MDM

How is Mobile Device Management shaping Banking, Financial Services, and Insurance Companies in Sri Lanka?

Photo by Imasha Fernando on Unsplash

If we are to describe the modern banking, financial services, and insurance industry (BFSI) in one word, we would say complex. With the onset of digitalization, many customer services are now online; banking and insurance mobile apps are increasingly becoming the norm. Apart from this transformation of customer services, traditional banks are facing competition from neobanks – technology-driven, agile banking and financial service providers. Neobanks often have lower operational costs as they are mainly online-based. Similarly, “born digital” insurers that leverage technologies such as artificial intelligence (AI) are competing with established insurance companies. We have also seen the rise of super apps that offer consumer services through third party integrations with several digital payment options (i.e., WeChat, Grab, AliPay, Gojek, to name a few). To stay ahead of these new disruptive developments and remain relevant to younger, digital native consumers, traditional BFSI companies are adopting digital-first strategies. 

Competition is not the only factor that contributes to the complexity of today’s banking and financial services industry. As more services are available online and accessible from mobile devices, there are significantly higher security risks. In 2020, the BFSI industry was the top target for cyberattacks. The number of devices used in this industry is rising due to digitalization. Microfinance and insurance companies also have a mobile workforce, where employees travel to many locations to support their customer base.

The BFSI industry in Sri Lanka and digitalization

The BFSI industry in Sri Lanka is undergoing rapid growth. Innovation has become the defining characteristic of this growth, as institutions strive to differentiate their products and services. Digital onboarding, QR based payments, digital wallets, mobile applications, and mobile payments are some of these new services. With innovation and greater device use, device security inevitably becomes a major concern for the industry. Enterprise Mobility Management (EMM) has a pivotal role to play in catering to this innovative landscape and making it secure for all the customers. In this highly sensitive market, even the Central Bank of Sri Lanka (CBSL) introduced explicit guidelines to ensure the protection and security of mobile devices so that users are not exposed to threats in an uncontrollable manner. 

Any digital-first strategy must then address flexibility, efficiency, and security. Discussions around device management and security often lead to Mobile Device Management (MDM). Let us start with some basics. MDM is a software solution that empowers IT admins to manage, monitor, and secure devices across different operating systems in an enterprise IT ecosystem. Banks, financial services providers, and insurance companies cannot control customers’ devices – but you can control your own devices and provide secure services to your customers.

In this blog we will delve into some common challenges faced by organizations and how you can address them by implementing an MDM strategy.

Mobility challenges in the BFSI industry

Challenges in the BFSI industry vary – they range from securing data to ensuring that corporate devices are used for their intended purposes. Each organization will have their own challenge. Some common issues are:

  • Centralized management of devices

One of the biggest challenges in Sri Lanka’s BFSI industry is the lack of a proper system that manages devices and tracks their usage. The latter is to monitor whether the field sales agents are not misusing corporate devices by using these devices to view non-related videos, play games, install improper wallpapers or apps that can lead to a loss of productivity or damage the organization’s reputation.  

  • Launching apps and pushing app updates

In the microfinance industry, field sales agents are required to visit remote areas where the WiFi connectivity could be weak and/or challenging. Under these circumstances, pushing app updates is a daunting task.

  • Data security

The BFSI industry possesses large volumes of sensitive data. It is vulnerable to cyber-attacks. Any compromises in data security are costly for an organization’s reputation and will have an adverse impact on its business operations. The BFSI industry faces immense pressure to protect data in case a device is stolen or lost and must have the ability to erase all data stored in a device. 

Benefits of an MDM strategy

  • Centralized device, app, and data management

An IT ecosystem with many different types of devices, apps, and data will have multiple endpoints. With unified endpoint management (UEM) capabilities, you will be able to centralize all your UEM functions in one place – regardless of the operating systems that your devices use. 

  • Faster onboarding of new customers and team members

The MDM solution will oversee identity management – authentication, passwords, and authorization. The onboarding of new customers can become an online, device based function – which is more efficient and faster than dealing with cumbersome manual tasks. Similarly, granting the right authorization for your team members to use corporate devices will become a simpler task. 

  • Mitigating effects during security breaches

Lost or misplaced devices, or any loss of data from apps need quick responses. MDM solutions provide geotracking capabilities to locate devices remotely, plus the ability to lock devices and delete data in the case of a security breach. This way, you can prevent the mishandling of devices and your all important data.

  • Remote troubleshooting

MDM solutions provide remote troubleshooting capabilities which is especially helpful if you have team members working in many geographic locations i.e., based in the field. In the event of device problems, these team members are not dependent on admins who are based elsewhere to solve such issues. 

  • Device usage control and SIM lock-in

Restrict enterprise device use to required apps only through app blacklisting features to ensure that devices are used for work-related purposes. Moreover, you can also bind mobile SIM data to these apps only so that you do not incur any additional costs with your data packages.

