Modernizing Authentication — What It Takes to Transform Secure Access
Thanks to the continued proliferation of mobile devices and the increasingly common practice of employees using their own mobile devices for work (bring your own device or BYOD), Gartner recently predicted that 65 percent of enterprises would adopt a mobile device management (MDM) solution over the next five years.
Frost & Sullivan recently estimated the market for enterprise MDM will grow from $178.6 million in 2011 to $712.4 million by 2018.
While most experts believe the use of MDM will grow, many believe it will broaden to encompass not just mobile devices but mobile applications and infrastructure as well.
For several years the Aberdeen Group has used the term enterprise mobility management. Andrew Borg, Aberdeen's research director for Mobility & Collaboration, says this approach goes well beyond simple MDM.
"It's really about lifecycle management," he said. "The device itself is not what is important. Ultimately, it's the data on the device and the data that can be accessed through the device that matters."
To illustrate this, Borg notes an Aberdeen survey found that a single security lapse resulting in data loss can cost an enterprise anywhere from $10,600 to more than $400,000.
The ability to remotely lock mobile devices or wipe data from devices, while important, is "table stakes," Borg said. "What's needed is more comprehensive lifecycle management, from procurement through the end of a device's life, and not just the device itself but all of the content on a device and all access to authenticated content that can be provided through a device."
MDM Market Consolidation
Richard Absalom, analyst, Consumer Impact Technology, for Ovum, agreed and noted that several recent acquisitions show that MDM vendors are purchasing technologies that will help them offer more holistic solutions. Good Technology, for example, bought mobile application management provider AppCentral in late 2012.
In 2013 the MDM concept will continue to expand, Absalom said, with vendors adding options such as expense management to their product lines. "Expense management should be part of it, looking after the costs," he said. "It often goes under the radar how much more expensive it can be to use employee-owned devices. You can run into trouble with roaming charges for workers going abroad, for example."
Attracted by the burgeoning demand for MDM, a growing variety of technology companies will "buy their way into the market," Absalom added, offering the example of Citrix's recent acquisition of MDM provider Zenprise.
The buyers will likely represent many different areas of the technology spectrum, Absalom said. "Different companies will choose approach this in different ways, based on their varied backgrounds and core technologies."
Much of the market consolidation will be driven by falling prices, said Vikrant Gandhi, a principal analyst for Frost & Sullivan. "Right now there is so much opportunity that it is still a land grab," he said. "Rates are dropping, however. It's almost a race to the bottom. We expect to see consolidation, but give it two years."
In the meantime, Gandhi noted, strategic marketing and distribution relationships will remain important. Partnerships with mobile operators, system integrators and others remain the most popular go-to-market strategy for MDM providers.
In addition to increased acquisition activity and a continued evolution from MDM to EMM (enterprise mobility management), what other trends will the market see in 2013?
Absalom, Borg and Gandhi agree that while most organizations currently using MDM have on-premise deployments, cloud-based MDM will become the dominant model – and in relatively short order.
A recent Aberdeen Group survey found that of five service delivery models, 44 percent of companies opted for self-hosted, self-managed software behind a corporate firewall. No more than 16 percent used any of the other four options (self-hosted behind a firewall and managed by a third party, hosted and managed by a third party, self-managed but hosted by a third party or self-managed and hosted in the cloud).
When asked about future plans, however, Aberdeen found self-managed cloud deployments would grow at a rate of 150 percent in the next 12 months. Contrast that with growth rates of 75-81 percent for the deployment models involving a third party and a growth rate of just 17 percent for self-managed, on-premise software.
Address Policy, Not Just Technology
In another survey Aberdeen Group found that while 78 percent of top-performing organizations in the U.S. had a formal BYOD policy, only 43 percent had methods to enforce compliance to their policy. "That tells us something like 35 percent of organizations are saying something along the lines of 'anything goes' -- and that is the top-performing organizations," Borg said.
Absalom said many organizations may struggle with the idea that while "MDM may be great for co-owned devices, it might not work as well for the personal devices many employees use for work." Ovum discovered that legislation governing data rights can vary widely from geography to geography, which means the lines between personal and corporate data could blur.
"Without the right corporate policies in place, it can create problems if people don't know when their personal information may be monitored or wiped, for example," Absalom said. "It’s a dilemma for the IT department, in that it must protect corporate data but is also obliged to respect a company's employees."
Ovum found that just 20 percent of people it surveyed that used their own mobile devices for work had signed a BYOD policy, Absalom said. "It's important to outline rights and responsibilities for both employer and employees. Companies will likely need to bring in the lines-of-business to help determine what should be included in their policies and also bring in HR and legal departments to help draft them."
Adding Machines to the MDM Mix
Companies remotely monitor everything from vending machines to oil rigs. Thus, Gandhi said, at least some enterprises need to monitor and manage not just mobile devices used by employees but also machines that collect and deliver information.
"Now they must use two systems to monitor, manage and control these different endpoints," he said. "But what if they could use a single interface to manage all of their connections – some human and some automated? I think we might start to see some partnerships that will make that possible."
A Different Kind of Consolidation
There is no mystery as to why mobile is a key part of what Aberdeen Group is calling SoMoClo, the convergence of social, mobile and cloud IT infrastructure. "Mobile endpoints are a logical extension of the cloud," Borg said. "With smartphones and tablets growing in popularity, they are becoming an interface to the cloud, even more so than desktops or laptops."
To effectively meet the challenges presented by this convergence, Borg suggested IT organizations will need to view mobile, cloud and social "not as separate challenges but as one IT construct." The good news, he added, is more vendors will bring unified solutions to market that can help integrate and manage this kind of a consolidated infrastructure.
Ann All is the editor of eSecurity Planet and Enterprise Apps Today.