Mobile Device Management - Anyone using Good Technologies?

SteveLord · November 2011

Anyone currently using or planning on using mobile device management? Specifically Good since I believe it is the only product that can do encryption on the device.

If so, wanted to hear some feedback on it.

Everyone · November 2011

We have Tangoe's MDM right now. Not fully implemented or in use yet, and we may be ditching it. I really liked McAfee's solution when I looked into it.

SteveLord · November 2011

I invested in McAfee, but not implemented yet. Good is getting a lot of attention though. Encryption being the main feature everyone else is lacking.

Everyone · November 2011

SteveLord wrote: »

I invested in McAfee, but not implemented yet. Good is getting a lot of attention though. Encryption being the main feature everyone else is lacking.

McAfee EMM has encryption... what makes you think everyone else is lacking it? I think it's a pretty standard feature...

SteveLord · November 2011

Everyone wrote: »

McAfee EMM has encryption... what makes you think everyone else is lacking it? I think it's a pretty standard feature...

Not to the extent Good does....which essentially encrypts a slice of the device. Everyone else uses whatever is on the device.

McAfee EMM
Do you support data encryption on phones
and other devices, including encryption of
an SD card?
A: We encourage the use of encryption and, to
assure high performance and data integrity, we
work with native hardware-based encryption
rather than providing this function in software.
We can detect and block devices that are not
using encryption. For Windows Mobile, McAfee
EMM encrypts the entire phone, including
the SD card, and you can turn encryption on
and off. For Apple, every device beginning
with 3GS is natively encrypted with hardwarebased
encryption (includes iPads and latest iPod
Touches). For Android 3.0 and later, we take
advantage of encryption capabilities provided
within each device.

Everyone · November 2011

Why the requirement for something beyond a device's native encryption abilities? Why isn't enforcing encryption on a device enough?

Need encryption but device doesn't support encryption? Set policy to block the device, and tell users you won't support it. Most devices released over the last few years can do encryption, you just have to turn it on. If your MDM forces it to be on for all devices that connect to your network, I'd think that'd be enough.

SteveLord · November 2011

Everyone wrote: »

Why the requirement for something beyond a device's native encryption abilities? Why isn't enforcing encryption on a device enough?

Need encryption but device doesn't support encryption? Set policy to block the device, and tell users you won't support it. Most devices released over the last few years can do encryption, you just have to turn it on. If your MDM forces it to be on for all devices that connect to your network, I'd think that'd be enough.

It's called working in government. $:\$

And one of the security guys around here cracked an iPad in less than 2 hours.

All of our laptops receive full disk encryption that can be centrally managed. Considering what smartphones and tablets could be used for....they would prefer the same thing. It hasn't been labeled a requirement yet, but would prefer it without a doubt I bet. RFI to come.

Everyone · November 2011

SteveLord wrote: »

It's called working in government. $:\$

You mean they're finally exploring options beyond Blackberries?

Been a few years since I worked for the Government. Back when I did, it was Blackberry or nothing for mobile devices.

SteveLord · November 2011

Blackberry, although the currently approved device...is a sinking ship. RIM would have to pull a miracle product out of their ass to stay afloat.

Everyone · November 2011

SteveLord wrote: »

Blackberry, although the currently approved device...is a sinking ship. RIM would have to pull a miracle product out of their ass to stay afloat.

Agreed, been saying that for years now. Unfortunately the Government won't give them up that easily.

the_Grinch · November 2011

We have a customer using Good and it is ok. From an enforcement standpoint it is pretty good and we get alerts when it finds devices that are rooted/jailbroke and wipes them (or whatever policy you have in place for it). I found their support to be a bit lacking and the client can be a pain in the butt when it doesn't work properly. We've had limited exposure to it as the customers internal support team pretty much deals with it for the most part, but every so often they ask us to step in.

SteveLord · November 2011

the_Grinch wrote: »

We have a customer using Good and it is ok. From an enforcement standpoint it is pretty good and we get alerts when it finds devices that are rooted/jailbroke and wipes them (or whatever policy you have in place for it). I found their support to be a bit lacking and the client can be a pain in the butt when it doesn't work properly. We've had limited exposure to it as the customers internal support team pretty much deals with it for the most part, but every so often they ask us to step in.

The client seems to be the hardest part of it from what I've heard. I am surprised more people here aren't commenting on this. This really is a huge issue in terms of access, security and productivity. Especially if you're a large organization or an arm of government.

the_Grinch · November 2011

Most of our customers are still using Blackberries and when they released BES Express for free they jumped on it. I know that RIM has announced they were planning to extend BES to work with iPhones/Android devices. We shall see..

Chivalry1 · November 2011

We use Mobile Iron. It offers the most comprehensive mobile device management I have ever seen. They also have a cloud based solution as well. Personally I hate "Good".

SteveLord · November 2011

Chivalry1 wrote: »

We use Mobile Iron. It offers the most comprehensive mobile device management I have ever seen. They also have a cloud based solution as well. Personally I hate "Good".

Can you elaborate on your feelings about Good?

NightShade03 · November 2011

I have to second the "hating" of Good. We use it at work and while it does it's job of managing devices email, encryption, etc. there are some serious flaws and missing factors. For one thing...when it checks for mail it will notify you of new mail, however when you open the app the mail isn't there it still has to connect and "download" the messages. This is really annoying and sucks when you are in a low coverage area. For another thing, the Good app becomes "hosed" whenever you upgrade to a new version of the phone. For example, when moving from iOS 4 to iOS 5 you will need to reinstall the Good app, contact the Good admin and have them issue you a new activation code, and then wait for you mail to resync all over again. This is a horrible issue.

Someone else mentioned Mobile Iron and I would gladly sing their praises! Not only do they have an insanely great product for managing mobile devices + email, but they can also help with app store control, and allow you to create your own internal app store as well. They are way beyond Good in terms of device management...not just encrypted email (like Good). They also have a distributed architecture for failover and load balancing as well.

I have worked with quite a few different mobile device solutions recently and so far I've seem the best results with Mobile Iron. Let me know if you want more info.

shaqazoolu · November 2011

The InfoSec team here (which includes myself) is supposed to begin piloting Good early next year from what I hear. I'm looking forward to it. I'm getting tired of carrying around 2 phones.

Mobile Device Management - Anyone using Good Technologies?

Comments