  • Business intelligence

MDM solutions give you device usage statistics that you can view on dashboards. The data gives you insights into team performance and any app upgrades required.

  • Extensive integrations and customizations

You can customize the solution to suit your specific requirements, with the necessary dashboards, reporting, and analytics features.

At Entgra, we understand each of the challenges faced by the BFSI industry and we have a highly customizable product that will enable you to respond to rapid changes. Entgra MDM is a centralized device management and unified endpoint management platform that helps you manage your many device identities securely. You have access to a host of features such as remote device management, analytics and dashboards, and simplified device enrollment. Learn more here and start the conversation with us.

The Digital Pedagogy Learning Curve: Education 4.0, MDM, and Opportunities

Photo by Dom Fou on Unsplash

We have come a long way since the times when education was a privilege for the chosen elite, attainable by virtue of class, religion or gender. And a long time from when sacred scriptures had to be memorized by a trusted few to transfer knowledge from one generation to the next. 

The ancient Greeks had laws in place to ensure that formal education was primarily for males and for non-slaves. In early Mesopotamia, only the royal offspring and sons of the rich or the professionals had the entitlement to be schooled, i.e., access to reading and writing. The Chinese resorted to rote memorization for teaching over 40,000 characters in their language.

In the light of such absurdities, today we are in a position to pat our own backs gleefully for being able to read ridiculous ancient teaching practices leisurely. We are also able to grasp the fact of our learning habits, too, having leapfrogged tremendously from etching on wax tablets and oral recitals to browsing content in our devices conveniently today. 

Given the enormity of the knowledge we have amassed and hoarded in numerous tricky technical formats in the present day, what is required of the sentient being now is the aptitude with which to retrieve and apply just the right resources for the problem at hand. The finesse of crafting the best with what we’ve got. The learner’s armor today, in that sense, is very much personalized to the individual, in how and what works best for each individual. 

Education 4.0

The evolution of digital pedagogy has been rapid and unprecedented. And definitely expedited by the pandemic.

We have now entered an era of innovation-driven, immersive learning experiences aided by digitized tools and techniques for effective knowledge retention and application. Today’s students are digital natives in every sense of the word – they are exposed to digital technologies at a very young age and understand how to use them, often in a very sophisticated manner.

In an ideal flipped classroom that we are headed to, the students embark upon actual problem-solving during the class hours, while reading up on theory and learning lessons have been moved out of the scope of the classroom. Students can watch lectures online, download relevant notes, and discuss/explore their ideas through online forums or discussion groups. This type of blended learning strategies reinforces active student engagement and knowledge application within the classroom.

Progression of education from 1.0 to 4.0:

Education 1.0 > Education 2.0 > Education 3.0 > Education 4.0

In that sense, Education 4.0 is a jump-start from its version 1.0, naturally called for, and vastly aided by the technological advancements of its counterpart, the fourth industrial revolution. Industry 4.0 has thrust us with smart technology, Artificial Intelligence (AI), big data, Virtual Reality (VR), Augmented Reality (AR), and robotics. 

We must now shift our focus to empowering the next generation of learners, harnessing the culled knowledge with advanced technology for betterment – ideally in accordance with our Sustainable Development Goals for education [SDG 4]

Are we there yet?

Education 4.0 involves the use of tablets, laptops, smartphones, and various other devices as supportive tools for learning. Aimed at instilling the 4Cs the century calls for, our students are now being trained to think critically, make the most of their creativity, and communicate and collaborate effectively with their peers.  With the students having a big say in the how of it today, learning has become a highly personalized experience to be indulged in from anywhere, at any time. 

Such a transformation calls for an equally elaborate and sophisticated response from  educational institutions.  These institutions must be prepared to address challenges that arise with infrastructure, services, and facilities for students and teachers alike.

Visionary institutes like the Avinya Academy already have programs designed for empowering the next generation student that extend beyond the required skill sets – these students are equipped with the knowledge to be proficient in life and career fundamentals the future calls for.

Riding on the waves of the latest trends in tutelage, academies must incorporate and leverage progressive technology to provide the fitting educational foundation for these self-paced learners so that they can become the global digital citizens of tomorrow. 

Device strategies for educational institutions

Cyber-physical learning curricula comprise course work requiring interactive, immersive learning experiences using varied e-learning tools and techniques. Possessing one’s own device is only the starting point here for the exciting escapade that awaits the learner. As such, academic institutions are better positioned to identify the exact student requirements and address the demand justifiably without calling for unwarranted problems. 

Most academic institutions today provide students with centrally administered mobile devices. A strategic plan for effective device management customized to the institute’s guidelines can help manage entire fleets of devices effortlessly.

