Like most institutions of higher learning, Weill Cornell Medical College has gone mobile. The New York City–based medical school, part of Cornell University, is home to about 5,000 faculty, staff and students, nearly all of whom carry some kind of smart device, says Ben Nathan, Weill's director of operations and infrastructure.
Over the past three years, the number of mobile devices Nathan's department has been asked to support has exploded, from about 600 to more than 3,000 — mostly smartphones and tablet devices, Nathan says.
"It's a combination of college-issued devices and BYOD," he says. "People are certainly welcome to bring in their own devices, but they need to work directly with the IT department if they want access to the network, just as if they were connecting a desktop computer. That's how we manage to have a reasonable command over what's going with them in our environment."
Still, Nathan's team faces a special challenge: Because Weill is a teaching hospital, mobile devices also must comply with federal regulations regarding the confidentiality of health information. Mobile device management (MDM) is no longer optional.
Today, the college manages these devices using a combination of Active Sync for Microsoft Exchange, BlackBerry Enterprise Server and MobileIron, a mobile device management platform. Eventually, the university plans to standardize on MobileIron, Nathan says, for a couple of reasons. All of Weill's curriculum materials are electronic, and MobileIron makes it easier to distribute the course material to student tablets, Nathan points out. It also supports a wide range of devices and offers fine-grained security controls, such as the ability to require encryption and enforce strict password policies.
"People come to us with their phones, we put MobileIron on it, set it up to work with their email and their calendar, and that's basically it," he says. "You have to go in with MDM early and set it up so the only way to use the device at work is via that management platform. You don't want your mobile devices to proliferate while being completely unmanaged. We were in that state for a little while, and it was quite scary. Nothing bad ever happened, but it was only a matter of time."
Mobile Users Agree to "Wipes Without Gripes"
As is the case at Weill, there's no lack of mobile devices on the Smithfield, R.I., campus of Bryant University. The private school issues a notebook to each of its 3,400 undergraduates, says Rich Siedzik, director of computer and telecommunications services. But that's just the tip of Bryant's device-berg.
"We hand every freshman a laptop and refresh it during their junior year," he says. "But they also bring four or five devices with them — everything from smartphones and tablets to game consoles and Internet-enabled TVs. We've now got close to 14,000 registered devices on the school network."
But before any device touches that network, Siedzik's team installs a software agent that authenticates each user and checks to ensure the device has appropriate security safeguards. And, he adds, he's been testing out Cisco's Meraki MDM solution for mobile devices. So far, the test has involved fewer than 20 devices, but he hopes to eventually roll it out to 300 or 400 staffers.
"When people bring us their devices to install the MDM app, we make them sign an agreement that says if the device is lost or stolen, we are going to wipe it and their personal information will be deleted," Siedzik says. "We thought we'd get some push-back on that, but believe it or not, in the cases where a device has been lost, people have been happy to have us wipe them. They wanted their contacts and kids' pictures removed."
A New Way of Thinking
Managing mobile devices requires a different mindset than managing desktops, says Lucas Moore, desktop systems engineer at Calvin College, a 4,000-student private university in Grand Rapids, Mich. Two years ago, Calvin launched a pilot mobile program by issuing a dozen tablet devices to staff and faculty. Today the school manages about 80 of those devices through Absolute Manage, which allows IT to push software to each device and remotely wipe any that end up lost or stolen.
"You can't expect to manage mobile devices as granularly as you manage PCs," Moore says. "On the desktop, you can change the device's name, send commands or scripts to it, or control it remotely. That's not all there on the mobile side yet. You're entering a new frontier in terms of how you manage them and how your faculty and students use them."
While their approaches to MDM vary, all three IT managers agree that the shift to the mobile world has already occurred. Institutions that fail to adequately address that paradigm do so at their peril.
"Power has shifted to the users," Bryant's Siedzik says. "They're going to bring in the tools that let them get their work done. Can you blame them? The bottom line is that it's going to happen, so you'd better get on board."