BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 08-18-2010, 11:31 AM   #1 (permalink)
Talking BlackBerry Encyclopedia
 
b52junebug's Avatar
 
Join Date: Sep 2005
Location: Phoenix, AZ
Model: Many
OS: varied
Carrier: Corp demo abuser..
Posts: 268
Post Thanks: 3
Thanked 5 Times in 5 Posts
Post What is your company doing about MDM?

Please Login to Remove!

So as we all move forward in this mixed Mobile Device world, what steps are your companies taking to ensure that every device is complaint with current company acceptable use policies? I know that there are a few software developers out there that promise great things on Mobile Device Management(MDM), but is anyone using them? Mobile Iron, Tangoe MDM, Zenprise, Trust Digital?

It appears that in a recent converstion with our Tech Rep at Cisco, that us as administrators are all standing around scratching our heads trying to figure out how we can incorporate all of these fantastic devices into our environment. How can we determine the actual security of such devices and be able to ensure data integrity across all platforms?

As we all know the customer base drives our world. So when the customer is the CEO with a new iPhone, we have to figure out how to make it work. What are you doing in your company?
__________________
Your profession is not what brings home your paycheck. It is what you were put on earth to do.
Offline  
Old 08-18-2010, 12:34 PM   #2 (permalink)
BlackBerry Extraordinaire
 
CanuckBB's Avatar
 
Join Date: Feb 2006
Location: YYZ
Model: 9900
Carrier: Rogers
Posts: 1,183
Post Thanks: 0
Thanked 2 Times in 2 Posts
Default

2 words. BB and BES.


If you are a publicly traded company, You can explain to the CEO that the iPhone will likely not meet audit requirements.

And the customer base does not drive our world. Corporate policies drive our world. I'll deploy any device that does not contravene corporate policies.

Last edited by CanuckBB : 08-18-2010 at 12:35 PM.
Offline  
Old 08-18-2010, 12:42 PM   #3 (permalink)
Grumpy Moderator
 
NJBlackBerry's Avatar
 
Join Date: Aug 2004
Location: Somewhere in the swamps of Jersey
Model: i5s
Carrier: AT&T
Posts: 27,803
Post Thanks: 33
Thanked 442 Times in 382 Posts
Default

That doesn't hold water anymore.
The CEO and auditors want BlackBerrys and BES and iPhones and iPads.
You can do secure mobile device management and if you think your employees don't already have multiple devices, you are wrong.

Secure your ActiveSync environment. Discuss availability of secure VPN tunnels with your VPN environment. Write processes and proceudres around what is and is not allowed. Push down equivalent security policies to all devices.

It can (and must) be done right.
Offline  
Old 08-18-2010, 07:34 PM   #4 (permalink)
Talking BlackBerry Encyclopedia
 
b52junebug's Avatar
 
Join Date: Sep 2005
Location: Phoenix, AZ
Model: Many
OS: varied
Carrier: Corp demo abuser..
Posts: 268
Post Thanks: 3
Thanked 5 Times in 5 Posts
Default

Quote:
Originally Posted by NJBlackBerry View Post
It can (and must) be done right.
Absolutely. The next question is: What policy's will you enforce or apply to these handhelds? Active sync is great, but it is not robust enough to mimic BES. Not without a third party software. Are you enforcing password rules?

One thing we found works better with Active sync, is to set the password attempts to 6 instead of 10. Apple has written there software that after 5 attempts, it disables the device for 1 minute, then 5, then 15, then 30, then 1 hour, then wipes it, if you leave the password attempts at 10. So by decreasing it to 6 now you will have the device wiped in 60 minutes not 2 hours.

Enforce encryption on the device. I know that the device is encrypted, but the data transmission must be as well.

Also WHY OH WHY would you EVER put more than one Exchange account on a device?

Your policy's must be comprehensive donxxx8217;t leave any room for error. Your users must know that the device will be bricked at any point for any reason. So they are required to do backups on their own devices. Release your company of the financial liability that comes from having iTunes loaded on a company PC.

Also if your company is considering allowing personally owned devices to connect to company resources check your computer usage policy. See what can or should be allowed on a personal phone with company info. Determine whether or not your company is going to pay for the personxxx8217;s data package. Most carriers up charge to have enterprise email.

When looking at VPN or Citrix, know the cost. Do you have enough licenses to cover all of the new connections?

Know how to use the iPhone configuration utility. It is a free download. The problem with the native utility is that to put it on a phone, the phone has to be physically connected to the PC with the policy.

