The official hub of The Enterprise Mobility Foundation
Want more than just blog posts? Login or Sign up for a free acount and get research, videos, slide decks and more! Join the online social network for Enterprise Mobility.

If Mobile Device Management Doesn’t Matter, Then What Does?

Thanks to the powers of the Twitter-sphere, I stumbled upon this interesting article called “Why Mobile Device Management Doesn’t Matter.” It’s certainly a provocative title, albeit not a unique one, particularly from enterprise mobility vendors that are trying to provide technology solutions to help manage the ever-explosive growth of mobility in the workplace via non “MDM” solutions.  Today’s missive, by the way, is by no means meant to be a direct response to the article, but rather to share some of the impact of that article.

Once I retweeted the article, an interesting, yet brief discussion ensued between myself, Chris Perret, Brian Katz and Maribel Lopez. (side note: if you haven’t connected with these people on this site, you should).

Maribel tweeted:

Its about data mgmt across all devices since devices keep changing

While Brian said:

What I’ve been saying all along – you need MDM hooks but not MDM, just like you need MAM but holy grail is MIM

Last, but certainly not least (in fact he was the 1st to respond), Chris said:

yeah. MDM is part of an overall management and security schema, not the whole thing … but not irrelevant either

I agree with all these statements, but I think there’s a broader issue at hand that wasn’t captured in 140 characters (I blame Twitter, not these three super smart people).

There’s no question in my mind that organizations MUST deploy a mobile device management solution.  There’s also no question in my mind that organizations NEED to deploy a mobile application management solution (assuming they are moving past basic PIM functionality). Don’t forget though that I am the guy who keeps on yammering away about how organizations need to have a holistic enterprise mobility management solution in place to manage all the facets of the mobility strategy.  In fact, one of my responses on Twitter was:

I’ll argue you need mobile device and application management tools to reach mobile information management nirvana

In this little Twitter discussion, we still didn’t reach what I feel is the crux of the matter.  Let me ask you all to take a step back for one brief moment and let me ask you a one-word question.

Why?

Why are we talking about Mobile Device Management or Mobile Application Management or any of the other components of Enterprise Mobility Management?  Brian is dead on when he says it’s about Mobile Information Management.  Enterprise Mobility Management solutions are a means to managing/securing/protecting corporate information mobile devices.  This has to happen at multiple levels…in fact, it has to happen at seven levels.

But why should we worry about Mobile Information Management?

I think that that is the core question we need to answer.  Let me offer you, if you don’t mind, my answer to this question.

It’s all about managing risk.

At the very core of everything we talk about, whether BYOD, COPE, CoIT, apps, smartphones, tablets, whatever….it’s all about managing the potential risk that comes from using mobile devices.  Now risk actually goes beyond information management (which arguably is going to be predominantly about indirect costs – think lost IP or business secrets), but can also include direct costs.  Anyone who has ever gotten and expensed a 4 or 5-figure wireless roaming bill knows what I am talking about…or what about if a B2C application loses sensitive data…or if a B2B app loses 100,000 credit card or social security numbers.

Oops…

Risk.  Risk is about what happens when things don’t go according to plan.  You lose a device. It gets stolen.  You leave it somewhere without a PIN code.  You are justifiably and correctly using your device, but with an unsecured connection….or you inadvertently downloaded an app that has code in there to do “nasty” things.

Risk management should then be all about mitigating that risk or having the tools to minimize the impact of a negative externality once it has occurred.  This is why you need a means to ensure that your corporate data is protected…this is why you need to have a mobile information management strategy in place.    And how do you protect that data?  With application, device and security management solutions.

See where this is going?  Brian is right.  It’s all about information management…but the reason why it’s all about information management is because organizations need to better manage their risk profiles in the mobile era.  I wonder how many are truly ready for this new world.

Thoughts?

13 Comments

  1. Posted April 17, 2012 at 16:41 | Permalink

    The article has some points but the author is incorrect that MDM solutions cannot provide DLP (I assume his company does)

    Blackberry provides Balance which can enforce controls around corporate data (attachments and Apps). Good Technology as well has controls which can restrict what can be done with corporate email / attachments.

    Considering iOS has no file system there is little worry to someone saving from a website directly to the device and there are controls outside of an MDM to lessen that risk (disable web based email, block USB etc). MDM to me is more then physical security and asset management. The reporting metrics from an MDM is just not possible via Exchange or other metrics.