Entgra’s comprehensive Mobile Device Management (MDM) solutions present purpose-built plans for educational institutions. With its centralized device and unified endpoint management capabilities, the solution enables multiple integration options with third-party platforms.

Reliable Identity and Access Management (IAM) features are imperative for an impregnable, secure Learning Management System (LMS). With our MDM suite’s controlled access permissions, Single Sign On (SSO) and authentication policies, IT administrators can securely onboard large numbers of devices and users swiftly. With a strong foothold on securing privacy and sensitive data, Engtra MDM enables remote locking/wipe-off when subject to security breaches. 

These are some of the features we support presently:

For comprehensive device strategy solutions customized to suit your academy, do reach out to us at https://entgra.io/contact-us/, and we shall be happy to help you gear up. 

Additional reading resources

Configuring Asgardeo as an External IDP With Entgra MDM Using OIDC

Photo by Dan Nelson on Unsplash

Entgra MDM is a unified platform for developing, managing, and integrating Unified Endpoints (UEM), Enterprise Internet of Things (IoT), and Enterprise Mobility Management (EMM).

Asgardeo is an IDaaS developed by WSO2. It is a developer-friendly platform for managing user identities and accessing management seamlessly. This blog will explain the configurations that you need to do on Asgardeo and Entgra MDM. 

What is an external IDP?

In a nutshell, an external identity provider is a service that manages and stores user identities. It provides authentication and authorization services to other applications and services. Although Entgra MDM has an in-built identity server that can leverage all identity and access management (IAM) related services, it also provides flexibility to developers as they can connect with external IDPs.

Configuring Asgardeo

First, create an Asgardeo account and the rest is easy. Use the following link to sign up.

Creating an organization

The concept of organization is something similar to the term tenant of WSO2 Identity Server. Create an organization by clicking on the dropdown menu on the top-left corner of the page.

This will prompt a simple form where we have to enter the name of the organization we are trying to create. (Note: this will allow only simple alphabetic characters and does not support other numerical, special characters or capital letters.)

For the purposes of this blog, I’ve created an organization named “devorganization”. Once the organization is set, create a new  OIDC application.

Creating a new OIDC application

Click “Develop” on the top menu of the Asgardeo console and it will take you to the following page.

Then click on the “New Application” button and choose “Standard-based application”.

Give a name to the application and make sure to choose OIDC as the protocol. Check “Management application” if the application needs to access any management APIs of the organization. Finally, click on “Register” to create the application.

Inside the application settings, go to protocols and update the grant types as follows:

Add https://localhost:9443/commonauth as the Authorized redirect URL. This is the URL to which the Asgardeo will redirect after completing authentication.

Creating new custom user-attributes

When using external IDPs, although the users will be stored inside the external IDP, they might have to be provisioned inside Entgra MDM using just-in-time provisioning (JIT). Map attributes such as username, role, etc. with the local attributes. To create a new attribute, click “Manage” on the top menu and then navigate to the attributes section.

Click on “Attributes” and then proceed to “New attributes” to add a new attribute. Create a couple of attributes for username and role, namely the “asgardeo-username” and “asgardeo-role”.

After creating the attributes, it will redirect you to the configuration page of the attribute. Under this configuration, check the two configurations below and click on the update button to save the configurations.

These two configuration will enable the display of these attributes in the user profile and make them mandatory.

Configuring the scopes

Configure the scopes to map the above attributes against “openid” scope, so that these attributes will pass during JIT provisioning. Under the “Manage” section, click on “Scopes”.

Click the edit icon of the “Open ID” scope and then click the “New Attribute” button inside it to add an attribute to this scope.

Check the “Asgardeo Username” and “Asgardeo Role” attributes and click on the “Save” button

Go to the created application and edit the user attributes as follows and click “Update” to save these changes:

Creating a new user account

You must then create a new user account to test the Asgardeo authentication flow. Under the “Manager” section, click on the “Users” section to view the user management page. Click on the “Add User” button to create a new user.

Create a new user by filling out the following fields along with a temporary password.

After creating the user account, go to the user’s profile and update the attributes that were created earlier and click on the “Update” button to save the changes.

Changing the subject claim of Asgardeo to username

By default, the User ID is set as the subject claim in Asgardeo. Entgra MDM will be looking for a username under the subject claim of the ID token. Therefore, we might have to update the subject claim of Asgardeo using their management APIs. Invoke the following APIs using the CURLs provided in the given order to change the subject claim.

