Whitepaper on Mobile Device Management that discusses the role of MDM in enterprise mobility and how it can be an effective way to secure your mobile environment.
2. One of the significant technological trends in recent times has been the huge proliferation of mobile
devices and apps into the workplace. From smartphones to Tablets to wireless add-on devices like
sensors, scanners etc., mobility in enterprises has reached a critical mass and is all set to occupy a
dominant position in the overall organizational setup. While enterprise mobility solutions bring myriad
benefits to organizations in aiding transformation, boosting efficiency, increasing customer satisfaction
and eventually leading to better margins and revenues; it also poses a range of serious challenges in terms
of managing, monitoring, collaborating and securing an ever increasing pool of mobile devices and apps,
loaded with sensitive data, which needs to be answered to optimize the benefits arising out of mobility. A
few years back, enterprise mobility was predominantly occupied by Blackberry devices and a BlackBerry
Enterprise Server (BES) was sufficient to manage and secure the environment. However, in recent times,
consumerization of IT and Bring Your Own Device (BYOD) policy has led to entry of devices of all types and
sizes making it impossible for the IT departments to manage and monitor it and posing a serious threat
to the security of corporate data. Mobile Device Management or MDM can be one such solution that
can prove to be an effective answer to most of the challenges arising while implementing mobility. Our
cover story, this month, takes a detailed look at MDM and discusses why and how it could be a solution to
various challenges faced by enterprises in their mobility adoption.
What is MDM?
According to Gartner, Mobile device management (MDM) includes software that provides the following
functions: software distribution, policy management, inventory management, security management and
service management for smartphones and media tablets.
Mobile Device Management solutions can be deployed on-premise or as a cloud-based service. There are
a few vendors who also offer MDM as managed service wherein routine updating and maintenance is
outsourced to third parties. Most mobile device management solutions enable organizations to manage
and provide end-to-end security to mobile devices, apps, network and data through single software
whereas some MDM solutions also incorporate expense management to provide more elaborative
coverage to the management of mobile devices.
How MDM works?
Whether deployed as an on-premise server or as a cloud solution, a MDM lets you manage all the mobile
devices deployed across your enterprise. Every device that has to be controlled and managed in your
enterprise and hence enrolled into the MDM has to follow an authentication and provisioning process
through which it is registered in the MDM directory. An authenticated and encrypted connection is then
established between an enrolled mobile device and the MDM gateway server enabling all traffic to and from
the device network to be redirected through it and the Gateway Server. A registered device can interact
with the MDM server after it successfully authenticates itself. The device management server collects
information about the smartphone or tablet and then sends the applicable settings and applications
to it. MDM allows administrators to enable or disable any functionality of the device; decommission
inactive devices, blacklist and whitelist applications or selectively wipe data from a device as per the
mobile policy and the user cannot override it. It also supports remote location of any device and provides
troubleshooting services to any device. The MDM also regularly checks and evaluates for newly published
Mobile Device Management: Securing your mobile Environment./ 2
3. software package distribution.
Most of the MDM solutions offer customizable, on-click dashboards for administrators to get information
on all the enrolled devices in the enterprise network.
N SEC
IO URI
VIS TY
PRO
A
M pp
cy nt an lic
oli eme
P g ag ati
em on
a en
an t
M
CONFIGURE
MDM
SUPPORT
Dev ment
Architecture
Man ervice
Ma e v c
ice
na
age
ag e
S
geme
Man
me
nt
t
Management
Management
Security
Security
TE MO
CT IVA NIT
OR
E-A D
MDM enables -
• Configure - Configure device and application settings, restrictions etc., as per policy.
• Provision - Facilitate automated and over-the-air user device registration and distributing
configuration check and evaluate software package distribution.
• Security - Secure devices, apps, and data by enforcing security measures like authentication and
access policy, enable or disable device functionalities, blacklisting and whitelisting apps.
• Support - Help users by remotely locating any device and providing troubleshooting services.
• Monitor - Keep a track on device, app and data usage; check unauthorized user access;
abnormal device behavior etc.
• De-activate - Decommission lost or stolen devices; block user access, wipe out data from
compromised devices.
Mobile Device Management: Securing your mobile Environment./ 3
4. Why MDM?
Reduction in Total Cost of Ownership
Cost Per User Per Year MDM Benfit
Device Cost $250 8% Amortized over 2 years
Connectivity $900 30%
Data
Connectivity $800 27%
Voice
Backend/Ops $504 17% -30% -$151 Setup and operate backend mobile
application, change requests
Service $192 6% -40 -$77 Setup users, connectivity, user
Management management, change requests
User Support $312 11% -30% -$94
$2958 100% -11% -$322
Cost Reduction per year with MDM : $322
Net Reduction in TCO : 11%
Net Reduction in Annual Device Management Costs : 32%
Source: HP & Gartner, Microsoft Exchange Connections 2008
The widespread proliferation of mobile devices and applications caused by consumerization of IT and the
popularity of BYOD policy has enabled unprecedented mobility and data on the fingertips of employees
while boosting productivity and efficiency of the organizations. However, while providing multiple
benefits to enterprises and employees, mobility has also posed several challenges to the IT department.
