By Steve Brasen
Not long after the introduction of mobile devices into the workplace, organizations recognized the need to impose security restrictions on access to sensitive data and provide some mechanism for the distribution of enterprise applications (app). This need led to the birth of Mobile Device Management (MDM), a practice developed to support the unique and emerging requirements of enterprise mobile device users. MDM tools were originally point solutions focused around security measurement with basic features such as device lock and wipe. Soon, a rapidly expanding list of requirements led to more comprehensive solutions suites.
Defining the Segments
As the name implies, MDM provides device-focused processes and solutions for accelerating user productivity and endpoint reliability. However, the full scope of mobile management goes beyond device-centric management practices because it is not just about the performance of mobile devices, but also the secure delivery of apps, data, and services to mobile devices. Enterprise Management Associates (EMA) believes mobile management solutions can be segmented into four logical categories including MDM, Mobile Security Management (MSM), bring your own device (BYOD) management, and Mobile Applications Management (MAM).
MDM features processes focused on ensuring that user devices are able to optimally and securely access and run business applications, data, email, and other services. MSM includes processes focused on data loss prevention, risk mitigation, compliance attainment, and restricting remote access to enterprise systems. BYOD management features processes focused on isolating business resources from users’ personal applications and data to allow consumer-focused devices to be used for non-business purposes without compromising business requirements. MAM includes processes focused on the secure delivery, high-performance, and high availability of enterprise apps.
While there is cross-over between these four practices, automated management technologies can be reasonably aligned into each of these principal categories. Collectively, these four practices comprise the all-encompassing process of Enterprise Mobile Management (EMM).
Unfortunately, significant confusion still exists surrounding this terminology. Since MDM practices predate the other distinct categories, the term is often used to describe capabilities that are clearly not included in its defined scope—or, even worse it is referenced as a term referring to all of EMM. These terms are not actually interchangeable and can confuse consumers into purchasing solutions that do not target their organization’s unique requirements.
To help clarify the true scope of MDM, it is important to recognize five distinct device-focused management disciplines that comprise the practice—asset management, device positioning, endpoint configuration, problem remediation, and endpoint security and compliance.
Asset management allows all mobile devices used to access business resources, which should be detected and recorded in a centralized data repository along with installed application details and information on configurations, owners, and device health status.
Through device provisioning, a centralized and controlled method should be provided for the secure installation of enterprise applications onto remote devices. IT administrators should have the ability to remotely push software to devices, and end users should be empowered to provision IT resources themselves via an enterprise app store or some other self-service user portal.
With endpoint configuration, IT administers should be able to remotely configure device systems, networks, and email accounts with little or no end-user interaction.
Problem remediation, which includes system, network, and application issues—including failure events, errors, and degraded performance, should be automatically identified and reported. Full details of the incident are recorded and made accessible from a centralized dashboard. IT administrators should have the ability to remotely log into and control supported mobile devices to perform remediation and maintenance activities. In the event a device is damaged beyond repair, all device data should be recoverable from backups.
Endpoint security and compliance encompasses solutions providing device-centric security support such as device lock and wipe, malware protection, data copy and redistribution restrictions, white and blacklisting of installed apps, device location tracking, rooting and jailbreaking detection, and password management.
MDM practices are entirely device oriented. For instance, while the administration of an enterprise software catalog or the security hardening of enterprise data access points may be important characteristics of a broader EMM approach, they are not device management activities, and are therefore outside the scope of MDM.
In the report, The EMA Radar for Mobile Device Management, detailed intelligence is provided on the ideal characteristics to look for in an MDM solution, along with side-by-side comparisons and rating of the 12 leading MDM solution suites on the market today, including platforms offered by CA Technologies, Citrix, HEAT Software, IBM, JAMF Software, Kaseya, LANDESK, ManageEngine, MobileIron, Sophos, SOTI, and VMware/AirWatch.
The report identifies key points of differentiation with each of the product sets and reports overall product strengths and cost efficiencies. It is available at enterprisemanagement.com/research/asset.php/3153/EMA-Radar-for-Mobile-Device-Management-(MDM):-Q1-2016. Highlights from the on demand webinar are available at: research.enterprisemanagement.com. SW
Steve Brasen is a research director at EMA. His career at the firm follows 19 years of industry experience in IT system operations, engineering, and management. Brasen began his career as a systems administrator for UNIX International helping to develop the open system standards for the initial release of UNIX System V.4.
Apr2016, Software Magazine