A mobile device management (MDM) system is to enterprise tablets and smartphones what a management console is to servers and desktop/laptop clients. With an MDM, you control, manage and protect the data and configuration settings on end users’ mobile devices, preventing the installation of unauthorized apps, protecting data, and if necessary, wiping a lost device.
We all know the benefits and plusses of BYOD: happy, more productive employees who get more work done, and the company gets to save money on having to buy more equipment inventory. But there are downsides, as well: data protection and management are issues. This is where MDM becomes a necessity.
“MDM can go a long way to balancing BYOD issues,” said Bryan Taylor, research director for enterprise mobility at Gartner. “No approach today in the mainstream market is going to cover all those bases. They tend to be good enough for the vast majority — what these tools offer will be good enough.”
The fact is an increasing number of mobile devices (read: tablets and smartphones) are now carrying as much sensitive data and information as a laptop, so you need to secure them just like you would a PC. Today, MDM products try to protect data by closing holes in the apps and locking down the device, which are proxies for the real problem, said Taylor. “The tools that we have in MDM today are just adequate. This is just a stopping point. This isn’t the way we will do things three to five years from now. Ultimately, the whole paradigm will shift toward more data protection,” he said.
Mobile Device Management and Security
An MDM solution protects sensitive corporate data by enforcing corporate security policies. End users who want to access corporate data using their own mobile devices need to understand that while it is their device, it is company data and the company has a clear and apparent interest in protecting that data.
Unfortunately, a lot of companies are not having this conversation, said Jack Gold, president of J. Gold Associates, a mobile communications consultancy. “It’s not just about the products you deploy but how you implement them. Equally important is telling those users up front about those policies, which most companies don’t do. Very few communicate what employees should expect, which is important to get that buy-in up front,” he said.
There’s free MDM software out there, like Cisco’s Meraki, Miradore Online, SpiceWorks and Microsoft’s Office 365, which has basic MDM built in. But enterprises usually want more features than these basic apps, which are built around secure mail delivery and remote wipe. Good enterprise-class MDM software should at the least offer:
* Enforcement of passwords: Even a four-digit passcode is enough to stop most people from getting at the contents of a lost iPhone.
* Data loss prevention: The MDM should protect certain types of corporate data from being sent off the device by things like a USB port or email.
* Malware detection: Mobile malware has exploded, particularly on the more open Android operating system.
* Remote device lock/wipe: Mandatory. The ability to wipe a lost phone or tablet can be found even in free MDM software.
* Data encryption: Data should be encrypted not just on the device but when it is being transmitted back and forth via VPN, since these devices might be used on a public network.
* Jailbreak/root detection: It may be their device, but jailbreaking or rooting a mobile device bypasses many OS-level security restrictions and may also allow the user to bypass the MDM security policies as well.
Most MDM products have these features. So how do they differ? Well there are ways firms try to distinguish their products:
*Cloud support: Some MDM platforms are only on-premises, on dedicated servers or on an appliance. Some are moving to the cloud, like Tibco and IBM MaaS360.
* Integration with existing security management platforms. Some MDM products are stand-alone and separate while others offer integration with management platforms from Microsoft, IBM, HP, or CA.
* Enterprise content management. How do they handle enterprise content? Some use third party products like Dropbox while others use the internal content management solution.
* Mobile operating system support. iOS is the overwhelming corporate favorite, and Apple’s alliance with IBM should further its lead, but you still want to see if there is support for Android, Blackberry, and Windows Phone.
The Next Phase in MDM
MDM has evolved from basic device management into what many are now calling EMM, or Enterprise Mobile Management. MDM is a subset of EMM, or to put it another way, EMM is a superset of MDM and it’s as mandatory as MDM.
“MDM was good enough in the days when we just used mobile phones as communication tools,” said Taylor. “These days we use them more the powerful, personal computers they are. So one of your criteria should be if you plan to use these devices to mobilize business processes and not just features, you’ll need to look at a bigger feature set than MDM gives you.”
EMM features and functionality include:
Mobile Application Management (MAM): Probably the biggest difference between MDM and EMM. MDM does not manage apps, or not very well. MAM offers considerably more app management than a standard MDM.
A comprehensive, end-to-end MAM solution covers functions like controlling what is or is not installed on a device, version control and updating, app monitoring, user authentication, app wrapping (putting security features around the app it does not have), event management and use analytics.
Mobile Content Management (MCM): This is a way to push documents out to users from a central location and move files between users. Dropbox is the most common example but there are some MCMs that are more complex than Dropbox, such as Citrix Sharefile, which mixes and matches cloud and on-premises storage.
Electronic Funds Source (EFS): EFS is a method for making real-time electronic payments via a mobile device. This is no PayPal or credit card reader plugged into the ear phone jack. For companies with truck fleets, there is fuel payment and tracking along with expense and payroll management, since the truckers are on the road. For corporate customers, there is expense tracking, accounts payable and management of corporate MasterCards.
Buy Small: MDM Frugality
One of the biggest mistakes customers make, say both Gold and Taylor, is buying too much and then having a lot of unused resources that they are paying for. “You have to decide what it is you need to manage,” said Gold. “Most companies are primarily concerned with asset management, the device itself and apps. Those are the big ones, if you got nothing in place. These days you can get that for next to nothing or nothing.”
Companies should decide what it is important and what is not. Some are throwing in whole suites, with features like an appdev system and an app store, when they don’t need it, and wind up paying $50 or 100 a seat when you might only need to pay $5 per seat. “It still makes a lot of sense to buy it off in chunks,” said Taylor. “Buy email [support] and MDM first, then content management, then MAM. You’ll pay more but you won’t have it sit there unused.”
That’s easier said than done, since MDM software is not quite as mature as PC management software. There has been a fair amount of merger and acquisition activity in the MDM space in recent years. VMware grabbed Airwatch, IBM purchased Fiberlink, SAP bought Sybase not for its RDBMS but its sizable mobile data management software, including MDM software, and Google is embracing Samsung’s Knox management software.
And there will be more, predicts Taylor. So don’t make too big of an investment in MDM software. “[Enterprises] should be tactical. They should not get into something longer than a two or three year contract. They should eat it a bite at a time. Just do email deployment now. Then add apps support. But understand two years from now you will change the way you do things,” he said.
Major MDM vendors
There are many MDM and EMM vendors out there, a few of which are linked below. Note this is far from a complete list of MDM/EMM vendors, only the ones most highly-rated by Gartner on its Magic Quadrant chart for MDM. They are:
Now a VMware company, AirWatch offers both MDM and EMM solutions, including mobile device management, mobile application management and mobile email management solutions.
Citrix claims it has the largest ecosystem of mobile business apps along with an SDK for building them, along with secure email, document browsing and sharing, flexible storage, cloud or on-premises deployment and multifactor single sign-on.
IBM purchased Fiberlink recently, and has enhanced MaaS360 to make it cloud-based, with full MDM, mobile app management, document management and a secure productivity suite.
A company built entirely around MDM and EMM, Good Technology provides the gamut of mobile management, from basic MDM to containerization that protects and isolates corporate data to secure connection and access, app blacklisting and whitelisting and even connectivity to Salesforce.com.
MobileIron offers on premise and cloud-based MDM solutions. The company launched its first product in September 2009, but it has already become one of the market leaders by combining mobile device management capabilities with security, data visibility, apps management, and access control.
One of the many mobile products that made Sybase an acquisition target, and not for its database, Afaria is focused around a high performance mobile platform, appdev kit and suite of secure, enterprise apps, all tied to the Sybase database.
Photo courtesy of Shutterstock.