Jun 20, 2013
Will Mobile Device Management (MDM) be the next big application category to move to the cloud? A number of companies are betting that it will, not least because it looks as if that will be the only way to persuade small and medium-sized businesses to do BYOD safely.
Many large companies have been running MDM software for years. As well as enforcing security and admin policies on their mobile devices and pushing out software apps and updates, it also lets them wipe devices if they are lost or stolen.
Initially it was just company-owned devices, but BYOD upped the complexity considerably. Once directors and other execs started using their iPhones and iPads to read company documents and email, MDM was needed to bridge the gap between consumer technology and corporate security.
So with BYOD and mobility near the top of everyone’s agenda now, whatever the size of their organization, it is no wonder that Gartner felt able to predict that two-thirds of enterprises would adopt MDM for their “corporate liable users” by 2017. After all, who wouldn’t want MDM?
The surprising answer, according to a more recent report by Spiceworks, a company which develops IT management software, is two-thirds of the small and medium-sized business (SMB) sector. For the report — appropriately titled As BYOD Becomes Mainstream, Complexity Increases — Spiceworks asked almost 1000 IT professionals in SMBs their views on both BYOD and MDM. The results are intriguing: 61% claimed to support BYOD (though the implication was that many are doing so only under duress), but only 17% said they had MDM, while another 20% planned to implement it within six months.
Even assuming all those who currently have MDM are also BYOD supporters — which is not a given, because some might run MDM purely for company-owned devices — that means almost half of SMBs are at risk of losing confidential data, or even having their networks breached via a compromised mobile device.
What surprised me more were the reasons given for the lack of MDM implementation. Most existing MDM technology, such as SAP Afaria (formerly XcelleNet), MobileIron, NotifyMDM and Airwatch, is a server-based application targeted at large organizations, so I assumed the primary reluctance would be down to cost, complexity or both.
Well, not quite. No, the top reason given was that “our company does not see it as a true threat to warrant investment.”
Some might argue that this shows attention to risk assessment. After all, you shouldn’t invest if the potential cost of not investing is low. The problem is that to make that decision you need to properly understand both the risks and the costs.
On the risk side, BYOD isn’t just about connecting your smartphone on the company wireless — after all, you can probably mitigate that with your existing firewalls, VLANs and anti-malware tools. BYOD is about using your own mobile device for company business and company data. That means all your favorite risks are there: data breaches, industrial espionage, regulatory compliance failures, and more.
Then on the cost side, you don’t have to run your own MDM servers any more. Doing it in the cloud can be significantly cheaper and simpler, especially when you think just how often your MDM server will need updating in order to keep up with the fast moving world of mobile. Making it worse is the fact that the average mobilized SMB has to manage six different mobile platforms, that’s three different phone operating systems and three more on tablets.
(I must add a disclaimer here, which is that the Spiceworks report was sponsored by cloud MDM developer Fiberlink, and that Spiceworks will offer its users access to a free version of Fiberlink’s software. However, there are many other cloud MDM services available, including 42Gears SureMDM, Citrix XenMobile (formerly Zenprise), and Virtela. In addition, the likes of SAP Afaria now offer cloud-based versions of their applications.)
Of course, the cloud won’t work for everyone, and you will need to have the right WAN infrastructure in place to support both cloud apps and mobile connectivity. But when you don’t have the time, budget or specific requirement to implement MDM on site, going to the cloud instead will be a lot lot better than doing nothing.