You may also want to consider a product for email like GOOD. It will sandbox the application and when you wipe email off, it doesnxxx8217;t touch personal info. It will also do a check for a compromised device and allow you to use the iPhone config tool to put a policy on that will configure things like VPN or recommend apps for download.

Also we all need to find a way to check for hacked (jailbroken), etc. devices.

Beware of vendors hawking really cool apps that connect to the web or require you to put a hole in your firewall to work. It seems that the vendors havenxxx8217;t figured it out either.

Remember we are all in this changing environment together and we too must adapt or get left behind.

P.S. I get my new torch tomorrow for testing..
__________________
Your profession is not what brings home your paycheck. It is what you were put on earth to do.

Last edited by b52junebug : 08-18-2010 at 07:37 PM.
Offline  
Old 09-20-2010, 01:31 PM   #5 (permalink)
Talking BlackBerry Encyclopedia
 
b52junebug's Avatar
 
Join Date: Sep 2005
Location: Phoenix, AZ
Model: Many
OS: varied
Carrier: Corp demo abuser..
Posts: 268
Post Thanks: 3
Thanked 5 Times in 5 Posts
Default

Here is what I received from our Apple rep:
Mobile Device Management (MDM) - Third Party Solutions

iPhone and iPad both support Mobile Device Management, giving businesses the ability to manage scaled deployments of iPhone/iPad across their organizations. These Mobile Device Management capabilities are built upon existing iOS technologies like Configuration Profiles, Over-the-Air Enrollment, and the Apple Push Notification service and can be integrated with in-house or third-party server solutions. This gives IT departments the ability to securely enroll iPhone/iPad in an enterprise environment, wirelessly configure and update settings, monitor compliance with corporate policies, and even remotely wipe or lock managed iPhone/iPad devices.

Here is a list of third party mobile device management companies (in alphabetical order):

AirWatch - AirWatch is a Web-based Solution with Multi-tenant Architecture

John Marshall
404-925-8539
[email address]

Good - Good on iPhone, iPad, and iPod Touch

DC Cashman
415-652-1597
[email address]

Mobile Iron - iPhone Security & iPhone Management Solution | MobileIron

Mike Leigh
408-828-6885
[email address]

Sybase (SAP) - Sybase iPhone Enterprise Solutions - Mobile Device Management Application & Software - Sybase Inc

Chuck Vertrees
208-287-6111
[email address]

Tangoe - Enable the Potential of your Smartphone Infrastructure | Software

Tiffany Benson
602-570-0108
[email address]

Trust Digital (McAfee and Intel) - Enterprise Mobility Management EMM | Device Agent | Trust Digital

Sandrine Goodman
703-380-2324
[email address]

Zenprise - Zenprise

Kelly Thayer
530-277-1661
[email address]

Here is a summary of the capabilities of the iOS 4 MDM APIs (enhanced now with Query and silent OTA Management capabilities):

Enrollment - user authentication, certificate enrollment, device configuration
Configuration of settings - accounts, policies, restrictions and other settings
Queries - device information, network, compliance, security, applications
Management - remote wipe, remote lock, clear passcode, configuration/provisioning profiles

Capabilities are further outlined in this document:
http://images.apple.com/iphone/busin...iPhone_MDM.pdf
__________________
Your profession is not what brings home your paycheck. It is what you were put on earth to do.
Offline  
Old 09-27-2010, 07:11 AM   #6 (permalink)
BlackBerry God
 
penguin3107's Avatar
 
Join Date: Jan 2005
Model: iOS 5
Carrier: VZW
Posts: 11,701
Post Thanks: 1
Thanked 237 Times in 219 Posts
Default

Ixxx8217;m surprised BoxTone isnxxx8217;t in this list too. From what I have seen, all of the vendors in this list do not have access to the iOS4 APIs. IIRC AirWatch and Trust do xxx8230; the Webinar Zen just did didnxxx8217;t showcase anything iOS4 specific so I doubt they have access xxx8230; and Good hasnxxx8217;t shown anything iOS4 specific either.
__________________
BCSA
BES 5.0.3 MR4 :-: Exchange 2007 SP3 RU3
http://port3101.org
Offline  
Old 10-01-2010, 10:49 AM   #7 (permalink)
Talking BlackBerry Encyclopedia
 
b52junebug's Avatar
 
Join Date: Sep 2005
Location: Phoenix, AZ
Model: Many
OS: varied
Carrier: Corp demo abuser..
Posts: 268
Post Thanks: 3
Thanked 5 Times in 5 Posts
Default

So would you all entertain a solution that was built to encompass all of the OS's/device types? What would you look for?
Would you like the program to be as user friendly as possible with sync to the device password? In other words would you like a secure app, with device password authentication? You can require a password on the iphone/droid, but if you are using something like Good, you still have to put in a password to get into email. So now its not the same experience as Active Sync.

