Exchange ActiveSync (EAS) is a Microsoft technology that allows mobile users to access their Microsoft Exchange mailboxes and use email, calendar, contacts and tasks applications on their mobile devices. Administrators can control which devices have access to the Exchange Server. EAS works with a wide variety of mobile operating systems, including Windows Mobile, Windows Phone, iOS, Android, Symbian and Palm WebOS.
Android is a mobile operating system developed by Google and managed by the Open Handset Alliance (OHA) and the Android Open Source Project (AOSP). It runs on smartphones from many manufacturers, including Acer, HTC, Huawei, LG, Motorola, Samsung Electronics, and Sony Ericsson.
Apple Push Notification Service (APNS)
The Apple Push Notification Service (APNS) is a mobile service created by Apple that “pushes” notifications and alerts from applications on servers to iPhones, iPads and iPods.
Apple Root Certificate Authority
The Apple Root Certificate Authority (CA) manages the generation, distribution and administration of encryption keys for the Apple Public Key Infrastructure (PKI). It facilitates encrypted secure communications between web servers and mobile devices. See Certificate Authority.
Blackberry Enterprise Server (BES)
The BlackBerry Enterprise Server (BES) is a middleware software package from Research In Motion that synchronizes emails, calendaring information and contacts between BlackBerry devices and messaging servers such as Microsoft Exchange and IBM Lotus Notes. It also connects BlackBerry devices with enterprise applications. BES includes a range of management and security features to help email administrators.
BYOD: Bring your own Device
The Phenomenon where personal mobile communication devices (iPads, iPhones, Android devices) are used (either sanctioned by the enterprise or not) to access corporate resources such as Wi-Fi, Email, Documents, Collaborative services, etc.
A certificate authority (CA) is a trusted organization that issues digital certificates. Digital certificates are used with Public Key Infrastructure (PKI) technology to facilitate encrypted secure communications between web servers and endpoints such as mobile devices, laptops and PCs. When an endpoint contacts the server it requests a digital certificate with information about the owner of the web site and a public key. The endpoint sends the certificate to the Certificate Authority, who validates that it comes
from the purported source (e.g. the user’s employer or the user’s bank). The endpoint uses the public key to establish an encrypted connection with the server. Third party certificate authorities include VeriSign, Entrust and GoDaddy. Enterprises and government agencies can set up their own CAs.
A cloud extender is a cloud-based service, for example a database or a backup service, which can interact with and extend the functionality of other cloud-based services and applications.
A configuration profile is a set of parameters used to configure a mobile device for a user or group of users. The parameters might include minimum requirements for the passcode, information on how to connect to the corporate email server, virtual private network (VPN) settings, and authorized Wi-Fi networks.
Consumerization of IT
The “consumerization of IT” is a term that has been coined to describe the increasingly consumer-owned responsibility of Information Technology services. More and more services and responsibilities that were once the purview of iron-fisted IT departments, are shifting to the hands of the consumer; in some cases due to the extreme simplification of enterprise connectivity being created by enhancements to iOS, Android, Etc.
Device encryption is the ability to encrypt selected files or all of the files on a device to protect them from unauthorized access if the device is lost or stolen. Typically the user must enter a PIN before the device will decrypt and display encrypted files.
Enterprise App Store
An App Store is an online service that allows users to browse a web site and download applications to their smartphones. The most widely-known app stores are from vendors such as Apple (iTunes Store), Google (Android Market) and Microsoft (Windows Marketplace for Mobile).
An Enterprise App Store is an app store created by a single enterprise or government agency to distribute apps developed in-house or authorized and supported by the IT group.
iOS, formerly known as “iPhone OS,” is a mobile operating system developed by Apple for the iPhone, iPad, iPod Touch and Apple TV. It runs exclusively on devices manufactured by Apple.
Lock is an MDM (Mobile Device Management) feature that allows administrators or users to prevent anyone from using a mobile device or seeing data stored on it. Remote Lock is usually accomplished by sending an SMS message from a server to the device. Locking can also be enforced locally, for example if the wrong passcode is entered too many times. An Unlock command removes the lock. All MDM systems provide an over-the-air Lock feature for administrators, and some also provide self-service locking and unlocking for users
through a web portal.
MDM (Mobile Device Management)
Mobile Device Management (MDM) systems are used to provision, monitor, manage, secure, support and secure mobile devices. Most MDM systems include a server-based management component and an agent or app that runs on each device. Some systems are vendor-specific (e.g., work only with iOS or RIM BlackBerry devices), while others span multiple operating systems and manufacturers (e.g. iOS, Android, Windows Mobile and Symbian). Most MDM solutions are premises-based, although cloud-based alternatives are emerging.
Typical features of MDM systems include:
• Tracking of devices by serial number, user name, manufacturer and operating system.
• Inventory of software and hardware on devices.
• Management of passcode policies.
• The ability to distribute and manage Wi-Fi and VPN policies.
• Remote “over-the-air” configuration and provisioning.
• Remote wipe, lock and unlock.
• The ability to block or disable cameras, browsers and access to app stores.
• Reporting on the status and configuration of devices.
MRM (Mobile Resource Management)
MSM (Mobile Service Management)
Mobile Service Management (MSM) products gather network, server and application health and performance data in order to provide end-to-end monitoring of mobile applications. This allows an administrator to track when users are having trouble connecting, or are getting slow performance on email and mobile applications. Some MSM vendors are branching out by adding MDM features to their solutions.
OTA (Over the Air) Configuration
Over-the-air (OTA) configuration, also known as over-the-air programming and over-theair provisioning (OTAP), is the ability to configure and assign policies to remote mobile devices solely through a wireless connection. OTA configuration eliminates the need for IT administrators or support personnel to physical touch devices in order to prepare them for email and corporate applications. This is particularly important when there are many distributed users, and when users purchase their own devices. OTA configuration can also refer to distributing software and application updates to mobile devices.
A provisioning profile is a file installed on mobile devices, especially iPhones, that allows specific in-house applications to be installed and executed. Administrators can use provisioning profiles to restrict applications to specific devices.
The Simple Certificate Enrollment Protocol (SCEP) is an industry standard protocol designed to simplify the issuing and revocation of digital certificates. It allows administrators to securely issue certificates to large numbers of network devices using an automatic enrollment technique. See Certificate Authority.
Secure messaging technology provides for secure communications between email users regardless of whether they are using email clients or browser-based email systems. Typically messages and attachments are stored entirely on servers, so they are not vulnerable to attacks on endpoint systems. Messages sent over the network are encrypted using SSL, S/MIME, TLS (Transport Layer Security) or other encryption technologies. Servers are provided with spam blocking, malware detection and data leak prevention (DLP) capabilities.
Selective wipe is the ability to delete corporate email, data, policies and apps from mobile devices without affecting personal email and files. Selective wipe is especially important in organizations where employees provide their own smartphones and devices, because these users would not accept having their personal data removed when they leave the organization. See Wipe.
A “tablet computer” or “tablet” is a book-sized computer with a flat touch screen that uses a stylus, digital pen, or fingertip as the primary input device. Most tablets run modified versions of traditional desktop operating systems on Intel chips, but newer entries like the Apple iPad use mobile operating systems and chips based on the simplified ARM architecture.
Wipe is an MDM (Mobile Device Management) feature that allows administrators or users to delete all of the data on a mobile device. If a device is lost or stolen, wipe prevents sensitive data from being misappropriated. Wipe is usually accomplished by sending an SMS message from a server to the device. All MDM systems provide an over-the-air wipe feature for administrators, and some also provide self-service wipe for device owners through a web portal. Not all mobile devices support wipe. See also Selective Wipe.