Increasing numbers of business applications are helping mobile workers get things done in the field using tablets or smartphones, and more consumer applications support common business processes for mobile workers. More workers are using their own devices, and more people rely on multiple devices to access the same set of applications, depending on where they are and what they’re doing.
Smartphones and tablets are all essentially web-enabled computing technology. To help manage these devices in the field, and to help solve challenges inherent in the bring your own device (BYOD) movement, many organisations operate mobile device management (MDM) platforms in house. Recently the choice of solutions has widened, with perhaps the most dramatic shift arising from the proliferation of viable cloud-based MDM services.
Given the range of feature sets provided by MDM vendors, IT directors already struggled to make an informed decision on which one to buy. Now many consider the question of cloud-based versus on-premise secondary, preferring to filter offerings primarily by functionality. As Yasmin Jetha, CIO at Bupa, puts it: “With increasing need for companies to support consumer devices for their employees, there is a need for mobile device management solutions, whether cloud-based or in house.”
Other IT directors prefer a combination of cloud-based and on-premise MDM. “Robust and flexible MDM has been critical to manage the explosion of consumer devices and mobility, and a variety of deployment options from on-premise to cloud are required to ensure the service is ‘always on’,” says Phil Jordan, group CIO of Telefonica.
Whether a company considers the choice of cloud-based versus on-premise a primary or secondary question depends a lot on what they need from a platform and on their timeline for amortizing IT investments in general.
Like many organisations, the London Borough of Lambeth has benefited from applying mobile technology to the business processes of at least part of their workforce, and can measure the results. In Lambeth, social workers go out to homes to assess children with disabilities and work out what support they can provide the children and their families. “Because our pilot project made the back-office applications available on mobile devices, those families can get a decision two weeks earlier,” says its assistant IT director, Rob Miller.
Having recognised the value of mobile technology, IT directors are now looking to provide as much support as they can on as many devices as possible. “Enabling BYOD is a key part of our strategy. We want to move to a situation where we aren’t focused on trusting devices but where we’re managing information and apps to any device,” says Miller.
Miller views MDM as a stop-gap solution solving problems that they won’t need to address once Lambeth moves to a paradigm of managing applications and information, rather than devices. “Our goal is to policy-wrap applications,” he says.
As for information protection, Miller takes a measured approach. “We won’t allow personal devices to connect to our VPN, but will instead work to securely provide access to appropriate information through cloud-based email and a corporate app store. This will be supported by policy, training and sensible risk management to keep sensitive data off personal devices.”
Other CIOs view MDM as necessary for some time to come, but these same directors quickly point out areas where they’d like to see vendors make improvements. “MDM addresses the issue for trusted devices,” says Bupa’s Jetha. “It does not adequately address the issue of tolerated or unsupported devices.”
Some see user-centric device management as limiting, since many users have more than one device, and like Miller, many prefer a policy of application management.
For this reason, many MDM platforms offer mobile application management (MAM) features as well, and analyst IDC sees the combined MDM-MAM approach as the way forward, coining the term mobile enterprise management (MEM) to designate platforms which serve both roles. IDC predicts global sales of MEM platforms to grow from the 2011 figure of $444.6m to $1.8bn by 2016.
Of all the features offered with MAM, IT directors rank most important those that allow staff to blacklist untrusted applications and ‘whitelist’ the trusted ones. While organisations like to let users find appropriate business tools on their own, IT needs to prevent misbehaving software from causing collateral damage.
Many directors also rank container policies high on their list of priorities, as it helps them support BYOD by setting up dual personas on a device. Certain data and applications belong to the private persona, while other data and applications belong to the business persona.
“The advantage with cloud-based solutions is utility-like transparent pricing but there are concerns with security, as well as potentially splitting identity management and device management,” says Bupa’s Jetha.
“Increasingly, cloud-based services are seen as the dominant approach for controlling and vetting access to systems when the main usage of our systems access is by customers as opposed to employees.”
The London Borough of Brent carefully considers what can go on the cloud. “The challenge cloud computing presents organisations such as ours is that when you move information out of the datacentre, we don’t see what happens to it,” explains CIO Stephan Conaway.
“For things like children’s mental health records, we aren’t comfortable trusting the information with somebody else,” says Conaway. “However, for things like mobile device management, it’s immaterial, because there’s less of a security concern.”
Cost is also an advantage of cloud-based solutions. Organisations striving to cut costs generally take a close look at cloud-based services, which, as they are subscription-based, require little or no up-front investment. in equipment or training.
IT departments that select cloud-based MDM frequently get users up and running hours after they sign up for the service. Day-to-day operations are minimal, platform upgrades are taken care of and the best providers regularly adding support for new devices.The only thing subscribers have to do is understand how to configure device management through the provider’s web-based interface.
Organisations with transitional staff find cloud-based MDM offerings particularly attractive, because they can easily scale both up and down as required. Of course each provider has different upper limits on the number of devices supported, so subscribers wishing to avoid unpleasant surprises should find out what this limit is beforehand.
The on-premise option
Because IT directors of large organisations support a variety of businesses over a vast area, many choose MDM platforms sold for operation on premise, but which are also offered as a cloud service. One such company is Telefonica. “IT departments should look for vendors that provide a variety of deployment options including on-premise and cloud of all types to ensure the solution grows with the needs of their different business users, while at the same time providing some consistency in the service,” says its group CIO Phil Jordan.
Perhaps the most important benefit of cloud-based MDM is that if you become dissatisfied with one provider, you can switch to another with relative ease; and if you ever decide you no longer need MDM, you can simply switch it off.
“The reason cloud-based MDM works for us is we aren’t making a big investment in a platform we don’t think we’ll need later,” admits the London Borough of Lambeth’s Robert Miller.
“We also recognise that the market is changing very fast. Because vendor offers are evolving, by buying a cloud service, we can easily change providers without having to decommission expensive infrastructure.”
Tellingly, Miller views MDM as a poor solution for BYOD, because most people are against the idea of having the enterprise manage their personal systems.
“I don’t want the corporate MDM system putting controls on my personal device, and switching off function I want,” he says. “Some corporations have bought up several thousand MDM licenses, but in the end there was very little take-up, because none of their employees wanted MDM for their own devices.”