into the enterprise for some time now, so Apple’s enterprise features are more mature than Android’s. They even include a “find my ” feature with Mobile Me which allows remote wipe and ad hoc passcode enforcement. Everyone I talk to about Mobile Me has been disappointed though, so I can’t recommend it in good faith.