This document discusses best practices for developing a Bring Your Own Device (BYOD) policy and mobile device management (MDM) strategy. It recommends deciding which mobile operating systems and corporate resources will be accessible, developing clear use policies and security controls, educating users, and selecting an MDM platform to enforce policies. Remote wiping of lost or stolen devices should be a minimum security measure, and policies should balance control with respecting users' personal devices. Training is key to ensuring users understand and follow the strategy.

1. May 6, 2014 Jason Murray, D.CS

6. BYOD
One to One
Combination

11. • Decisions:
• Decide which mobile operating systems should be allowed.
• Decide which corporate resources should be accessible from mobile devices.
• A strategy is like a block of raw marble. It needs to be chipped away
at, defining limits and specific details until it is a work of art that is
perfectly suited to your unique organization.
• Introduction of full or partial BYOD programs shifts some choices to
the users, but IT still has – and must maintain – power as
recommenders of which devices to acquire and what to do with
them.

15. • What do you need to be able to do with users’ devices? Answer this
question before creating written policies or investing in any management
technology.
• Policy Decisions. Mobile devices are personal, and the benefits of more
control are often offset by users resistant to that control. Having to
monitor and enforce more rules also means more hassle for IT. Have a
specific reason for each policy.
• Don’t choose show over substance. Blocking Fruit Ninja may send a
clear message about wasting time, but it is more important to identify
serious risks. If any apps need to be restricted, Proxy server apps are
probably a larger threat than any number of Angry Birds.
• Complement technology policies with people policies. User behavior is
as important as technology in a strong strategy. Educate users on the
technology policies that are in place, and on policies that technology
alone can’t enforce.
DON’T IMPLEMENT MANAGEMENT SOFTWARE, THEN START TICKING BOXES.
FIRST, DECIDE WHAT CONTROL IS NEEDED ON DEVICES, AND WHICH POLICIES
CAN EXERT THAT CONTROL.

16. • Create a written policy that:
• Explains the purpose of the policy.
• Specifies to whom it applies.
• Explains the policies in place and the
technology enforcing them.
• Warns about the consequences of
non-compliance.

17. • A policy of remotely wiping devices if anything goes wrong is the
minimum an organization can do to guard against mobile device
disasters.
• It is essential that users are aware of remote wipe capabilities and
procedures, and to consent to have their devices wiped. Such
consent is especially crucial for BYOD organizations.
• Considerations:
• Communicate the purpose and importance of remote wipe.
• Specify who the policy applies to and when it will be invoked.
• Describe the remote wipe technology used.
• Where applicable, procedures for selectively wiping corporate data only

18. • By connecting to [company name]’s corporate resources, mobile devices gain
the capability of being wiped remotely by [company name]’s IT department.
This capability is enabled by IT’s use of [describe remote wipe technology;
e.g. ActiveSync, BES, third-party MDM vendor].
• When a remote wipe is initiated by the user or the IT department, the user’s
mobile device will be wiped of all data and restored to its factory default
settings. The wipe is not limited to corporate data. Data that the employee
has added to the device for personal use will also be deleted. This data is not
recoverable on the device itself, but can usually be restored from a backup
(e.g. on a personal computer or a cloud service) if the mobile device remains
in or returns to the user’s possession, or a new device is able to store the
backup. It is recommended that users back up their personal data
frequently to minimize loss if a remote wipe is necessary.
• A remote wipe will only be initiated if IT deems it absolutely necessary.
Examples of situations requiring remote wipe include, but are not limited to:
• Theft of the device.
• Loss of the device.

21. • There is an arms race in MDM features, and different MDM
vendors specialize in different sets of features in order to attempt
to stand out among the crowd.
• Different approaches also offer different levels of security,
weighed against different end-user experiences. For example:
• Containerized approaches completely segregate corporate data and apps
from personal resources, maximizing security but requiring more steps to
set up and operate devices.
• Agent-dependent approaches require installation of an agent on
managed devices. This unlocks some advanced functionality such as
jailbreak detection and remote support.
• Agent-free approaches require minimal setup from users, but can be
limited in the control that IT can exert over their devices.
• Some vendors offer a mixed approach, allowing IT to choose
which approach they prefer.

23. • 1. Tangoe- Tangoe is one of the famous mobile management service providers. It is available all over the
world and is quite famous in offering MDM services to large size corporations.
• 2. Maas360- Maas360 is known for offering its services to the smaller enterprises. Their professionals
are quite experienced in handling all tasks of MDM.
• 3. Winmagic- Winmagic is one of the famous names in offering security to mobile devices which are
lost. The company is offering its services all over the world and in exchange of a very reasonable price
• 4. CA technologies- this is the company which a great reputation in offering security to mobile devices.
They have a large number of clients who are enjoying their services globally.
• 5. Mobileiron- Mobileiron services are widely recommended by experts in MDM. This company is quite
famous in providing network security, managing cell phones and billing.
• 6. Airwatch- Airwatch is one of the famous names in MDM. The company is known for offering high
level services which are totally free from all issues. Their global presence is their leading specialty.
• 7. Visage mobile- Visage mobile is an American MDM service provider. They have professionals that are
known for effectively integrating the system of one enterprise with another.
• 8. Mformation- Mformation is another American MDM service provider whose professionals are
known for managing usage of all mobile devices in an excellent way.
• 9. Zenprice- Zenprice is the leader in mobile device management that offers its services in exchange of a
very good price.
• 10. Mctel- Mctel is another quality leader in MDM which is known for managing all categories of mobile
devices.

24. • OpenMEAP
• WSO2 Enterprise Mobility Manager
• Device Policy Manager (Android only)

25. • Organizations with training programs are best able to reap the
benefits of mobile technology. Training has the most impact in
mitigating the potential negative effects of mobile devices, such
as lowering spending and reducing help desk load.
• Training and enforcement are necessary to set an example. They
show that policies are taken seriously, and in place for a reason.
• In organizations with mixed strategies, customize training for each
group of users. Target their use cases and specify how policies are
implemented on the technology that they use.
• Your carefully chosen strategy and set of policies will mean
nothing if users are unaware of them. Have a method of
educating users on your mobile strategy.

28. •http://www.slideshare.net/jasonmurray72
•jasonmurray72@gmail.com

29. • www.infotech.com
• www.mdmserver.org
• thejournal.com
• campustechnology.com
• air-watch.com