Bring Your Own Device Part 2: Mobile Management (MDM) with Google Apps
This is part 2 of 2 of our series on BYOD. You can access Part 1 here.
In the first part of our BYOD series, What Is BYOD?, we explained what this phenomenon is all about, where it came from, and what the benefits and challenges are. On the challenges side, many of these concerns revolve around security and compliance. Fortunately, a new breed of software called “Mobile Device Management Software” (or MDM) has emerged to help administer and mitigate many of the issues.
It’s not that well known that Google Apps actually has MDM capabilities baked in to their productivity suite. Today we’ll be discussing what to look for when choosing an MDM solution, and then we’ll explore what Google Apps can offer and how to set up mobile device management on Google’s business platform.
Getting Started with Mobile Device Management
Some complexity can emerge when adopting BYOD and weaving personal & company owned devices, multiple networks and various OS’s into your company’s IT environment. MDM solutions are built to help companies manage these issues.
What Is Mobile Device Management Software?
MDM started to help manage the emergence of mobile devices. Back when Blackberry was king, their software helped corporate offices who supplied devices monitor and control who was accessing their data. As the iPhone and Android market began to take over on a consumer level, third party companies created similar software for organizations to help manage things. MDM can apply to smart phones, tablets, laptops, printers, and virtually anything mobile. For organizations looking to adopt a BYOD policy, MDM is key in ensuring employees can access the internal network without any security concerns or disruption.
Start with a Basic BYOD Policy
If you have the resources, it would be a good idea to put into words how your company thinks about using personal devices for work before you consider any specific mobile device management solutions. Main areas to consider:
Approved Devices. What type of devices & OS’s (operating systems) will you allow? Unless your organization wants to supply very specific equipment, you will need to cater to your staff’s preferences. In regards to smartphones & tablets, the tides have shifted in favor of Androids with iOS devices coming in a close second, so being friendly to these platforms would make sense. And don’t forget about laptops, they are part of this equation.
Acceptable Use. It’s important to define accepted usage rules for employees using their devices during business hours. Will you be restricting or blocking certain sites and applications from being used on your network? If there is a stringent policy in place, it may be a good idea to compile a list of accepted sites and applications that are permitted at the workplace.
Reimbursement. Beyond the devices themselves comes the matter of how you will be dealing with costs associated with this equipment. Will your organization offset the costs for hardware, carrier fees, upgrades or will this be the responsibility of employees?
Liability & Disclaimers. What happens if a device is damaged? Does the company have the right to wipe data from the device and in what scenarios is this permitted? This will clarify your thoughts on the subject and help identify potential risks ahead of time.
What to Lookout for when Choosing MDM Software
At a high level, here are a few areas to consider when selecting a mobile device management (MDM) solution:
Device Compatibility: First off, you’ll need to make sure the solution you choose allows you the control you need for the devices your employees use. (This also means you should consider writing a BYOD policy - stipulating approved devices).
Remote Control. A super important admin feature to have is the ability to remotely disable users and/or wipe the data of devices that have been lost or compromised in some way. In Google Apps, these features are directly built into the administrative control panel.
Security. Maintaining a secure connection that adheres to policies that demand things like SSL/TLS connections or additional steps for entry. Google Apps for Business provides these by default and includes two step verification (adds an extra layer of security by requiring users to enter a freshly generated verification code in addition to their username/password when logging in).
Compliance. For many organizations that are in the medical, financial, or legal sector, there are regulatory standards that they’re legally obligated to follow. For example in the medical world, HIPAA compliance is key as you’re dealing with sensitive and confidential patient data. Outside of SSL and two step verification, having an archiving service like Google Vault will ensure your data is securely backed up and further adheres to your industries policies.
Mobile Device Management with Google Apps
The Google Apps admin dashboard comes with mobile management features baked in. The primary area of focus is in allowing organizations to enforce specific device policies for users and restrict access. The basic management features are available for basically every platform, including Android, iOS (iPhones and iPads), Windows Phones, Blackberry, Symbian, and virtually any device with a browser, while advanced features are limited to Androids and iOS devices.
Administrative Dashboard. Google Apps mobile management occurs in the same administrative console you use to manage the rest of your Google Apps account. It can be accessed via a browser or dedicated mobile app (Android).
Device Approval & Blocking. This feature allows you to limit who can enter your network. Users will not be able to access on the go without admin approval.
Remote Wiping & Disabling. Should any device be compromised, admins can immediately disable access or completely erase all content.
Data Encryption. Force users to connect via SSL/TSL to establish a higher level of security. This ensures that any sensitive data sent back and forth is encrypted and only the intended recipient can decipher it.
Restricting Third Party Applications. You can whitelist or blacklist certain mobile applications. This is especially a concern for the Android platform, where mobile apps do no not go through an approval process to get into the marketplace - hence, this increases the risk of malware and potential risks to sensitive data (available for Android only).
Geofencing (IP restricted access). This will allow your organization to control where and when users may connect to your data online. By limiting usage by IP addresses, you can essentially restrict users access to be within the office or at specific locations you have permitted through a whitelist.
Administrative logging and reporting. Create and export logs of employee usage, sync times, locations used, device ID’s and more. This can be used for further analysis of your security policies or in the case of a compliance related audit.
- Device Search. Admins can search and filter through devices using advanced search terms such as specific sync time, model and current operating system, registration/approval date, apps currently available on users phone (for android devices with the third party application auditing turned on), and more.
How to Set Up MDM on Google Apps
To start, you will need to ensure mobile access has been enabled. This is usually configured with your initial Google Apps setup during “Mobile Access” step (shown below).
If you are already onboard and want to double-check your settings, you can do so by accessing your Google Apps Admin console (www.google.com/a/your_domain), clicking on the gear icon to the top right and selecting Setup.
Here you will see the option to select the types of phones you will be using in your organization. Once selected, click next to view the steps for connecting to Google Apps with each type of device. You can also view more detailed instructions and different options here.
After completing the setup for each device, the mobile device management console will display any active connections and provide you with different options. To view the options, go into your Google Apps Admin console and select the Mobile Device tab. Once there, you will see a list of devices that have established any type of connection.
From here you will have the ability to perform the features mentioned above such as approving or blocking devices, searching devices by different parameters (username, email or type of device), remotely wiping/disabling a device that may have been compromised and more.
For organizations using Google Apps that are required to meet compliance restrictions, you will want to go a step further. These options can include setting up archiving to prevent any loss or tampering of data by integrating Google Vault, setting up 2-step authentication, and enabling TLS/SSL.
Benefits of Google Apps for MDM
- No additional costs or software to purchase if you’re on Google Apps
- Convenient access from the same panel you administrate the rest of your Google Apps account
- Core features available for all mobile platforms
- Easy to use admin functionality with reporting and logging
Downsides of Google Apps for MDM
- Some advanced features only work on Android devices
- Targeted primarily towards smartphones and tablets (laptops and desktops will be lacking advanced features like remote wiping)
- Limitations in customization and granular policy enforcement
- Additional layers of encryption may be required for compliance in different sectors (when dealing with certain data, such as documents)
In comparison with other dedicated MDM suites, Google Apps does have its limitations in offering a fully customizable device management platform. But for many smaller organizations, the built in tools will be able to cover your basic liabilities and ensure that you securely maintain control of those entering your business’s cloud infrastructure.
- Google Apps Mobile Management: Overview
- Set up 2-step verification for your domain
- Secure transport (TLS) compliance setting
- Get Google Apps on your mobile device
- Best Practices for Using Google Apps with iPhones & iPads
Contact us today for more information!