Generate an access token using the client credentials of the application.

curl --location --request POST 'https://api.asgardeo.io/t/<organization_name>/oauth2/token' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'grant_type=client_credentials' \
--data-urlencode 'client_id=<client_id>' \
--data-urlencode 'client_secret=<client_secret>' \
--data-urlencode 'scope=internal_application_mgt_view internal_application_mgt_update'

Search for all the applications under the organization and find the application-ID of the application you have created.

curl --location --request GET 'https://api.asgardeo.io/t/<organization_name>/api/server/v1/applications' \
--header 'Authorization: Bearer <access_token>'

Retrieve the application details using the above application-ID.

curl --location --request GET 'https://api.asgardeo.io/t/<organization_name>/api/server/v1/applications/<application_id>' \
--header 'Authorization: Bearer <access_token>'

Patch the application by changing the sub-claim to asgardeo_username. Change the values of the claim mappings and requested claims, based on the response received in step 3.

curl --location --request PATCH https://api.asgardeo.io/t/<organization_name>/api/server/v1/applications/<application_id>' \
--header 'Authorization: Bearer <access_token>' \
--header 'Content-Type: application/json' \
--data-raw '{
   "claimConfiguration": {
       "dialect": "LOCAL",
       "claimMappings": [
           {
               "applicationClaim": "http://wso2.org/claims/asgardeo_username",
               "localClaim": {
                   "uri": "http://wso2.org/claims/asgardeo_username"
               }
           },
           {
               "applicationClaim": "http://wso2.org/claims/asgardeo_role",
               "localClaim": {
                   "uri": "http://wso2.org/claims/asgardeo_role"
               }
           }
       ],
       "requestedClaims": [
           {
               "claim": {
                   "uri": "http://wso2.org/claims/asgardeo_username"
               },
               "mandatory": true
           },
           {
               "claim": {
                   "uri": "http://wso2.org/claims/asgardeo_username"
               },
               "mandatory": true
           }
       ],
       "subject": {
           "claim": {
               "uri": "http://wso2.org/claims/asgardeo_username"
           },
           "includeUserDomain": false,
           "includeTenantDomain": false,
           "useMappedLocalSubject": false
       }
   }
}'

Configuring Entgra MDM

So far we have completed the Asgardeo configuration successfully. Now let’s move on to configuration of Entgra MDM.

Creating a new user role

To explore various features of Entgra’s web applications, a user might need certain permissions. You have to create a new role for that and assign a few permissions. Inside the carbon console, click on “Add” under the “Users and Roles” section and then click on “Add New Role”. Let’s create a role called “test-role” and then click “Next” to add permissions.

You can now see a permission tree with a list of permissions. Click on the “device-mgt” permission and it will choose the child permissions automatically.

Adding a new Identity Provider

Log into the carbon console of Entgra MDM via https://localhost:9443/carbon and click on “Add” under the Identity Provider sections on the left vertical menu. You will see the following page and can configure the basic configuration as shown below:

Configure the “Claim Configuration” as shown below. Here we are mapping the Asgardeo Role attribute with our internal role claim.

Configure the “Role Configuration” as shown below. We are trying to map the “Asgardeo Role” attribute value against an internal role named “Internal/devicemgt-user” that is already configured inside the product.

Configure the” Federated Authenticators” as shown below. Replace the client-id and client-secret with your Asgardeo application’s credentials.

The endpoints are as follows:

Authorization Endpoint URL: https://api.asgardeo.io/t/devorganization/oauth2/authorize
Token Endpoint URL: https://api.asgardeo.io/t/devorganization/oauth2/token
Callback URL: https://localhost:9443/commonauth
Userinfo Endpoint URL: https://api.asgardeo.io/t/devorganization/oauth2/userinfo
Logout Endpoint URL: https://api.asgardeo.io/t/devorganization/oidc/logout
Additional Query Parameters: scope=openid

Configure the Just-in-Time provisioning to “Silent provisioning”.

Configuring Service Provider

Entgra MDM comes with multiple web applications. Each of these web applications will have a service provider created inside the carbon console. To view the service providers, navigate to the Service Providers page. For this tutorial purpose, let’s try to configure Entgra’s Endpoint Management application with Asgardeo. Edit the Endpoint Management application’s service provider from the Service Providers page. If you cant see the service provider, try to log in to the endpoint management application at least once through the following URL:  https://localhost:9443/endpoint-mgt.

Under the service provider, change the Authentication type to “Federated Authentication” and chose “Asgardeo” as the identity provider.

Voila! Now, we have successfully configured an Entgra MDM application, to SSO with Asgardeo IDaaS. Now you can log in to the https://localhost:9443/endpoint-mgt application using Asgardeo.

I hope that you found this blog useful. If you have any questions, do reach out to us here.

How a Mobile Device Management (MDM) Solution Works in the Healthcare Industry

Image credits: RODNAE Productions from Pexels

More Devices Mean More Challenges

The healthcare industry is one of the best examples where a multitude of devices are used daily by a large number of people, ranging from healthcare professionals to patients and visitors. Over the years the sheer number of devices used in the healthcare industry has grown and the Internet of Things (IoT) healthcare market is estimated to grow to USD 260.75 billion by 2027.

