Heavy-handed iPhone and iPad Management Is Really Just Old Thinking By IT Directors


Too much device management ties the hands of users and pits them against IT
Too much device management ties the hands of users and pits them against IT


A year or two ago, IT departments were focused on mobile device management (MDM) as a way to secure smartphones and other mobile devices. It was a natural extension of how IT had always handled technology in the workplace. While there are times that strict device management is the best approach (such as K-12 schools), IT departments are beginning to realize that MDM isn’t always the course of action.

In fact, the rush to lock down every device feature was little more than stale and rather old thinking on the parts of IT leaders who are now looking for better options.

The concept was essentially an extension of how IT folks handled Macs and PCs in their organizations. Create a baseline configuration for all computers of one type complete with corporate settings and needed apps, roll it out, and then use client management tools to ensure users can’t make major system changes, install their own applications, or alter core operating system components.

That concept has served IT departments in organizations of every size and type quite well over the years. It ensures every user has the correct environment, that the computers are secured, and allows for quick and easy Mac or PC replacement if there are problems. It’s no wonder that device management was the first impulse for IT folks when it comes to the iPhone, iPad, Android devices and pretty much all post-PC mobile devices. It also happened to be the model that RIM provided for organizations giving workers BlackBerries.

But there’s a key point in this line of thinking that’s easy to miss – it’s based around the concept of a computer or a device being owned by an organization and not by the person using it. By extension that means that IT owns the device and has the right to configure it for optimal security as well as to configure the user experience to what IT staffers assume is the best option that doesn’t compromise device or data security.

IT folks had no problem finding vendors to support this way of looking at mobile technology, particularly after Apple built really strong device management capabilities into iOS 4. In doing so, Apple created a pretty lucrative cottage industry around the ability to manage iPhones and iPad (and BlackBerries and eventually Android devices and Windows Phone handsets). The concept paralleled standard IT processes and effectively let IT approach mobile devices as they did computers – IT and MDM seemed like a match made in heaven (at least to IT guys and the MDM vendors).

Users had a rather different take on the whole situation, especially when major features of their iPhone, iPad, or other device was disabled or blocked by IT. What’s the harm in downloading the free version of Words With Friends? Why shouldn’t I be allowed to check my personal email? Why can’t I install the various iWork apps, especially if I’m willing to pay for them?

Those reactions were one thing when the company had been buying devices and handing them to IT to setup and distribute. But then along came BYOD – officially sanctioned or not, users started buying iPhones and iPads and bringing them into the office, where they asked to be able to setup their work email accounts or to be able to use corporate Wi-Fi. None of them were happy with the idea that they had to turn control of their devices over to IT at that point, particularly if it meant giving IT the power to wipe their devices or monitor the apps that they installed.

This tension over ownership had definite consequences including the fact that if IT handled the situation poorly, users tended to simply avoid IT altogether .

That brings us to the dialog happening today about what the best practice is for mobile devices regardless of who actually owns them. Is locking down the device really necessary? Can IT secure business data without heavy-handed management? Can IT set policies and trust that users will abide by them? If not, should IT be able to monitor personal devices that access corporate resources?

The growing consensus is that looking at device management is the wrong approach in many cases and that IT’s ability to claim ownership of computers doesn’t extend to mobile devices – at least not in quite the same way. That’s led to a focus on securing data and/or managing apps rather than the device and to working with users as partners rather than thinking of them as the enemy.

  • cyberb0b

    It may seem heavy handed until you are responsible for network security. If you MUST have an iPhone or iPad, you will generally have is assigned to you by the company. If you don’t and just want to BYOD, then you must be willing to sacrifice some freedoms if you want to use it on MY network. 

  • justinwelsh

    This comes down to one simple thing. Email. If IT managers would take the time to stop their organization from relying so heavily on email for essential business activities, there wouldn’t be near the concern of locking down the devices as there is now. There is too much confidential or sensitive data in a users mailbox which can easily be accessed on an unsecure device. Make the process of accessing company data a secure process, and suddenly the security on the device itself doesn’t matter.

  • shannon_f

    Im guessing that, in the first paragraph, “begging” was supposed to be “beginning”, right?

  • Frank_Furter

    Thanks for reminding everybody why we hate network guys…..

  • Anon_IT_Guy

    My guess is you’ve never worked in a big company, or maybe any company?  Have you seen the data leaks of personal data from banks, health care companies, retailers and anyone else that has your personal data and uses it in their business?  Do you really want some middle manager having access to all this data on his iPhone without ANY controls?  Apple (and Google for that matter) fail miserably at this right now – that’s the IT backlash against these devices.  Wow, I can enable a PIN, wow, I can force the user to install my “MDM” (Mostly Doesn’t Manage) solution. But can I stop them from downloading trojan virus “free” game/app?  Hell no.  Can I FORCE them to update their OS to make sure they are secure?  Hell no. The controls they have, even in iOS 5 or ICS are HORRIBLE when compared to Windows 95.

  • Frank_Furter

    The sky is falling! The sky is falling! My guess is you’re a brainwashed IT lackey who can’t think outside the box and does what you do because, well, by golly, that’s how it’s always been!

    As most of us IT professionals say, “We get our jobs done and succeed IN SPITE of our infrastructure groups”.

  • justinwelsh

    Again, stop thinking old school.  I’m an IT Manager myself.  You are fighting a losing battle my friend.  Design ways where the “process” of accessing the data is secure, no matter where it’s accessed from, and your problems are solved.

  • Neil Anderson

    IT directors are trying to beat back the ocean with a stick.

  • BYODpro

    I think justinwelsh is right on. We need to focus on securing the data not the device.


  • TopAgentWebsite

    Mobile security will become a huge thing in the near future…. paypal has began offering payment options via mobile phones here in UK and there are many offline retailers that are accept payment via mobile phone (where a phone is scanned and used like a wallet). Channel 4 made a report on it and showed it was really easy for thieves to steal all your info from your mobile phone and use it to bankrupt you!

    Tl’dr be careful when buying things using your mobile phone.

    Regards Caroline,

    Anti virus for mac – check out Mackeeper