The traditional boundaries of an organization’s network have evolved as working from home and remote work have accelerated. Remote device management has become imperative for IT professionals trying to keep data secure, even on devices that are rarely – if ever – inside the network perimeter.
This post explores remote device management, including what’s needed to get it right, what gets in the way, what benefits it offers and what mistakes companies make in implementing it. You’ll discover ideas for maintaining a device landscape in which your IT teams can operate securely and your co-workers can stay productive.
Let’s set the stage. Why is remote device management essential and needed?
Remote device management is essential first and foremost because of the vast number and wide variety of mobile devices in the hands of your users. Contrast that with the mindset of 10 to 15 years ago: in most enterprises, the entire IT estate was inside the building. The scope of concern was limited to the workstations at users’ desks. You could accommodate travel needs by setting up a VPN connection.
That you and your co-workers can now perform work anywhere anytime is a paradigm shift – a shift that increases the urgency around protecting data. The main need for remote device management lies in mitigating the risk of having so many different devices in your landscape. That is especially true when you have no control over the network from which those devices are connecting to yours.
The challenges of remote device management
Endpoint diversity
In addition to the sheer quantity of devices, your IT teams have to deal with a considerable variety of endpoints and operating systems (OSes). It’s not uncommon for workers to perform tasks on a combination of phones, tablets and laptop computers, including peripherals like printers, removable media and IoT devices. Domain knowledge in Windows and macOS used to be enough, it’s now necessary to build up expertise in Android, iOS and perhaps multiple Linux distributions.
Resource trade-offs
Will you try to manage all of your devices from a single product, or use a different product for each operating system in your device population? That usually comes down to a trade-off between breadth of function and ease of use.
You may identify products that meet your needs for device management, but if you have a small team, can you assemble enough expertise to use those tools effectively? Are your tools compatible with your workforce? Or are you simply adding layers of tools to manage all the technologies in your device landscape without staff to run them? You’ll need staff that is up to the skill level to operate your tools and understand the reports that come back from them.
There’s always a balance between investing in people versus investing in tools and technology. Which is more important in your organization: equipping your IT team and users with the latest devices and software, or having knowledgeable staff to manage those devices and tools? Most companies try to do both incrementally, until external conditions – acquisition, economic change, competition, cyberattack – upset the balance.
Finding all of your devices
Suppose your business starts out small, without managing devices from day one. Over time, there are more and more devices in the business but no remote device management tools in place. How did you get there?
In a small company, BYOD can be a way of life. Someone in Marketing or Engineering brings in a tablet or a router or an IoT device and connects it to the network. As the company grows, so grows the population of unmanaged devices.
Or a team within the company may decide to buy a device like a tablet for all its members. They know that their competitors use tablets, so it becomes another tool in the belt. The devices do increase productivity, but for any number of reasons, they fly under the radar of IT and never get managed the way the company’s other connected devices do.
Eventually, someone determines that it would be better if the company managed all of those devices. For IT, these sorts devices become an exercise in playing catch-up. It’s harder to find and manage devices after they’re in circulation than when they first connect to the network.
User trust
To the extent that you accommodate Bring Your Own Device (BYOD) – and even devices that the company pays for – you’ll have to also accommodate users’ proprietary feelings about their devices. Users are particularly hesitant about ceding control of smartphones, which they tend to regard as an extension of themselves. They are reluctant to risk the control that devices represents, including the way they have customized them and how they use them to communicate.
It boils down to being an issue of privacy, of course, which people cling to tenaciously. However you may implement remote device management, you’ll likely encounter people challenges along with the technology challenges.
Software licensing and application management
True remote device management includes controlling what gets installed on devices. However, that can get complicated, especially in a BYOD environment.
With the good handle on inventory that comes from device management tools, you can ensure that you have licenses for what your users need. The problem is that some tools work well on premises, but as soon as the user goes home or gets off your internal network, your control ends. Remote device management tools need to preserve control regardless of where the device may be.
Even when you provide application licenses so that users can accomplish their tasks, they may still want to install software that individuals can use at no charge. Fair enough, but if your organization undergoes a software audit, the title will show up on a company device and you may have to pay for it anyway.
The lack of control over installed software extends to security problems, too. Do you want users to install cherished products that are no longer supported? Suppose a user is attached to a productivity tool and has been using it for ages. The tool hasn’t been updated or patched since Windows 2000, but the user doesn’t want to change. That could represent a big security gap.
What are the main benefits of remote device management?
Scalability
As opposed to local hosting, modern remote device management are typically cloud-based and scale very easily. The more devices you add, the more resources the tools take. Conversely, as you remove devices, resource consumption and cost automatically scale down. Instead of a CapEx model, this OpEx model is designed so that you pay for only what you need.
Outsourced infrastructure
Rather than spinning up, maintaining and updating the infrastructure to manage devices, it’s much easier to outsource that infrastructure. If you have to spin up, maintain and update the tool itself and the infrastructure behind it, you can easily find yourself hiring additional headcount. Better to have a contract with a provider for a given level of service or uptime, freeing you to manage remote devices without worrying about the infrastructure behind it.
Availability
In the era of the remote workforce, you can staff a cloud-based tool with people who are as geographically remote as the devices they are managing. Neither your IT team nor your users need to rely on a VPN to connect to your enterprise network for updates. People can work from wherever may suit them, freeing your company to attract talent outside of a competitive market.
Compliance
With remote device management, you can establish and maintain compliance standards as requirements for installing security patches and OS upgrades. You can enforce compliance with IT security by blocking the copying of data from one device to another, or from managed apps to unmanaged apps.