Would you want one console to administer that pushes out your policy and translates it to whatever platform the user has?

Would you want an approval process built into it that would add people to your console, then allow them to self enroll?

Would you want your users to have to connect to VPN for all web traffic, so that they are restricted by your firewall rules?

How are you going to limit hourly employees from accessing email after their work hours?

Would you want the console to have roles, like BES? Would you have this console be web based like BES? Would you want it to integrate into your BES management? So it would be a one stop shop for management?

Would you like to have your own app store, where your users could go out and pick up recommended apps?

What is your wish list for Mobile Device Management?
__________________
Your profession is not what brings home your paycheck. It is what you were put on earth to do.
Offline  
Old 10-26-2010, 11:58 AM   #8 (permalink)
Talking BlackBerry Encyclopedia
 
b52junebug's Avatar
 
Join Date: Sep 2005
Location: Phoenix, AZ
Model: Many
OS: varied
Carrier: Corp demo abuser..
Posts: 268
Post Thanks: 3
Thanked 5 Times in 5 Posts
Default

I have a webex with Zenprise tomorrow. Will let you know what they say. They claim to be able to do selective wipes, Remote control for win & android not apple, jailbreak/Rooting detection.

They have also changed their pricing structure to per device not per mailbox. So I will let you all know how it goes.
__________________
Your profession is not what brings home your paycheck. It is what you were put on earth to do.
Offline  
Old 11-17-2010, 12:00 PM   #9 (permalink)
Thumbs Must Hurt
 
Join Date: Jun 2008
Model: 9810
PIN: N/A
Carrier: AT&T
Posts: 130
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: What is your company doing about MDM?

We are actually looking at both Mobile Iron and Airwatch as our MDM solution for other smartphones. MDM from these companies have come a long way in the last 3 months. I don't think it will ever replace the BES but it finally has the flexibility to comply with our policies.
Offline  
Old 12-14-2010, 03:04 PM   #10 (permalink)
New Member
 
Join Date: Nov 2010
Model: storm
PIN: N/A
Carrier: sprint
Posts: 1
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: What is your company doing about MDM?

What I have seen is that if you plan to manage Blackberry devices in the enterprise and manage iPhone in the enterprise, using a software like AirWatch is the best solution. I especially like the insight they have into working with Apple products like the iPad.
Offline  
Old 12-20-2010, 01:39 PM   #11 (permalink)
Talking BlackBerry Encyclopedia
 
OVERKILL's Avatar
 
Join Date: Mar 2006
Location: Ontario, Canada
Model: 9900
OS: 7.1.0.391
Carrier: Rogers
Posts: 205
Post Thanks: 6
Thanked 7 Times in 5 Posts
Default Re: What is your company doing about MDM?

We've got a whopping two Apple devices in our organization now, though neither of them have any sort of enterprise access on them at the moment, so there are no policies in place for the devices. They are just toys at the moment until we figure out if there will be future adoption or not.

As it stands, our iPad may go the way of the Dodo if the Playbook ends up being half of what RIM says it will be.

So far, the only thing I've really had to deal with has been BES. Since our organization has used Blackberry exclusively for close to a decade now.

If we DO end up continuing to adopt non-BB devices.... Then I will need to look into some of these solutions myself.
__________________
950->5810->6280->7280->7290->8700->8310->9000->9800->9780->9900
BES Admin
Network Engineer
Blackberry user since 2001.
Offline  
Old 04-15-2011, 12:24 PM   #12 (permalink)
Talking BlackBerry Encyclopedia
 
b52junebug's Avatar
 
Join Date: Sep 2005
Location: Phoenix, AZ
Model: Many
OS: varied
Carrier: Corp demo abuser..
Posts: 268
Post Thanks: 3
Thanked 5 Times in 5 Posts
Default Re: What is your company doing about MDM?

FYI, Airwatch was purchased by Motorola.. So expect the same sort of assimilation of their product as many other Moto purchased companies....
__________________
Your profession is not what brings home your paycheck. It is what you were put on earth to do.
Offline  
Old 04-15-2011, 07:05 PM   #13 (permalink)
Latino Hasta La Muerte
 
Join Date: Jan 2005
Location: Denville, NJ.
Model: 7250
OS: 4.1
PIN: G!!!
Carrier: Verizon
Posts: 9,039
Post Thanks: 51
Thanked 305 Times in 293 Posts
Default Re: What is your company doing about MDM?

