Enterprise Mobile Device Management Services
Enterprise IT Management Initiatives
Contact: Phil Tomassini, CIO, Pennsylvania Department of Transportation ptomassini@pa.gov
717-783-2206
State: Commonwealth of Pennsylvania
Project Initiation Date: January 11, 2013
3
Section 2: Executive Summary
The Office of Administration’s (OA) Office for Information Technology is the provider of enterprise IT services to Pennsylvania state agencies under the Governor’s jurisdiction, including enterprise resource planning, data center, messaging, unified
communications, network and cyber security.
There was a strong desire by Commonwealth CIO Tony Encinias to implement a new concept of leveraging an agency’s expertise to provide services to state agencies. The opportunity came in 2013 when OA identified the need for a centralized Mobile Device Management (MDM) solution to address the growing mobility needs of all agencies. The Department of Transportation (PennDOT) already had a mobile management services solution in place for its own fleet of devices. So, instead of pursuing a new enterprise MDM solution through OA, the CIO decided to establish a “Center of Excellence” within PennDOT in order to leverage these services, eliminating the time and resources needed to identify, evaluate, architect, implement and manage a brand new MDM solution.
PennDOT implemented its MDM solution (Airwatch) in 2011 to manage all of its iOS devices and deploy iOS apps developed in-house for its mobile fleet. As a result, PennDOT had the knowledge, experience, procedures and policies for mobile device management, making it an ideal test case for Center of Excellence (COE) concept. Teams from OA and PennDOT collaborated over a series of planning sessions to define the scope of the partnership as it applied to the creation of an enterprise service for mobility management. These sessions established the expectations OA had for
PennDOT as a service provider. A project team was created with participants of these planning sessions to finalize a service offering for the management of mobile devices. The project team also developed a cost model based on a minimal monthly cost per device.
The project team established the Enterprise Mobile Management Services (EMMS) for the Commonwealth of Pennsylvania, which was launched on July 1, 2013. Through this service, agencies are able to buy into the enterprise established MDM solution to
manage their device fleets. Important aspects of managing mobile devices include asset management, implementation of security policies, application management and device feature restrictions.
EMMS has been well-received by agencies and already proven to be a viable tool in the day-to-day management of mobile devices. Over one-third of the agencies have
already begun to utilize the service with approximately 3,000 devices enrolled within the first nine months of the service being available. It is forecasted that there will be more than 8,000 devices being managed by the end of 2014.
4
Section 3: Business Problem and Solution Description
The management of mobile devices across Commonwealth agencies presented an interesting challenge and opportunity. The existing mobile device fleet at the beginning of 2013 was a mixture of Blackberry, iOS, Android and Windows mobile devices
including phones, smartphones and tablets. Only the Blackberry devices had
established device management (centrally managed by OA using Blackberry Enterprise Services), leaving the other Commonwealth-issued mobile devices unmanaged.
Security standards and requirements established by OA could not be applied to these unmanaged devices due to the lack of a device management solution, putting them at greater risk for data breaches and other vulnerabilities.
Using requirements from OA and PennDOT’s current practices, the EMMS project team was able to create policies and standards. The standards are based on security
principles, known business requirements and technical requirements. The policies defined how devices would be managed, the standard procedures for using the software, the cost of the service to be charged back to the agency and the technical support available for the agencies.
The evaluation of MDM software was probably the simplest of all the steps in
developing the entire solution. Since PennDOT had already been using MDM software for more than 18 months, it was able to answer questions presented by the project team in terms of supporting the requirements for MDM. PennDOT’s MDM solution contained enough functionality and manageability to address the majority of the requirements. Policies and procedures were designed around those features that the MDM software could not directly address.
A key component to making the service available to all agencies was having an
established set of policies that defined the need for the management of mobile devices and the rules by which mobile devices should be managed. Policies included
management guidelines for the types of devices, minimum security requirements, and how compromised devices are to be handled.
Another major concern was ensuring agencies could afford the overall cost for
managing mobile devices with the service, especially in light of limited budgets. Being cognizant of this fact, the project team was able to create a cost model comprised of a minimal monthly cost (per device) that included not only software licensing but technical support for the software and overall MDM functionality.
Another component developed as part of the initial EMMS offering was application management. This allows agencies to centrally deploy, manage, remove and upgrade an app regardless of whether it is publically available, purchased, or custom-written.
5
Further enhancements to the service were evaluated by the project team and prioritized for future discussion. They included email management (which has since been
deployed), file content sharing (currently in progress), and bring-your-own-device initiatives.
