Analysis of a cloud-based mobile device management solution on android phones: technological and organizational aspects
Mobile Device Management (MDM) in companies becomes more and more important due to security reasons. Since a mobile device—as the term expresses—is mobile, it cannot be controlled by a company and local administrators like stationary equipment. Most of today’s mobiles are operated by an Android system. Current MDM-solutions, as well as their implementation and impact on change management, will be discussed. This paper will not provide any recommendations for or against any MDM-system. Instead, the goal is to provide a general How-To, to illustrate what an MDM-system is capable of, especially when implemented as a cloud-based solution and how to make the best use of it for your company. As an example, one commercial and two open-source systems will be discussed.
KeywordsChange Management Implementation Mobile device management (MDM) Security TOE BYOD
While administrators today are using powerful tools for ensuring a PC´s security by group policies and antivirus software on Windows systems or powerful management of user rights on Linux machines, mobile devices in companies lack such tools. Furthermore, while critical server equipment to a company can be safely placed in special secured environments with access restrictions, people who use mobile devices usually are no administrators. Everyone with physical access to the devices has potential access to a company network when using corporate APNs. This becomes critical whenever a mobile device gets forgotten or lost. The only control of these devices can now be achieved using wireless communication, relying on infrastructure not controlled by the company .
The purpose of this paper is to give an overview of one commercial and two freemium MDM-systems, their implementation, and central management through the cloud and for devices in the cloud, i.e., for staff members. The example use case covers the lock of the camera application on the mobile device as an example of restrictions. The steps for accomplishing this task should be a blueprint to be used for the implementation of other scenarios like restricting usage time, phone costs, or geo-blocking a company phone. This paper shows organizational aspects regarding security for a company when its staff accesses the corporate network with its own devices.
To evaluate the technical aspects of implementing MDM solutions, several criteria must be met by these. In the appendix, a table will give a decision base to a company’s management, which solution might fit best. This paper, on the other hand, cannot provide any recommendation for or against any of the analyzed MDM-systems due to various facts that need to be considered, for instance, costs, number of devices, support, personal preference of a graphical user interface (GUI) and so on. The change management part, however, will cover possible implementation strategies based on organizational development and the Technology-Organization-Environment-framework (TOE) , which will be adopted for the cloud-based MDM solutions. The evaluated systems are the two freemium solutions Miradore MDM and ManageEngine MDM, while Sophos MDM comes as a complete commercial solution. All systems offer an on-premise installation part with supporting routines stored in the cloud and cloud-based solutions only. We started with the on-premises installation for testing purposes and switched to the cloud solutions afterward. Since all solution providers intend to give up their on-premises part in the MDM-systems, this step seems to be logical, especially when on-premises-solutions cannot work without expensive infrastructures like Exchange/Sendmail-Server and a messaging system, in order to send out configuration profiles and compliance short message system (SMS) as shown at the end of the appendix. Furthermore, it needs to be mentioned that all solutions work with web browsers.
3 Related work-security and compliance in general-technological aspects
MDM is vital for ensuring that a company’s data are secured. According to M. Pierer, the concept of MDM systems can be categorized in the following areas : definition of security policies, distribution of policies over the air, Controlling, maintaining and monitoring compliance, and reacting on policy breaches. In general, bringing one’s device-appliances (BYOD) with software installed by staff members themselves can be considered as a trend and driving force behind MDM and company policies . On the other hand, almost all mobile devices require an account from the manufacturer to work correctly. That means one might upload data on cloud servers without noticing it . This happens almost whenever using standard settings. All tested systems offer features to restrict settings in Android for implementing security profiles. The only problem was what happened if older devices would be used. The only system, or more precisely its agent, capable of managing an older Android version, was Sophos. This system offers plugins for multiple hardware manufacturers of devices. The downside, however, is the agent and the plugin for the specific device need to be installed. Both freemium systems offer only one client, yet at least support Samsung mobiles separately.
Due to the various Android systems from device to device, the restrictions possible by MDM vary as well. So, the criteria for the evaluated systems are not the number of possible restrictions, but a working environment, especially the setup process, management, and costs. Evaluated Systems were Sophos Mobile Device Management as a commercial system, Miradore, and Mobile Device Manager Plus, as freemium environments. The criteria catalog can be found in the appendix. The outcome, however, revealed that the commercial system, due to multiple plugins for many devices as well as a TCO over five years lower than a freemium system, would be the best choice.
