Why mobile apps management trumps a traditional BYOD strategy

Companies should consider a unified end-point management strategy instead

mobile device management
Thinkstock

While mobile devices are critical to any modern business strategy, paying for company-owned smartphones or tablets -- or mobile device management (MDM) software to keep them all secure -- can be a wasteful pursuit.

Most employees are happier owning their own mobile devices, but don't like the idea that their company could wipe all their data. And enterprises often over buy enterprise mobility management (EMM) software, expecting to use licenses for all of their employees. But they end up only using those licenses for a far smaller percentage of workers.

"Basically, they...end up hitting a roadblock getting every group or department, business unit or user type to sign on to have their device managed," said Chris Silva, a Gartner research director, "especially, if it's a personally owned device."

A more targeted solution: a mobile applications management-only (MAM) strategy, which locks down enterprise applications and data associated with them, not the devices themselves.

For example, Microsoft's Intune mobile cloud service has policies that restrict employees from cutting, copying or pasting information within a managed app. And InTune's MAM policies support multiple platforms, including the big two, Android and Apple's iOS.

When bring-your-own-device plans (BYOD) began to take shape several years ago, many corporations made device wiping a key goal; after all, the ability to delete all data from an employee device looked, on the surface, to be the best way to deal with sensitive data loss.

But there were unintended consequences.

"We've started to see civil cases take shape," Silva said. "New York State is an example that comes to mind. Someone was a contractor; they signed away their rights on the dotted line. They ended their contract and left. The device got wiped and the last photos of a dead relative were destroyed. It found its way into a court room. That's had a chilling effect on this."

In addition, in countries such as France and Germany, there are greater protections for an employee's personal electronic devices that make it even harder to implement tough BYOD policies, Silva added.

"We've gotten a lot of questions from enterprises about how can they can manage this without locking down the whole device," Silva said.

The majority of smartphones used in the workplace now are personally owned devices. Only 22% of employees are given corporate-issued smartphones, and 12% were issued a tablet, according to an online survey of 9,592 end users conducted last year by Gartner.

The survey, which included users in the U.S., U.K. and Australia, found two out of three employees use their own devices for work, including desktops, laptops, hybrid laptops, tablets, smartphones and phablets.

A lot of what needs to be handled in a MAM strategy can be addressed with just an email application. For example, Microsoft's Office 365 with email covers a large part of what most users need day to day: it offers a browser, an email client and Microsoft Office apps.

The applications are hosted in the cloud; any data generated by the platform is containerized and can be controlled by the enterprise.

While there may be some holes in Microsoft's approach, Silva said, such as giving up some device management options like pushing out a Wi-Fi configuration, many companies are finding there's another way to skin the device management cat, "where I don't have to lock down Joe or Sally's device and get a million calls about how they lost their PIN."

As organizations roll out Windows 10, they're exploring ways to manage all their devices, both desktop and mobile, under one platform. That's given rise to a unified end-point management (UEM) products.

While still nascent, UEM vendors include Microsoft, VMWare (AirWatch), MobileIron, Citrix, JAMF and Blackberry.

"[That's] pretty much all the regular suspects in EMM and MDM, and even some of the traditional PC management vendors, like Avanti," said Phil Hochmuth, IDC's program director for Enterprise Mobility.

Additionally, JAMF offers a UEM platform for Mac and iOS devices.

Organizations attempting to roll out a UEM strategy, should consider small pilots first, Hochmuth said. For example, if a company is rolling out Windows 10 to some groups, it's good to think about a unified management strategy to test the waters and see if it works.

"Some organizations run into problems because of the way Windows 10 is managed with EMM, and it pushes a lot of updates to devices differently than in the past, where LAN-connected PC could have images pushed to them," Hochmuth said, noting that bandwidth needs for updates could be an issue. "But I've heard of some sizeable pilots with 5,000 seats."

A good UEM strategy can consolidate IT roles and policies so that there's one management strategy for all electronic devices.

Computerworld's IT Salary Survey 2017 results
Shop Tech Products at Amazon