|Moving Beyond Mobile Device Management|
BYOD has quickly transformed IT, offering a revolutionary way to support the mobile workforce. The first wave of BYOD featured Mobile Device Management (MDM) solutions that controlled the entire device. In the next wave, BYOD 2.0, control applies only to those apps necessary for business, enforcing corporate policy while maintaining personal privacy. A Mobile App Manager is a complete mobile application management platform built for BYOD 2.0.
In 2013, the mobile workforce is expected to increase to 1.2 billion — a figure that will represent about 35 percent of the worldwide workforce—and many of those workers will be using their own devices.
People have become very attached to their mobile devices. They customize them, surf the web, play games, watch movies, shop, and often simply manage life with these always-connected devices. Those organizations that have implemented BYOD programs are reporting increased productivity and employee satisfaction at work. The 2012 Mobile Workforce Report from enterprise WiFi access firm iPass3 found that many employees are working up to 20 additional hours per week, unpaid, as a result of their company’s BYOD policies. Nonetheless, 92 percent of mobile workers said they “enjoy their job flexibility” and are “content” with working longer hours. In addition, 42 percent would like “even greater flexibility for their working practices.” Organizations have been able to reduce some of their overall mobile expenses simply by not having a capital expenditure for mobile devices and avoiding the monthly service that come with each device.
The flip side of the convenience and flexibility of BYOD are the many concerns about the risks introduced to the corporate infrastructure when allowing unmanaged and potentially unsecured personal devices access to sensitive, proprietary information. Applying security across different devices from a multiple number of vendors and running different platforms is becoming increasingly difficult.
BYOD 1.0 (2009-2012)
BYOD 1.0 is the industry’s first attempt at solving problems related to personally owned devices in the workplace. BYOD 1.0 consists of two primary components — mobile device management and device-level, layer 3 VPNs. The primary aim of MDM is to manage and secure the endpoint device itself, including varying amounts of protection for data at rest on the device (which is typically limited to enabling native device encryption via configuration). The primary aim of the layer 3 VPN is to connect the device back into the corporate network, providing data-in-transit security for corporate traffic.
Both of these BYOD 1.0 components have a drawback — they are umbrellas that protect and manage the entire device, rather than zeroing in on just the enterprise data and applications on that device. Since these are usually dual-purpose (work/personal) devices, this device-wide approach causes issues for both workers and for IT.
Employees don’t like that BYOD 1.0 imposes enterprise controls over their personal devices, applications and information. One of the most commonly cited examples is that of the employee who leaves a company and has his device wiped by the organization, losing photos of his family along with the enterprise data and applications. People are also concerned with the privacy of their personal data under a BYOD 1.0 scheme.
From an IT perspective, organizations agree: They don’t want to have to concern themselves with personal data or applications. As soon as they manage the entire device or simply connect that device to the corporate network via VPN, that personal traffic also becomes an IT problem.
The shift from BYOD 1.0 to BYOD 2.0 builds on many of the concepts developed during BYOD 1.0, adding a new set of frameworks that enable IT organizations to wrap enterprise applications in a security layer.
BYOD 2.0 (2013 Onwards)
Throughout BYOD 1.0, vendors have provided connectivity for mobile devices into enterprise networks with VPN functionality, most commonly through a SSL VPN client. This layer provides management capabilities as well as data-in-transit security, among others.
BYOD 2.0 builds on the BYOD 1.0 foundation but makes a substantial shift from a device-level focus to an application-level focus. BYOD 2.0 seeks to ensure that the enterprise footprint on a personally owned device is limited to the enterprise data and applications and nothing more. This means that mobile device management is supplanted by mobile application management (MAM), and device-level VPNs are replaced by application-specific VPNs. These application-specific tunnels are single, secure, encrypted connection to a specific service such as Microsoft Exchange.
With this approach, workers are happier than with BYOD 1.0 because the enterprise manages and sees only the enterprise subset of the overall data and applications on the device, leaving the management of the device itself, and of personal data and applications, to the device’s owner. IT staff prefer the BYOD 2.0 approach for the same reasons — it allows them to concern themselves only with the enterprise data and applications they need to secure, manage, and control.
Across an organization with a hybrid deployment of all of types of back-end environments (cloud, datacenter, SaaS), the next-generation mobile access offering must provide end-to-end security, from the application instance on the endpoint device all the way to the data center cloud, with a single authentication and seamless personal experience. It must also provide a single pane of glass view for management of the distributed application environment.
Mobile App Manager
A Mobile App Manager (MAM) is a mobile application management and access solution that securely extends the enterprise to personal mobile devices. It manages applications and secures data while satisfying the needs of employees and enterprise IT departments. For IT, it limits the burden associated with securing and controlling personal data and mobile use. For employees, it safely separates personal data and use from corporate oversight. MAM is a complete mobile application management platform offering security, management, and compliance for BYOD deployments. It is a true enterprise device, data, and information management solution that fits the needs of the mobile enterprise better than MDM solutions.
As the proliferation of mobile devices in the enterprise has created new challenges for IT administrators, they must be able to control devices coming into their network, track inventory, monitor for threats and vulnerabilities, and protect corporate information. At the same time, they must simplify the process of provisioning devices for WiFi, VPN, etc., and support configuring access to email, contacts, calendars, and other essential communication tools. An enterprise-ready MAM includes a suite of business productivity applications and capabilities to separate and secure enterprise mobile applications while providing end-to-end security.
For organizations that still require some device-level control for managed devices, the MAM should provide advanced mobile device management, including asset management, location tracking, control over device settings, network configuration, secure policy management, user management (LDAP/AD), remote access (i.e., lock, wipe, and reset), push notifications, and complete device lifecycle management.
Whether organizations are prepared or not, BYOD is here, and it is transforming enterprise IT. It can potentially provide organizations a significant cost savings and productivity boost, but it is not without risk. Mobile App Managers help organizations make the leap to BYOD or transition from controlling the entire device to simply managing corporate applications and data on the device, solving the work/personal dilemma. BYOD 2.0 is now a reality.