Enterprise MDM software has given IT some hegemony over devices, but control of passwords, lock screens, app installation and remote wipe capabilities will soon become old hat. As the capabilities of mobile devices advance, IT will need more robust management features.
When smartphones became popular, the mobile device management (MDM) software sector started to take off. In the beginning, there were really only two players: BlackBerry (formerly Research In Motion) and Microsoft Exchange. But each vendor's option only controlled its specific platform and demanded complete control of the device. As the bring your own device (BYOD) movement has taken hold, administrators need ways to manage Apple and Android devices, too.
Vendors focus on the enterprise
Apple and Android devices primarily focus on consumer features, but over the years, both platforms have added enterprise management features, starting with Exchange ActiveSync (EAS) support. Apple provides plenty of documentation on iOS security, deployment scenarios, configuration for networks and virtual private networks (VPNs) and even a full deployment guide for Microsoft Exchange integration. And Samsung, the leading Android manufacturer, has its Samsung Approved for Enterprise (SAFE) line of devices, which aim to provide enhanced enterprise features.
EAS offers a basic level of control over any device that needs to connect to an Exchange mailbox. It allows IT to enforce password requirements, remotely wipe devices and exercise other common policy controls.
Devices that carry the SAFE badge boast compatibility with advanced EAS features, such as advanced encryption standard 256-bit encryption, VPN, and integration with application program interfaces that allow MDM vendors to customize management features. SAFE devices help address some of the inconsistencies in security among different Android devices by ensuring a specific level of feature support.
The next generation of enterprise MDM software must be able to take advantage of an operating system's features and the enhancements and customizations that manufacturers provide. As devices evolve and change, device management must do the same. And MDM vendors must recognize that some OS and app developers won't support today's device management fixes forever. Google, for example, plans to eliminate EAS support in its free Gmail and Google Apps products this year.
Isolation to the app
In the future, there will be definite consolidation between MDM and mobile application management (MAM), so MDM vendors will eventually need to include MAM in their products as well. Having control over the security of a device and its mobile operating system is great, but the apps installed on that device can be just as much of a security risk.
Instead of pushing toward full device and application integration, some vendors have been pushing their own apps, which has several advantages. It allows containment of data in a single directory, gives IT the ability to apply specific encryptions and eases revocation without affecting other components of a device that may not be company-owned.
More on enterprise MDM software
Guide to enterprise mobile device management software
Enterprise MDM quiz
How IT can learn to stop worrying and love BYOD
As Google has shown with its recent release of exemplary apps for Apple's iOS, a third party can provide replacements to native apps. Users will be willing to replace those default apps as long as the functionality and usability meet or exceed the native experience. Enhanced notification systems, look and feel, and easy-to-use security features are key points to meet for any app that aims to replace native mail, calendar, document access and/or other functions.
Vendors move at a very fast pace to one-up each other's usability and functionality, and apps no longer stay still for two or three years. These all-in-an-app MDM options must keep up or risk becoming a major complaint point for IT.
The phone with two faces
The promise of full control over mobile operating systems is still out there and will likely see a fully featured debut this coming year with devices that can run two different instances of an operating system. Virtualization for mobile devices (which has already been demonstrated by VMware on the Android platform), allows IT to deploy a fully managed and approved environment while still allowing the user to customize his phone and switch back and forth between the instances. Hardware can now meet this challenge rather easily, but enterprise MDM software has to support virtualization. The biggest advantage is that IT doesn't have to worry about policies interfering with a user's personal device.
This could end up being a chicken-and-egg situation in the MDM software space, however. Support will be on a device basis and will introduce new licensing requirements, but IT can expect support from the likes of Red Bend and VMware, which are developing mobile device virtualization options.
Part two of this series covers the trend in MDM to control data in the cloud, malware prevention, how enterprise MDM software will handle even more operating systems and adding fine-grained and role-based permissions to control an ever-increasing number of devices per user.
This was first published in February 2013