Increasingly, mobile computing devices such as phones, tablets, and portable computers  are used to streamline certain administrative operations such as channelling/ appointment scheduling, report storage, set up self-service kiosks, and displaying information on doctors’ availability.

Devices used in this industry broadly fall within two categories – devices that are solely used for medical purposes and hospital operations, and devices used for patient entertainment purposes during their hospital stay (i.e. tablets with a range of apps that patients can use). 

These devices, particularly those used for medical purposes and hospital operations, collect, store, and transmit sensitive personal data about individual health conditions and past medical records. Any data leak, whether accidental or in some cases deliberate, is costly both in monetary terms and reputational damage to the hospital or medical clinic. Moreover, the fact that many hospitals and medical clinics have BYOD policies adds a further level of complexity.

All these developments present a number of challenges to IT teams in this industry. For one, data security is of paramount importance. Secondly, these teams are responsible for device maintenance and oftentimes, this is a manual and time consuming task involving devices placed in many locations where a team member is required to be physically present. Thirdly, devices require frequent security and application updates, and monitoring. Finally, devices have to be replaced when they no longer function properly.

MDM Solutions Have the Capabilities To Empower IT Teams

This is where a Mobile Device Management (MDM) solution helps. Recently a large hospital chain that we worked with decided to use a MDM solution to securely manage all of the devices used across multiple hospital locations throughout the country. This hospital chain required the following:

  • Centrally managed system – for tablets, phones, and public signage units used for channeling, bookings, and other operational functions.
  • Automated updates –  presently, security, OS, and app updates are performed manually.
  • Enhanced security – anyone who has access to a device gains access to all the system level settings. Since a majority of these devices are located within public areas, it was impractical to limit physical access.
  • Onboarding and authorization for devices – management software was not used for device onboarding and devices are connected to the hospital network for internal access.
  • Prevention of malpractices – eliminate instances where sensitive data is compromised on purpose by any employees and the separation of access for work-related use from personal use where employees use their personal devices.

After working with several vendors in the past, the hospital chain has identified their pain points and the ways through which data leaks can occur. Through Entgra MDM, we have been able to provide the following capabilities to address the hospital chain’s concerns:

  • Centralized device management

One of the greatest benefits of centralized device management is that IT teams can manage an unlimited number of devices that use varying operating systems (i.e. Android, iOS, Windows, Linux, etc.) using one technology platform.

  • Data security, access controls, and onboarding

A single technology platform also helps with device and data security. IT teams can use the MDM solution to enable authentication (MultiFactor Authentication or Single Sign On). This way, only authorized employees can gain access to devices for work related purposes only. This is particularly helpful when BYOD policies are in place.

  • Device lock-in

Device misuse and loss are common concerns in the healthcare industry. In the event that a device is lost or stolen, or of an attempted unauthorized access, IT teams can remotely lock the devices to prevent any data leaks.

  • Remote maintenance and monitoring

Device maintenance and monitoring are time consuming tasks, requiring many resources from the IT team. Using a MDM solution eliminates this need, as the IT team can now perform these tasks remotely, from any location and need not be physically present at the device locations.

  • Security, OS, and app updates

A MDM solution enables frequent security and app updates are installed in devices in real time.

Image credits: Anna Shvets from Pexels

Benefits for the Long Term

Once the MDM solution is in place, this hospital chain can look forward to several benefits:

  • Fewer resources to maintain devices – as they are now protected. At minimum, only one person is needed per hospital to manage these devices.
  • Improved security – results in minimizing scenarios of data leaks, especially those associated with deliberate intent.
  • Efficient and effective device monitoring – saving time in the process too. It no longer matters if hundreds of devices are in use at any one time.
  • Reduction in costs associated with device maintenance – as large teams are no longer required and resources can be better allocated in the long run.

We are well-placed to help anyone in the healthcare industry who is looking to adopt a MDM solution. Get in touch with us here to learn more.

Post-Pandemic Business Revival: Where Are We Headed?

Photo by Alec Favale on Unsplash

The effects of the COVID-19 pandemic continue to loom over us. With hopes of opening countries and returning to normalcy, we take one step forward, only to fall back two, with tightened masks. It surely will be a while before life as we once knew it can be restored.

Thrust with incertitude at all levels from economic subsistence, vocational hardship, healthcare exigencies, and the unpredictability of life in general, our core existential strategy for the last two years has primarily been inclined towards that of basic survival centered around us as individuals, our close-knit families and communities, and the associated temporal assets. The pandemic epiphany has brought about drastic changes in our lifestyles, calling us to revise our priorities with a new reality check in life. 

For business enterprises, this is bad news and has been so for the past two years. 

