A few decades ago, the idea that many businesses could survive—and even thrive—with virtually their entire workforces unable to come into the office would have been shocking. Even as recently as a few years ago, the idea that videoconferencing applications would be workable enough that teams could reliably conduct business over them would have raised some eyebrows. But now that that’s the world that many of us are living in, it can start to seem almost normal, and employers and employees alike might begin to take it for granted.
The tremendous adaptability that many enterprises have shown in this unprecedented moment does, however, mask a real challenge that IT departments have been working to address beneath the surface: how to maintain stable, secure IT management when you don’t have physical access to the devices that are operating on your system.
Corporate Life in a Time of COVID
In all likelihood, when everyone was in one place and working from their in-office workstations, it was pretty easy (if time consuming) to regulate device usage to minimize risk. Since these laptops, desktops, and even phones were mostly accessing your corporate network only for work functionality, you could implement a robust set of policies around data loss and prevention, access control, application usage and updates—all while preventing or curbing unsafe digital behaviors. But then, all of a sudden, a switch was pulled and that control vanished. Why? Because everyone was working from home, on their own Wi-Fi networks, and sometimes with their own devices. Away from the protection of corporate firewalls, they might fall prey to phishing scams that endanger your company’s data, or they might fail to update software in a timely fashion, such that they’re left open to security vulnerabilities that could be exploited by hackers.
Obviously, you want to be able to offer users some flexibility—especially if you’ve transitioned to BYOD (bring your own device)—but it’s a tough needle to thread. How do you ensure that your employees can utilize the apps they need without sacrificing security? More broadly, how do you maintain consistent standards across a network that’s increasingly heterogenous and decentralized? Most importantly, how do you do all this in a way that’s cost effective and doesn’t wildly overtax your IT team?
How Does MDM Work?
The most straightforward answer to the answers posed above is that you might need a cloud-based, mobile device management (MDM) solution. Something like Intune—Microsoft’s end-to-end integrated device management system—gives you the ability to remotely provision, manage, and update physical devices from the comfort of a centralized control tower that gives you full visibility into each device’s profile, compliance status, application usage, etc. Here’s how it works:
- When you need to provision a new device for a user, you can simply scan the barcode to register it within your Office 365 account.
- Once the user has gotten the laptop, tablet, smart phone, or other device, they’re able to connect that device to your Intune infrastructure during the normal device configuration process.
- From there, an administrator can establish specific rules for the various devices within the account, including setting password length and complexity requirements, mandating certain specific security applications, setting data retention, storage, and encryption policies, etc. And you can prevent users on non-compliant devices from access their accounts in the cloud.
- At this point, you can remotely check the device’s status—including compliance with all of the rules that you’ve already set out. This gives you a complete overview of the relevant hardware specifications, device configuration, application configuration, security and encryption status, and more. This way, if anything’s fishy or not up to your specifications you can easily identify it.
- Then, if needed, you can remotely control the device from Intune to perform any number of tasks: install and uninstall apps, restart the device, wipe the device’s memory, retire or decommission the device, etc. This gives you, for instance, the ability to prevent a data breach if the device is reported stolen or missing, just as it gives you the ability to perform hardware support from afar as needed.
There are, of course, other systems besides Intune available for enterprises that need to manage large quantities of devices, but the functionality across this space tends to be similar. The benefit of Intune is that it’s already integrated into the Office365 environment—meaning that it’s likely to be the easiest choice for users who are already relying on Microsoft’s suite of applications.
Benefits of MDM
Now, the amount of control that we described above for remote physical assets might seem impressive on their own—but how exactly do they translate into benefits? In other words, how does this level of remote device visibility and access translate into added value?
- Time savings: Before the rise of MDM software, it would take the average IT department an hour to configure every device that had been provisioned for a new user. With MDM, you can cut that down to just a few minutes. For a business with thousands of employees (and thus thousands of devices being rotated in and out every few years), this has the potential to easily save hundreds or thousands of person-hours in the IT department alone.
- Security improvements: They say that human error is the world’s number one cyber security vulnerability—but MDM gives you the ability to reduce that attack vector considerably. Left to their own devices (no pun intended), users might not set up encryption protections for their data, they might not set strong enough passwords, and they might not update their software in a timely fashion to close known security loopholes. With MDM, you can prevent each one of these eventualities, thereby reducing the odds that a lost or stolen device can be broken into, that leaked data can be read unencrypted, or that a hacker can exploit known vulnerabilities to install malware or gain code execution access to computers on your network. Considering that rates of phishing and other cyber attacks have skyrocketed during the pandemic, it’s hard to overstate the value of gaining control over your security in this way.
- Cost savings: We spoke above of the tremendous time savings that MDM can power for your IT department, but how else does it impact costs? For one thing, it makes BYOD policies more feasible from a security and compliance standpoint, which can actually help you reduce your spending on devices. By the same token, if you’re able to track the ownership and location of your devices in this way, it’s much easier to keep a handle on large quantities of phones and laptops that might otherwise periodically go missing—meaning that devices that would otherwise have needed costly replacements can be found and re-provisioned.
- Improved efficiency: Again, we’ve seen that added efficiency on the IT side—but it makes life easier for the user as well. BYOD policies save users the trouble of waiting for a new device to be shipped—and even when you’re requisitioning a device, it’s quicker and easier to get it up and running (e.g. by automatically provisioning an email account on the device). Likewise, because everything is remotely managed you can be sure that your teams are using the most up-to-date version of their applications, meaning that they’re less likely to experience slowdowns or compatibility issues.
- Smarter, more scalable IT management: Now that so many workforces are distributed, managing devices at scale without this kind of infrastructure is difficult to fathom. Luckily, an MDM solution like Intune gives you the ability to push out updates to multiple devices or solutions at a time, gain full visibility into device usage and ownership, and generally maintain consistent standards across your enterprise in a scalable way.
Challenges in MDM Implementation
If you’re already on the Office365 platform, ramping up to use Intune should be a pretty straightforward affair. That said, managing all of your devices at scale can still be a time-consuming project, especially for smaller IT teams that might not have a lot of cloud administration experience. Luckily, by partnering with a managed services provider it’s possible to gain all of the benefits we discussed above without burdening your IT department or wading into unfamiliar territory.
With a managed service running your MDM, you can simply tell them your requirements and compliance concerns, and they can wade through all of the configuration issues and active management requirements on your behalf. In this way, you save costs on IT labor (nearshore managed services can often power labor cost savings of around 30%), while reducing the risk of a misconfiguration or integration SNAFU. Though these systems are fairly intuitive, there is a lot to keep track of and a lot active setup work that needs to happen to get started—and with a relatively small IT team it’s often worthwhile to the let the outside experts handle it. In this way, your internal IT folks are able to devote their attention to more value-additive tasks, while the rest of your organization uses their devices in a more secure, efficient way.
Learn More About Intertec's Cloud Solutions:
Intertec’s teams have hands-on experience in developing and migrating applications on leading cloud platforms. In addition to design and development, we provide a complete range of application testing, deployment and ongoing support services, including managing physical infrastructure and offering outsourced DevOps teams. Click here to learn more. Prefer a personal consultation? Go ahead and schedule a meeting with us here!