Before the days of smartphones and tablets, IT departments had full control of the authorized devices that connected to enterprise networks. They set policies for which types of computers could be used in the workplace, how they could connect to the network and what types of protections they needed to remain secure.
That control was upended by the mobile revolution. Enterprise devices were connecting to the network alongside the personal devices of users and visitors, presenting varying degrees of security. While users loved the new capabilities their smartphones and tablets offered, this change created a nightmare for IT staff to manage.
As the precursor to enterprise mobility management (EMM), mobile device management brought calm to the chaos. With MDM software, IT departments were able to monitor and secure devices, whether they were organization- or user-owned. They could establish policies that users had to comply with before connecting devices to the network. They could encrypt devices, and if one was lost or stolen, MDM software gave administrators the ability to manage it remotely, including locking it or erasing its content.
Today, MDM is nearly as ubiquitous in offices as copiers and coffee machines. But as the mobile revolution has continued to evolve, organizations have learned that it’s not enough.
The anytime, anywhere capability of mobile devices today has blurred the lines between work and home. Rather than stay late at the office to finish a project, a user can go home, have dinner, then stretch out on the couch with a tablet and wrap it up.
Considering the convergence of personal and professional lives, it made sense that users would employ the same devices at work as they did at home, but it still introduced new challenges for the IT team.
The initial response to users bringing their personal devices to work was to establish bring-your-own-device policies. BYOD can boost productivity and cut down on equipment costs because users already own the devices.
But along with the pros of BYOD came several cons. The wide assortment of devices, operating systems, applications and security controls strained IT departments, which had to figure out how to keep track of, maintain and secure all these new devices on the network.
Another problem arose. While IT departments were charged with keeping their networks secure, it became hard to justify requiring complete control of devices that the enterprise didn’t own.
In some cases, such as with contractors or board members, IT administrators can’t have any control over devices, even though the devices can be used to access enterprise data. So organizations began to rethink their mobile strategies. Rather than taking a solely device-centric approach, it made sense to build a mobile strategy around protecting content, as well as the applications that access that content.
Leading EMM solutions, such as AirWatch, MobileIron and MaaS360, reflect those evolving needs by offering both mobile application management and mobile content management capabilities.
Mobile Application Management
MAM solutions can help administrators control which applications to make available to employees, how they’re licensed and delivered, and what policies govern their usage. With MAM, users can employ their personal devices the way they choose, but give IT administrators control over the applications they use for work.
MAM begins with the distribution of applications. Organizations can push out apps to users, or establish their own app stores and stock them with applications that users need to do their work. The applications can be made available through role-based access, which permits users to download only those apps appropriate for their specific jobs.
Either distribution strategy makes it easy to track which applications are used and to manage licenses. License management is particularly important at companies with BYOD or corporate-owned, personally enabled device policies, because users can’t take those apps (and the corporate data on them) when they leave the company. The licenses stay with the enterprise, which can deactivate apps and transfer their licenses to other users if needed.
Mobile Content Management
MCM adds another layer of control over mobile deployments. While MDM focuses on the device and MAM provides protection at the application level, MCM controls the very data that organizations work so hard to protect. It offers users a secure way to access and share content.
Containerization creates a separate space on a device where users can securely work with content and specific applications. Containerization authenticates users before they access the material in them, and it encrypts data in transit and at rest.
As more users employ their smartphones and tablets to work, it may be tempting for them to use file sharing, email or other apps that aren’t secure. This could pose a threat if they use these apps to access enterprise data. So while they may still choose to use those apps for personal tasks, organizations can set up containers that house approved apps with settings and policies configured by IT administrators.
MCM is an important tool to guard against data loss. As with MAM, it can enable administrators to limit certain actions, such as copying, pasting or printing sensitive data. MCM can also be used for geofencing, which relies on a mobile device’s GPS capabilities to establish a geographic boundary within which the device must remain while an app is running.
In addition to mobile device, application and content management, organizations may benefit from several other useful features of enterprise mobility management, including:
- Cloud delivery
- Unified management consoles
- Identity/authentication tools
- Single sign-on
- Security reporting
- Automatic device configuration
- Integration with back-end systems