Jul 20 2012

Districts Use MDM to Secure Tablets

A new crop of software enforces policies and device security.

While most school districts are grappling with how to best manage and secure mobile devices, few have the challenge that the IT department at McAllen Independent School District in Texas is facing. As part of an initiative to transform learning in the district, every student, teacher and administrator — nearly 27,000 people in all —will receive a tablet computer by this fall.

Pat Karr, the district’s coordinator of network services, prepped for the deployment by familiarizing himself with what it would take to oversee the new assets. The best solution was some form of mobile device management (MDM) to secure the units, control content access for different types of users and remotely wipe sensitive data from devices that are lost or stolen. After four months of evaluating products, Karr selected MDM software from AirWatch.

As the tablets are distributed (about 7,000 have been handed out so far), users must download the AirWatch client and set up an iTunes account. They enroll the device using Active Directory credentials through the AirWatch client or through McAllen’s AirWatch website, which assigns the appropriate credentials, password and device profiles. AirWatch also pushes down any web clips, documents and required applications.

“Students, staff and faculty can download preapproved apps ,” Karr explains. “If a device is lost or stolen on campus, we have several ways to narrow our search to approximately 50 feet of the device, raising the chance of recovery substantially.”

Remote Control

Installing MDM software on mobile devices has become a popular way of managing and pushing policies, applications and configurations, as well as keeping track of devices and ensuring security. Popular solutions include those from AirWatch, Absolute Software, BoxTone, Fiberlink, MobileIron, Sophos and Sybase Afaria.

“With MDM, as soon as you install an agent on the device, you have a lot more granular control,” says Mark Tauschek, lead research analyst at Info-Tech Research Group. “You can do selective wipes — wiping only enterprise apps, or only e-mail, calendar and contacts. It almost always makes sense to use MDM.”

45 minutes
The amount of time an organization can save per mobile device by implementing MDM, based on managing 1,000 devices over five years

SOURCE: Source: MobileIron Mobile Device Lifecycle Cost Savings Calculator

Catoosa County Public Schools in Georgia rolled out about 400 tablets during the 2011–2012 school year. The units went to teachers and administrators who use them both at school and at home for school-related activities. Tablets are also available in classrooms for workgroup use, though students don’t take them home.

Once the computers were delivered, the IT staff began looking for a tool that could manage profiles as well as lock and wipe the devices. Kim Davis, coordinator of technology services, chose Sophos Mobile Control. This clientless solution installs a profile on the tablets via the web and allows IT administrators to deliver apps, set restrictions and manage profiles through the management website.

“We have different profiles for principals, central office administrators, teachers and students, and we can manage them online. It saves a lot of time by doing it this way,” Davis says.

The New Breed of Mobile Security

There’s an entire range of products emerging beyond MDM software that helps IT staffs manage and secure mobile devices.

Products such as Enterasys’ OneFabric Edge for Mobility and BYOD, Aruba Networks’ ClearPass and Cisco Systems’ Identity Services Engine let network administrators fingerprint devices and users and apply the appropriate network access policies automatically.

“These solutions can apply policy in an automated fashion, so when someone connects to the wireless network with a personal device, it will know who they are, what device they are connecting with and where they are,” explains Mark Tauschek, lead research analyst at Info-Tech Research Group. “It can apply rules and policies and control access for specific categories of users, as long as they are connected to the network.”

Mobile application management (MAM) is another emerging product. Unlike MDM, which focuses on securing and managing mobile devices, MAM concentrates on securing and managing the applications that those devices access. Examples include Symantec’s Nukona and IBM’s Worklight.