Modernizing Authentication — What It Takes to Transform Secure Access
The mobile device management (MDM) market is growing rapidly. Forrester Research recently revised its prediction of the size of the market in 2015 from $3.9 billion to $6.6 billion. That's a big revision.
A large part of that increase, the research firm said, will be driven by a shift from a focus on managing mobile devices and their security to building mobile app stores and managing the growing pool of apps and data on a growing range of smartphones and tablets.
Additionally, Gartner research vice president Phillip Redman said the need for MDM in the enterprise is being driven strongly by the current trend toward corporate bring-your-own-device (BYOD) policies.
“When everything was BlackBerry … you didn’t really need a broad general mobile device management platform,” he said. “But since iOS is certainly the fastest growing platform in the enterprise today, and will be followed very quickly in the next couple of years with Android devices, it’s the variety of different OSes that need to be supported in the enterprise that’s really driving the need for MDM.”
And most employees, Redman said, understand that there’s going to be an inevitable tradeoff between being able to choose their own mobile device and giving their company access to the data on that device.
“You can’t treat every device and every piece of data the same way and, so, to segment that data based upon different levels of security; to segment the users based upon the different levels of security they may need; and then to make sure that you have the right practices in place for each of those different segments -- that’s what an MDM platform can allow you to do,” he said.
Sifting the vendors
In choosing among the intimidatingly wide range of MDM offerings currently available, Redman said the first step is to clarify what your requirements are not just now but in the future, as well.
“Define what your priority is as far as which MDM components are most important for you. Today, a lot of it may be based on security, but as more and more corporate and non-corporate applications are being driven on these devices, software management and inventory management are going to become very, very important,” he said. “So think about not just today, but a 24-to-36-month timeframe.”
IDC Senior Analyst Stacy Crook said the key features to look for in an MDM solution can add up to quite a long list.
“You have to be able to do configuration, provisioning, inventory management, remote wipe and lock … and you want to look for a provider that does allow you to have different policies for an employee-liable device versus a corporate device,” she said. “You also want to look for a provider that offers application management, where you have more of a granular ability to say, ‘This universe of devices gets access to these kinds of applications, and this universe of devices gets access to these kind of applications.’
“It’s also a good idea to look for a provider that integrates with your back-end directory system … so you can give people different access to different applications and do application management through a system that you already have deployed … and, depending on the kind of company you are, you may have a need for some cost control capabilities, monitoring capabilities,” Crook continued. “I would also say that companies increasingly think about authentication and identity and access management … and I would look for an MDM provider that talks to you about compliance management.”
What’s more is you have to take ultimate responsibility for making the key decisions regarding MDM. Tempting as it might be to do so, you can’t just leave it all up to the vendor. You might choose to allow a certain set of applications on employee-owned devices, but a more limited set of apps on corporate-owned devices. Similarly, you could choose to disable the camera on corporate-owned devices but allow it on employee-owned devices -- or just decide to block use of the camera on all devices.
And like Redman, Crook said BYOD policies come with responsibilities attached. “Corporate-liable programs typically are not available to every employee in an organization; it’s just not cost-effective. So this allows the employee to become a mobile worker, but with that privilege, you’re going to have to accept some level of company rule … as an employee, I don’t necessarily want my employer to be able to go onto my iPhone and see everything I have stored there, but that just may be the sacrifice that I have to give up if I want to be able to use it."
Changing roles, responsibilities
Ojas Rege, vice president of products and marketing at MDM provider MobileIron, said the larger point is the relationship between IT and end users is becoming much more complex than it used to be.
“It’s a partnership now,” Rege said. “Both sides have to do their job … and that’s a really new notion, that your end user carries a certain responsibility, and you as IT have to give that end user the notifications and the information to do the right thing and then to be notified if the wrong thing happens, so that they can then remediate.”
Rege said there are several key trends that have affected the MDM market in general over the past six months or so. One, as mentioned above, is an increase in corporate BYOD policies. Another is a shift from focusing simply on e-mail to focusing on mobile apps. “Just being able to get e-mail right is no longer good enough, and folks have to dive into the much more sophisticated worldview of applications, application distribution, and application security."
A third key trend, Rege said, is cloud-based management solutions.
“Over the course of the next six months or so we expect that we’re going to see a lot of customers start evaluating cloud-based MDM. But the key thing that’s going to be on their minds is that they’re not going to be able to go down that route unless there’s integration back into the enterprise. So how do I get the efficiency that a cloud based management and security service gives me, but at the same time not sacrifice my enterprise connectivity to my directory services, my certificate infrastructure and so forth?”
IDC’s Crook said there are several key benefits to a cloud based MDM solution. “One of the reasons cloud’s very interesting for MDM is that at the rapid pace that the OS updates are coming out, and the number of different devices that you have, when you have a cloud solution those updates can be made on the server and just pushed out to the device every time the device connects to the device management server in the cloud."
Looking further down the road, Craig Mathias founder of mobile advisory services Farpoint Group, said MDM will gradually become just one part of a more complete enterprise management solution. Most management functions for a given organization will eventually get rolled up into a single package.
“It’s really it’s a question of logistics,” he said. “How many different management consoles can you have open at once? How many can you effectively interact with at once? Where does the data live? And how do you avoid duplication of data across various management domains?”
Don’t expect that to happen any time soon. “We’ve got 50, 60 companies out there today that are producing mobile device management systems in various forms, with various levels of capability and emphasis, so it’ll be a while before you see that kind of roll-up occur,” he said. “But ultimately, it has to happen.”
But it’s too early in the development of the market itself to even define exactly what MDM is, let alone select key market leaders. “You could look at a product … like, say, MobileIron, and that will give you an idea of what could be done,” he said. “Or you could look at a company like Trellia, that has largely been in the policy stage and is gradually moving over to a more generalized mobile device management offering. It’s all leading edge today, because there’s no accepted definition of exactly what mobile device management absolutely needs to do.”
In the meantime, companies should keep in mind that, in many cases, an MDM solution will quickly pay for itself.
“Imagine you’re out there in the field, and you could be using a Wi-Fi network for free, but instead you’re using the really expensive international roaming on your cellular plan,” he said. “If you had a little piece of software there nudging you [to use the Wi-Fi network], wouldn’t that be a good thing?”
The point is that, when looking at the current state of MDM deployments, the most important lesson of all is an almost embarrassingly simple one.
“You’d be surprised how many companies I’ve talked to that do no management whatsoever,” Mathias said. “They literally are living on the edge, they’re making the assumption that everything is just going to be fine … and I think that’s too big a risk.”
Jeff Goldman is a freelance journalist based in Los Angeles. He can be reached at email@example.com.