Mobile Device Management
Real World Lessons
Jim Darrow
Jim Darrow
• Ilitch Holdings, Inc / Ilitch Companies
– Just you basic “Mom and Pop” Business – Provide Shared services and consulting – Technical Services Group
• Sets guidelines and standards • Provides I/T services as needed • Provides I/T services as needed • Big Brands – small I/T
First – A small security issue at the
Tigers from a few weeks ago..
Current Mobile Device Climate
• Too many choices – Very few controls
• Android ecosystem is the “Wild, Wild, West”
– We have 12 different versions of Android OS
• Apple Application security - $*(&%s • Apple Application security - $*(&%s • Blackberrys are going away
• BYOD is here ready or not
IHI History of Mobile Device Management
-MDM
• Like all unplanned I/T projects --It all started with a executive on a plane trip….
• We went out and got a Blackberry Enterprise Server • 2 devices became 4, then 8, etc..
• Personally owned and libel devices (for the most • Personally owned and libel devices (for the most
part)
• Our story was – you want corporate email - buy a Blackberry
Then came other devices
• This whole iPhone “thing” took off
• They were “cooler” did more useless stuff • Microsoft thought they had the answer • Google / Android – provided a platform • Google / Android – provided a platform
• Our story was – you want corporate email - get a Blackberry
Since I/T said no – Our users found other ways
• A few smart folks figured out how to get email on their new toys - POP / IMAP - Forwarding
• They then showed their co-workers • Email servers started to slow down • Email servers started to slow down
• This “Shadow I/T” project had gotten out of hand
• Our story still was – you want corporate email - get a Blackberry
First – A step back
• Unlike most companies – were a Lotus Notes Shop • They were coming out with a mobile connection
called Traveler for iOS, Android, Window Mobile • First release – allowed email – but not calendar • First release – allowed email – but not calendar
• Worked for iPhone – needed Touchdown for Android • The story still was – you want corporate email - get a
Blackberry
Develop Mobile Device Policy / Pilot
• Configure and set up Traveler for around 40 people • Limited support - Beta (Stuff happens..)
• Measure and document issues • Come up with a written policy • Come up with a written policy
• Our story still was – you want corporate email - buy a Blackberry – we’re in pilot with this new thing
Here’s what the policy looks like.
• The Information Technology group's support will be limited to connecting your smart phone device to our Lotus Notes email system. You are responsible to provide your own support for your personal smart phone device (much like you provide for your own home personal computer and home internet service). The IT groups will assist with connection issues to our Lotus Notes email system. For hardware issues or other non work related applications you should seek assistance from your smart phone manufacturer, cell phone carrier, applications provider or through internet resources.
• If the Information Technology group determines that your device has been "hacked" (e.g., jail broken), has viruses or other malicious software, your device will be disconnected from our network.
• You may only enroll and connect one smart phone device to our network.
• You are not permitted to connect a smart phone to our corporate network using a company provided office based WiFi connection.
• If there is a voluntary or involuntary termination of employment, IHI at its sole discretion can send a signal to the connected device to clear the device of all email, calendaring and contact information.
• Joining the program is not an approval for your voice and/or data expense reimbursement. The approval of such is Program Policy
• Joining the program is not an approval for your voice and/or data expense reimbursement. The approval of such is outlined in your company's cell phone policy.
• You may be required to password protect you smart phone device. You will be notified If a decision is made to require device level password protection. If a decision is made to do so, our security systems will be changed and mobile devices without device level password protection will be unable to connect to our company systems.
• If applicable, you must agree to stop using agents to forward your Lotus Notes company email to a third party email service (i.e., gmail, yahoo, hotmail, etc.).
• For the companies and your protection, you must immediately report any lost or stolen smart phone (or laptop) devices to your IT Group or the IHI Technical Services Group, so a signal can be sent to the device to remotely lock it and/or actions taken to prevent it from accessing our systems. If the device is recovered or found it can be easily restored.
• Only full-time colleagues are eligible for this program. Vendors, contractors or part-time temporary colleagues (e.g. Interns) are not eligible.
Where we are now with Smartphones
• That group of 40 test users are now over 400 • Blackberry users went from 325 to 150
• Our story now is – you want corporate email – buy what you want (Almost)
what you want (Almost)
Tablets and a Project
• iPads started coming in the door
• The VPs wanted their email on their iPads – Traveler worked for that
• LCE wanted to use Corporate owned Samsung 7” tablets for field force – (150 people)
tablets for field force – (150 people)
Tablets and a Project
• Needed a MDM solution – but didn’t want to own it • Looked at Airwatch, Mobileiron, Fiberlink, etc.
• Fiberlink’s MaaS360 – cloud based, no internal infrastructure needed
• Tried it on the first few devices since it was “pay as • Tried it on the first few devices since it was “pay as
you go”
The Next Phase..
• Start tightening down device policies
– Number of devices per user, passwords, etc..
• Look at new carrier options for MDM on Corporate Tablets (Verizon)
