There is a general confusion in the market place that the management of Bring Your Own Devices (BYOD) is just about Mobile Device Management (MDM). If fact, a complete BYOD management must start with a Mobile Identity and Access Management (IAM) solution and in some cases it also includes Mobile Device Management (MDM). These are two different and complementary solutions. Mobile IAM is a natural progression of traditional Network Access Control (NAC), as it extends its management to handle the explosive growth of mobile devices; and integrates with MDM and other complementary solutions like Virtual Desktop Infrastructure (VDI) and Firewalls.
Mobile Device Management (MDM)
Mobile Device Management (MDM) is about managing the health of the devices, the applications and content – it’s about protecting data in user devices, controlling what applications can be downloaded, when to remotely wipe the content of the device, inventory of the number and types of mobile devices, etc. These features may become important for enterprises in specific vertical that required stricter management of their mobile devices, such as government and healthcare, but in general they are not mandatory for a BYOD deployment – like in other verticals such as higher education, K-12 and others. For example, a hospital may require email data residing on mobile devices to be encrypted and the data on a device be remotely wiped if lost, potentially saving the hospital from a breach of HIPAA regulations. However, even when a MDM solution is deployed there is a need for network level policy enforcement, onboarding of un-managed devices, guest access management, dynamic threat detection and mitigation and the protection against other un-managed devices that get connected to the infrastructure. That is why Mobile Identity and Access Management (IAM) solutions like the Enterasys Mobile IAM should be the core of any BYOD deployment, and when needed, should be augmented with an MDM solution.
Mobile Identity and Access Management (IAM)
All devices that want to access the corporate network must have a way to easily onboard the network and must also be authenticated, authorized and controlled. Once they are connected to the network, their performance must be centrally visible and controlled based on pre-established security policies. Network resources such as bandwidth usage and other resources must be made available based on user name, user type, device type, location, time of day, etc. This process for onboarding, control and visibility must be applied for all devices: wired and wireless; corporate-owned, employee-owned or guest-owned; jail-broken devices or tightly secured; and these features and functionalities must be based upon device- and/or user-specific policies as defined by the organization. Also the devices that connect to the network are not just PCs, smartphones, iPads and other tablets, they also include the plethora of other mobile devices such as security cameras, e-books, medical equipment, cash registers and numerous other devices that are receiving and sending data over the network. All these devices must be managed and secured, too – and it is the job of the Mobile IAM, not MDM. This is why all organizations need Mobile Identity and Access Management (IAM) solutions for BYOD and corporate-owned devices using a solution like the Enterasys Mobile IAM.
Virtual Desktop Infrastructure (VDI)
So again, all organizations need a Mobile Identity and Access Management (IAM) solution like Enterasys Mobile IAM for managing mobile devices that are accessing a corporate network especially for BYOD, and when needed for some verticals, it can be augmented by MDM for stricter management of mobile devices. Beyond network access management and management of devices with MDM, some organization may choose to restrict business data only on corporate-own devices or on devices with installed MDM software, or may be they want to restrict jail-broken iPads – in these cases the organization may decide that access to the business data can only be provided though a Virtual Desktop Infrastructure (VDI). VDI provide “virtualized” desktop and data on a remote central server, instead of on the local storage of a remote client; therefore, when users work from their local machine, all of the programs, applications, processes, and data used are kept on the central server and run in a virtual machine. This allows users to access these applications and data from a smartphone, tablet or thin client without requiring them to physically reside on these devices; thus, providing increased security as well as improved service to the user and reduced operational cost for the support organization.
The total solution – BYOD Done Right
In summary, Mobile Identity and Access Management (IAM) solutions like the Enterasys Mobile IAM provide the perfect and most complete BYOD solutions especially for all organizations that need easy onboarding of mobile devices, control of network resources, and end-to-end visibility and control for all network devices with centralized and unified (wired/wireless) management –without the need for MDM and VDI. For those organizations that also need MDM and VDI for the reasons above, the Enterasys Mobile IAM integrates very elegantly with leading Mobile Device Management (MDM) solutions from vendors like McAfee and others; VDI deployments from VMware and Citrix; and threat management from Palo Alto Networks for secure and complete BYOD Done Right deployments.
To read more about BYOD and other emerging trends, please follow me on https://twitter.com/akafel