How to implement a mobile device management project plan
With mobile device management software, IT can better support corporate smartphones, laptops and other mobile endpoints. Learn how to build a project plan for MDM implementation.
Mobile device management is an essential tool to protect corporate resources for an increasingly mobile workforce. But how should IT go about implementing it?
Data security and regulatory compliance are key concerns for enterprise devices, and adding mobility to the mix can complicate these issues further. Mobile devices are often more vulnerable to loss, theft and unauthorized access. Plus, with the rise of BYOD policies, many employees use personal devices for work purposes, creating additional data privacy concerns. To handle the risks associated with enterprise mobile devices, IT can use MDM.
Choosing an MDM strategy
IT teams can approach MDM implementation in a few different ways. The right strategy depends on the organization's specific needs, the types of devices to manage and the desired level of control. The main MDM approaches to choose from are on-premises, cloud-based and hybrid.
On-premises MDM
With the on-premises approach, the organization hosts the MDM software on its own servers. IT teams manage the MDM infrastructure, including hardware, software and updates.
This enables full control over the MDM environment and easier compliance with requirements to keep data storage on premises. However, significant in-house IT expertise is necessary to manage and maintain the infrastructure. The platform might be more costly as well, particularly as the number of devices grows.
Cloud-based MDM
For a less hands-on approach, organizations can turn to cloud-based MDM. With this option, a third-party provider manages the MDM software and hosts it in the cloud. Organizations access and manage their MDM settings through a web portal.
Cloud-based MDM can accommodate growing numbers of devices with minimal effort. Upfront costs tend to be lower, and most providers offer a subscription pricing model with predictable monthly expenses. Depending on where the data is stored, however, there might be concerns about data sovereignty and compliance with local regulations. It can also be disadvantageous to rely on a service provider for uptime and security.
Hybrid MDM
Another option is to combine elements of both on-premises and cloud-based MDM. With hybrid MDM, the core MDM infrastructure is typically on premises, but IT handles certain functionalities, such as analytics or specific management tasks, in the cloud. Sensitive data remains on premises while admins use cloud capabilities for other functions.
Cloud-based MDM can give rise to data sovereignty concerns.
Key considerations for an MDM project plan
Creating an MDM implementation project plan involves several technical, organizational and security considerations.
First, admins should decide how they want to roll out the MDM system. A phased approach, starting with a pilot program, helps to iron out the device enrollment process. Additionally, configure monitoring and alerts ahead of time to show whether devices are compliant.
Cost is always a concern, so develop a budget that covers software licensing, hardware, implementation and long-term maintenance costs.
The process to implement MDM varies based on the size and industry of an organization. Consider the following types of organizations and their specific MDM needs:
Healthcare. Strict security policies, encryption and compliance features are crucial when handling healthcare data. MDM tools in healthcare should ensure that patient data is secure on mobile devices and that only authorized personnel can access sensitive information.
Financial services. Financial institutions require security features such as multifactor authentication (MFA), strong encryption and detailed audit trails. The MDM platform should also support secure mobile payments and transactions.
Government and public sector. Government organizations often need on-premises MDM tools to comply with data residency laws. Specialized security features such as encrypted messaging and secure document sharing might be necessary as well.
Retail and e-commerce. Retailers might prioritize the management of point-of-sale devices, using MDM to keep them secure, functional and up to date. MDM platforms should also integrate with inventory and customer management systems.
SMBs. Small organizations often prefer cloud-based MDM platforms due to their lower upfront costs and ease of management. Features such as asset management are also especially important for SMBs.
Large organizations. Large enterprise organizations might need a scalable MDM platform to manage thousands of devices across multiple locations. Platforms that offer advanced features and integrate with other enterprise systems, such as CRM and ERP, are especially helpful.
6 steps to implement and run MDM
Implementing and maintaining MDM is an ongoing and multifaceted series of tasks. IT departments can break the process down into six steps, starting with initial planning and ending with lifecycle management.
1. Planning and assessing requirements
To get started, IT should clearly outline the goals of the MDM implementation. Is the organization focused on cybersecurity, compliance, BYOD management or improving productivity? These objectives will guide the entire process.
Involve key stakeholders early on, including HR, legal and compliance department heads. Their input can help identify requirements, set expectations and ensure buy-in.