    Which devices are being used, OS version? Which Apps do users have on their device? How much are devices being used (email sent / received etc) all things of value regardless of CL or IL.

    I suppose if someone wanted they could disable all native functionality (corporate wise) on a mobile device and limit users to web based only. The user experience will take a hit but you’d reduce the risk of corporate data on devices.

    There is a difference between management and control of devices.

    Looking forward to Blackberry World for those going.

    Thumb up 0 Thumb down 0

    • Posted April 17, 2012 at 16:43 | Permalink

      “There is a difference between management and control of devices.”

      Can you explain the distinction you see between the two?

      Thumb up 0 Thumb down 0

      • Posted April 17, 2012 at 16:47 | Permalink

        Management is like I stated. Metrics around the device to help you understand what is being used in your environment. This applies across all users (CL, Cope, BYOD etc)

        Control is remote erase, pwd enforcement, restrictions etc. This has varied levels based on user type. For example we have over 10 security policies based on employee type and need.

        Thumb up 0 Thumb down 0

        • Posted April 17, 2012 at 16:51 | Permalink

          Thanks for the clarification. I’m not sure that I would agree with your definition of management. It sounds to me more like visibility. IMO, management is more about being able to set and enforce IT policies/certificates, etc.

          Thumb up 0 Thumb down 0

          • Posted April 17, 2012 at 16:53 | Permalink

            Right .. same concept, wrong word on my part.

            Thumb up 0 Thumb down 0

  2. Posted April 18, 2012 at 03:28 | Permalink

    I have the same debate about management vs control all the time. To me the definition is simple.
    Control is something you can force and the user can not override. You must have a pin lock in place or turn off iCloud so that the user can not override the setting are a couple of examples. Management is those things that IT would like to be able to do to a consumer device like they can do with a Blackberry. Examples would be turn off 3G roaming. Yes you can do this from the MDM server but the user can turn it back on. This essentially = management not control or stop an iOS update. This is not currently possible so you cannot control it but you can manage it via notification or compliance requiring the user to update to be compliant. This once again is not control but management of the device. The 3rd is around apps. I can blacklist apps (dropbox is a common one) but I can not stop the user from installing the app (other than turning off the app store which goes against why I would want a modern smartphone) I can merely react to and manage what has happened. Hence management not control.

    Control has a great place in IT but it also presents some big issues in the long run. What percentage of Blackberry users are on the latest version? I would speculate very few. This is because IT can stop them from updating. (Control) Why do Blackberry users hate their Blackberries… because they are on an old version that is like being stuck on Windows 98. What percentage of users are on iOS 5.1? Answer… heaps. IT hate it because they cant control it and must manage and react to the consumer speed that is required to keep up but the users love it because they get to be on the latest and greatest.

    Would the world be a different place if everyone was on the latest version of the Blackberry OS?

    Thumb up 0 Thumb down 0

  3. Posted April 18, 2012 at 09:48 | Permalink

    I agree that security and risk management are critical, but believe that there is a bit of a “Can’t see the forrest for the trees” issue here.

    Let me start by way of a story:
    A few years ago I had a discussion with a mobility expert from the NSA who was emphatic that the only way to truly secure mobility was to NOT deploy it at all. In his view any other approach was filled with security holes and risk that could not be fully secured. I found it interesting that he was at a mobility conference at all and asked “Why are you even here; Why don’t you just do that?”. His response was instructive: “Because I can’t. Our users want it and we need the productivity benefits that it provides.”

    Now this was just one individuals view, but he was from the NSA where security reigns supreme. If security is the ultimate goal then not deploying mobility would be both the most secure and cost effective solution. But it is not, mobile security and risk management are a means to an end and not the end itself.

    The ultimate goal of mobility is the delivery of a service to mobile users. They expect (reasonably so) that security is part of the service. They also expect the mobile service to deliver value, be easy to use, be continuously available and perform well. We need to make sure that we remain focused on solving the whole challenge for the mobile user and the enterprises/agencies that support them.

