Question

What challenges or issues could MDM or MAM present for employees

Answer 1

MDM – Mobile Device Management and MAM – Mobile Application Management are main Enterprise Mobile Management solutions offered by mobile security/EMM vendors. It is difficult for most enterprises to select the right products for their security needs. This paper provides a comparison of two top security mobile management solutions – the MDM, which acts as a device guard, and MAM, which acts as an application spy.

In spite of the advent of smartphone technologies and a new set of security features provided by native OS platforms with every release, the landscape of Mobile Management products is large and dynamic. According to CIO insights, almost 45 percent of the world’s enterprises who adopted mobility are planning to spend at least $500,000 on mobility projects over the next 12–18 months, of which at least half of will be invested on mobile devices and applications management. The capabilities that each mobile management service provider offers vary from vendor to vendor, mainly in terms of approach and cost. Each vendor considers their approach to be the best and sometimes they support more than one approach to provide the solution. This makes it difficult for IT security to decide which one to go with. With the influx of mobile devices, apps, mobility use cases, and data security threats, enterprises are compelled to take mobile management seriously. Currently, MDM, MAM, and MIM are the top choices for effective mobile management. Out of these four solutions, MIM (mobile information management) is achievable with both MDM and MAM. So, which of the two makes a better choice? Let’s look at the strengths and limitations of both solutions.

Brief on MDM

MDM was evolved mainly to manage iOS, Android, and Windows-based handhelds after they gained ground over Blackberry to become enterprise devices. MDM takes the approach of managing and controlling the entire mobile device and all enterprise-registered applications within the device. Of all EMM solutions, MDM is the most powerful since it provides the highest control at device level. However, do enterprises want to allow BYOD (bring your own device)? Are the employees ready to let a solution manage their entire device? They are right to be concerned about compromising on privacy while using corporate specific apps. Also, B2C apps cannot claim control to monitor end user devices. Consequently, enterprise mobility adoption to BYOD and COPE concepts as well as security concerns related to B2C applications presented a strong need for another solution called MAM.

Brief on MAM

MAM stands for Mobile Application Management. The MAM application resides mainly at the top of the device in the form of an application guard layer that manages, secures, and monitors single or multiple applications within its layer. Although MDM has more reach and power to fetch special API-level access at OS level, MAM has its own strength in terms of offering granular control and analytics at a single app level.

What MDM offers

A list of basic and advanced features of MDM is available through hundreds of blogs and articles on the internet. Therefore, the information is not repeated here.

Why MDM is not the preferred mobile management solution

MDM acts like another super user on the mobile device and plays an important role after the native OS. Existence of this spy rootkit on the device was accepted till the time enterprises had device ownership.

• Employees carrying their personal devices to work and enterprises allowing them access to organizationspecific applications and data gave a boost to BYOD.

• Both in B2E and B2C scenario, where the devices are owned by end users, enterprises enforcing security policies and control at device level is not accepted by end users.

• In case of lost or stolen devices, triggering remote data wipe for the entire device can delete users’ personal data, including personal contacts, media, personal device settings, and application configurations.

• Every time while operating the device even for personal use, why should the end user type complex passwords or patterns as enforced by MDMs?

• MDM being operated at device level can continuously monitor the user’s current location, read private information from applications like contacts, calendar, etc., in case the same apps are being used even for work purposes. Only based on some MDM approaches where they enforce custom native apps, isolation of personal and official data is possible but again at the expense of performance and usability issues with custom apps against native. • What if the same device should be used between multiple users? Would MDM be able to manage multiple user profiles on the same device and control them differently based on user persona? No.

• MDMs enforce the device OS version upgrade enforcement to end users. What if the user is comfortable in using all his favorite apps (which might not be compatible with the next version) with the current device OS version? Is there an option left for the user there?

• With a majority of the approaches, MDM enables access to multiple enterprise applications via VPN-based model. Every time while switching between personal and professional space on the same device, the device retriggers authentication which is performance intensive. Also it brings user experience issues.

• Enterprises may wish to push specific policies and profile configurations based on security and analytics need at application level. With MDM, where things are governed and watchdog is the security guard at device level, this is challenging.