Security solutions vendor Sophos is one of the newer players in the mobile device management market, yet has successfully created a full-featured offering that combines capabilities with ease of use. Sophos Mobile Control works with iPhone, iPad, Android, BlackBerry and Windows mobile devices.
Sophos designed Mobile Control to be easy to deploy from the outset. The product is designed as an on-premise solution that leverages common technologies, such as JBoss, SQL Server and Java, making it suitable for most enterprises, regardless of size.
Like most products in the mobile device management segment, Sophos Mobile Control uses a browser-based management console to make things happen. The product follows the client server ideology in that policies, rules and accounts are stored on a server and then pushed out to the device, which runs a piece of client software.
We were able to test Sophos Mobile Control with a couple of devices, including an iPad and an Android Mobile phone. Users can register devices using a self-service portal, which delivers the necessary client software down to the device. The company offers extensive documentation which further eases use.
The administrative console provides several well-defined options using a web GUI that includes context-sensitive help, as well as wizard-like controls to ease setup and configuration. Sophos Mobile Control leverages a hybrid user/device model where devices are managed based on defined policies and rule sets, and are also assigned to specific users.
Filters and controls are included that help administrators differentiate ownership of the devices, allowing support of BYOD business models, as well as corporate-owned devices. The GUI also offers reporting capabilities which can be used to identify compliance issues, as well as track device use.
Sophos Mobile Control enlists a combination of policies, rules and device groupings to create security profiles for a registered device. Policies offer a great deal of granularity, allowing administrators to define acceptable applications and levels of encryption, as well as remotely manage a device's settings. What's more, administrators can lock or remotely wipe a device with a few mouse clicks, protecting corporate data from theft or unauthorized access. Other policy controls include requiring passwords, forcing the use of encrypted email and limiting when a device can be used and by whom.
Other notable features include the ability to import BlackBerry devices from a BlackBerry Enterprise Server, creating a higher level of integration for enterprises using RIM products, and traffic counters for Windows devices, which can help to track data plan use for those in the company with limited data plans.
Administrators also have the ability to create bundles which contain custom scripts or predefined elements. Those bundles can then be deployed to devices in the field and used to automate settings, application deployments and so forth.