Included: Brief overview of MDM/EMM technology, MobileIron review, and possible MDM challenges.
**Note from FatStax** Over the past nine months, we’ve been seeing many of our larger clients installing MDM systems like AirWatch, Good, and MobileIron to name a few. This has led to an endless string of questions from clients and prospects about which MDM solution is best and whether FatStax will work within these systems (the answer is yes!). So not being shy, we set out to learn more about these providers and to attempt an unbiased MDM review. The task was more daunting than we thought, so we enlisted the help of writer and researcher Tom Bentley to help. So if you’re looking for an MDM or just want to learn more, welcome to the first installment of MDM reviews.
It’s not an uncommon sight going into our favorite coffee shops and seeing people staring into screens. Tablets, phones, laptops: Those devices are not only big business, they are now running businesses.
But the remarkable freedom and power of mobile communications can come at a steep price for the companies behind these mobile workforces: costs in IT management, security and control. Particularly when the devices are owned by the employees themselves—the Bring Your Own Device (BYOD) situation, now commonplace.
How does a business balance its needs for corporate data protection while not pulling too tight a leash on employee productivity? How to manage all those different devices with their different operating systems? How secure are they? How can critical information be updated across the enterprise at once?
A Mobile Device Management (MDM) system can help.
MDM solutions are employed by the enterprise to manage content, applications, email, and shared workspaces across a range of devices, platforms, and operating systems. All of this, while embracing both the BYOD ethic and the devices bought for employees by their companies.
Most MDM systems have broad multiuser management and reporting features, are highly configurable across the device range, and scale to thousands of users. And, if all’s well and working, they secure every bit of critical corporate info.
For our purposes, this article is intended for organizations looking for an MDM to support tablets for field-based employees. However, all of the topics are useful for full MDM understanding.
For tablets like the iPad, some of the more compelling MDM components for both the enterprise manager and the end user would include:
- Device enrollment
- App management
- “Containerizing” (separating work materials from personal stuff)
- Disaster recovery
- Network monitoring
And a critical issue that should stand alone: systems should offer the flexibility to adapt to change.
That flexibility is needed no matter:
- Whether those changes are in the devices themselves,
- In the companies that employ them (including the kinds of data they transmit, share and protect, and the scaling of that data),
- Or in the host of varying and evolving technical structures, such as operating systems, platforms, APIs and communication protocols.
MobileIron MDM Review:
A Secure and Scalable Enterprise Mobility Management System (EMM)
One of the bigger players in the MDM space is MobileIron, founded in 2007 and shipping products since 2009. It’s available as a cloud-based service or an on-premise system.
MobileIron MDM is a “big picture” EMM—the software enables deep corporate data protection: IT managers can locate devices, wipe them, encrypt communications and make sure the device complies with all corporate security policies. The system also checks for jail-breaking of devices, where a user tries to override or sidestep the security policies. The system gives IT the capability of securing mobile devices across multiple operating systems. Setting up group and user-based rules is straightforward.
Such a suite has obvious management advantages, in terms of security, integrated UI, and ease of deployment, not to mention potential savings in cost and time.
Let’s look at how the features of the MobileIron EMM system fit our MDM criteria list above:
Devices – IT administrators can manage and secure the mobile device, data, and apps from registration to retirement. The software supplies automatic device configuration through the MobileIron Client, which configures the device for the enterprise environment. If a device falls out of compliance, IT can define remediation actions that will either notify the user of policy violations or selectively wipe corporate information, without touching any personal data.
BYOD – MobileIron’s Multi-OS Enterprise Persona separates personal and professional apps and content while preserving the mobile user’s experience—in other words, corporate and personal apps and content are separated without any performance penalty on the device.
Apps – Applications are made available to employees through the Apps@Work private enterprise app store. The system automatically scans all newly installed sales apps for malware and can quarantine infected devices. MobileIron AppConnect can containerize corporate apps from personal apps.
Email – MobileIron’s Mobile Content Management solution ensures that corporate email attachments are encrypted and can be viewed using authorized applications including MobileIron Docs@Work. The platform allows for configuration, security and other access controls to email to/from the device.
Browsing – The MobileIron MDM software can protect users from accessing malicious websites and can block web pages by category.
Containerize (separation of work materials from personal materials)
MobileIron’s AppConnect can containerize corporate apps from personal apps; blacklists/whitelists can be set up and managed. Mobile Content Management enable end users to securely access and manage enterprise documents residing in a variety of content repositories, including SharePoint, WebDav, and CIFS. End users can securely browse corporate intranet content without the need for a device-wide VPN using MobileIron Web@Work.
Advanced security is powered by MobileIron Core, its security and management policy engine. IT admins have full corporate data visibility and control over certificate-based security. MobileIron Sentry can manage, encrypt and secure traffic between devices and the enterprise back-end. The software allows for selective wiping of enterprise data.
The MDM/EMM universe isn’t without its challenges.
There are no small numbers of users for these systems—across the vendor board—that express frustrations in app forums and discussion boards on various issues.
One issue that crops up again and again is that with some systems, device functions (and applications) are much slower, and battery life is much worse. Many users are concerned that even with strong containerization, their private content—emails, web browsing, texts—is still open for company review or even censure.
Other users are worried that the ability of the systems to do a full remote wipe of data will result in accidental loss of their information. And there were many voices that expressed concerns that blanket-use policies by companies wouldn’t take into consideration their individual device uses, needs and preferences.
Obviously companies need to show some sensitivity to individual employee needs, particularly when it’s a BYOD situation. Administrators and IT implementers need to have clear yet flexible policies that cover a broad range of situational and provisional uses of the devices when MDM systems are in effect.
And companies and users must be ready to face one of the invariants in this technological world: change is a constant.
Pricing information for MobileIron is not detailed on their website, however a breakdown of their package options can be found on their website.
EMM and MDM Reviews/Feature Sets, Plus Overview Video
Here are a couple of fairly recent and deep charts of MDM/EMM solutions, with breakdowns of their feature sets:
(Note: FatStax is not affiliated with MobileIron, nor do we resell MobileIron or anything like that)