Mobility

Avert a BYOD disaster with Mobile Application Management

Mobile device management (MDM) solutions don't take into account security and deployment considerations on an application level. Enter Mobile Application Management (MAM).

In a recent study by Apperian Inc., over 50% of employees have access to two or more mobile devices, such as a smartphone and a tablet. The BYOD revolution has created a corporate information security headache, since personal devices are more likely to be lost or stolen without the effective IT compliant password policies in place to secure their contents.

How can a business protect its corporate intellectual property on employee-owned assets while managing the device apps and information?

In the early days, smartphone vendors tried to implement the BES (Blackberry Enterprise Server) security approach. The problems with this approach was that 1) there were rarely apps running on BlackBerrys -- other than email, contacts, and calendar, and 2) individuals owned the smartphones, while companies owned the BlackBerrys, so applying the BES approach to the smartphone evolution was flawed from the start.

Companies needed more granular security and seamless control. This is when Mobile Device Management (MDM) entered the scene. Early players looked to leverage the access the phone and OS provider enabled via a defined MDM protocol. However, they were (and still are) governed by what's made available to them.

MDM vendors emerged with enterprise solutions that allowed IT to create and control mobile device policies to ensure device compliance. This allowed IT to support and manage devices within the IT infrastructure, log and track them through IT asset inventory, and secure corporate information. For most companies, this was all that was available and as far as that approach would take them.

But MDM doesn't take into account how an enterprise should handle the development, deployment, management, and maintenance of in-house and third-party apps or information.

According to Apperian's survey, over 65% of respondents use mobile apps in the enterprise, 35% said that they'd developed between one and three in-house mobile applications, and 51% said all were third-party apps. Without effective policies in place to monitor and control access, these apps represent a massive corporate data security risk. So, how can a business ensure that this risk is mitigated and removed entirely?

MDM solutions don't take into account security and deployment considerations on an application level. This has brought about the need for an app-centric (vs. device-centric) approach for managing access and the distribution of approved apps, which has given rise to the growing trend known as Mobile Application Management (MAM).

Mobile security and management focused on the apps

Until recently, the primary method available for securing the contents of a mobile device was to focus only on the device as a whole. MDM vendors worked within the confines of what the device and/or operating system made available. In practical terms, this permitted IT organizations to lock down or wipe the entire contents of a device -- intentionally after device theft or accidentally during routine system maintenance. It's essentially an all-or-nothing approach to securing the mobile device. The device and all of its contents are either under IT control or not. This may not be an issue for company-owned mobile devices, but the practice has set off a backlash from users in BYOD settings.

The second significant challenge emerging, while demand for mobile apps and content in the enterprise increase, is the need to manage the full lifecycle of apps. Years ago, IT organizations and software vendors realized the value of having system management frameworks to help manage software versions, desktop images, and more. What the industry has lacked is a systematic and purpose-built approach to managing mobile apps.

This problem cannot simply be seen as an extension of desktop computing. Mobile apps run at vastly different cycles. There are incalculable combinations of devices, mobile OS versions, and app versions available at any one point in time. Imagine the nightmare for today's CIOs when they're expected to not only secure this world, but also embrace it, when they don't have control over the underlying asset!

Yes, MAM

I believe it's these two major streams of demand that have driven innovation in the industry and led to the emergence of platforms built purposely for MAM. This includes platforms that place their primary focus on the apps themselves -- securing, managing, onboarding, and retiring them. For an example, check out Apperian, App47 or Nukona.

MAM lets IT manage internal development, distribution, and control of in-house and third-party mobile applications within the corporate infrastructure. This helps create an effective solution to support and deliver apps to consumer and enterprise mobile devices. MAM also helps in the following ways:

  • It gives the CIOs the ability to develop, test, and deploy their own enterprise apps and third-party consumer-based apps
  • It gives employees a mechanism for downloading and using mobile apps (similar to the Apple App Store) that have been approved for use and provisioned by an IT policy
  • It lets IT manage access to the apps, depending on factors like an employee's job role

There are many questions to ask when you're thinking about implementing an enterprise-wide mobile strategy and allowing employees to bring personal devices into the workplace. Ultimately, how you rate the importance of device security, corporate data protection, and application development will drive the choices you make.

When it comes to BYOD in your organization, should you manage just the devices or everything on them? Share your opinions in the discussion thread below.

Also read

TechRepublic and ZDNet delve deeper into BYOD in a special report page: BYOD and the Consumerization of IT.

About

Theo Priestley is a business consultant, industry analyst, startup advisor, and writer. Join Theo Priestley on LinkedIn and follow him on Twitter.

5 comments
bharti mehta
bharti mehta

Smartphone’s and Tablets have become the integral part of our lives today. They are not just bound to communication but are effectively being used in businesses all over. With the BYOD efficiently being used in organizations, it is important for them to deploy a security solution that could secure and manage their corporate data. Therefore Mobile Application Management makes a role for itself. However there is very thin line between MAM and MDM. Everyone usually get confused between these two. MAM is an effective solution to control the applications while MDM focuses on managing the mobile devices properly. Various companies offer these security solutions and hence there are wide options from which one can select an effective security solution. Organizations opt for those companies that are reliable and capable of offering these solutions effectively. Therefore making proper selection depends on the nature of application one needs. http://www.kochartech.com/mobile-application-management.html

sjwoodr
sjwoodr

Good article! I like to draw a clean line between MAM and MDM. Lots of organizations want to manage the distribution of apps while not necessarily needing the overhead of MDM. There are other pure-MAM solutions in the market including Knappsack (http://knappsack.com), which is a hosted mobile application management service with advanced features at entry-level prices. Agile dev shops also need a way to distribute incremental updates to customers, and mobile app distribution products such as Knappsack make this task easy. Curious how Knappsack works or if its secure? Have a look -- its open source! I invite you to contact me through our website with any questions you have or sign up for a free trial at knappsack.com! -- Steve Woodruff, Knappsack Product Owner

swarnapodila
swarnapodila

Very well explained, Theo. I actually work for Symantec, which acquired Nukona last year. While I believe MDM is still an important part of a complete enterprise mobility strategy, the need for MAM cannot be underestimated. Our enterprise customers need a complete solution. That is why we now include both MDM and MAM functions as part of the same product. Swarna Podila Symantec.

Editor's Picks