The use of mobile computing devices has become quite commonplace. Examples of mobile computing devices currently in use are “smartphones,” computing tablets, laptop computers, and so forth. Wearable computing devices are on the horizon. Because mobile computing devices are convenient to use because they enable people to be “connected” to communications and data from almost anywhere, users often store not only personal data on such devices, but also private data, trade secret data, or indeed almost any type of data belonging to organizations (e.g., commercial enterprises, government entities, etc.) with which the users are affiliated. Indeed, organizations have become accustomed to permitting their employees or other stakeholders to access corporate data remotely using personally owned mobile computing devices. In the art, this has come to be known as “bring your own device” (“BYOD”).
Organizations sometimes rely on mobile device management (“MDM”) software to manage risks associated with use of mobile computing devices by employees and other agents of the organizations. For example, because mobile computing devices are often lightweight, they are easy to lose. When users lose their mobile computing devices, it may become possible for third parties to retrieve the data stored thereon, e.g., for malicious purposes. To mitigate malicious use or other misuse of their data stored on mobile computing devices, an information technology (IT) administrator associated with the organization can use the MDM software to send commands to a lost or misplaced mobile computing device, e.g., to delete all data, lock the mobile computing device to prevent use, etc.
Organizations can also use MDM software to enforce various policies, e.g., to require a device password of a specified “strength,” enforce data access policies, data retention policies, etc. As an example, the IT administrator can use the MDM software to specify or update a policy that applies to a group of mobile computing devices instead of having to specify or update the policy (e.g., manually) for each mobile computing device in the group.
Manufacturers of mobile computing devices have enabled MDM features, e.g., as part of their operating systems. For example, Apple's iOS, Google's Android, and Microsoft Windows Mobile operating systems all provide MDM features. These features enable organizations to “enroll” the devices into their enterprise computing environment, configure and/or update device settings, monitor and/or enforce compliance with corporate data policies, and remotely delete data and/or lock the enrolled devices.
To take advantage of these features, organizations must typically install, integrate, and manage third party MDM servers as part of their data center environments. For example, various companies commercialize MDM servers or appliances that can assist an organization to take advantage of the MDM features mobile computing device manufacturers provide. In these cases, an IT administrator can create a configuration profile document that is stored at the MDM server. A user desiring to enroll their mobile computing device can initiate a connection to the MDM server (e.g., by identifying an IP number, domain name, email address, etc.). The MDM server can then transmit the configuration profile document to the mobile computing device. The user then accepts (or installs) the configuration profile document. Once completed, the mobile computing device is “enrolled,” and can then access corporate data, electronic mail (“e-mail”), etc. The mobile computing device can enforce the policies stipulated in the configuration profile document (e.g., password requirements, etc.) If the mobile computing device is no longer in compliance, the MDM features of the mobile computing device can prevent further communications. Alternatively, there may be periodic communications between the mobile computing device and the MDM server (or other server) of the organization to ensure that the mobile computing device continues to abide by the policies. Furthermore, when the organization updates its policies, the mobile computing device may need to download and install the revised policies before further communications are permitted. If the mobile computing device is reported as lost or stolen, the IT administrator can cause the MDM server to transmit commands to the mobile computing device, e.g., to delete data, lock the device, retrieve the location of the device, etc.
However, installing, configuring, and maintaining MDM servers is an added expense both in terms of capital expenditure as well as time required of IT administrators.