Mobile Device Management (MDM) and the need to strike a balance between security and usability falls on the information technology infrastructure of an organization. Often employees prefer to operate on devices that they are already comfortable using. With Bring Your Own Device (BYOD) emerging as an option for mobile workplaces, the hospitality space today is facing a rash of security risks. Personal devices have personal accounts and little, if any, prevention of users installing any app they wish. Contrary to locked-down laptops and corporate-issued phones, personal devices have the potential of opening real security threats to company networks.
The multitude of device and operating system combinations is extensive, from Apple to Android to Windows Phone 8. Further compounding the BYOD revolution is the shift of infrastructure from corporate controlled data centers to cloud-based technologies. Balancing the user’s need for access and protecting the corporate structure is often the toughest part of providing an environment that includes BYOD.
The Magnolia Approach
Magnolia Hotels (www.magnoliahotels.com) deploys an MDM solution provided by AirWatch (www.air-watch.com) on each personally-owned device that caches company data. The solution supports all mobile operating systems, including Mac OSX, granting access regardless of adopted security measures or infrastructure type. The BYOD plan through AirWatch MDM allows Magnolia to enforce password policies, record what apps are installed, and remove information from devices that have not checked into the MDM service after 15 days.
Users with MDM installed agree to location tracking and corporate data removal upon departure or device loss. Any user with a company owned device also has an MDM client, but once the device is lost or transferred, all of the data on the unit is removed. Devices that have been hacked are not allowed to access company data. Paying for the services on BYOD is also a large point of discussion. With a company owned device on a discounted plan with centralized billing, it is easier to control costs, work with carriers on new equipment, and manage user accounts. If users are in charge of negotiating plans and upgrade cycles, a company can be at the mercy of unfettered escalations in price. Reimbursement to the users can be expensive, so several companies will give a stipend for communications expenses more reflective of the costs if the business was paying for the services. Magnolia Hotels will only pay for company owned and issued device.
Parker’s Five tips for mobile device management
1. Find the lowest common denominator. This is the key to supporting BYOD in your environment. Almost every device supports email via POP, SMTP and IMAP, with many now supporting Exchange. Almost every device has the ability to read PDFs, and most recently introduced units have browsers capable of rendering HTML5. Leveraging the similarities is important to success with user devices, deploying Flash will not work on Apple iOS and Java does not get along with many devices.
2. Offer options for data access based on device. If your company elects to develop iOS apps, than it is possible that no data is available on Android, or there might be a smaller slice of the full package on iOS. Various options per device can include: e-mail access only; e-mail with calendar, contacts and task; VPN access to folders and files on corporate networks; and VPN access to application data that is housed on corporate networks application deployment.
3. Assign security rules. MDM is often deployed as a client or app on the device, where the user agrees to certain controls over company owned data. MDM policies can be implemented by role, department or title and can be set to have different rules for corporate-owned devices versus team-member owned. For example, MDM on a corporate device might stipulate a complete wipe of system and data given a termination or device loss, and on a personally owned device might only remove company data. AirWatch can provide multi-tenant architecture for profile assignments that make this distinction.
4. Cover hardware replacement in your BYOD policy. Equipment replacement is the last major cost hurdle. Staff members are required to carry a smart device for e-mail access, but what happens when that device breaks? Who is now responsible for the costs? There is really no easy answer here, so it is important to cover hardware replacement in your BYOD policy.
5. Policy details. A user-friendly culture starts with clear policies that line up your business operations and security needs with user access requirements. Your BYOD Policy should cover the following: who is eligible; what devices and operating systems (patches) will be supported; the MDM requirements; what types of data will be made available to whom on what devices; personal data accessibility; application installation; device-loss and data-removal; device and plan reimbursement; and device replacement coverage.
Jeffrey Stephen Parker
CHTP, vP of technology,
Stout Street Hospitality/Magnolia Hotels
What was your first job?
Who inspires you?
What are your hobbies?
What is one goal that you would like to achieve in your life?
What three people would you invite to lunch?
Madonna, Cindy Crawford, Ayn Rand
What is your favorite book/movie?
What is your favorite vacation spot?
Jeffrey Stephen Parker, CHTP, is vice president of technology and chief funologist for Stout Street Hospitality and Magnolia Hotels.