The rise of the tablet and mobile device in business, education and Government presents something of a challenge for most IT teams. Many default to excluding them from internal networks, unaware that these devices can be easily and rapidly brought in-line with IT policy, and can greatly enhance the technical landscape for an organisation and its users.
Mobile Device Management
Most laptops and desktops in a corporate network are ‘managed’ in one way or another. This allows an IT team to centrally control configuration and security and ensure compliance with IT policy. Unmanaged mobile devices present potential threats to this carefully managed environment, so need to be deployed in a way that brings them in line with the ‘managed’ approach to IT.
AirWatch is a leading enterprise MDM product. It is also pebble.it’s preferred solution and its many tools and features, correctly configured, will fulfil requirements for managing the current and future fleet of iPhones and iPads (and Android devices, if required).
In order to efficiently deploy large numbers of new iOS devices,Apple Configurator is used to consistently prepare and configure iPads and iPhones via a central ‘image’ (pre-built with settings and policies as desired).
The device is enrolled into AirWatch during deployment by installing the MDM profile. Subsequently, management and policy is handled by AirWatch ‘over-the-air’.
End-users enroll existing iOS devices into AirWatch via a one-time process; either by web portal, email, SMS or App Storeapplication.
With iOS devices under AirWatch control, settings, policies and apps can be configured by the IT department and updated over-the-air from the web-based console.
The management policies (a.k.a. Profiles) that can be applied is defined in a specification (see table below) set by Apple. As such, the possibilities do not vary greatly from one MDM solution to another. However AirWatch does excel by allowing policies to be enforced by device, user, group, time-schedule or location (geofencing).
To ensure consistent access to business tools, AirWatch can manage iOS device applications by installing, upgrading and removing apps remotely. These can be internal (custom) apps or from the App Store (free or purchased). A customised, branded App Catalog can be provided to users to view, install and update company-wide recommended apps.
Lastly, enrolling and managing iOS devices with AirWatch allows for centralised inventory, monitoring and reporting, device querying, and user messaging.
It is important iOS devices be integrated with existing infrastructure to reduce costs, complexity and duplication.
AirWatch can integrate with Active Directory (AD), meaning users enroll devices using corporate credentials, devices are registered to corporate identities and AD groups are leveraged for applying MDM policies.
When using Exchange for corporate email, calendars and contacts. iOS natively supports Exchange via the ActiveSync protocol. ActiveSync can be used to apply device policies (enforce passcode, restrictions, remote wipe, etc.) however, MDM is more powerful and therefore should be handled by AirWatch. AirWatch can correctly and consistently configure devices without user intervention.
AirWatch also offers Secure Email Gateway. Acting as a proxy between the corporate infrastructure and mobile devices, the SEG simplifies device configuration and offers additional access controls, enhancing security.
To simplify iOS device integration within the corporate network, AirWatch can install Wi-Fi and VPN profiles to ensure reliable connectivity to company resources.
iOS devices have many native security features. By establishing a passcode, current iOS devices protect all data using AES 256-bit hardware encryption. iOS also offers additional software encryption at the OS, application (sandboxing) and file levels.
To ensure these encryption safeguards are enabled on devices, AirWatch can enforce Passcode Policy profiles. Restriction profiles can disable device features, if desired. AirWatch’s compliance features can monitor the status of policies and perform automated actions on non-compliant devices.
In the event of a lost of stolen device, its location can be tracked and remote lock or wipe commands can be sent from the AirWatch web console.
For sensitive or confidential email, iOS offers support for S/MIME encrypted email.
To prevent corporate data leakage via external cloud syncing services, it is possible to make use of the AirWatch Mobile Content Management module. MCM allows for Dropbox-like functionality to users requiring access to company data from iPads or iPhones, whilst ensuring security. Content can be synchronised with corporate repositories such as SharePoint and network file servers, and use existing Access Control Lists for permissions to integrate with current workflows.