From selecting platforms to support within the network to dealing with loss or theft of devices to securing
critical corporate data on thousands of devices; IT departments have a lot to consider. MDM software
helps IT department in answering all these challenges by providing control over devices, applications
and data flow. Administrators can monitor and control the apps installed on devices, keep a track on user
behaviour, enforce security measures so as to create a secure mobile ecosystem within an organization.
Moreover, MDM solutions also go a long way in optimizing the functionality of the mobile network in
an enterprise as well as minimizing costs and reducing downtime. In other words, MDM paves the way
for implementation of both device and platform agnostic security policy and supports enterprises in
mitigating business risks by protecting data and information.
Mobile Device Management: Securing your mobile Environment./ 4
5. Mobile Device Management can help an enterprise :
»» Enable sophisticated security mechanisms to prevent corporate data stored on devices from being
leaked, stolen or compromised.
»» Ensures central control of registered mobile devices by providing real-time overview on each
specific device via dashboard.
»» Safely manage & distribute recommended apps, blacklists risky apps.
»» Provides single, comprehensive infrastructure to manage devices and apps.
»» Minimizes total cost of ownership (TCO) with a scalable, dependable solution.
»» Meeting service level agreements (SLAs)
»» Adheringe to key compliance obligations like HIPAA, FISMA etc.
»» Implementing a standard mobile management & security policy.
»» Improvinge user experience and thereby sustaining worker’s productivity.
»» Reduces IT burden with self-service portal for employees.
Mobile Device Management: Securing your mobile Environment./ 5
6. MDM Usage and Adoption Trends
Status of MDM implementation in Enterprises
42%
27% In Use now
In Pilot/Evaluation Phase
In next 6 months
In next 6 -18 months
Later than 18 months
1% No Plan
7%
15%
8%
source: theinfopro.blogs.451research.com
»» Among organizations that have not yet deployed an MDM solution, 32% will deploy one in 2013 and
additional 24% plan to deploy one in 2014.
»» The leading factor (34%) cited for deploying an MDM solution was the potential for loss of
intellectual property.
»» Among respondents switching to a new MDM platform, 31% indicated that they would likely
select a cloud-based solution. Of those, 55 percent said they would choose a private cloud solution
for security reasons.
»» The top three reasons cited for choosing a cloud MDM solution were:
• Simpler administration/maintenance (69%)
• Predictable/reduced costs (39%)
• Don’t want to use internal IT staff resources (21%)
Source: Osterman Research
Mobile Device Management: Securing your mobile Environment./ 6
7. When is MDM required?
MDM - Requirement Analyser-Walle Quadrant
• Over- the-air configuration (Wi-Fi, Active • Internal apps and/or secure content hosting
Sync) • Device locator/tracking
• Apps management on devices • Cloud backup/storage control
• Asset tracking (hardware, software) • Encrypted data traffic
Features
• Compliance reporting • Board paper distribution through devices
• Policy compliance access control
• BlackBerry is the only device type used • Remote lock and remote wipe
• Smart devices don’t collect corporate • Need to require passcode
e-mail • Encryption must be enforced
• No corporate documents kept on device • Requires basic device restrictions
• Devices don’t access any corporate data
Risk / Security
MDM not required Consider MDM MDM is required/recommend
source: Datacom
When should you consider looking for a MDM solution? The answer depends on many factors including
the type of devices being used in your enterprise to types of apps and the kind of data accessed through
them. You may not require an MDM solution in case you provide your employees only BlackBerry or iOS
devices or in case the devices don’t access any critical data. However, if you have a Bring Your Own Device
(BYOD) mobility culture wherein employees bring their own devices or you approve multiple OS devices
like iOS, BlackBerry, Android, Windows etc., then a MDM solution becomes a necessity to prevent your
device and data from theft or being compromised. In addition, there are various other questions like- Does
data and sessions need to be encrypted? What would be the business impact of a security breach? What
and how much control do you wish to have on the devices and apps? In other words, a comprehensive
assessment of your organizational risk profile with respect to mobile devices will answer your need for a
MDM solution.
Mobile Device Management: Securing your mobile Environment./ 7
8. Players in the MDM market and their position
Magic Quadrant for Mobile Device Management Software
Challengers Leaders
MobileIron
AirWatch
Fiberlink
Ability to Execute
SAP
Zenprise
Symantec Good Technology
McAfee
Sophos
BoxTone
Trend Micro
Tangoe IBM
OpenPeak SilverbackMDM
Amtel
LANDesk
Smith Micro Software
MYMobile Security
Niche Players Visionaries
Completeness of Vision
source: gartner (May2012) as of May2012
MDM vendors are somewhat limited in the control that their specific MDM solution can exercise on
the APIs (Application Programming Interfaces) of the devices which means that while each MDM is
different, the core functionalities and features remain same. MDM platforms may differ from each other in
deployment choices-traditional in-premise versus cloud based, the platforms-iOS, Android, Windows etc.,
it supports, integration with security and service management platforms, telecom expense management
and enterprise content management system etc.
