Managing mobile devices in the field can be a complex challenge with numerous sector-dependent needs and challenges. Bring your own device (BYOD) policies are proliferating in the age of the mobile workforce, which presents many business and operational benefits. However BYOD presents numerous challenges, including inability to withstand operation in the field, user pushback to subjecting administration of personal devices to an employer’s information technology (IT) department and policies, and complexity that administrators face managing a wide variety of personal devices.
Many BYOD devices include consumer grade Android tablets widely available at mass retailers. These off-the-shelf tablets may not optimally meet the requirements of many applications in the field. They may not be rugged enough (even when packaged in rugged overmolds), lack required interfaces and peripherals, may not meet regulatory requirements for safety or security, or may not be available for sale in a stable configuration. This may be true of Android tablets used in healthcare, manufacturing, energy, mining, and transportation/supply chain sectors, for example.
To overcome these problems, a custom Android tablet, meeting specific electronic, software, packaging, ruggedness, security, regulatory, and supply chain requirements, may be designed and deployed. These tablets must also be managed by corporate IT departments. Fortunately, these rugged Android tablets may be managed by familiar IT techniques. And in many ways, custom tablets may be managed more easily and securely than BYOD devices.
Two methods for remote device management are Mobile Device Management (MDM) and Unified Endpoint Management (UEM) platform solutions.
Mobile Device Management (MDM) Basics
MDM solutions give administrators a centralized way to engage, monitor, provision, enroll, update, secure and remotely locate rugged tablet devices used in the field. This can encompass securing, monitoring and managing company-owned as well as employee-owned devices through a set of security policies and profiles that can include:
- Application Management
- Device Management
- Content Management
- User profile analytics
Unified Endpoint Management (UEM) Basics
Electronic devices in the field are actually individual endpoints that may be remotely connected to one or more servers in a network. Unified Endpoint Management means managing various essential processes required for IT administration using a single software application.
Unified endpoint management (UEM) allows the different enterprise ecosystem devices to be managed with one tool. UEM allows IT to remotely provision, control and secure varied devices like cell phones, tablets, laptops, desktops, and even Internet of Things (IoT) devices. Endpoint management comprises processes like:
- Pushing patch updates
- Software distribution
- Bulk OS deployment
- Remote troubleshooting
- Hardware and software asset management etc.
- AI-based analysis, security tools and processes
MDM and UEM basically work in the following way:
- A provisioning profile is installed on the device which is to be controlled. This profile adds device authentication and control.
- An MDM client app installed on the device.
- The client app collects information about the device and its current status, and then sends it to the MDM server.
- The MDM server pushes the settings as set by the administrator.
- Once the client app receives the settings, it then adjusts the device and its settings accordingly.
Integrating Rugged Android Tablets with Device Management Programs
The best Android tablet for integrating UEM and MDM platforms is designed specifically for enterprise level control while enabling critical device use without inconvenient interruption. This is accomplished by enabling the tablet user with complete control of the device operation. Off-the-shelf devices used for most BYOD applications are susceptible to device vendor originated software updates, whose timing may conflict with user needs and whose implementation can potentially break current application software. Additionally, the operating system itself may not allow MDM and UEM software sufficient control over all device functions. Therefore, BYOD devices may not be fully controllable via MDM and UEM techniques.
Rugged Android tablets are designed for specific applications with fully enterprise- or user-controlled operation. The operating system can be customized to lock down the user environment, provide user access control, remove settings menus and other features that could allow a user to bypass the intended configuration, and communicate solely with the user’s MDM and UEM platforms, which manage device operation and configuration updates, independent of a third party.
Specifically, rugged Android tablet configuration may be designed with the following features that constrain operation and allow full MDM and UEM control:
- Encryption and authentication of local users, data, software, and network transactions
- Geo coordinate-based operation, including the ability to detect, disable (“brick”), track, or alter behavior of devices based on geographic location or have left a defined geographic perimeter
- Device tamper detection and reaction
- Incorporation of security modules and encryption key devices
- Secure erase of programs and/or data, including per NISPOM standards
- Security enhanced operating systems, including SE Linux and SE Android
- Full integration within the Android operating system
MDM and UEM often seem like a complete solution to all of an enterprise’s mobile device and BYOD challenges. The reality is that control varies widely from device to device, with varying levels of effectiveness. More often than not, when it comes to their implementation on rugged Android tablets in the field, it is the design of the tablet that ensures the most effective deployed device experience and integration with UEM or MDM.
InHand specializes in the design and manufacturing of specialized mobile devices and tablets used in industrial, medical, and military applications. Electronic circuitry, Android or Linux operating system software, and device enclosure are developed internally to meet our client’s use cases and specification, including mobile device management. Contact InHand for an evaluation of your requirements.