Regarding manageability, application rollout, and restrictions, there is not that much difference in the features of the tested systems since, as already mentioned, these settings depend on the managed device and its Android system. For Samsung devices, Samsung KNOX in devices starting with Android 5 offers much more restrictions than Android steered devices without Samsung KNOX. The choice of what system to implement has to be based on the number of managed devices and the security needed. The need for additional server hardware regarding on-premises solutions, however, needs to be kept in mind while an outsourced cloud solution provides more flexibility and scalability. The tested freemium systems can only be used for a company when one pays for advanced features. If not, they are limited in the number of devices and restrictions for profiles.
However, not all devices support every restriction, which depends on the mobile device and implementation of the Android system rather than on the MDM itself. So, there are various possibilities in restricting functions on a specific device, while other devices lack these. Mostly you might want restrictions on the access point name, so a user cannot change the Access Point Name-settings (APN) to bypass the corporate network. Other useful settings include the limitation of installable applications. So, you can lock the device on Google Play Store apps and prohibit all unknown sources. Even if a user tries to unlock unknown sources, he will not be able to do so. Furthermore, the Play Store could also be completely disabled.
The configuration of mobile devices is being done by the over the air-standard (OTA), supported in all MDM-solutions. This standard ensures the configuration of devices using any available channels like near field communication (NFC), Bluetooth, Wireless Fidelity (WiFi)/wireless local area network (WLAN), or the mobile network itself . Almost any setting accessible via the Android system can be restricted. The most useful feature of MDM is the rollout of applications. That means you can do nearly anything like global policy objects (GPOs) in a Windows environment. So, you can keep every mobile device updated at the same level, all having the identical application versions, which makes support easier while preventing users from updating their apps on their own and test compatibility before the company approves an update. In the appendix, further details about restricting the use of applications will be shown.
For security reasons, if a device gets lost or is reset, MDM ensures, it can no longer access the corporate network, while management is done by a web browser from any location . More important than the rollout of APKs are entire security profiles in preventing users from installing apps or taking configurations steps on the device by themselves. The profiles avoid modifications of the configuration, which a user should not be authorized to do. This also covers changing the APN, usage of SD-cards for storing company data, accessing WLANs, or the use of the camera. The latter being a beautiful feature in critical environments, where taking pictures is not allowed. Examples for this restriction are shown in the appendix, as well as the setup of the MDM-solutions.
4 The organizational aspect
According to literature, modern MDM solutions are cloud solutions. Even though they were not invented initially as such , they did develop in this direction  and are today mostly handled as such . The relationship between technology, particularly modern usage of smartphones, and organizational change, has not been sufficiently explored in the literature. Some studies have revealed that a rapid introduction of technology could greatly affect institutional arrangements such as formal organizational processes, including human actions and social relations . Organizations exist and operate within an environment that influences their shape, determines their structure, offers opportunities, and poses threats. Customers and competitors are paramount amongst these external factors.
An analysis of an enterprise’s environment must first determine if a change that is planned (introduction of an MDM solution) has an impact on the organizational environment, especially on the external environment. If this is not the case, only the inner organization environment is considered.
Although the introduction change of an MDM solution for a company could be seen, according to Butterfield “as a concrete discreet change with a general period of time and little emotional impact” , the introduction should not only follow a pure Systems Intervention Strategy (SIS), but tend to use this as a guideline for a Change process and should also be augmented by a realistic approach.
According to Min et al., the Frameworks is based on the three aspects of an enterprise context: Technological, Organizational, and Environmental. These aspects have an impact on internet technology (IT) innovation-related decisions like MDM and the use of technological innovations in organizations .
