Enterprise Mobility Management: Is the Honeymoon Over?


By Israel Lifshitz - Jun-25-2015

When you really think about it, security technology lifecycles can be compared to love and relationships. Take enterprise mobility and the advent of BYOD for example. As the market’s needs moved beyond the desktop PC, and employees demanded the ability to use a vast array of different consumer mobile devices, along came the knight in shining armor du jour – Mobile Device Management (MDM).

MDM let businesses enforce policies on tablets and smartphones. If a lost or compromised device was discovered it could be remote wiped. This seemed like a great solution for IT at the time, but far from it for BYOD employees who resented IT being able to infringe their privacy, view which apps they were downloading, and potentially erase their personal files.

This led to the metamorphosis of MDM as a BYOD solution, to the beginning of Enterprise Mobility Management (EMM) as an overall strategy. This concept still relied on the foundation built by MDM, but now expanded to include Mobile Application Management (MAM) and (Mobile Information Management) tools. MAM allows IT to contain and secure only specified corporate apps. They can select wipe only those apps without altering the employee’s personal apps. MIM tools offer a corporate, secure version of cloud-based file sync and share services like Dropbox.

Together, this trio of security tools merged to become what is known as EMM – the latest security buzzword for an industry seeking to solve its enterprise mobility riddle. Organizations needed a security approach that could be applied to all mobile devices. And to a large extent, EMM has offered a way of doing just that.

EMM enforces a standard policy, provides a way to manage mobile apps, content and operating systems, oversees network services like WiFi and data usage, and allows IT to manage hardware inventory and enforce security policies via encryption. As for the EMM toolbox, “Everyone’s doing it”, and so enterprises have readily fallen for their latest love and adopted it as their main BYOD security solution. I call it the EMM honeymoon.

But as the relationship has matured past the early adopter phase and into early majority territory, So have the mobility needs of many enterprises. These include providing mobile employees with more robust applications that include sensitive client and proprietary data, and providing that data with the higher level of security it merits. These needs surpass the capabilities within the EMM suite.

Here are several reasons why the end of the honeymoon phase with EMM has arrived, and signals the need for a holistic solution that can bolster its overall security approach.

What’s love without (data) security? Absolutely Nothing!

Many industry experts are not satisfied with the security level afforded by MDM deployment and have actually delayed expansion of their BYOD program as a result. This hesitation leaves them supporting only standard apps (i.e. email, Calendar etc.) and holds them back from progressing to the next level of app deployment – which is where they need to be going if they want to reap the most out of BYOD.

The industry is already recognizing these issues and much of the buzz now is rightly focusing on securing enterprise data and the best way to accomplish that. More and more experts are subscribing to the philosophy that your data is your most valuable asset and are re-visiting the best way to secure it.

App Deployment & MDM: Y’all Got Compatibility Issues!

When using MDM in tandem with Mobile Application Management (MAM) tools, enterprises still must deploy multiple app versions so that they can run on different platforms and OSs, as well as different device and OS versions. For example, your CRM app may run smoothly on Android 4.4 for Samsung, but the same version fails on HTC devices. You will never know when your users decide to upgrade the OS version or even install a custom OS.

These issues translate into higher costs for app development and testing. Enterprises also face major issues deploying apps onto all of the devices in their network. Apps need to be installed within the vast array of devices, creating a major burden for IT.

MDM Security is High Maintenance for your IT

IT help desks are incurring higher costs for supporting users and in many cases do not have the resources needed to take on the added workload. Enforcing MDM security policies is also much more time-consuming than anticipated, and requires ongoing patches and other security measures to deal with device and OS vulnerabilities. More work resources are involved, from the security team right down to the help desk.

Growing Apart: Enterprise Integration & Scalability

Companies are struggling to find a way to run enterprise apps on one platform and help users more easily log into their apps. Each app must connect to enterprise data, and with MDM they must be installed individually per device. How does this impact growth and scalability? Logging into each app separately becomes more cumbersome as the needs of users grow. More apps require more security approval and integration. For example, implementing a Single-sign on (SSO) process is especially challenging because the devices cannot connect to the Active Directory. Other issues which will come to the surface are how EMM complicates the integration of apps with Kerberos authentication protocols and SAML (Security Assertion Markup Language) standards.

VMI + EMM: Completing BYOD

So where do enterprises and EMM go from here? Just as with successful relationships, we grow and become more well-rounded, adapting to each other’s needs. That’s where an emerging technology like Virtual Mobile Infrastructure (VMI) comes in. By adding VMI to the enterprise mobility mix, businesses can use a multi-tiered approach for their delivery of standard and more sophisticated apps.

EMM can be used to securely deliver mobile applications such email, calendar and contacts. VMI can be used to deploy robust applications such as CRM and ERP software for example, and provide access to more sensitive client and corporate data. With VMI providing a completely remote environment, companies can gain that trust and peace of mind that all their critical information is kept and managed separately from their employees’ personal devices.

Implementing VMI for an enterprise can integrate with existing EMM tools, and consequently enhance your organization’s ability to:

    • Run mobile native apps remotely on your corporate data center.
    • Deliver any Android-based app (available on Google Play) as simple as drag and drop to the environment.
    • Develop just one customized app for one environment for both iOS and Android.
    • Implement an SSO process for both a local secure container and a remote VMI environment.

Adding VMI to your existing EMM security secures classified client and proprietary data and enables seamless app deployment. You benefit from the best of both technologies, and your enterprise mobility initiatives can graduate from the honeymoon stage and into a productive, secure and lasting BYOD future.