By Brian Albright, Field Technologies magazine
MDM solutions have evolved into comprehensive mobile application and security management tools.
With the expansion of the number of mobile devices deployed across verticals and the number of platforms being used by a wider variety of employees, MDM (mobile device management) solutions have increased in importance even as they continue to evolve. In fact, device management is now just one part of what most MDM solutions actually do. These solutions are increasingly being used to manage applications, provide remote support, and enhance IT security.
“MDM vendors now need to offer tools that allow help desks to remotely support, troubleshoot, and even train users,” says Carl Rodrigues, president and CEO of SOTI. “With more and more enterprise apps finding their way to mobile devices, an increasing amount of enterprise data is also finding its way to mobile devices. Enterprises are therefore becoming concerned about the threat of viruses and malware getting onto devices and getting access to data and the corporate networks that these apps are connecting to.”
The complexity of deployments has spurred the expansion of MDM as users demand more functionality. Specific verticals have unique challenges, such as restricting Internet access. For example, schools and colleges now issue tablet devices to students, and they want to make sure that students do not use the devices to access harmful websites. Other verticals such as logistics want to track device location. In certain markets, legislation and legal concerns dictate the level of business functionally that should be available when devices are being used in vehicles traveling beyond a certain speed.
“Now, MDM has evolved to full application management, containerization, secure browsers, and content distribution,” says Alan Dabbiere, chairman of AirWatch. “The level of innovation is further expanded due to a release of a new mobile operating system every 15 days, where consumer-grade functionality is not ready for the enterprise.”
That demand for greater functionality will only increase as businesses find ways to leverage the various mobile apps that have been introduced on employees’ smartphones. “With more users bringing in their own productivity apps and the recognition by enterprises that mobility can drive greater business value, there is significant demand from businesses to have these initial MDM solutions evolve into enterprise mobility management solutions,” says Suzanne Dickson, VP of product marketing, Good Technology. “In addition to basic device management, the expanded solutions will allow users to segregate enterprise apps and data from personal apps and data, allow users to secure and manage these enterprise apps and data, distribute enterprise apps and data, enable necessary enterprise IT management and control capabilities, and provide rich reporting and analytics.”
MDM Expands Into Security, App Management
With the introduction of employee-owned mobile devices in the enterprise environment, IT departments have had to alter their approach to device management and security. Formerly, companies focused on locking down computers and phones and treating them like any other company-owned tool. With personal devices and consumer-grade smartphones in the mix, organizations have to take a more nuanced approach.
“There is still some level of control over the device, but it is severely limited as some companies allow workers to use their own personal communication devices to perform work functions,” says Kelly Ungs, senior director of channel sales at Wavelink. “It moves the cost away from the company, but also introduces a number of new issues regarding personal privacy, company security and control over the devices for personal use, and work rules.”
Customers are looking for application management functionality, app distribution, secure browsers, and software development kits (SDKs) to create custom applications. In addition to comprehensive mobility management and security, end users are also looking for solutions that are flexible enough to grow with their needs (both in terms of the total number of devices supported and the number of platforms involved). Remote support and help-desk functions for remote workers are important elements, too.
“The explosion of mobile is generating unique demands on MDM — geofencing, content management, antivirus, and remote control of mobile devices,” Rodrigues says. “Again, the focus is moving from restricting user access to a small set of capabilities to giving users more flexibility, allowing them to be more productive. To do this, the MDM solution needs to be more deeply integrated into the device and must provide broader security and management controls.”
What’s Your Biggest Security Threat?
According to the vendors interviewed for this story, mobile device users are looking for secure solutions that will encrypt their devices and the transmission of sensitive data, prevent unauthorized use, and provide pointof- entry validation that can be configured to enforce pass code and encryption policies. The emphasis here is on making the MDM solution work to enforce well-thoughtout technology policies.
