MDM: The Security Software That Lets Mobile Flourish on Campus
When it comes to employer-issued mobile devices, St. Edward's University is no different than any other workplace. About a year and a half ago, administrators, staffers and faculty wanted other options beyond the BlackBerry devices they were provided. As a result, the Office of Information Technology standardized on another smartphone, but also gave users the flexibility to choose devices from other manufacturers.
Tablet adoption also has been on the rise at the private, Austin, Texas-based university, as more professors use tablets as instructional tools and administrators and staff take advantage of the form factor's ability to boost productivity.
To better manage the exponential growth of mobile devices, St. Edward's IT staff turned to AirWatch enterprise mobility management software, a solution that enables central configuration, monitoring and security as well as efficient management of sensitive data.
"From an IT perspective, it's all about security — keeping our data secure and having our network traffic encrypted, through browsing, email and even text messages," User Services Manager Jason Arellano says. "Our administrators, staff and campus police work with some sensitive information, so we have to protect our devices."
Indeed, mobile devices can be found just about everywhere on college campuses today. To manage university-issued devices, many IT departments choose enterprise mobility management software. Mobile security vendors that initially focused on mobile device management (MDM) are now releasing more comprehensive software suites that include additional tools — mobile application management and mobile content management — enabling IT teams to more effectively manage and secure mobile applications as well as content.
"Managing mobile devices is necessary, but it is not sufficient," says Craig Mathias, principal of the Farpoint Group, a mobile and wireless analyst firm. "Mobile applications and information management is a more important direction to go. The real issue is making sure sensitive information is properly secured and not compromised."
Combined, enterprise mobility management software allows IT departments to enforce password policies, configure devices to authenticate and connect to a Wi-Fi network and sync users to email.
Through an online management console, administrators can create custom profiles for different groups of users or departments and provide varying rights of access to specific applications and data sets. The software distributes approved apps, prevents downloads of unauthorized apps and can block certain device features, such as copy and paste or print. IT also can encrypt all data or "containerize" apps, documents and email to ensure institutional data is kept separate from personal apps and data.
The Move to Mobile
St. Edward's University has about 2,000 full-time employees, but only select staff members (such as university police who must be reached in the event of an emergency), university administrators and some professors are equipped with smartphones. The Office of IT now manages 160 university-owned smartphones and 90 tablet devices through the help of AirWatch's enterprise mobility management software. The university owns more than 90 tablet devices, but because many of them were purchased before IT standardized on AirWatch, the department is adding them to the platform retroactively as they're discovered, Arellano says.
Percentage of IT organizations that have deployed or are now deploying mobile device management software
SOURCE: "Mobility At Work Report" (CDW, 2013)
"When users with tablets call us for support, we can check to see whether they're on our system. If they're not, we can add them," he says.
Arellano had the option to install AirWatch's software appliance in-house, but instead chose the cloud-based service because it requires no maintenance and costs only a minimal monthly fee per user.
Using AirWatch, he has set a few security policies and now requires every user to have a password. After 10 failed login attempts, the software will automatically erase all data from a managed phone or tablet. Users are permitted access to email and the web, and can download any applications they want, but all network traffic is encrypted to ensure greater security, Arellano says.
St. Edward's IT recently began using AirWatch's application management feature. When a department buys 20 licenses of a specific piece of software, IT can use AirWatch to push the application to 20 specific tablets. The team is gradually building an apps library that is available or permitted for each device, and recently built an internal campus app that provides users with directory lookups, news alerts, social media feeds and updates on computer lab availability.
Moving forward, Arellano plans to use AirWatch's containerized security app, Secure Content Locker, which will allow mobile users to securely connect to internal university storage or cloud-based storage to access sensitive university data using industry-standard 256-bit encryption. The technology could also pave the way for university officials to consider managing and securing personal devices using AirWatch. Currently campus users can connect personal devices to the Wi-Fi network, but the university does not actively manage those devices to protect user privacy, Arellano says.
"Secure Content Locker will enhance the strength of our security," Arellano says. "That is a major win, not only for our university, but for our clientele, because it allows them to access data and truly do their work."
Different Users, Different Rights
Thomas College, a private college with 1,000 students in Waterville, Maine, historically has used Absolute Software's Computrace software to manage, secure and track the location of its notebook computers. Like St. Edward's University, Thomas manages only the devices it owns, not every connected personal device.
Because Computrace only works on devices that have Absolute's "persistent" software embedded in the BIOS or firmware, Vice President for Information Services and CIO Christopher Rhoda says another management solution was needed for its smartphones and nearly all its tablets. IT then decided to standardize on Absolute Manage MDM. While the software doesn't offer theft recovery, it does allow Rhoda to lock down mobile devices and erase all of their data. "If I can't get the device back, I can at least wipe it and put it in an unusable state," he says.
The software was installed on a virtual server, and Rhoda uses it to manage hardware and software inventory. At any time, IT can determine whether mobile device operating systems are up to date and direct staff to update devices that aren't. IT pushes out two configurations, or profiles, to manage college-owned devices. Rhoda allows staff to install apps on their devices because that can aid productivity, but he locks down tablets that can be borrowed from the library because they are shared. Those users also cannot save any personally identifiable information or purchase and download apps.
"We lock down the things that make sense and leave most of it open," Rhoda says.
Mobile Point of Sale
The Cal Poly Corp. recently began to test the feasibility of tablets as point-of-sale (POS) devices, and relies on MDM software to manage and secure them.
The nonprofit organization's 200 full-time employees manage all California Polytechnic State University bookstores and dining facilities. For the past three years, the corporation's IT department has used AirWatch to manage the more than 20 tablet devices issued to executives as well as bookstore kiosks, where students can use them to compare book prices at online retailers. This spring, the organization's food truck began testing a tablet as a mobile POS device to accept credit and debit card transactions. The IT staff pushes profiles to personal devices, allowing employees to connect their phones to the corporate wireless network to access email, calendars and contacts as well as other business apps, says Brian Schacherer, a senior programmer with Cal Poly Corp.
To ensure security, Schacherer can place POS tablets in "administration" mode, meaning whoever is using them can only use the POS app, not surf the web or open other apps. He also uses AirWatch to ensure encryption is turned on within corporate-owned tablets, and that they are running the latest operating system.
"It's a lot to try to manage the devices on your own. You can create multiple profiles and have the MDM software streamline it for you," he says. "It has been a huge benefit for us."