The market for MDM solutions is competitive with many big players involved in it. According to Gartner
research, the MDM market is dominated by a “big 5” group of vendors consisting of Good Technology (which
alone accounts for 20% of the total market), SAP, AirWatch, MobileIron and Fiberlink Communications that
controls about 60% of the market.
Mobile Device Management: Securing your mobile Environment./ 8
9. Issues with MDMs
• Deployment – MDMs can be deployed on-premise or as cloud-based service. On-premise
installation would require in-house capability and resources for maintenance and trouble-shooting
while cloud-based solution would make you completely reliable on vendor’s capability and services.
• Costs -There are significant expenses involved in installing MDM solutions. While on-premise
installation requires significant upfront costs with low recurring expenses, cloud-based solutions
require low upfront expense but have high recurring expenses every year. Companies have to do a
comprehensive cost-benefit analysis before opting for a MDM solution.
• Adaptability -Every organization has its own set of niche requirements that a MDM solution
must be able to address. Allowing sufficient customization and tweaking choices is a challenge for a
specific MDM.
Recommendations on choosing a MDM solution
Choosing the right MDM platform becomes critical due to security implications and high costs involved.
Here are a few key points to consider while choosing a MDM platform-
• Mobile Policy - Your MDM platform should best cater to your mobile policy. Does it have sufficient
functionalities to provide the level of security that your business needs? Does it support archiving of
mobile content?
• Security Mechanisms - Data security is an on-going process. Make sure that your MDM platform
supports advanced data security measures.
• Remote configuration & control - Your MDM platform should enable remote configuration,
updating of OS and apps. Moreover, it should also provide you control through locking/wiping of
devices in case of loss and theft.
• Scalability - The types of platforms and devices it can support is also a key consideration while
choosing an MDM. Does it offer flexibility to add more devices and platforms in future?
• Compliance obligations - Your MDM platform must be able to help you in fulfilling compliance
obligations related to data security, customer privacy etc., of the country.
• Analytics - MDM solutions must provide real-time, comprehensive analytics on registered devices
and apps.
A Checklist for MDM
Any good MDM must have following security features-
• PIN/password enforcements
• Functionality to remotely lock/wipe device in case of loss or theft
• Data encryption
• Jailbreak detection
• Data loss prevention mechanisms
Mobile Device Management: Securing your mobile Environment./ 9
10. Device Management Application Management
• Over the air configuration • Whitelisting and blacklisting of apps
• Remote operating system and application • Management of enterprise app stores
updating • App security features
• Remote control of devices • Remote data wipe of applications
• Real-time analytics on usage • Real-time analytics on apps downloaded, data
accessed on registered devices
Conclusion
The massive proliferation of mobile devices and applications in enterprises has posed a serious threat
to the IT department in securing critical corporate data. Moreover, with huge diversity in devices and
multiple platforms, it has indeed become burdensome and resource-taxing for organizations to monitor
and control devices, apps and their usage. Also, there is a regulatory requirement call for sufficient data
protection mechanisms. In such a scenario, MDM solutions become a necessity for organizations to
optimize their mobile initiatives and mitigate business risks associated with it. A centrally controlled and
real-time monitored mobile environment will be the defining feature of most of the enterprises, in times
to come.
Mobile Device Management: Securing your mobile Environment./ 10
11. About [x]cube LABS
[x]cube LABS is one of the leading mobile apps
development and consulting firm, headquartered
in Dallas, U.S and with offices in New York and Reach [x]cube LABS
Hyderabad, India. With expertise across all the connect@xcubeLABS.com
major mobile platforms, [x]cube has delivered
over 500 apps till date and has an enviable client
list comprising of some of the biggest brands like
1-800-805-5783
GE, Intel, Texas Instruments, Hasbro, Mattel and
24 Hour Fitness. [x]cube’s understanding of the
www.xcubeLABS.com
mobile space and technology, complimented by
its rich experience across all the major industry
verticals and the capability to deliver end-to-
end solutions, make [x]cube the perfect mobile
consultant of choice.
To integrate your enterprise people, processes and products with customized, avant-garde mobility
solutions or to explore mobility opportunities in your enterprise with our experts, please feel free to
contact us at connect@xcubeLABS.com.
We encourage you to continue exploring our website ( www.xcubeLABS.com ) to find out more about
our services.
[x]cube is the premier mobile solution partner for companies and individuals creating the next generation of digital applications.
[x]cube develops custom solutions for the iPhone, iPad, Android and Windows Mobile platforms.
[x]cube is a division of PurpleTalk, Inc.
xcubeLABS.com | 1-800-805-5783 | connect@xcubeLABS.com