As mentioned before, these aspects of the TOE can be seen as essential, as has been denoted by several studies. First, the advantage, i.e., the greater the perceived relative advantage of ES, the more likely it will be adopted [16, 17]. Secondly, compatibility, i.e., the greater the perceived compatibility is with current infrastructure, values, and beliefs, the more likely they will be adopted [16, 17]. Thirdly, the lower the perceived complexity is, the more likely it will be adopted [16, 17]. Furthermore, the ability to experiment with MDM encourages its adoption [16, 17]. Top management support can provide a motivating environment of innovation diffusion through oral notes . The greater the top management’s support, the more likely it will be adopted [16, 17]. An organization and its decision-making management should make an effort to access and analyze possible changes in organizational culture, process, and work relationships  to avoid the negative impact that comes with an introduction of MDM solutions. Also, experience is seen as a critical aspect. The greater the expertise available in the organization, the more likely it will be adopted , especially the usage and experience with Mobile devices. When it comes to trust, the experience can be seen as an essential turning point. Trust is a core requirement of a positive relationship in various contexts , and competitive pressure can be seen as an effective motivator. Competition in the industry is generally recognized to influence IT adoption positively, which is also true for MDM . The trading partner support, in other words, the Provider of the Device Management, also has a significant positive effect on the adoption . Security is another trading partner-related concern which is not only about authenticity, authorization, and accountability but is more concerned with data protection, disaster recovery, and business continuity . Because dealing with security concerns has always been a focus of most firms, MDM should not present unusual or additional challenges. In some instances, the restricted configuration or customization possibilities of MDM noticeable presented fewer security risks . Also, as a part of the security aspect is the BYOD concept for firms. Security and privacy must be given, an integrated and integrative process encompassing the whole organization. The concept is already prevalent in many organizations worldwide, and a successful strategy can provide benefits for both employees and organizations. Seen from the viewpoint of an employee, it can increase mobility, flexibility, and ability to adopt the technology of choice. Moreover, it can lead to greater job satisfaction and an increase in employee productivity in organizations” . Modern MDM is the primary key to allow your employees to bring their device, since through the separation of company and private data, employers and employees can participate of the benefits of using the device of their choice (in the defined limitations, like using a particular OS, etc.) and minimizing the hazards. Furthermore, a lack of usage of an MDM solution is the main reason for structural problems with BOYD . As an alternative to the BOYD approach, Corporate Owned, Personal Enabled (COPE) is possible. This means the organization buys the mobile device, and the user can use the mobile device privately. Although the initial investment for the organization is high, the auditing and monitoring are inexpensive. Moreover, the familiarity of the mobile device to the end-user is given because end users tend to utilize their favorite mobile devices for business purposes. Therefore, productivity and efficiency can be increased . In general, a combination of those initiatives is used in organizations. In departments, where sensitive data is stored extensively, it is advisable to choose the Corporate Owned Business Only (COBO) initiative.
Roll-Out: As for the SIS, the organizational requirements, security policies, and data protection issues must be considered first, which will be mainly related to security. Yet, these must be defined for each firm on a best practice base, depending on the organization’s complexity and company size. Organizations have to think about a roll-out strategy to enroll all mobile devices, which belong to them over a mobile device management system. Because of the direct impact of mobile end users, this phase is seen as the most critical one. However, the cooperation of each employee is necessary, without the collaboration of the users, the enrolment and application distribution cannot take place, and the control and maintenance is difficult.” .
Regarding technological aspects, Mobile Device Management can be considered a solution for enterprises to extend their security from classic internal networks to mobile devices, even when users bring their own devices (BYOD). Yet, it also plays an essential role when using COPE or COBO approach in firms for security reasons. MDM ensures these devices are compliant with corporate policies, like GPOs in Windows. That means a user cannot tamper with a device without being banned from the corporate network once a policy violation is being detected. Even for the management, it is made much more comfortable to update many mobile devices to current software version (APK-files), comparable to software distribution in Windows. A mobile device can be remotely controlled as well, monitored, and restricted in their functions to the desired level.
Regarding the Organizational aspect, we showed the relation of MDM solutions that are state of the art to the cloud and the relationship between technology modern usage of smartphones, and organizational change. Furthermore, the importance of the external and internal corporate environment was shown. Indeed, there is not a mere change of fixed timescales and limited emotional impact, but other organizational aspects are affected as well.
Since the relevance of TOE framework is found increasing in the recent literature for IT innovation-related decisions, the authors used the extended version of the Frameworks (extended by the aspect of business strategy) to analyze in the literature which aspects could be essential for an introduction and acceptance of an MDM solution.
Concerning the technological aspect, relative advantage, compatibility, complexity, organizational readiness, and compatibility were identified as essential. Also, the ability to experiment has been identified as an important aspect. In the Organizational aspect of the TOE, the top management support is seen as crucial for the acceptance, as well as experience. As for the environmental aspect, competitive pressure is seen as an effective motivator for adoption.
