Shepherding Smartphones and Tablets: IBM's New Mobile Management Solution

IBM Endpoint Manager for Mobile Devices: One solution to manage all your endpoints, including mobile, from one console

Service Management in Action

For organizations struggling with endpoint management—which is to say, practically all of them—the news coming out of IBM is fantastic. Recently, IBM pulled back the curtains on a major new addition to the IBM Endpoint Manager family that tackles one of the most pressing endpoint challenges today: mobile devices such as smartphones and tablets.

What’s the challenge all about? Increasingly, employees leverage mobile devices not just for personal purposes but also, conveniently, for work, getting access to business data, applications, and services, usually via the built-in browser.

For the host organization, that convenience comes as a mixed blessing. It implies that IT must find new ways to bring these devices under some measure of oversight and control, to reduce the odds of an unfortunate business impact unforeseen by the employees.

Need an example? Think of the possible consequences of a security breach, should such a device be accessed via a Bluetooth-based hack or simply lost in a public place. Access to company e-mail, file servers, databases, and other key resources could all be compromised in very short order, like dominos falling in sequence.

Additionally, the mobile phenomenon tends to increase endpoint management complexity substantially. Many types of mobile devices means there are many new operating systems as well. Each operating system is fundamentally different from the next in features and capabilities (and in some cases, operating systems are available in multiple flavors, with more appearing every year).

It was with exactly this context in mind that IBM developed its latest endpoint management solution: IBM Endpoint Manager for Mobile Devices.

The basic value proposition of the Endpoint Manager family is unchanged: one smart agent, supporting any number of operating systems, all of which can be overseen by a centralized server that can handle up to a quarter-million endpoints.

It's just that now, once Endpoint Manager for Mobile has been deployed, that centralized server can track, administer, and help to secure not just laptops, desktops, and servers, but mobile devices as well. This is a level of consolidated oversight, and administrative power, unmatched by any competitive offering.

A range of management mechanisms, to match the range of smart devices

"IBM has enabled the widest possible range of features permitted by the operating system and hardware of the mobile device. This design has the elegant effect of reducing the new complexity implied by mobile endpoints to a bare minimum, while also retaining a single point of command over all endpoints."

Of course, while there is still only one Endpoint Manager agent, that agent isn't always going to be deployable, simply because it can't be. Some devices don't allow installation of an agent at all.

This being so, you might wonder how IBM provides centralized oversight of all smart devices using a single platform.

The answer: different management mechanisms based on the capabilities provided by the target operating system.

Consider the case of Apple's ubiquitous iPhone device, for instance. This device's operating system (Apple iOS) doesn't allow agent installation, but it does provide an extensive application programming interface (API) to allow certain management features to apply remotely. IBM has therefore leveraged Apple's API to handle key tasks such as partially or completely wiping downloaded work e-mails and calendar data, if an employee reports an iPhone has been lost or stolen, to help shield the organization from unauthorized access and a possible security breach.

For operating systems that do support an agent, such as Google's Android, IBM has simply ported its existing smart agent. Once deployed, the agent can then support an even more extensive range of management capabilities than Apple's API does. Still more management options apply in certain situations when the device synchronizes with a server (such as an Exchange server, in the case of Windows devices, or iTunes in the case of Apple iOS).

In every case, IBM has enabled the widest possible range of features permitted by the operating system and hardware of the mobile device. This design has the elegant effect of reducing the new complexity implied by mobile endpoints to a bare minimum, while also retaining a single point of command over all endpoints.

That means easier and faster management, as well as more extensive and more rapidly updated security—for the endpoints themselves and also for all the business data, applications, and data those endpoints are used to access.

Extensive security helps protect employees too

As much as Endpoint Manager for Mobile Devices benefits organizations generally, and IT specifically, it benefits individual employees just as much.

In large part, this is because smart mobile device owners tend to treat their devices as an extension of their personal lives. Yet they usually don't protect the device correspondingly. A smart phone, for instance, may carry hundreds of photographs of an employee's children, extended family, and home—personal content never intended for access by unauthorized parties. But if the phone should be lost or stolen, that outcome is almost certain, unless the employee can take steps to prevent it.

Given Endpoint Manager for Mobile Devices, those steps can be taken. On request, IT team members can simply reach across the carrier's network to remove all the personal data (such as those photos) specified by the employee, at the same time business data such as calendar appointments and e-mails is removed.

The new layer of protection the organization has achieved via the IBM solution thus extends to protect the employee too—a classic win/win situation in which only the phone's thief is inconvenienced.

Create an enterprise app store for even more power and convenience

Endpoint Manager for Mobile Devices also allows IT to create a custom enterprise app store. And this option, like the management features, directly benefits both the organization and the individual employee.

How? Employees can download apps from the store knowing they're secure—that they've already been vetted and found free of malware or other security issues. Many popular, widely utilized applications might also be offered to employees at an unusually low cost, if the organization has been able to purchase them in volume and pass on the savings to team members.

Additionally, organizations that develop their own apps for internal use will find the enterprise app store a very convenient platform for distributing them. Feature-limited, domain-specific apps that provide a subset of some much larger capability (such as asset management) would be one example.

An employee responsible for overseeing a particular cloud service, for instance, might find an app that does that (and only that) very handy—and very easy to get from the app store.

And for the organization, pushing out new versions of such an app is similarly very handy given Endpoint Manager for Mobile Devices. Using it, IT managers can easily tell which endpoints are using older app versions, then offer new ones to the device's owner automatically, as soon as they're released. Once approved, the new versions will be installed on the device.

This approach balances the organization's focus on productivity and security with the employee's focus on personal control and data sensitivity—a form of lifecycle management that's just as smart as today's smart mobile devices.

Additional information

Recent Articles

Contact IBM

Considering a purchase?

Business Without Limits Days

Pulse2012

Deepen your understanding or pursue your interest in Cloud, Smarter Physical Infrastructure, Managing Security and Compliance, or Leveraging Mobility. Engage with IBM executives and industry leaders in half- and full-day conferences designed to provide additional details and insight with enhanced technical sessions.


Find dates and cities


Help with subscribing