Sep 27, 2012 (09:09 AM EDT)
Six Tips For Navigating The MDM Jungle
Read the Original Article at InformationWeek
Revenue from mobile enterprise management software is expected to reach $1.8 billion by 2016, according to a recent IDC report. The marketplace expansion comes with good reason: Juniper Research projects that the number of employee-owned smartphones and tablets in the workplace will swell to 350 million devices by 2014, up from an already substantial tally of 150 million, and a RIM study concluded that businesses recognize the challenges this influx will bring, with 84% of polled executives stating employee-liable devices are a significant concern.
[ Is Apple looking to increasing its enterprise presence? Read Apple iOS 6 'App Lock': Enterprise Ready? ]
With so much movement, enterprise mobility is only growing more challenging. Here are six guiding principles for navigating the jungle of options.
1. It's All About Data
451 Research analyst Chris Morales said in an interview that device management has typically been about configuring, monitoring, and supporting devices. Going forward, though, he says the real issue is managing the apps that employees use to access corporate data.
He's not alone in this sentiment. Forrester's Chenxi Wang remarked in a phone interview that "MDM tech is morphing into a platform … that different technologies can be slotted into." Mike Davis, CEO of Savid Technologies, was explicit about what the "slotting" should prioritize: "The device doesn't matter. Data on the device is what matters." Jeremiah Grossman of WhiteHat Security, meanwhile, offered this: "It all comes down to data. How do you protect [a lost device] and how do you wipe it?"
2. BYOD: More Platforms, More Complexity
Data protection is paramount whether mobile devices are corporate-issued or employee-owned, but each approach involves distinct challenges. BYOD allows enterprises to accommodate employee preference while potentially boosting productivity and cutting hardware investments. Company-owned tools, on the other hand, give IT more control.
"BYOD seems simple… but it's not," wrote Stacy Crook, author of the IDC report, in an email. She cited several potentially challenging decisions, including what kinds of apps should be accessible on an employee-liable phone or tablet, whether to manage the device or just the apps it carries, which vendors to choose, and whether to reimburse employees for the business use of their property.
451 Research's Hazelton, meanwhile, stated that device manufacturers limit what app vendors can accomplish, meaning it can be difficult to define uniform policies in a multi-platform BYOD environment.
Despite limitations, manufacturer control can enhance security. iOS devices have been relatively virus-free thanks to Apple's app-approval standards, for example. Even so, Grossman asserted that mobile malware authors are "in experimentation mode" and that "locked-down systems" won't stop determined attackers. Indeed, a recent Arxan study found that most iOS and Android apps have been hacked, emphasizing the question of whether an employee's personal device might raise too many corporate security challenges. Products that blacklist or whitelist apps represent one workaround--although Wang pointed out that an IT department could irk employees if it tries to overly manage personal devices.
Android and iOS devices are prevalent at the moment, but with new hardware on the horizon, BlackBerry is still a factor. Microsoft, meanwhile, intends to put its mark on the mobile industry when Windows Phone 8 arrives--so the BYOD question is only going to get more convoluted.
3. Keep Personal and Business Separate
Davis said virtualization techniques that partition enterprise apps from personal ones are "the holy grail" of mobile data management. Many products--such as AT&T's Toggle, VMware's Horizon Mobile, and RIM's BlackBerry Balance--cater to this theme.
Other approaches include keeping documents within an encrypted wrapper, even when they're stored locally. Crook wrote that "individual apps with their own security and policy measures will be an attractive feature across many verticals." Hazelton noted, however, that some document containers are so strong as to actually impede productivity, with some applications making it difficult to sync with external databases and systems.
Whatever the method, Morales said application-level authentication and encryption are essential components in any secure enterprise environment.
4. There Are No One-Size-Fits-All Solutions
Hazelton said that tiered policies, in which administrators set permissions for only certain employees or groups, are essential to protecting sensitive data. Davis also emphasized the importance of user and group-based IT controls. Similarly important is the ability to push app updates to remote devices and to otherwise manage phones and tablets from afar.
User groups aren't just about protecting content; they're also about equipping different types of employees for their respective tasks. A product such as VerifyCloud, which ensures the integrity of photos taken with smartphone cameras, could be useful to field inspectors but is less clearly applicable to a boardroom, for example. IT managers should be prepared to choose multiple products, as even alleged "end-to-end" solutions might not serve all needs.
5. Local vs. Remote Storage
It can be convenient to store corporate data on a device; field employees who need to access documents on airplanes or in areas with shoddy network reception, for instance, might find cloud-based systems impractical.
Then again, local storage intensifies the risk that lost devices will lead to data theft. If data is accessible only when an app is open, such concerns are mitigated.
Grossman suggested most companies will use a mixture of both device-based and remote storage techniques. Clouds can be complicated, he said, because "if it's your cloud app, [content] can be stored according to your standard. But if it's someone else's cloud, you're relying entirely on someone else's infrastructure, which demands investigation."
6. Forget Long-Term Investments
Dan Shey of ABI Research stated in an email that "operators offering MDM solutions to their enterprise customers have two to four MDM vendors that they use." The multi-pronged approach involves not only feature differentiation, he said, but also contingencies in case a small provider goes out of business.
Chenxi Wang echoed this sentiment: "The CIOs I've spoken to are resigned to the fact that investments in mobile management … are possibly going to be thrown away in two years," she said, citing the rapid evolution of mobile technologies.
Shey predicted that there will be a consolidation of MDM suppliers and operators, so the multi-vendor, short-term strategy might be a fleeting trend. But for now, it is often necessary to focus on current needs as much as long-term strategies.
Download the debut issue of InformationWeek's Must Reads, a compendium of our best recent coverage on enterprise mobility in our new easy-to-read and -navigate Web format. Included in this issue of Must Reads: 6 keys to a flexible mobile device management strategy; why you need an enterprise app store; and Google points to the future of mobile. (Free registration required.)