The Trending Story In Numbers

As with every historical industrial revolution, the effects of the pandemic will shape the economic trends for the future. Unsurprisingly, there will be an evident increase in remote working. A recent Gartner poll found that 48% of employees will likely work remotely at least part of the time after COVID-19 compared to 30% before the pandemic. Similarly, the McKinsey Global Institute estimates that more than 20% of the global workforce could work the majority of its time away from the office – and equally importantly, be just as effective. A consequent HR trend analysis by them indicates that 32% of organizations are replacing full time employees with contingent workers as a cost-saving measure. Prepped up for this, in a recent Gartner poll, 90% of HR leaders said employees would be allowed to work remotely even once COVID-19 vaccines are widely available.

As indicated by these statistics, we have embraced what worked well from the pandemic and are progressing forward retaining the lessons learned. There’s no going back now. Digitally enabled productivity gains have accelerated the Fourth Industrial Revolution powered by technology and defined by operational models that survived above the pandemic predicaments. 

Remote Working or the ability to Work From Anywhere (WFA) is clearly here to stay. So is the hybrid work model as has been discovered in a recent HR trend analysis by Gartner.

Accordingly, the most favorable operational model driving business transformations in the predictable future is that of the Hybrid Work model where employees interact with each other with a mix of distributed, co-located premises synchronously, and/or asynchronously.

Your employees are now empowered with the choice of how best productivity is accomplished – your job is to ensure they are sufficiently equipped to do so. 

Are We Ready? Fitting Device Strategy for Your Ecosystem

Managing a digital ecosystem of disparate devices on different platforms can be quite a challenge. Even more so are the conundrums involved with the smooth operation of digital systems whilst being caught unawares by the virus. It is therefore imperative that we make the most of what we have for continued existence of operations under the prevailing constraints.

In one of our recent undertakings, we set out to empower public field officers by helping them digitize their routine tasks. Whilst managing to effectively map the skill sets to devices and the appropriate technology during the project, we also analyzed and outlined how the government administrators in Sri Lanka can benefit from a centralized strategy to monitor and manage the devices deployed in the field. 

Ideally, a complete device strategy is woven around the business requirements of the enterprise, its device engagement criteria, product building, operational efficiency, scaling potential, and the extent of available technical support. Value creation from a long-term perspective and sustainability of device deployment with integration are vital aspects to be considered for a productive device strategy. 

With our varied Mobile Device Management (MDM) solutions and Internet of Things (IoT) technologies, Entgra can help you formulate the most fitting strategy for your enterprise. Our recommendations precede a comprehensive analysis of your device specifications, their functionality and configurations, defined ownership and administrative policies, pre-work device check, monitoring and their distribution,  complete with a pilot run on device deployment in the field.  As part of our assistance in managing your ecosystem, we will also help you with App development, identity and access management (IAM) and storage options. 

Resilience and Agility: The Way Forward

Resilience, in enterprise terms, is a measure of your ability to swiftly adapt to disruptions while maintaining continuous business operations and safeguarding your employees, assets, and overall brand equity. Resilient organizations are better able to respond and correct their course quickly with changes. 

Faced with the adversities introduced by the pandemic, enterprises that are actively taking measures to optimally tackle the changes are positioned with a competitive edge to be able to progressively move forward retaining most of their strength in vying to make the most of the situation. 

Building a more responsive organization in terms of infrastructure and operational flow to increase agility and flexibility with room for flexing is therefore of utmost importance. This in turn translates into facilitating seamless workflows and remote working environments against a backdrop of changing and evolving technology usage, both by organizations and individuals. 

Entgra offers you a single platform for device integration with comprehensive endpoint management capabilities where you are able to expose devices as APIs securely with identity federation for managing human and device identities. Enabling custom integrations with broad built-in capabilities, and for developing end-to-end applications, our secure, customizable platform can manage all types of devices and applications. Complete with device and endpoint data analytics for systematic decision making, our IoT platform together with our Enterprise Mobility Management (EMM) solutions will enable you to remain resilient, relevant, and flexible to respond to present and future changes.

Get in touch with us to learn more about how we can help you.

References

Geofencing Capabilities of Entgra MDM

Photo by abillion on Unsplash

We’re pleased to announce that Entgra MDM has yet another new feature – geofencing capabilities. Enterprise Mobility Management (EMM) admins can define required virtual perimeters for controlling access over specified boundaries and perform some operations to those which are inside of those boundaries. Geofencing is a very useful feature in governing access for user groups. It can be conveniently set up by drawing boundaries over areas on the map.

Let’s discuss how the geofencing capabilities work through an example. Imagine that the Ministry of Education wants to provide tablets or mobile devices for school children in rural areas for online learning during the pandemic. And they wish to provide all the learning materials to the devices and manage those device capabilities. Additionally, they want to ensure that these devices do not leave school premises. The Ministry can use geofencing capabilities to monitor the devices’ locations, manage capabilities, and perform certain actions.