As for the last aspect, the business strategy was analyzed. Due to this analysis, it was shown that security is the main factor and is thus of the highest importance for firms. Hence, dealing with security concerns has always been a major focus.
In the course of evaluating an MDM solution, a company should define a strategic approach to the acquisition and use of hardware (BYOD, COPE, COBO, etc.)
In an MDM Rollout, any company needs to consider the organizational requirements, security policies, and data protection issues. The strategy for the enrolment of all mobile devices also has to be taken into account. Collaboration with employees is also seen as an essential factor for a rollout, due to the direct impact of mobile end users.
This study was based on literature research. Certainly, more thorough research on practical implementation could provide deeper insight and detect possible weaknesses in implementation.
No fundings were received or used for this work.
Compliance with ethical standards
Conflict of interest
All Authors have declares that they have no conflict of interest.
This article does not contain any studies with human participants or animals performed by any of the authors.
- 1.Pierer M (2016) Mobile device management mobility evaluation in small and medium-sized enterprises. Springer, WiesbadenGoogle Scholar
- 2.Global market share held by the leading smartphone operating systems in sales to end users from 1st quarter 2009 to 1st quarter 2018. www.statista.com
- 3.Gartner magic quadrant for MDM software (Gartner Inc. 2017). p 4. https://techorchard.com/wp-content/uploads/2017/07/Gartner_MagicQuadrant_EMM_2017.pdf. Accessed 22 July 2018
- 4.Kersten H, Klett G (2012) Mobile device management. Hüthig Jehle Rehm, HeidelbergGoogle Scholar
- 5.Baker J (2011) The technology-organization-environment framework. Information systems theory: explaining and predicting our digital society, 2nd edn. Springer, New York, pp 231–246Google Scholar
- 6.Disterer G, Kleiner C (2014) Risiken mobiler Endgeräte. Mobile Endgeräte im Unternehmen, 1st edn. Springer, Wiesbaden, pp 5–13Google Scholar
- 7.Own screenshot from manageengine mobile devie manger plus V 9.0.0Google Scholar
- 8.Liu L, Moulic R, Shea D (2010) Cloud service portal for mobile device management. In: IEEE 7th international conference on e-business engineering, vol 474. https://doi.org/10.1109/ICEBE.2010.102
- 9.Alizadeh M, Hassan W (2013) Challenges and opportunities of mobile cloud computing. In: IEEE 9th international wireless communications and mobile computing conference. https://doi.org/10.1109/IWCMC.2013.6583636. Accessed 22 July 2018
- 11.Butterfield R (2013) Change–a personal view. Management Resource Centre. http://www.mrc-world.com/. Accessed 01 July 2018
- 12.DePietro R, Wiarda E, Fleischer M (1990) The context for change: organization, technology, and environment. In: Tornatzky LG, Fleischer M (eds) The process of technological innovation. Lexington Books, LexingtonGoogle Scholar
- 14.Tornatzky LG, Eveland JD, Fleischer M (1990) Technological innovation as a process. In: The processes of technological innovation. Lexington Books. pp 27–50Google Scholar
- 15.Butterfield R, Maksuti S, Tauber M, et al (2016) Towards modelling a cloud application’s life cycle. In: 6th international conference on cloud computing and services science, pp 310–319. https://doi.org/10.5220/0005912403100319316
- 18.Borgman H, Bahli B, Heier H, Schewski F (2013) Cloudrise exploring cloud computing adoption and governance with the TOE framework. In: 46th Hawaii international conference on system sciences. https://doi.org/10.1109/HICSS.2013.132
- 19.McKnight DH, Chervany L (2016) The meanings of trust. Technical Report MISR 96-04, Management Information Research Center, University of Minnesota, MinneapolisGoogle Scholar
- 21.Butterfield R (2015) Change management tools—a support booklet, prepared for the FH-Burgenland, EisenstadtGoogle Scholar
- 22.Stricklen M, McHale T, Caminetsky M, Reddy V (2008) Mobile device management. https://patentimages.storage.googleapis.com/3b/ec/bf/cfe24b906ca78e/US20080070495A1.pdf. Accessed 02 Apr 2018