    Thumb up 0 Thumb down 0

    • Posted April 18, 2012 at 09:53 | Permalink

      Alan – I don’t think anyone would (or could) disagree with you that THE ultimate goal is enhanced workforce productivity. My comments were solely about the management aspects of the equation. I like your annecdote re: the gentleman from the NSA. I also know of a way to dramatically reduce security risks at any organization…cut off the Internet. Given the unrealistic nature of that statement, I maintain my thesis that organizations must then work to mitigate the risks/threats from the irrefutable benefits of Internet access (and mobility in our universe).

      Thumb up 0 Thumb down 0

  4. Posted April 19, 2012 at 13:41 | Permalink

    Great discussion here! I completely agree that it is in fact the information that needs to be managed and protected. However, the reason we talk about MDM and MAM is because those are perfectly legitimate means to that end, and there will certainly be other means to that end that come along, too. The reality is that all of these methods are important and relevant because they each serve different scenarios and different business and IT needs. A single one will not replace any other anytime soon. That is why here at Symantec we have such a broad range of technologies in our solution – to address all of the various information protection use cases out there.

    Also, I don’t think it is perfectly accurate to say that not deploying mobility is the most secure path, if security is your ultimate goal. I have personally seen that refusing to enable mobility in business does not stop people from doing business on mobile devices. It just forces them to do it an insecure and uncontrolled way, which can be very bad indeed. I advocate embracing mobility so users can continue to do the things we know they’re going to do anyway, but do it through managed and secure mechanisms.

    Brian Duckering
    Symantec

    Thumb up 0 Thumb down 0

  5. Posted April 19, 2012 at 15:58 | Permalink

    Managing the information is ultimately the goal.
    Organizations will asses the best options to achieve this, and sometimes it will take a combination of tools to get there.

    Our thesis is that in the modern BYOD era, the one perimeter of ultimate control IT can have is the application layer. If the application is designed to be responsive to the organization (vs the user) it can enforce all the DLP and other policies necessary to safeguard data.

    This is why we believe strongly that companies that care deeply about security need to start with a centrally managed container application that has its own private communications channel and then work out from there. If they can layer on MDM, then fine, but at least true DLP will already be in place.

    There are many scenarios in today’s dispersed, collaborative world where providing access to data adds value, but where device control is logistically impossible. These are best addressed with container apps, where control (vs management) is absolute.

    Thumb up 0 Thumb down 0

  6. Posted April 25, 2012 at 19:26 | Permalink

    I agree that information is key to the success of any organisation but remember that in collecting the information, storing the information, transmitting the information and processing the information requires suitable hardware and applications. So any system that purports to look after the information need to be able to at least understand the hardware it is stored on and applications that process it. So to me it still seems to be important that you need some level of hardware and application management. If this were not true then your desktop PC wouldn’t require so many patches, anti malware, etc. So if you can find a way to look after the information without looking after the hardware and applications s well then you will be on to a winner. And of course let’ not forget the user … time to introduce MUM – Mobile User Management.

    Thumb up 0 Thumb down 0

  7. Posted December 13, 2012 at 02:51 | Permalink

    Yesterday I was reading an article that:-
    With the explosion of new multimedia devices and its application, the situation has changed a lot for the users. Earlier people only used to make or receive calls from their mobile phones but now as the technology is advancing on daily basis people are finding it difficult to cope up with these enhancements. Now this problem or issue is not only limited to the general public, it is also affecting the enterprises. Since mobility is the new mantra which organizations are following these days and as a result of the same these organizations have started allowing their employees to bring their own devices to work and complete their tasks. Enterprises have allowed the devices but also face so many problems while managing these devices.
    Mobile Device Management solutions help enterprises to control, monitor and secure the corporate devices which are on the network. MDM is a mechanism which is being used all over the world by all companies so as to secure the work environment. Security is the first and foremost responsibility of any enterprise as this is being followed everywhere. The devices are secured and monitored with the Over-The-Air (OTA) technology where in the notification is send to the phone when the device is added on to the network. Once the device/s is/are added it becomes the responsibility of mobile device management software to track its/their performance.
    With the help of Enterprise Mobile Device Managementone cannot only manage the devices by also can configure them Over-The-Air (OTA). This is all done through configuration management. This configuration management helps the employees in configuring their handsets with the necessary settings required for multiple purposes. With it organizations also can update, install or un-install applications, configure web bookmarks and many more.
    Enterprise mobile management actually controls the full mobile workforce and increases the profits by increasing ROI.

    Thumb up 0 Thumb down 0

Post a Comment

You must be logged in to post a comment.