“The most critical security issues aren’t hardware- or software-related; they are human-related,” Rodrigues says. “You can secure the device and have a secure MDM platform for device management, but if your acceptable use policy isn’t carefully constructed, there will always be risk. MDM is an effective policy enforcer. The onus is on the enterprise to create policies that limit risk.”
Another emerging security issue is enabling the secure exchange of information between mobile applications on unmanaged devices. “By design, a good mobile app must be designed to address a specific function,” Dickson says. “Organizations cannot simply port the ‘everything-andthe- kitchen-sink’ desktop app to the mobile platform and expect it to be adopted. As a result, information sharing and using common capabilities — i.e. collaboration — between apps is key. For apps that touch any kind of confidential business data, this exchange must happen in a secure fashion. The new breed of enterprise mobile management solutions must be able to handle this.”
Businesses are increasingly looking for solutions that provide containerization capabilities for the segregation of enterprise applications and data from personal applications and data. In addition, containerization allows enterprises to secure data at the application level. With application-level security, even if the device password is not used, the application data still remains encrypted. The need for containerization is especially important in regions with strong employee data privacy laws, where current MDM solutions that have complete control over the device (and therefore violate employee privacy) are not practical.
The Evolution Of BYOD Management
How enterprises handle employee-owned devices is also evolving. Where BYOD (bring your own device) policies typically focused on restricting what employees could do, now (with the advent of containerization), companies have found that the real value of these solutions is enabling employees to work from any device, anywhere. “The majority of our customers provide multiple ownership models: corporate-owned, corporate-shared, and employee-owned,” Dabbiere says. “Providers need to allow clients to separate enterprise and consumer data on multiple devices/operating systems.”
They can extend the work to reach the employee rather than just enabling the ability to work on a specific device. By locking down what employees can and can’t do with data, they may be limiting the capabilities available to the employee and inhibiting productivity.
“The most important aspect of BYOD has been the realization that, regardless of the actual ownership of the device from an asset perspective, it is no longer possible to approach the management of the device from the perspective that the organization can do whatever it wants to it,” says Ungs. “In fact, organizations must now comprehend the fact that there is data specifically not owned by the organization, and therefore the organization must keep hands off.”
Since companies may not be able to manage all employee-owned devices, a better approach may be to look for more granular control of the applications and data, rather than just devices. This approach assumes all devices are “unmanaged” and may be more prudent in terms of eliminating design weaknesses.
“Over the next year, enterprises will be less concerned with securing and limiting data on devices and more concerned with enabling access on those devices,” Rodrigues says. “To some extent, we have already seen these trends in place with the growth of mobile application management and information rights management requirements. Over time, we see these strategies looking to become device-agnostic. An enterprise will want to stop worrying what employees can and can’t do on which platforms— a user should be able to access what they need from whatever medium they want to access it from and still be assured of security and integrity of the data.”
App Store Management Emerging
As MDM providers look to expand their functionality to cover these new user demands, expect to see more market consolidation as smaller providers merge or are gobbled up by larger software vendors. These expanded solutions will offer increasing levels of security, as well as an increased focus on application management, including development of internal enterprise “app stores.”
As app stores become increasingly prevalent as a means for distributing these custom mobile apps, enterprises will have to keep in mind that users have become accustomed to the consumer experience,” Dickson says. “It is important to ensure as close to a native experience as possible for the user who has to obtain and use these apps. The ability to manage and measure via these app stores is going to become even more important as businesses start to develop more B2B apps for their extended ecosystem of partners, contractors, etc.”
Emerging solutions will provide content management (to help prevent data loss) and let users set up dual “personas” on a single device in order to segregate corporate and personal data. Meanwhile, users are still looking for effective ways to deliver legacy line-of-business applications to new mobile devices without the expense of developing native applications for each platform.
“Solutions that are able to deliver these applications to the mobile device platform in such a manner that the applications are usable; provide high performance; take into account mobile usability such as swipe, gestures, screen form factors, and even peripherals; and do so in a manner as to obviate the need for application modernization projects will be the standouts in this market,” Ungs says.