Is MDM enough to overcome the BYOD challenge?

by Sohini Bagchi    Dec 06, 2012


When the solution becomes a part of the problem, what is it that one can do? That’s exactly the case with mobile device management (MDM), which, according to some, is supposed to be an obvious answer to the ‘bring your own devices’ or BYOD challenge.

Even though some vendors are raving about the growing market of MDM and several firms leveraging it to secure and manage mobile devices, a recent InformationWeek Mobile Device Management and Security Survey reveals that IT decision makers do not necessarily see mobile device management software as an essential tool to cope with the proliferation of devices in the workplace. Only a quarter of the respondents say their companies have implemented MDM software, and less than a fifth state that they are in the process of deploying it. And this is certainly not a big number.

The survey also finds out that even those companies that have implemented MDM believe that it is just one aspect of data security and management efficiency. This means that currently they are looking beyond MDM to secure their mobile devices.

One size does not fit all
Most CIOs have problem with the ‘one size fit all’ concept of MDM. According to Srinivas Raman, Head – IT at Indraprastha Apollo Hospitals, the main challenge is that almost all MDM software in the market offers the same fundamental capabilities. These include device inventory, data wipe and enforcing pass code requirements to name a few. However, all business verticals and even companies have very unique security challenges, which MDM often fails to address.

Initially many enterprises wanted to solve the mobile security problem with techniques such as end-point protection software, data leak prevention software and policy enforcement – those that were used for desktop PCs and laptops. But for mobile management, none of these were applicable. Raman believes customization is an aspect vendors need to look into. Even though certain vendors promised to enforce security policies and encrypt data, they are still at a nascent stage as the technology itself is new and requires time to mature.

The other challenge is most MDM vendors cannot root the device but they can only control the security of the apps on the device. This is because the operating system in each device limits their action. In such a scenario, even for adding a new capability, they always have to be at the mercy of mobile OS makers.

As companies look for strong BYOD security policies, they need mobile application management tools. This would not only allow them to control the configuration on the device, but also control the application that is loaded on that device.

So what’s the solution?
So while selecting the right MDM solution, what is it that the CIO should consider? An effective MDM policy depends on your deployment capabilities and how you can integrate it with your business strategy.

According to Kumar Parakala, Head of Management Consulting - IT Advisory, KPMG in EMA, the level of encryption should be high. Enterprises should understand whether they need to encrypt the entire device, or specific company data.

The InformationWeek report suggests that CIOs should look for certain features such as a custom app store, in-built app security screening, browser security, auto-provisioning capabilities and built-in reporting features, among others to ensure that their technology and policies actually deliver the data security and management efficiency they seek.

The best way is to find out from each vendor what differentiating features they have. For example, as the report suggests Symantec bundles in data loss prevention capabilities, which none of the mobile operating system offer. It is also important for IT leaders to study the market well before getting into an MDM implementation.

MDM has its own potential, but the market needs to be ripe for widespread adoption. MDM vendors should realize that the same features and policies of the technology may not be applicable to every vertical. They should also toy with various ideas, get more creative and capture the huge enterprise market that’s waiting right there to secure their increasingly complex mobile environment.