Stadtwerke Unna GmbH supplies energy to 35,000 customers in Unna, a town to the east of Dortmund with a population of 60,000. The company provides electricity, gas, heat, and offers contracting and consulting services.
The energy services business is a complex one, both technologically and financially: suppliers must find the right energy generation mix, price their services appropriately, and ensure that their grid, generation and distribution operations are kept separate as required by law. Energy services providers also have a large amount of technology to maintain, including local distribution boxes and meters for each user, so smartphones and tablets are very useful for storing, managing and sharing information such as meter readings and contract details. Mobile devices allow data to be input securely and from any location.
Stadtwerke Unna manages a large number of smartphones, tablets and other mobile devices with MobileIron. At any given time, the company needs to know:
- Which mobile devices are in operation?
- By which employees are they being used?
- Which devices are connected to the corporate network via ActiveSync?
Stadtwerke Unna also leverages MobileIron to handle authorizations, ensure that apps are securely distributed and managed on each device, and make the devices cost effective for the IT department to operate.
Multi-OS enterprise mobility management system is essential
Over the years, Stadtwerke Unna had become a veritable jungle of mobile devices, which it needed to consolidate using a central enterprise mobility management (EMM) system. The company wanted to remove legacy devices, such as BlackBerrys and Nokia Symbian from the system and replace these as quickly as possible with new Apple devices running iOS 7. It also needed to be prepared for the future, so it was very important to have the option of adding Android devices.
“Mobile IT innovation cycles are so short that you can never say never.” explains Thomas Hönig-Heinemann, the head of the company's ICT network department. “Your infrastructure must always be ready for new technology.” So it made sense to find an EMM system that could manage the various mobile operating systems through a single interface while meeting enterprise requirements.
Mark Gossmann, IT Specialist at Stadwerke Unna GmbH, says the company needed a bigger and more scalable EMM solution that offered the following:
- Central device management, including over-the-air updates and rights management
- An overview of devices, users, serial numbers, security policies, apps etc.
- Secure, encrypted access to internal resources, such as the intranet, documents and other data
- Compliance with the company's strict security requirements
MobileIron took advantage of the iOS EMM features and incorporated them into their platform. Gossmann, says: “The Apple Configurator makes it easier to roll out and manage Apple devices in smaller businesses that don't need particularly high performance. Also, Microsoft Exchange ActiveSync doesn't offer sufficient functionality, and it only works with a small number of devices.”
After reviewing the market and carrying out tests, Stadtwerke Unna chose the MobileIron EMM system, one of the world's leading multi-OS solutions. The company implemented MobileIron with the help of network specialist and system integrator K&K Networks.
Better protection for corporate documents
The new business APIs offered by Apple iOS 7 were designed to make life easier not only for customers, but also for EMM developers like MobileIron and its implementation partners. Markus Pradella, the EMM specialist at K&K networks, which implemented and now manages MobileIron for Stadtwerke Unna, described the interaction between iOS 7 business APIs and EMM systems like MobileIron, "iOS 7 features like Open In Management add new parameters to the Apple MDM protocol. Using these, the EMM developer can help ensure that documents can be opened only with specific iPhone apps authorized by the IT department.
MobileIron Docs@Work leverages iOS 7 features including Open In Management to ensure corporate email attachments are secure.
“Data and documents are accessed from a secure app container which block communications with unauthorized apps on the devices” says Hönig-Heinemann. “This prevents data being copied or forwarded when it shouldn't be. We've basically installed our own secure Dropbox.”
“Docs@Work uses guidelines, users, roles, groups and authorizations that are already set in MobileIron's platform,” adds Gossmann. “This allowed us to define centrally which employees should be able to open and save documents in the specified apps on their devices.”
Pradella explains, “If an employee or device violates our guidelines, we can delete corporate documents and block the Open In and Clipboard (Cut/Copy/Paste) functions for corporate content on that device.”
MobileIron’s secure mobile browser, Web@Work, is also housed in a secure app container to allow exclusive, browser-based tunneling. Unlike a normal VPN, the tunnel is exclusive to the Web@Work app, which allows the IT department to limit users' access to internal web-based resources based on authorization groups or other user or device characteristics. Since authorized users have web-based access to online planning information for individual areas of the town, a high-performance mobile browser like Web@Work is doubly important.
Apart from Docs@Work and Web@Work, the company uses three modules:
- AppConnect, which packs business apps in a protected container
- AppTunnel, which transmits secure, encrypted business data between the corporate network and a container-protected business app
- The Sentry appliance, providing intelligent tunnel functions for services such as email and PIM data
All modules are controlled by MobileIron’s Advanced Management platform, which also acts as a domain controller interface and certification point for automatic application of certificates. For example, this simplifies Exchange server registration using the Simple Certificate Enrolment Protocol. Certificates are downloaded, rolled out to mobile devices as part of the automatic workflow, and linked to configurations and corporate security guidelines.