Section 4: Significance
With OA’s announcement to retire the Blackberry Enterprise Services solution starting in the spring of 2015, the importance of device management became even more critical. Having an established the EMMS service will ease agencies’ transition away from the Blackberry services.
The success of EMMS as the inaugural Center of Excellence enables OA to leverage the strengths that Commonwealth agencies have displayed in other technological areas. EMMS proves the opportunity exists for agencies to partner with OA to design,
implement, and maintain service offerings that not only ensure experienced and skilled teams are managing services, but also reduce the amount of research, development, and implementation costs typically seen in building a service offering from scratch. As acknowledged by Commonwealth CIO Tony Encinias, “PennDOT was an early adopter of the MDM and was hosting users for several agencies – they have done a nice job gaining first-hand experience on the product as well as managing the service. I am a believer in the ‘Center of Excellence’ concept whereby agencies become service providers for enterprise services based on their expertise in a particular area – in this scenario, OA owns and governs the service and an agency provides the service.” PennDOT, as the Center of Excellence for MDM, provides Commonwealth agencies an opportunity to achieve a greater level of cohesiveness as we work with them to help establish their MDM strategies and support their software management needs. The success of EMMS also provides confidence for agencies to be able to rely on other COE service offerings in the future.
Outside of the significance of the Center of Excellence concept, EMMS itself provides much needed management of mobile devices. Protecting Commonwealth assets, both devices and intellectual property, with EMMS provides the necessary tools to achieve the Commonwealth’s mobile device operational goals.
The MDM solution aligns with six of the 10 NASCIO 2014 state CIO priorities:
1. Security: PennDOT’s MDM solution provides security standards and requirements
for all devices thus mitigating data breaches and other vulnerabilities for Commonwealth agencies.
6
2. Consolidation/Optimization: PennDOT’s expertise was identified and leveraged to
provide MDM services throughout all Commonwealth agencies. This service became known as EMMS.
3. Cloud Services: MDM solution utilizes cloud based services.
6. Budget and Cost Control: A cost model was created comprised of a minimal
monthly cost per device that included software licensing, technical support and overall MDM functionality.
7. Mobile Services/Mobility: MDM provided the solution for a centralized mobile
device management need as identified by OA.
8. Shared Services: The Center of Excellence concept provides the opportunity for
agencies to become service providers to Commonwealth agencies based on their experience and expertise.
Section 5: Benefit of the Project
EMMS offers agencies the ability to enroll and manage their devices in a uniformly architected solution with centralized administration and support at a minimal cost of $2.75 per device per month. In order to keep costs down, existing resources, procedures and policies were leveraged from the PennDOT solution. PennDOT provides both basic and advanced service offerings to all Commonwealth agencies. The basic service includes training of agency staff to enable them to track, secure, manage and maintain their mobile devices from a single console. PennDOT also serves as a level 2 service desk to all agencies for any issues they cannot resolve. For an additional $1.53 per device per month, agencies can select the advanced service offering. With this service, PennDOT provides a fully managed turnkey solution for the mobile needs of agencies that do not have the staff to manage their own mobile
devices. In this case, PennDOT provides both level 1 and level 2 service desk functions and handles all of the agencies mobile requirements.
EMMS is available to 47 Commonwealth agencies and as of December 31, 2013, 17 agencies were leveraging this service.
In late 2013, the mobile device email management component was added to the
service. Agencies were offered an option that provided greater cost savings as they no longer had to pay for a management license for email. Overall, agencies are able to recognize a little more than a 500% savings in licensing costs when migrating from the previous email solution to the EMMS managed email services.
For continued support, EMMS user groups hold bi-monthly meetings. This gives agency MDM administrators an opportunity to have an open forum to describe their
7
experiences with each other, as well as solicit assistance on policy and procedural needs they may have.
Commonwealth agencies are able to take advantage of numerous benefits such as leveraging the existing skill set the Center of Excellence brings with the service offering. Agencies are able to leverage the skills, knowledge, and the experience of managing mobile devices that PennDOT has acquired through its own MDM solution. Agencies’ investment of money and time is also greatly reduced as they will spend a fraction of what they would in order to utilize the service provided by the COE.
There are also cost savings for agencies from the perspective of not having to bring in a third party consultant to train their staff on how to use software to manage devices; and not having to invest in a separate software management solution for mobile devices. In addition, agencies would also see a time to implementation savings with the mobile device management already being in place as part of the COE.
EMMS has been well-received by agencies and already proven to be a viable tool in the day-to-day management of mobile devices with approximately 3,000 devices enrolled within the first nine months of the service being available. It is forecasted that there will be more than 8,000 devices being managed by the end of 2014.
