The rise of Bring Your Own Device (BYOD) work structures a decade ago caused intense concern in the telecommunications and enterprise ecosystems. While the inside-the-firewall/outside-the-firewall demarcation still existed, it was clear that the walls would soon come tumbling down. The day would come when a phone left on a train or swiped in a bar would be an existential threat to a company's existence.
Where there are problems, there are opportunities. A raft of innovative technologies, with confusingly similar names and acronyms, developed to address these obvious security and related challenges. One of these is mobile application management (MAM) software. As the name implies, MAM focuses on supporting what is sent to and resides on the device, as opposed to the care and feeding of the device itself.
There is always a bit of fuzziness around product category names and their associated acronyms. This is caused by pushy marketing departments and substantive differences in vendor approaches. The overarching idea is to create a mesh that supports devices, data and apps wherever they are – and whatever they are in – across the enterprise. The support includes security, functionality improvements, management and other important capabilities. MAM provides a flexible element to this ambitious goal.
Where Does MAM Fit In?
Some MAM software is distributed through standalone app stores. However, most – as much as 80 percent to 90 percent -- are modules in broader unified enterprise management (UEM) platforms, Chris Silva, a research vice president at Gartner, told IT Business Edge. Features such as app wrapping and PIN functions are added to corporate applications.
It's a complex world. Ken Jochims, the director of Product Marketing for Arxan, told IT Business Edge that MDM and EMM focus on interacting with devices that are under the control of the organization. MAM differs in that it is useful for devices that are a step away from direct corporate control. "MAM … provides an effective alternative to MDM and EMM solutions when users or their devices are outside the enterprise purview, such as contractors, partners or unsanctioned BYODs," Jochims said. "With true MAM solutions, business productivity apps can be deployed and run on unmanaged devices owned by employees, contractors and partners. Enterprise control is at the app level and provides app management and data monitoring to ensure oversight and data security across the user base."
MAM is also not restricted to smartphones and tablets. "As organizations continue to mobilize their workforce, traditionally desktop-centric applications are making their way onto all devices — laptops, desktops, smartphones, tablets," wrote Ryan Schwartz, a product marketing manager for IBM Maas360. "Aside from these third-party applications, many organizations have begun to develop or have already developed their own apps for internal use. Platforms such as MaaS360 need to address the demand for security surrounding the data on these apps while also providing end users a convenient and frictionless experience as not to break productivity."
MAM: Balancing Security and Functionality
How much of MAM is about security and how much is about creating efficiencies and providing other advantages that are not directly related to security, such as segregating personal and corporate data?
The genesis of much the BYOD-inspired software is to protect data being used out of the office. Initially, this data was less likely to be the crown jewels of the organization. After all, culture grows as gradually as technology. Early on, C-level executives were less likely to indulge in what at that time was considered risky behavior. Over time, changing culture, more functional mobile devices, and advancing security have made the distinction all but disappear.
Protecting this data and providing end users with the functionality with which they are accustomed is tricky, but must be done. "A MAM platform must ensure secure use of mobile applications but also curate applications so that workers have access to applications based on their job role and productivity needs," wrote Dan Dearing, the senior director of product marketing for Pulse Secure in response to emailed questions from IT Business Edge. "In a BYOD world, enterprises must also respect the line between what is the user’s private data (photos, applications, files, etc.) and what is sensitive corporate data."
It's all, or mostly, about security to Suneil Sastari, director of product management for SOTI. "MAM is primarily about security and controlling which applications which end users can have on their devices," he wrote. "Security is at the core of MAM."
Security is not a single task, however. "Any organization considering MAM is looking to verify that the right user is granted access to the right apps," Sastari wrote. "Once apps are on the device, organizations may leverage MAM capabilities to prevent unauthorized disclosure of sensitive information within the app and enable the app to securely access network resources or backend services."
Is MAM Still Evolving?
It's not surprising that the mobile application management software segment continues to change. "MAM, like much of the device and user management space, continues to evolve," wrote IBM MaaS360's Schwartz. "Solutions providers develop new approaches to management as customer demand changes. For instance, IBM provides single sign-on (SSO) directly through its MaaS360 platform, which allows for a unified experience across work apps for end users, while bolstering security."
There is a twist. The telecommunications and enterprise sectors are accustomed to thinking of progress as linear. The story may not be this simple in the MAM sector, however. The smartphone sector is not maintaining the growth levels of the past. Consumer markets are saturated and new features are not compelling enough to make large numbers of people upgrade. On the corporate side, there may be a pause as decision-makers wait for 5G devices to emerge. The impact of all this is that the universe of smartphones is likely a bit older than a few years ago.
This is the landscape within which new platforms are forming. "The MAM market continues to evolve, but the initial growth and excitement has tempered as the mobile device market itself has settled down, Pulse Secure's Dearing wrote. "New mobile products are still being brought to market, such as the re-invented Palm device, that require innovation and consideration by MAM vendors."
Are MAM platforms significantly different?
An important element of researching new corporate tools is to determine if competitors offer differentiated products or different versions of the same mousetraps. In the case of MAM, wrote Rajesh Ranganathan, the product manager for ManageEngine, the differences are not marginal.
Indeed, they can be significant. "[S]ome MAM platform vendors leveraged the OS-provided mobile application management capabilities to enable the application provisioning and security features," Ranganathan wrote. "Other platforms deliver additional capabilities by providing application wrapping functionalities like app tunneling, controlling copy and paste, screenshots with the app, etc. A few platforms even inject the required management and security codes during post-development and deliver similar capabilities for the applications developed in-house."
What questions should an enterprise ask a prospective MAM vendor?
In evaluating MAM software solutions, asking questions that address granular features and how the solution will deal with big-picture trends is key. These questions to prospective vendors delve into both areas.
- Do you support secure application access from managed/unmanaged devices?
- Do you provide data loss prevention security policies and application configuration for both in-house developed apps and public store apps?
- What applications do you support — SaaS, on-premises, etc.?
- What types of security controls can be enacted on the applications?
- What is the user experience like for a managed app — i.e., if a user has been accessing applications from an unmanaged device, will they need to adapt to a new process?
- Is the MAM solution being offered truly a MAM solution?
Does it require user device enrollment (not a true MAM solution)?
Does it access the device allowing access to personal data? (not a true MAM solution)?
Does it support unrestricted access for non-employees (if no, not a true MAM solution)?
- Does your solution support Android and iOS devices equally?
- Does your solution support any and all apps?
- How will you service/support my organization?
- How are software enhancements developed and prioritized?
- What are your update/release cycles?
- Do you secure and provide an always-on connection end-to-end between the device and application?
- Do you distinguish between the user’s data and corporate data?
- Are you managing the device itself, such as the OS, or are you managing the applications and data alone?
- Do you support Apple VPP, managed Google Play, and Microsoft Store scenarios?
- What custom installation options can you provide on devices that are not fully MDM-managed?
- Can you quantify how many of the app stores’ apps you can wrap or control?
- What capabilities does a MAM only vendor offer that can’t be delivered via an EMM solution?
- Is the MAM solution app-specific?
- What type of apps can be managed?