Mobile application management (MAM) has put MDM in its place
- 06 June, 2012 06:38
This vendor-written tech primer has been edited by Network World to eliminate product promotion, but readers should note it will likely favor the submitter's approach.
MDM zealots ridicule MAM as a glorified app catalog and a security sieve, while MAM proponents say MDM's rigid and centralized control of all policies, user access, hardware/software and content sabotages the revolutionary benefits of enterprise mobility.
We firmly believe that MAM is a superior approach for the management of a vast majority of mobile enterprise applications, that it has leapfrogged MDM as a systems management best practice for mobility, and -- importantly -- incorporated its most useful security capabilities.
Still, there are shades of gray in the MAM/MDM debate. MDM may still be preferred for environments where security and device control trumps all other criteria, and where company-issued devices are exclusively used. MDM and MAM can even work together as adjacent, complementary approaches in organizations where the highest levels of security and the strategic enablement of mobile workers through high-value apps are equal considerations.
The bottom line is, the interests of the user, the application developer and the IT manager have been changed, fundamentally and permanently, by mobility and the ubiquity and unconscious portability of mobile devices. Core business processes -- and business itself -- have been transformed by smartphones, tablets and their applications, and by movements like the consumerization of IT and BYOD (bring your own device).
Consumer technology has leapfrogged business IT, and that's not going to change anytime soon. BYOD underscores the uniquely personal nature of these tools: the fact that the users' spouse or kids gave them that mobile device on their birthday -- that they customize it themselves and it's uniquely theirs -- only makes those devices more integrated into, and more useful for, their work lives.
Security, visibility, compliance are still important in MAM world
I won't argue with the assertions that corporate data and IT assets must be protected from security breaches -- whether from hackers, former employees, or the physical loss of the device -- nor that issues like identity management, authorization control, compliance reporting, etc., aren't fundamental to a successful enterprise mobile infrastructure.
And it's obvious that certain environments -- military, financial services and healthcare/HIPAA-compliant applications come to mind -- almost always demand an uncompromising commitment to a purely secure approach, whether MDM or MAM+MDM. In addition, places where the risk of device theft or loss is high -- like the point-of-sale tablets used at store kiosks -- demand features like device wipe to keep corporate data and apps from being jeopardized.
But in the broader enterprise marketplace, it's misguided and naïve to think that locking down devices will automatically make the IT environment more secure. It can often cause one of two things to happen: (1) the devices won't be used optimally (or at all), or (2) users will try to end-run IT, whenever possible, with their own device. Actually, I'd argue that whenever CIOs opt for a Draconian lockdown of mobile devices, they make the enterprise inherently less secure.
BYOD: Familiarity breeds contentment
MAM is a superior model because it focuses primarily on the user and how mobile apps help empower that user in the workplace. As such, it's a cornerstone of the BYOD movement that's taking the enterprise by storm. According to an April 2012 survey conducted by 451 Research, 70% of organizations surveyed have policies in place for connecting "BYO" devices, with 43% reporting that employees are bringing and using their own mobile devices to the workplace.
BYO is flourishing because users are more productive when they use their personal device to access corporate applications and data assets. They want the familiarity of a commercial apps store interface, like the iTunes Store or Google Play, and the freedom to use both personal and enterprise apps on their smartphone or tablet. They don't want their personal apps and information or their family photos wiped or locked down by IT, and they want a measure of privacy around their non-business use of their personal devices. [Also see: "Mobile BYOD users want more security"]
MDM frustrates many users because they can't use the same device for business and personal applications -- and also because they find a dearth of useful enterprise apps developed under the constrictions of MDM. Therefore, the needs of the developer are also an important consideration in the MDM/MAM debate.
And here MAM also provides advantages over the MDM approach. It provides a better channel for the development, testing, refining and publishing of enterprise mobile applications; some of our customers report shrinking development cycles from weeks to days.
MAM complements the agile development methodologies most mobile projects use today. It makes app projects more successful, and improves both adoption and usage rates. The development process places the app creators as close to the stakeholder as possible. They can quickly push new builds out to the user community and gather feedback. MDM, on the other hand, has a harder-to-manage development lifecycle and usually doesn't offer direct access to enterprise end users.
For IT, MAM offers core functionality
MDM was conceived of as a purely defensive weapon -- an extension of traditional systems management practices that focuses mainly on locking or wiping clean compromised mobile devices. It's since been expanded to include staple functionality like firmware upgrades, remote diagnostics and administration, asset tracking and management, and provisioning. All are fundamental tools for IT.
Yet many of today's MAM solutions incorporate 80% of MDM's essential functionality, including secure identity management and single sign-on; app security policy; compliance reporting; app analytics and device control functions like app delete, device lock, device wipe and real-time inventory. In other words, MAM balances "offense" -- its proactive, user- and developer-focused features -- with a strong defensive core.
Plus, MAM solves other challenges for IT. It vastly simplifies apps installation, updates, and lifecycle management; its support of cloud computing offers instant scalability and elasticity. It offers a unified approach to developing and managing apps on Apple iOS, Android and BlackBerry device platforms.
MAM is suited to all three use cases we see developing in enterprise mobility -- BYOD "knowledge workers," kiosk-based environments and company-issued field devices. In some cases, the latter two uses may require some of the additional security and control features that are part of MDM, which a comprehensive MAM solution will offer.
But, in any case, users -- not devices -- should be the center of the business IT universe. Their iPad or smartphone and the apps they use empower and liberate them to do their jobs better and faster. In a real sense, knowledge workers have become artisans who uniquely apply their own tools to solve problems, make decisions, or close deals -- creatively and flexibly.
The device is a means to an end, not the end in itself. That end is the mobile user and their productivity -- and that's why mobile application management has eclipsed MDM.
Apperian is a mobile application management company based in Boston. Contact the author at firstname.lastname@example.org.
Read more about anti-malware in Network World's Anti-malware section.