Clients      Employees

Focusing on the App instead of the Device


The Bring Your Own Device (BYOD) phenomenon has spawned an array of new product categories that promise to help IT cope with the onslaught of user-owned devices. In our last post we talked about mobile device management (MDM), which focuses on provisioning, supporting, securing and controlling the mobile devices themselves.


Mobile application management (MAM) provides a somewhat different set of functions, including enterprise application delivery, security, configuration, licensing and maintenance, along with usage tracking, reporting and policy enforcement. MAM enables IT to control which applications are provisioned to which devices, based upon device type, user, role and other criteria.


There is some overlap in functionality between MDM and MAM but the viewpoint is different. Instead of deciding which devices can access which corporate resources, IT is deciding which applications can be pushed out or downloaded to each device and securing those applications.


MAM also reflects the shift in how enterprise applications are provisioned and used. Traditionally, IT supplied and managed both the endpoint device and a set of enterprise applications the employee was allowed to use. The user experience was limited to those devices and apps. Today, end-users bring not only their own devices but their own apps, including apps downloaded from public app stores. Because IT does not have complete control over the device or app, a new application management strategy is needed.


Locking down the entire device does not address the security concerns associated with third-party apps. Changing usage patterns warrant a more granular approach to security in which authentication, encryption and remote wipe take place selectively, at the application level.


So-called “app wrapping” forces third-party apps to use multifactor authentication or a VPN, and ”geofencing” limits app usage based upon the user’s location or the time of day. IT should enforce passcode policy compliance across all app types and maintain control over organizational data. MAM enables IT to do all that instead of tinkering with the user’s device.


MAM also facilitates a transition toward a device-agnostic paradigm. This is increasingly important as mobile technology evolves. Organizations are beginning to manage tablets as well as smartphones and each has its own application management requirements. The number and type of devices is only going to escalate, making device-agnostic management imperative.


Google just announced that its MAM solution is now supported on iOS as well as Android. The solution allows Apple device users to separate personal and business apps, gain single sign-on capabilities across Google Apps for Business, and download and install approved iOS apps from Google’s Device Policy.


As BYOD continues to grow and evolve, a number of experts have debated whether it makes more sense to manage the applications accessed by mobile devices or the devices themselves. Some contend that MDM is still needed to provide end-to-end enterprise mobility management. However, end-users often balk at giving IT controller over their personally owned devices. MAM shifts the focus from managing devices to securing the applications and data the devices access.


If your employees are using their own devices for work, you need to take steps to protect sensitive applications and data. Contact ICG to discuss the best approach for your mobile device strategy.