Mobile Device Management (MDM) and Microsoft Exchange Server

Posted by in Exchange Server

A couple of months back, GESIA (www.gesia.org) had organised a Seminar on Mitigating Risks from Software License Mismanagement with KPMG in Ahmedabad and an interesting topic was discussed – BYOD. Since I was one of the panellists, I did share my views and thoughts on the same, but it did make me ponder further on the topic. I started digging out various articles, blog posts and turned a few pages in my library.

The most immediate BYOD I could identify that could pose as an immediate threat and needs to have a mention in the companies IT policy is mobile phones or smartphones. Most corporates have started providing access of emails to their employees on mobile devices as they want to ensure that information is available to everyone at their fingertips in this fast paced world and competitive markets.

A recent survey by ISACA (www.isaca.org) on BYOD in an Indian workplace raised serious concerns pertaining to security and ownership. IT professionals in India continue to remain resistant to the BYOD trend. In fact, more than half (56%) reported that the risk outweighs the benefit. The survey also highlighted that India ranked at the top among its global counterparts in prohibiting BYOD. Nearly half (46%) of Indian enterprises prohibit the use of personal mobile devices for work to mitigate the risk to the enterprise. This trend was followed by Europe (39%), China (30%) and US (29%).

Regarding security controls for employees’ personal devices, nearly half (47%) of Indian enterprises reported deploying password management controls as a security layer, compared to China and Europe (44%) and US (42%). India registered a lower interest on remote wipe capability (29%), which allows employers to erase the contents of an employee’s personal device as a security measure, compared to US (46%), China (39%) and Europe (37%).

On the other hand, a recent survey by Juniper Research (specialises in identifying and appraising new high growth market sectors within the mobile ecosystem) states that the number of consumer smartphones and tablets brought in to the work environments will more than double by 2014. Juniper Research claims that the number of devices being used in the corporate environment will reach 350 million globally compared to the 150 million which are already used in 2012. The study from Juniper Research also predicts most of the Bring-Your-Own-Device (BYOD) activity will happen in Western Europe. The region will account for 140 million devices in 2014. This is followed by North America and the Asia/Pacific area.

So the question is, should CIO’s and CISO’s be ignoring the concept of BYOD and Mobile Device Management (MDM) – especially for smartphones or should they start gearing up for the same so that when the time comes, we are ready?

If we think that restricting BYOD’s like smartphones and mobiles is the best approach – the matter ends there.

If we consider the figures as published by Juniper Research and consider the fact that mobility is taking an increasingly strong hold in the enterprise – BYOD policies and security practises need to be redefined – especially for the mobile workforce.

Mobile Device Management (MDM) plays a key role here. Any device which is granted access to corporate information needs to have access and password policies enforced, needs to be tagged, tracked, logged and backed up irrespective of type and location of the device. Ok, so basically it needs to be maintained and tracked as a desktop or laptop by the IT team.

But what happens if a phone is lost or stolen and no longer can be accessed physically? In this case, the data residing on the device poses as the worst security threat. IT heads need something through which they can control the devices over air and either lock them down or wipe them clean i.e. nuke it!

For those who are using Microsoft Exchange, this feature is already built in to it along with many others and there is no need to worry about the recurring costs for device management. The Direct Push technology from Microsoft has been extended further in Exchange Server to allow even greater control for administrators over mobile device security. Moreover, it also allows assigning policies to specific users, lock down devices through policies, define and enforce password policies and even remotely wipe a mobile device.

For a complete list, please visit http://technet.microsoft.com/en-us/library/cc540452.aspx

In fact, Microsoft Exchange 2013 which is targeted to be rolled out somewhere in the first quarter of 2013, has full support for iPhones, iPads, Android tablets, Android phones, Apple Macs, Linux systems in addition to Windows devices, Windows RT tablets, and Windows 8 systems. The reality is that there are no special “apps” needed to be downloaded for multi-endpoint support. The support is facilitated by leveraging the native Outlook Web App (OWA) that is provided by Exchange 2013.

I’ll be shortly posting a step-by-step article on how Exchange Administrators can define policies for Mobile Device Management in Exchange with few best practises. Till then do keep sharing your views and thoughts on Mobile Device Management (MDM).