The Functionality of Geofencing Capabilities

Before you create a geofence, you need to set up the Alerting Configurations under the Platform Configurations. You can provide an email address where you can receive alerts. According to your use case, you can define whether users cross or access boundaries.

After defining the configurations you will be able to create geofences in Entgra MDM. The following data should be provided to create a new geofence.

  • Geofence name: Provide a name for identifying the geofence
  • Description: Add more details about the geofence
  • Device group(s): Assign a group (or groups) that consists of the devices that need to belong to the geofence
  • Event configurations: Add the given alert configuration to the relevant field

Afterwards, you need to mark the boundary line on the map. By using a shape such as a polygon or a circle, mark the area that you want to define as the geofence and then click on the Create button. The geofence table lists all the geofences that you create.

Returning to our example, after creating a geofence by including the school boundaries, if one of the students tries to leave the school with a device, the head of the school receives an alert and he/she can track the device location. The head of the school can also view how many devices in the relevant geofence are active at any given time. In addition, it can check the location of the provided devices and the device count, preventing devices from being misplaced.

Not only that, the group (or groups) that created the geofence can apply the required educational materials at the same time, adding various restrictions to the devices and managing them.

Entgra MDM has extensive enterprise wide MDM features that you can customize for your business needs. Learn more about the product and how we can help here.

You can also get in touch with us via contact@entgra.io

Entgra MDM Now Includes LiveFeed, Enabling Admins to Remotely Track Device Details With Ease

We’re pleased to introduce LiveFeed, our latest addition to Entgra MDM. Enterprise Mobility Management (EMM) admins can now use LiveFeed to troubleshoot issues on devices in real-time and monitor the device performance in a live session.

Photo by Marek Levák on Unsplash

LiveFeed has numerous uses in businesses. For example, imagine that you’re a sales manager and you want to promote an enterprise application or any other application to the sales representatives who are working in different locations. You then install the application, inform your sales representatives, push that particular app to the devices, and check that it’s functioning properly. Some of your colleagues could inform you that they have been unable to install the particular application or you observe an installation failure on some devices by checking the operation log of the server. Imagine trying to install this application repeatedly and it fails.

To provide other examples, sometimes you receive complaints about devices that function at a slow speed with users experiencing performance issues and even random freezing. At times, devices do not synchronize with the server even when they are switched on. In such scenarios, sales managers will not be able to apply any device operation, policy or app installation to any device. Devices that fail to charge properly and the need for devices that charge faster is another issue.

At this point, if you can view the current details of relevant devices, you can easily discover the reasons behind the above failures. In such a scenario, LiveFeed will be of great help to you.

LiveFeed Functionalities

LiveFeed is available under the Remote Session. After connecting to the device, select the tab called “LiveFeed”. It will show the device details fetched from the device. The extracted device details will include:

  • Battery details – The health of the battery, temperature, and charging percentage.
  • Device memory – Internal memory usage and external memory usage of the device are shown separately.
  • RAM usage – RAM usage of the device.
  • WiFi connectivity – WiFi connectivity strength of the device plus daily and hourly WiFi data consumption.
  • Mobile connectivity – Mobile connectivity strength of the device plus daily and hourly mobile data consumption.

All of the above mentioned details are derived from the live data of the device. As such, when a user makes a query about the above scenario we can initialize a remote session of that particular device and open the LiveFeed feature. Following that, we can examine the details derived from the device and perform troubleshooting.

Let’s return to the application installation failure example that we discussed earlier. In this particular example, the reason behind the installation failure is due to the poor WiFi or mobile signal strength of the connected device. Moreover, if the device has limited internal or/and external memory space, this could be another contributing factor. Another factor could even include an error with the device.

When we look at the other examples, the reason behind slow functioning devices is less RAM. A synchronization failure can happen when relevant devices are located in areas with poor mobile or WiFi signal strength. Devices with poor battery health experience charging issues.

There are several underlying causes behind application installation failures. By using LiveFeed, you can remotely identify these factors with ease without having to examine the device physically, thereby saving time and providing customer satisfaction in the process. LiveFeed also enables you to learn about the causes behind above mentioned synchronizing and device charging issues.

You can watch this video to learn more about LiveFeed.

Entgra MDM has extensive enterprise wide MDM features that you can customize for your business needs. Learn more about the product and how we can help here.

You can also get in touch with us via contact@entgra.io

Unified Endpoint Management of APIs for Enterprise Devices

Complete enterprise device management solutions

Photo by Blake Connally on Unsplash

Enterprise Devices — Leading the Way

In a world driven by smart technology¹ that seeks to reap the maximum benefits from recent advancements as soon as possible, one can do little to not be left behind. This is twice as much important if you’re a thriving global enterprise or aspiring to be one. Keeping abreast requires all of your ingenuity.