Evaluate the IT infrastructure to determine how the MDM platform will integrate with existing systems such as email servers, identity management and security tools. When conducting an inventory of all endpoints that will fall under management, consider different OSes, device models and ownership scenarios.
Additionally, establish clear policies around device usage and security. This should include passcode policies, encryption, app management, data protection and regulatory compliance.
2. Selecting an MDM platform
Once admins have identified the organization's requirements, they can evaluate different MDM platforms. The right platform will be compatible with the existing infrastructure and comply with corporate policies and legal requirements. Consider factors such as ease of use, scalability, cost and security features as well.
Choose between open source or commercial tools, keeping budget, technical expertise and level of support in mind. Features to prioritize include remote troubleshooting, geofencing, application management and secure email access.
It can also be helpful to conduct a pilot test with a small group of users before full deployment. This way, IT can assess the tool's performance and identify potential issues.
3. Implementation
The next step is to deploy the MDM infrastructure, whether on-premises, cloud-based or hybrid. Integrate the MDM platform with the IT infrastructure and ensure seamless communication between systems. Consider deploying the platform in phases, starting with a specific department or location to help manage any unexpected issues and give time for adjustments before a full rollout.
Within the MDM system, set up device policies, user profiles and configurations. This should include security controls, permissions, app management and content filtering.
There should also be a process in place for enrolling devices in the MDM system. Common methods include user self-enrollment, automated enrollment for corporate devices and manual enrollment by IT staff.
To help smooth the transition, provide employees with training on MDM policies, security protocols and how to use their devices within the MDM framework. Make a help desk or support team available to assist users with MDM-related issues.
During the rollout, closely monitor device performance, user compliance and system functionality. Listen to feedback from users and stakeholders to make necessary adjustments to policies, configurations or user training.
4. Ongoing management and maintenance
After implementation, IT must continue to address MDM functionality and security. This phase involves monitoring device security and overall performance. Dashboards and reporting tools within the MDM platform can help track key metrics.
Dashboards and reporting tools within the MDM platform can help track key metrics.
Regularly review and update device policies and configurations to adapt to new threats, business needs or changes in regulatory standards. Additionally, make sure that all managed devices receive regular software updates and patches to their OSes and apps.
Performance metrics, user feedback and security reports help assess the effectiveness of MDM. Based on review findings, optimize the MDM system by refining policies, adding new features or scaling the infrastructure as needed.
5. Security management
Admins should develop and implement procedures for responding to various security incidents. Safeguards might include remote wipe capabilities, lockouts or alerts.
Periodically conduct audits to ensure that devices and the MDM system follow internal policies and external regulations. Address any gaps or security risks promptly.
If system failure or other issues occur, IT should be able to restore the affected data. Implement backup and recovery procedures for critical data in the MDM system.
6. Decommissioning and lifecycle management
When devices reach the end of their lifecycle, IT must properly decommission them. This involves wiping their data, removing them from the MDM system and securely disposing of hardware.
Organizations should plan for the entire lifecycle of devices, from procurement to decommissioning. This helps manage inventory and budget replacements, as well as compliance and sustainability measures.
Common pitfalls to avoid with MDM implementation
Setting up MDM can be complex, and IT teams often encounter pitfalls that can hinder the initiative's success. Organizations can avoid the following common mistakes:
Lack of clear objectives. Implementing MDM with the wrong goals in mind results in frustration and confusion for administrators and end users. To prevent this, understand the organization's specific needs and ensure the MDM platform aligns with these goals.
Overly restrictive policies. Security is important, but undue measures can diminish user experience. IT should try to strike a balance between security and usability. Tailor MDM policies to different user groups and avoid imposing unnecessary restrictions.
Ignoring user privacy concerns. Device management often brings out privacy fears for the employees using those devices. Clearly communicate what data IT will monitor and how the organization will use it. Implement policies that separate corporate and personal data, such as containerization, and enforce data protection requirements.
Inadequate security measures. MDM by itself can't provide effective data protection. Instead, use MDM as part of a broader security strategy. Complement MDM with strong encryption, MFA and regular security audits.
Helen Searle-Jones holds a group head of IT position in the manufacturing sector. She draws on 30 years of experience in enterprise and end-user computing, utilizing cloud and on-premise technologies to enhance IT performance.
