This is part 1 of 2 on managing applications on mobile assets. Part 2 is coming soon!
Mobile assets are becoming more important due to their increase in demand and now require serious management due to sensitive data and the costs associated with them. Managing mobile assets falls under the IT Asset Management (ITAM) remit as it manages physical assets and applications. Applications installed on mobile devices require similar management to desktop or server applications. The license needs to be purchased in the correct way, a standard list of applications needs to be defined and acceptable usage needs to be established and communicated to end users.
We recently released Part 1 and Part 2 of An Introduction to Mobile Device Management.
What mobile applications will you allow within your organisation? This needs to be defined and established when creating any mobile asset management process. There are a number of questions you need to ask before allowing applications to be downloaded or installed on company owned mobile devices:
Games and non-business use applications should not be allowed on business devices, and that should be communicated and set out from day one of any mobile asset project. There are a number of security risks associated with some mobile games and non-business applications, and they could end up costing the organisation a lot of money through use without WiFi (3G, 4G etc). Furthermore, if the organisation has a software policy in place that states there should not be games or unauthorised applications installed on desktops or laptops, then this should be replicated to mobile applications. There should be an ‘Applications Use Policy’ that defines acceptable usage (both data and time) and what applications are pre-approved by the organisation.
Mobile applications can be acquired a number of different ways, but the main two examples are through ‘App stores’ or as part of an agreement with a vendor. It is vitally important to procure mobile applications through the correct organisations procurement process to ensure the license is purchased in the correct way and also to ensure the organisation owns and has a record of the purchase and license.
‘App stores’ are the source of most mobile applications. Some are free, others cost. Examples of ‘app stores’ include iTunes App Store and Google Play. There are hundreds of thousands of applications available, and some are not allowed for business use. All apps have a license attached to them, so if you are unsure then check the license agreement.
Applications from ‘app stores’ need to procured through a centralised account so that any device within the organisation can use the application. Allowing users to purchase applications through their own credit cards will mean that the organisation will not own the application, the user will. This may also have an impact on the application being used on a device that is associated to a centralised business account that is linked to the particular ‘app store’.
Organisations can manage ‘app stores’ in a number of different ways. There is the option to use a single business account to purchase all apps for mobile devices, and make the end-user go through the approved procurement process to buy and download a new app. There is also the option of managing an internal ‘app store’. There are a number of solutions that allow an organisation to list approved apps, and allow the user to download or install any of the apps in the approved list without having to go through procurement.
Examples of mobile applications that come as part of an agreement include ‘Office for iPad’ and ‘Adobe Creative Cloud Apps’. Microsoft and Adobe offer mobile licenses as part of Enterprise agreements, or as part of a separate agreement. If an organisation wishes to purchase individual mobile licenses, then they can do that too!
Major vendors are now changing licensing metrics to ‘user based’ rather than ‘device based’. This in turn means that as part of the agreement users may be able to download the mobile version of the vendor’s software without needing additional licenses. Any installs of the mobile version of the software still needs to be monitored and managed as it counts as one of the users device’s that it can be installed on.
Top tip! If the organisation wants to invest in mobile devices and wants to use the mobile applications from the likes of Microsoft and Adobe, then make sure you make any additional mobile licenses as part of your agreement. It is also worth checking your current agreement to see if users are eligible to install the mobile version of the software on a portable work device.
Bring Your Own Device (BYOD) poses another challenge for managing mobile applications. If an organisation allows users to bring in their own devices, then the question needs to be asked; “Do you want the mobile devices to be managed by the business?”.
Along with having mobile devices incorporated into the overall BYOD processes, the mobile assets need to be tracked and managed (in some extent) by the organisation. An example of users bringing their own device, and having the organisation mange the devices is if the organisation allows the user to install an application that is owned, or has been purchased by the organisation on their personal device (if the license terms allow this).
BYOD then gets complicated with mobile assets. The organisation needs to agree with the user what they will monitor and manage, as it is actually the users device. If the organisation wants the user to install certain applications then it should be agreed that they would only monitor the usage of licensable applications that are owned by the organisation, and nothing else. The data the organisation will monitor and manage needs to be clearly communicated with the user to ensure there is no confusion and no invasion of privacy.
If the organisation does not want to allow users to bring in their own devices (other than mobile phones for communications purposes) and install applications installed on them from the organisation, then those mobile assets need not be tracked by the organisation or MDM solution.
In part 2 we will look at data, usage and MDM tools.