Deploying Mobile Device Management That Serves Your Users
I was recently asked if I had any tips about deploying Mobile Device Management (MDM) for an organization.
It’s a simple enough question with a not so simple answer. The short answer is - “Talk to your users and make it a gift exchange”. The long answer is a bit more complex.
I often use an old analogy when talking about things like this, “The person that buys a drill doesn’t want a drill...they want a hole.” That’s never been truer than with MDM. You don’t want to implement mobile device management any more than you wanted full-disk encryption. What you want is data security. You want to sleep at night without having nightmares about data loss.
The problem is that your users don’t know that this is why you want MDM. To the users, this is just another way for “big brother” to make life difficult. After all, these apps are most often used to restrict what your users can do. As IT professionals, we spin this a lot. We can say it doesn’t only restrict access. We can tell users that they should love MDM because it makes it easier for us to help them - but let’s call a duck a duck, it’s the removal of their freedoms that they will most likely resent.
What Can You Do About It?
So, the question of the hour is what can you do about it? It all begins with education and communication; two things that we aren’t always so good at in IT. Marry your rollout of MDM to a reinforcement of your data leakage and protection policies. This could be as simple as an email, but a better plan might be to run a workshop or webinar for 30-45 minutes to review data security with your users. Cover the most recent breaches, the outcomes, and then reiterate what everyone can do to help prevent this type of thing. Remind them in a positive way about everyone’s responsibilities around data security and thank them for their support. Finally, you can educate them about this great new tool called MDM that’s going to help protect them, and the company, while also making it easier to support their needs.
The end result, if that’s how you approach it, will be a grudging acceptance of this new impediment to freedom. Users are very smart, and as individuals they are bombarded by marketing all the time. They can tell when someone is trying to get them onboard with something they may not want. So, if you want real success, make it a gift exchange. The users give you the gift of support and acceptance for a very important security tool because you are going to give them something they’ve always wanted - the right to use their personal devices on the network.
Allowing Personal Devices
Stop shaking your head. I know that the topic of personal devices is a minefield among network administrators. My opinion may be controversial but here it is, “If you have good mobile device management tools, you are ready to allow personal devices”. This is a battle we aren’t going to win. Eventually, all but the most secretive regulated companies will allow personal devices. Let’s get on the bandwagon. Rather than pulling against our users, let’s invite them in and collaborate on how to make them more productive. I assure you, if the users view MDM as a path to being able to use their personal devices on the network, then you will gain acceptance VERY quickly.
Finally, I would suggest one other thing - leverage one the most basic of human emotions to build consensus in your organization: ENVY. In every company there are a small group of users that are “gadget people”. They are early adopters and are likely the most frustrated, and the most vocal, group when it comes to IT “locking them down”. Seek these people out. Invite them to test the finalists among the MDM tools you are considering. Encourage them to do that on the personal devices they’ve wanted to bring to the office. As I mentioned before, those people are the ones that will be the most vocal. If they get to walk around the office with their shiny new iAndroid-Smart-Galaxy-Mobile-Siri-Note-Phablet-Blaster device, they will brag. Other people will want to bring their devices, and the users will tell them that this great new technology called MDM is coming which will make that possible for them too. By the time you get to them to have the security discussion I mentioned above, they will likely already be onboard.
Think I’m way off-base? Then ask yourself why VMware just acquired AirWatch. VMware is an end-user centric company. Yes, they pioneered a shift in the datacenter and they’re at it again with their implementation of Software Defined Data Center (SDDC). However, most of the balance of the product line is end-user specific. They have a vision with View, Horizon Workspace, AirWatch and their automation products (including SDDC) to be able to empower users on any device or platform that they want to use. The mantra for the last couple years has been “manage the user, not the endpoint”.
VMware knows that user adoption of these tools will depend on device and user independence. That’s why they bought AirWatch. Take that message and apply it to your MDM deployment. Anyone can push the buttons and there are a number of good MDM tools - including a solution we offer as part of our Ground Control platform. Successful deployments don’t come from those alone. Successful deployments come from IT teams that understand that this is all about serving the humans behind those devices.