The IT and telecommunications industries have spent a decade or so struggling to keep pace with the massive changes in how people work and the related evolution in how business communications are structured. These changes are mostly tied to the explosion of mobility. Questions of device ownership (BYOD), securing employee data and corporate data, dealing with apps with unclear levels of security, ensuring the safety of employee data on shared devices, and other significant challenges characterize this highly fluid and mobile environment.
The industry has responded with a number of approaches. As is common in such a fast-paced environment, new features in some cases are added to existing platforms, transforming them forever. Often, these changes led to new categories. And, as usual, the distinction between categories can be fuzzy.
For the most part, however, the names of the categories aptly suggest their focus. Mobile device management (MDM) software oversees smartphones, tablets and other mobile communications devices. Mobile application management (MAM) focuses on issues such as ensuring that the apps folks download into their devices are secure. Enterprise mobility management (EMM) combines MDM and MAM. Unified endpoint management (UEM) manages all endpoints – including desktops – and enables them to be managed from a single platform.
It’s a complex set of solutions, which is natural because they are addressing a complex set of problems.
What Is MDM?
MDM deals with the basics of securing devices. It was the first response once the mobile ecosystem figured out that people were doing real work with real (and sometimes valuable and sensitive) data from mobile devices. “[MDM] is all about being able to enroll, view, manage, and protect devices themselves,” wrote John Nielsen, the director of MaaS360 Offering Management for IBM Security, an IBM business unit. MDM’s capabilities include the ability to lock, locate and, if necessary, wipe data off devices.
MDM therefore is a foundational element of security mobility.
“[MDM] describes the management and securing of an employee- or corporate-owned mobile device by enrolling into an MDM platform and installing locally a management profile that contains security policies, device restrictions, app entitlements, etc.,” wrote Jeff McGrath, the senior director of product managing and end-user computing for VMware. “For example, enabling local device encryption, setting a password policy, and being able to wipe the device or just the corporate apps. For most organizations, MDM is table stakes to allow devices to access corporate data and apps.”
How do Companies Handle BYOD?
Codeproof Technologies CEO Satish Shetty thinks that BYOD is still a “security nightmare” that is a tradeoff with no perfect answers. “It often comes down to a choice between employee flexibility vs. data security,” Shetty told IT Business Edge. “BYOD brings variety of devices into the enterprise, which makes it really hard to manage them. Some of the legacy devices are a big security risk and are not manageable through EMM as the device’s OS doesn’t support containerization and advanced management API frameworks.”
On the other hand, MobileIron Chief Strategy Officer Ojas Rege thinks the category has matured. “Seventy-eight percent of MobileIron customers at our Americas user conferences in May/June 2018 have a BYOD program,” he wrote. “It’s usually 10-50 percent of their devices. The main value of BYOD is not cost savings – that’s a misperception – it’s user experience and employee satisfaction because you give the user choice.”
The two executives are not disagreeing. Shetty is addressing the continued existence of the challenge, while Rege is referring to the fact that BYOD and its value are well understood by those trying to make it work. The overall feeling is that MDM and other tools have evolved to the point that they can tackle what clearly is an ongoing challenge.
How Is MDM Evolving?
BYOD may be the highest profile challenge in securing the enterprise in the era of decentralized and mobile work. But it is far from the only issue to think about.
Organizations are seeking support for many other types of endpoints. SOTI Director of Product Marketing Suneil Sastri wrote that these include point-of-service devices, unmanned kiosks, digital displays, printers, scanners, smart watches and even mini-bar refrigerators. The bottom line is that the mobile landscape is broadening and MDM and its sister technologies will have to support it. “Businesses require a significantly broader range of device types to run their operations end-to-end, especially with the emergence of IoT,” Sastri wrote.
A complementary issue, according 360Maas’s Nielsen, is that more business is done outside the enterprise. This means that steps must be taken to ensure security on mobile devices and wherever that data is stored. “Compliance with privacy regulations has become a much larger emphasis this year,” Nielsen said. “Organizations need to be totally aware of where data is stored, whether it’s stored securely, if the way it is being stored adheres to regulations, whether corporate data will remain in-country, and how end-user privacy is being preserved.”
New scenarios are also emerging. Codeproof identifies three: corporate owned/personally enabled, corporate owned/business only, and corporate/owned, single use.
What Questions Should an Enterprise Ask a Prospective Vendor?
In evaluating MDM software solutions, asking questions that address granular features and how the solution will deal with big-picture trends is key. These questions to prospective vendors delve into both areas.
- How does the solution keep up with the trends to Unified Endpoint Management?
- Does the solution go beyond native MDM to profile full PC management?
- What application types – SaaS, native, web, virtual – can be enabled across devices?
- How does the solution secure applications and infrastructure while enabling the access users want to applications and services?
- What array of operating systems is supported?
- How can the solution integrate into our existing infrastructure?
- What kind of security infrastructure does the solution have in place to protect our data?
- Is the security model multi-OS, multi-cloud, and multi-identity?
- What AI and advanced analytics does the solution provide my team?
- How does the platform make my team aware of risks, opportunities, and information that will influence better overall decision making?
- How does the solution free up team resources and reduce the amount of time we need to spend conducting research?
- Does the platform support company-owned and/or BYOD management?
- Does the MDM solution provide features such as restrict device erase, app blacklisting, kiosk mode, email management, etc.?
- What different types of device enrollment methods does the MDM solution offer?
- What internal IT resources would I need to enroll and manage the devices using the MDM solution?
- How does or will this fit into my current operations and management systems?
- Is this a separate system that requires separate monitoring and headcount or diversion of current staff and resources?
- How much of this solution can be automated and how scalable is it?
- How flexible is the solution to support and integrate what I have without forcing me to rip and replace overnight?
- Am I getting the benefits from the cloud for intelligence, recommendations, AI, security and in other areas?
To go deeper, see Top Mobile Device Management Tools for the Enterprise, which compares features, pricing and more for several leading MDM solutions.
What Are the Big MDM Issues Going Forward?
The evolution in work structures created by the mobilization of the enterprise is nowhere near complete. Baramundi Executive Sales Manager Bob Troup told IT Business Edge that some of the key issues going forward will be automating enrollment, data access and protection, application access and control, integration of mobile management within the IT infrastructure and business operations. “There will be a lot of moving pieces, no pun intended,” he wrote.
It seems that the challenges and issues will grow as time passes. Microsoft Intune suggests that most companies will not be able to do the entire job – from security to making sure mobile employees have the level of connectivity they need — on their own.
“Companies are still dealing with rebuilding an infrastructure that enables the modern workplace,” the company said in a statement. “This requires companies to really think about their needs and find solutions that cover multiple use cases and platforms that are architected to work with the melting of the traditional perimeter.”
The fast-moving elements driving demand for the best MDM solutions are varied. “Customers wrestle with how to manage a wide range of legacy and modern endpoint devices, how to provide the best end-user experience (such as getting the right apps to the right users), and how to secure corporate, school, payment, financial and patient data,” wrote Cisco Meraki Product Manager Stewart Fife.
The bottom line is simple: The stress of a decentralized and mobile workforce will continue into the foreseeable future and vendors and their clients will continue to innovate.