In 2020, the average data breach against an American company cost more than $8.1 million dollars—an increase of almost 3% over 2019 and part of a larger global trend of increasing economic impacts related to cyber security. Not unrelatedly, the global market for mobile device management (MDM) was $3.4 billion in 2019, and is expected to climb over $10 billion within the next five years.
Taken together, these two stats paint a fairly vivid picture of the global economy: as hackers and cyber attackers (many of them emboldened by the pandemic) increase their attempts to spread malware and perpetrate phishing scams, companies are looking for new ways to secure their networks and prevent data breaches. Mobile device management solutions like Microsoft Intune are an important piece of that puzzle. And, zooming out, they’re also an important piece of the puzzle for transitioning to more secure, scalable, and standardized device management in a global marketplace that increasingly thinks of remote and distributed work as the norm.
What Is Mobile Device Management?
Okay, we may have pulled a little bit of a bait and switch with our title. The picture of cyber security in the modern workforce that we sketched out briefly above is one answer to why you should care about MDM, but we didn’t actually go over the first part of the query: what is mobile device management?
Simply put, mobile device management enables your IT team to remotely manage physical infrastructure, e.g. smartphones, tablets, and laptops—even, potentially, those your users have brought from home as part of a new BYOD (bring your own device). Unlike the old days where a new laptop being provisioned for a user might have taken IT an hour to set up and register, something like Intune makes it possible do so remotely in a matter of minutes.
Though solutions that let you manage distributed physical assets in this way aren’t new, the emergence of the cloud in everyday business use has made them not just more popular, but more effective. In this way, IT staff halfway around the world can:
- Register device and create device groups;
- Set password length and complexity requirements for endpoints such as laptops and smartphones;
- Natively provision software, email accounts, and Wi-Fi/VPN profiles on new devices
- Remotely retire, wipe, or re-provision devices;
- Prevent devices that aren’t in compliance with corporate encryption, data-governance, data loss and prevention, and other policies from accessing corporate data in the cloud
- Restart and reset passwords on devices;
- Automatically push application updates to devices in order to avoid security lapses and other potential risk factors.
On a device-by-device basis, it’s easy to imagine the impacts of this kind of functionality. If we take a step back, it’s also easy to see how this kind of technology can also give you much greater visibility into the devices in your network; you can easily visualize usage data, overall compliance statuses, and devices across the organization—which gives you much more control over how these devices are administered and makes it easier to achieve standardization.
How to Save Time Utilizing MDM
Like we alluded to above, one of the primary drivers of value here comes in the form of saved time. For your IT staff, the ability to provision and register individual devices more quickly has the potential to save hundreds of hours per year, which can then be leveraged towards more valuable tasks. The trick, however, is to make sure that those time saving aren’t eaten up elsewhere within the MDM machinery—in other words, to make sure that your IT staff doesn’t get so bogged down trying to configure the right MDM policies and successfully deploy them that they squander their productivity gains. From the outside, this might not seem like it’s a huge risk. But, in point of fact, there is an inherent level of complexity to this technology that increases its risk of becoming a troubleshooting blackhole. For instance, if you’re trying to configure Intune to play nicely with your firewall rules, you might find that Microsoft’s documentation is a little bit sparse, and you could be stuck grasping at straws to get this seemingly simple set of scripts to actually run.
In this sense, one of the most obvious ways to leverage your MDM deployment into real time savings and IT efficiency boosts is to seek out a managed services provider with a track record of cloud expertise in general and MDM expertise in particular—i.e. the kind of agency whose teams know that in order to get Intune running on certain firewalls you have to whitelist not just the URL that Microsoft recommends adding to your Scripts and Win32 applications (https://docs.microsoft.com/en-us/mem/intune/fundamentals/intune-endpoints), but another URL (http://www.msftconnecttest.com/connecttest.txt) that Intune uses to check the device’s connection status. By teaming up with someone who has this kind of specialized knowledge, you can actually operationalize the efficiency gains that we’ve been discussing. This means that your IT staff is less burdened by technical minutiae and thus more able to power your continued digital evolution and maintain stable IT infrastructure.
What Are the Right MDM Policies?
Of course, it’s not just the IT team who can benefit from MDM in terms of time savings. In theory, all of your device users should be able to gain some value from utilizing devices that are being actively managed to ensure standardization. This comes from ensuring that the devices are always running the applications and tools that your users need, that they’re able to connect to the cloud (provided they’re in compliance with the relevant security policies), and that they’re able to get troubleshooting help at least as easily as they could in an office setting. This also comes from avoiding the kinds of work stoppages that can result from major security failures. In the case of an individual user, this could be hours or days of work lost to an account being compromised by a phishing attack; or, you could see the same kind of disruption at the scale of the entire enterprise in an instance where a ransomware or other attack has impacted your critical infrastructure.
Ultimately, the way to operationalize those potential time savings is by setting the right MDM policies. If you’re able to successfully match your corporate risk profile and your users’ needs with your actual device policies, you can set yourself up to avoid the kinds of work stoppages we described above. So, what are the right policies? This will depend on any number of factors:
- What are you data loss and prevention policies like? If they’re particularly stringent, you may want to prevent users from copying and pasting information out of certain applications in order to make sure those policies are adhered to. There may also be data compliance issues at play here, e.g. if you’re in a highly regulated industry like health care.
- What different user personas are there across your enterprise, and how do their needs differ with regard to device usage? Since it’s easy to establish device groups with their own sets of policies, you can ostensibly be fairly specific in specifying which devices have to comply with which policies. You might allow for more flexibility in a device that’s specific to one particular user that doesn’t have a high level of privileged access—while something that has your company’s point of sale system installed on it might be subject to more serious restrictions. For something in that category, getting the configurations right becomes mission critical relatively quickly—the last thing you want is a device with weak password protections and carte blanche access to financial data, for instance.
- How are you handling company-owned equipment vs BYOD (bring your own device) endpoints that might actually belong to your users? Though MDM is one of the most straightforward methods of making BYOD safe for enterprise deployments, users will likely tolerate restrictions to company-owned equipment that they won’t accept with devices that they also use for personal activities. Here, it’s helpful to be able to establish different profiles within an individual device, such that work and personal activities can be segregated effectively.
Challenges with Microsoft Intune Implementation
As you can imagine, setting these policies—while crucial to keeping your security standards high and your device network uniform—can lead you fairly deep into the weeds. Even once you’ve decided on the right policies down to a fine level of granularity, you still have to implement those policies through your admin portal, which can sometimes be easier said than done. From there, you need dedicated resources to monitor and enforce those policies, while making sure that no configuration errors crop up.
Like we alluded to above, this is an area where cost optimization has to be considered pretty seriously. Tools like Intune have the power to save time and money and improve your enterprise’s security posture, but they have to be managed correctly. What does “correctly” mean? In cases where a company has limited IT capacity, it might mean partnering with a managed services provider who can implement, manage, and monitor mobile device compliance policies more quickly and more easily than your existing resources. Nearshore outsourcing operations are often able to power labor cost reductions of more than 25%, which means that on top of the added efficiencies that come from having comparative MDM experts on hand you can leverage even further cost savings—all while giving time back to IT staffers who might be able to make progress towards other cost optimizations elsewhere in the technology stack.
Learn More About Intertec's Cloud Solutions:
Intertec’s teams have hands-on experience and expertise with mobile device management and Microsoft Intune in particular. We bring considerable cloud and MDM expertise to the configuration and active management of your entire mobile device network at a fraction of the cost of doing so in-house. Click here to learn more. Prefer a personal consultation? Go ahead and schedule a meeting with us here!