Enterprises today are increasingly adopting various types of disparate devices into their everyday business operations. Some of these are standard legacy mobile devices like tablets, smartphones, and laptops. Then there are Internet of Things (IoT) devices such as sensors, PLCs², communication gateways, edge computing devices, CCTV cameras, etc. that are also heavily used to monitor and control all aspects of business and supply chains.

Technical challenges arise after these devices are employed. Enterprises need to change business processes to communicate with them seamlessly while adhering to enterprise application development paradigms. This is when a unified set of API endpoints (UEMs) that represent the complete enterprise device deployment becomes a game changer.

Recent Trends in Enterprise Device Adoption

Let’s start with a broader perspective on device dependency. Statistics reveal that the number of mobile phone users far outnumber those with access to electricity, or even running water.

Source: https://newsroom.cisco.com/press-release-content?articleId=1741352

This means that a startling 69% of the world’s population has access to mobile phones.

Other recent surveys on enterprise device adoption reveal a steady increase in the use of active connections worldwide, with IoT device usage increasing faster compared to traditional device usage.

Source: https://www.comparitech.com/internet-providers/iot-statistics/

Enterprise Devices That Give Us a Sixth Sense

Enterprises are adopting connected devices for a real-time understanding of ground level conditions, adding an element of sixth sense in business processes across supply, production, and consumption chains. Various types of devices, sensors, PLCs, communication gateways, edge computing devices, etc. are employed to ensure process efficiency. Moreover, this boom in device usage has been accompanied by a significant reduction in the cost of deploying devices in recent times.

In keeping with the latest trends, data communication and infrastructure have also drastically improved with plenty of software platforms enabling connections between different devices for application development or business process enhancements.

Explosion in Device Adoption

All these developments have led to an explosion of disparate device end points coming into the picture, bringing about a new set of challenges for enterprises. As a result, we now have a number of device endpoints within an enterprise that require monitoring, managing, and specified permissions for access within the framework, calling for effective device onboarding and managing strategies.

Challenges in Enterprise Device Management

However, this also means that enterprises are now dependent on these device endpoints to execute some form of business functionality, or to receive feedback on business processes.

This brings us to the fundamental problem of tackling the challenges posed by enterprise device management. Typically, one of the following illustrated deployment architecture patterns handle device deployment:

Some important points considered by these deployments include:

  • Heterogeneous deployment architectures
  • Expansion of corporate (traditional) network boundaries
  • Network connectivity
  • Device functional accuracy determination
  • Rogue device detection
  • Identity and access management (device identity/ human operator identity)
  • Establishment of authorized access for device data/control
  • Firmware distribution and different device OS platforms
  • Asset tracking at manufacturing, QC, distribution, and installation phases
  • Heterogenous development architecture
  • Typical “difficult” devices placements such as remote locations, manholes, tunnels, etc.
  • Complicated wiring architecture
  • Communication modules

Integration Challenges in the Lifecycle of an Enterprise Device

Identifying and addressing integration problems during the various phases of a device’s lifecycle requires considerable effort as indicated by the diagram below:

Consequently, each stage in the lifestyle has its own set of integration requirements as outlined below:

Device Manufacturing Phase

  • Serial ID/ MAC address registration
  • Provisioning token/ certificate generation
  • Firmware burning to ROM

Quality Control / Checks

  • Temporary activation of provisioning token
  • Test operations/ controls
  • Wipe-offs/ factory reset

Ready for Sale / Warehouse

Sold to Customer

Delivered to Installation Site

Installation and Verification

  • Issuing temporary tickets for testing
  • Customer/ site assignment
  • Device activation (token/ digital twin)
  • Warranty activation

In-Production 

  • Device communication with IoT platform
  • IoT platform communication with device
  • Application <-> device interfaces
  • Token authorizations
  • Firmware management

Faulty / Maintenance/ Rogue

  • Device event processing and modeling
  • Deactivation requests
  • Service records/ maintenance mode switch

Device Discarded

Entgra’s Device Integration Platform

The Entgra IoT platform acts as a single platform where you can connect devices from different vendors, enabling you to build applications on top of these devices in a unified way. Given below is a high level view of our IoT platform architecture:

Our device integration platform has the added advantage of sharing the same common architecture, and therefore the same code base, as that of WSO2 technology.

Device integration with Entgra

On top of this IoT platform, we have also have built a Mobile Device Management (MDM) solution that specifically targets managing traditional mobile devices such as kiosks and laptops, available as an off-the-shelf product.

Entgra Mobile Device Manager

The Entgra IoT Platform, therefore, offers a standardized set of APIs for simpler enterprise device onboarding, working equally well for standard mobile devices traditionally managed through MDMs as well as for IoT devices.

Your Enterprise Device Journey

This blog provides an overview of how you can manage different types of devices as standard API endpoints within your enterprise architecture to seamlessly onboard different types of devices into your business. Get in touch with us via contact@entgra.io to learn more about our IoT and MDM technologies.

References