Quote:
Originally Posted by b52junebug View Post
FYI, Airwatch was purchased by Motorola.. So expect the same sort of assimilation of their product as many other Moto purchased companies....
That doesn't exactly fill me with warm and fuzzy feelings.
Offline  
Old 04-25-2011, 08:43 AM   #14 (permalink)
New Member
 
Join Date: Apr 2011
Model: 9300
PIN: N/A
Carrier: AT&T
Posts: 1
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

delete

Last edited by dubzga : 04-25-2011 at 08:46 AM.
Offline  
Old 04-25-2011, 10:25 AM   #15 (permalink)
Knows Where the Search Button Is
 
Join Date: Jan 2006
Model: 9780
Carrier: Rogers
Posts: 32
Post Thanks: 2
Thanked 0 Times in 0 Posts
Default Re: What is your company doing about MDM?

check out Trellia Networks for MDM solution
Offline  
Old 04-25-2011, 01:34 PM   #16 (permalink)
New Member
 
Join Date: Apr 2011
Model: 9800
PIN: N/A
Carrier: AT&T
Posts: 1
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: What is your company doing about MDM?

This is a response from the AirWatch PR team. AirWatch has not been purchased by Motorola. The company is privately held and 100% funded by its executive leadership team. AirWatch has been recently recognized by Gartner as a leader in mobile device management software. AirWatch has a global presence with over 1000 customers. AirWatch will be exhibiting at BlackBerry World in Orlando May 3-5 and Interop in Las Vegas May 8-12.

Please contact AirWatch if you have any questions.
866.501.7705 | [email address] | air-watch.com
Offline  
Old 04-28-2011, 06:37 PM   #17 (permalink)
Talking BlackBerry Encyclopedia
 
b52junebug's Avatar
 
Join Date: Sep 2005
Location: Phoenix, AZ
Model: Many
OS: varied
Carrier: Corp demo abuser..
Posts: 268
Post Thanks: 3
Thanked 5 Times in 5 Posts
Default Re: What is your company doing about MDM?

Thank you Airwatch for clearing that up. I just assumed when the Motorola rep said it, well... you know how that goes.. I wonder who they did purchase though?
__________________
Your profession is not what brings home your paycheck. It is what you were put on earth to do.
Offline  
Old 04-28-2011, 06:39 PM   #18 (permalink)
Talking BlackBerry Encyclopedia
 
b52junebug's Avatar
 
Join Date: Sep 2005
Location: Phoenix, AZ
Model: Many
OS: varied
Carrier: Corp demo abuser..
Posts: 268
Post Thanks: 3
Thanked 5 Times in 5 Posts
Default Re: What is your company doing about MDM?

We did go with MobileIron though after looking at all of the different solutions. They fit our needs better than anyone else we looked into.
__________________
Your profession is not what brings home your paycheck. It is what you were put on earth to do.
Offline  
Old 06-08-2011, 09:31 PM   #19 (permalink)
New Member
 
Join Date: Jun 2011
Model: Bold
PIN: N/A
Carrier: Telstra
Posts: 1
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Re: What is your company doing about MDM?

I think b52junebug may have confused Good with Air-Watch. Good was purchased by Motorola a few years back. They did nothing with it then sold it again.
If you are wanting the same level of security as BES, Good is probably the only option right now in the MDM market. Like BES they don't use active sync and go via a NOC.
Offline  
Old 06-09-2011, 01:28 PM   #20 (permalink)
Talking BlackBerry Encyclopedia
 
b52junebug's Avatar
 
Join Date: Sep 2005
Location: Phoenix, AZ
Model: Many
OS: varied
Carrier: Corp demo abuser..
Posts: 268
Post Thanks: 3
Thanked 5 Times in 5 Posts
Default Re: What is your company doing about MDM?

Quote:
Originally Posted by rRamjet View Post
I think b52junebug may have confused Good with Air-Watch. Good was purchased by Motorola a few years back. They did nothing with it then sold it again.
Actually no, it wasnt Good that the Moto rep was talking about. It was a dedicated MDM solution. I am VERY familiar with the Good Technology Woes.. Been there done that.

You are correct in talking about the fact that Good sandboxes the experience, however the biggest complaint is that because it is sandboxed, it decreases the user experience. So you have to ask, Security or Mulitple logins, other issues with having a Sandboxed solution.
__________________
Your profession is not what brings home your paycheck. It is what you were put on earth to do.
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.