It has become fashionable in some circles to suggest that Mobile Device Management (MDM) is dead, but nothing could be further from the truth. While MDM is still very much in its infancy, its boundaries continue to expand. It's no wonder people (even the experts) are confused.
It's hard to believe, but only ten years ago built-in Wi-Fi was just an option on laptops. And although laptops definitely changed the endpoint management landscape, companies were still able to maintain the typical "top-down lockdown" approach via client management software, VPNs and restricted admin rights. BlackBerry offered the same fenced-in, cookie-cutter approach for managing smartphones.
Although the iPhone entered the market in 2007 to great fanfare, it was the iPad in early 2010 that forever kicked in the doors to a well-managed network. The iPad was a favourite of senior management who had no qualms about jumping the queue in IT to get their latest toy supported. This led to the Apple MDM API and a trickle-down effect that quickly became a deluge of bring-your-own-device (BYOD) users.
Suddenly, the top-down lockdown approach wasn't possible since the devices were no longer owned by the company, and limiting what type of device an employee could use was also off the table. That ship sailed the day the CEO brought in his first iPad.
The struggle to define best practices for MDM and client management continues to this day.
But it's important to remember that we're not redefining devices – let Apple, Samsung, and Microsoft do that. All we need to worry about is how these devices will be managed.
BYOD, CYOD, and COPE – does it matter?
There are three drivers to the new management landscape:
1. The typical user relies on more than one device and for the foreseeable future, one of these devices will be a computer. This means that MDM cannot replace traditional client management technology. Instead it must complement and coordinate with it. Ideally it will be an integrated part of the same infrastructure. This perspective is supported by leading industry analysts who agree (in a rare moment of consensus) that separate management frameworks for different form factors is unsustainable in the long run. Ultimately, the practices and tools for client and mobile device management must converge.
2. As the price of the hardware has come down, the value (and portability) of corporate data has gone up. This has introduced entirely new risks or emphasised existing hazards. After all, companies that allow Outlook Web Access from employee-owned computers are facing no greater risk when they provision email to employee-owned smartphones. But the risks are real and they've become one of the biggest considerations when it comes to device management.
3. It's not only about the device… it's about the user getting what they need when they need it. As ownership has shifted to the end user, it's become increasingly clear that it doesn't really matter if they are using a laptop, tablet or smartphone. They just want to have their stuff. Users want to be productive on the devices they've chosen, regardless of operating system or form factor. And if you don't help them, they will help themselves. This is a problem for the top-down lockdown approach because the more troublesome the restrictions, the more likely the user will be to circumvent them – not maliciously, but simply in order to get the apps and data (the stuff) they need to be productive.
Add this up and it points to a new management paradigm that is user-centric, not user-restrictive – an approach that focuses less on the device and more on security for corporate data and apps. It's not about BYOD, CYOD, COPE, or any other acronym. In the end, it doesn't really matter who owns the device – instead IT should focus on who is using it and how. A policy-driven, user-centric framework will adapt easily to this approach.
M (alphabet soup) M
There is heavy competition amongst software vendors to win the battle of the acronym, with Mobile Device Management (MDM), Mobile Content Management (MCM), Mobile Application Management (MAM), and more. So what do these mean and which one is the priority?
It turns out that most M*M technologies are really just component parts of comprehensive MDM; they do not exist outside of MDM.
The good news is that modern mobile operating systems are getting better at supporting these functions. The Apple Volume Purchase Program (VPP), per-app VPN, and enhanced data controls make it easier for enterprises to manage content, apps, and access – while various Android vendors continue to differentiate their devices with their own similar enhancements. While device standardisation may be difficult, it's not impossible – although it will impose some "homework" duties on IT to understand what is possible.
A conflict of visions
It would be misleading to suggest that top-down lockdown has disappeared. It remains the best approach to management and security for many organisations, because the best approach can only be determined by your specific requirements for security, regulatory compliance, and the business.
Fortunately, many highly secure options are available. Persistent endpoint security provides the ability to track and secure all the devices in a deployment. Laptops, tablets, and smartphones can be remotely managed and secured to ensure – and most importantly prove – that endpoint IT compliance processes are properly implemented and enforced.
Samsung is among the market leaders, beginning with the extensive Samsung SAFE management API and continuing with Samsung KNOX, a containerisation technology built into their version of the Android operating system. This provides a high security, high control approach to mobility. The US Department of Defence, which clearly has high security requirements, has approved the use of Samsung KNOX for their devices.
However, as with the base operating systems, KNOX is best managed using the same user-centric, policy-driven practices made necessary by the free-for-all that is BYOD. In the end, top-down lockdown must be one of many options implemented to support the mix of devices and users within most organisations.
The bottom line
Reports of the death of MDM are greatly exaggerated. Instead, we're shifting to a new understanding of endpoint management – a policy-driven, user-centric framework that accounts for data, apps and security across multiple operating systems, form factors, and owners.
- Tim Williams is Director of Product Management at Absolute Software
from TechRadar