Traditionally, if you wanted to patch devices on which you had established group policies, you needed to set up test runs and manually approve the changes. With modern tools, those procedures are automated.
Profile/policy-based management
Most modern remote device management solutions are profile-or policy-based. The profile on the device is always in effect and the tool is continually looking for the device to be compliant. Whether it’s pushing updates or ensuring restrictions are in effect, compliance should be continually enforced.
Zero Touch Enrollment
By using a zero-touch model, IT instructs the seller to ship new devices directly to users instead of shipping them to the company. The users receive and start the device, which is preloaded with a bootable image. They log in to the devices and connect to the enterprise network with their credentials, then the operating system is set up. The profile determines the configuration, applications, and settings to be sent over the network and installed.
The approach relieves IT of the traditional burden of receiving dozens or hundreds of devices, imaging them, and shipping them back out to each employee. And it enables employees to be both productive and remote.
Mistakes organizations should avoid when implementing remote device management
Ignoring how device management affects the user
Communication with users and guiding their expectations are often overlooked components of remote device management.
Suppose that your company has provided devices but has not managed them properly. As an IT professional, you must now implement device management to comply with industry standards. For some users that will represent a big, unwelcome change, even when the devices belong to the company. What is the users’ level of technical understanding about the control you are going to exercise over their devices? Do you expect them to be glad that you want to manage their devices? Do they know what that means?
You could easily approach this change as simply a technical must-do, but it’s short-sighted to ignore the impact on users. It’s better to be effective than to be right, especially when you need to convince your company’s highest-grossing salespeople to let you make changes to their devices. Not everyone embraces tech at the same pace or to the same degree, so prepare yourself to educate and persuade them on the benefits of the changes.
Switching tools impulsively
When switching from one tool – for example, a mobile device management (MDM) tool – to another, consider the timing. Unenrolling a device will remove it from the previous tool but most likely delete the profile in the process, so have the new one ready to pick up immediately.
In moving to a new remote device management tool, it’s generally easier to start with new devices than to have users migrate existing devices. Again, a major consideration is the effect on users, many of whom will make mistakes in the process of flipping an old device to a new tool. In fact, you increase your chances of success if your migration to a new tool coincides with your upgrade to users’ devices. Ideal times are when you are refreshing user hardware, when users turn in malfunctioning devices or during a hardware maintenance window. That way, you can hand them new devices that you’ve already enrolled to the new platform, and take the old devices back.
Overlooking the need for scalability
It remains possible to perform certain remote device management tasks locally using on-premises software and hardware. But in the long run, your IT team – and the company as a whole – are better served by the flexibility of managing devices from the cloud. It’s prudent to have insurance against the need to accommodate a sudden spike in management workload, whether from business expansion, merger/acquisition or cyberattack, and the cloud affords that insurance.
Making assumptions about support and longevity
Free, open-source software (FOSS) is tempting, but don’t forget that software will need support and management. And, you’ll want the tool to still be around for as long as you need it. Those are promises on which many FOSS products cannot deliver.
When a product is driven not so much by a company as by an independent collective, you may find that technical support solely consists of a forum.
Additionally, keep in mind also that some FOSS products are developed and maintained by volunteers. As capable as they may be, you’re dependent on their best intentions for updates, security patches and upgrades. Burnout is not uncommon in those developer communities.
Setting your organization up for remote device management success
Conduct a needs assessment
A smooth path to enterprise-wide device management starts with a needs assessment which should include the following:
Patch, secure, and manage every endpoint
- Stakeholders – Which groups of users will be most affected by the implementation? Obviously, it will affect everyone in the organization somehow, but whom will it affect most acutely? Whose workloads will increase? Who will feel pressure?
- Tools in place – If you already have a population of remote devices, then you probably already have some management tools at work. Will they facilitate the implementation? Or will you have to disable them first?
- Industry-specific regulations – Does your industry impose requirements on reporting or device management? In an era dominated by concerns about data privacy, almost every industry promotes the careful management of devices that store and process sensitive data. Whether you’re subject to HIPAA, GDPR or any other standard, you won’t want to invest in buying and implementing a tool, only to learn that it’s non-compliant.
- Growth and shrinkage – Will your user base (and therefore your population of devices) grow or shrink in the coming years? Restructuring companies tend to survey all their existing infrastructure and turn to the cloud to lower costs.
Make sure your IT teams are comfortable using company device management systems
Your IT staff will spend a lot of time using whatever remote device management system is implemented. Will they be comfortable with it? Will they find it reliable and use it productively? It’s not good practice for, say, a new IT director to impose a tool on a team simply because of experience at a previous company. The people who will use the tool daily and hourly are among the stakeholders who will deeply understand the company’s device management needs.
Have a pilot group
Before any technical roll out, it’s a good practice to schedule a trial period or a proof of concept with a small group of trusted users. That allows you to evaluate and compare the features of the tools and the impact they will have on user experience.
Using a pilot group mitigates the risk of jumping feet first into a product that looks good at first glance. Most companies underestimate the time and effort it will take to implement a tool fully, and they tend to overestimate the skill level of the people who will use it. A trial period highlights the implementation burden your company can anticipate and areas where you may need professional services to ensure success.
Conclusion
Remote device management becomes imperative as your company’s device population continues to grow in number, platform diversity and geographic reach. The more devices your users rely on to accomplish their tasks, the more attentive IT must be to controlling what’s on them and how those devices connect to organizational resources.
