Consumerization, BYOD and MDM: What you need to know

Summary:Consumerization and BYOD is reshaping the way IT is purchased, managed, delivered and secured. We delve into what it means, the key products involved, how to handle it and where it's going in the future.

A fully featured Mobile Device Management suite actually encompasses a lot more than just device management, although that remains the starting point for an end-to-end solution. The other layers that need addressing are the applications running on the devices, the network connection to the enterprise and the data that's accessed, shared or generated. The term that captures this expanded functionality is Enterprise Mobility Management (EMM), and many MDM vendors are busily extending their products in this direction.

Here's a quick tour of the functionality expected at each layer.

Device management
At the very minimum, an MDM suite must require users to set numeric or alphanumeric passwords for accessing their mobile devices, and renew them at some designated frequency. Encryption of corporate data must also be enforceable, along with remote locking and wiping of lost or stolen devices. Other basic device-level MDM functionality includes auditing (of device features, status and usage), location tracking, hardware management (disabling a device's camera or Bluetooth connectivity where necessary, for example) and Active Directory synchronisation (for integrating mobile device policies with existing IT management infrastructure). It goes without saying that the leading mobile platforms -- iOS and Android on smartphones and tablets, Mac OS X and Windows on notebooks -- must be supported.

Advanced device-level functionality includes support for additional platforms (Windows 8 and Windows Phone 8 being uppermost in many minds right now), the ability to separate personal and corporate profiles, and the ability to set context-aware policies that block access to certain capabilities (the device's camera, for example), at certain times or in certain places.

Application management
Control over the apps that employees run on their mobile devices is obviously essential: a rogue program downloaded from a mobile OS's native app store could easily compromise a corporate network, for example. So MDM suites should provide IT managers with an inventory of the apps running on users' mobile devices and ideally accommodate a customised enterprise app store where approved apps can be made available securely to particular users or groups. Another approach is to implement a blacklist of apps that are deemed insecure or damaging in some way to employee productivity. A more advanced -- and increasingly important -- feature is app-specific security via containerisation (also known as 'app-wrapping'), whereby important apps like corporate email get individual secure connections to the enterprise network.

Network management
A fully featured MDM/EMM suite needs to monitor device usage so that, should a potentially rogue app get downloaded (perhaps it's not yet on the blacklist, for example), it can control access to the corporate network. Obviously, unknown, unauthorised or jailbroken devices should not be allowed onto the network. Also, the suite's network security functionality should ideally integrate with any existing network security infrastructure.

Data management
Document repositories and collaboration tools such as Microsoft's SharePoint are widely used in larger businesses, but it's not a trivial matter to make them secure in a highly mobile enterprise -- and BYOD only exacerbates the problem. Content management in MDM/EMM suites needs to interface and synchronise with leading products like SharePoint, while ensuring that sensitive documents do not escape from the enterprise. If the MDM/EMM suite you're considering lacks this functionality, specialist products such as Colligo Briefcase are available to fill the gap.

Topics: Mobility, Bring Your Own Device, Consumerization


Hello, I'm the Reviews Editor at ZDNet UK. My experience with computers started at London's Imperial College, where I studied Zoology and then Environmental Technology. This was sufficiently long ago (mid-1970s) that Fortran, IBM punched-card machines and mainframes were involved, followed by green-screen terminals and eventually the pers... Full Bio

zdnet_core.socialButton.googleLabel Contact Disclosure

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Related Stories

The best of ZDNet, delivered

You have been successfully signed up. To sign up for more newsletters or to manage your account, visit the Newsletter Subscription Center.
Subscription failed.