Consumerization, BYOD and MDM: What you need to know

Consumerization and BYOD is reshaping the way IT is purchased, managed, delivered and secured. We delve into what it means, the key products involved, how to handle it and where it's going in the future.
Written by Charles McLellan, Senior Editor

In the 1980s and 1990s, the PC revolution freed business computing from the centralised world of the mainframe (and its minicomputer offspring), but companies generally retained tight control over the personal computers their employees could use -- especially in the earlier 'desktop' part of the PC era. As computers became increasingly affordable, mobile and connected, around the turn of the millennium, more and more people began using home computers to work on after office hours.

Consumerization's influence is changing the way traditional enterprise apps look, feel and operate

From this point, it was almost inevitable that the process called 'consumerization of IT', which includes the BYOD (Bring Your Own Device) trend, would occur. After all, who wouldn't prefer to work with a notebook, tablet or smartphone that they had carefully chosen to fit their own requirements over a device selected according to a set of corporate IT purchasing guidelines? Similarly with applications and services: if Evernote, Google+ Hangouts and Dropbox provide better user experiences for note-taking, video communication and cloud storage than their respective corporate-approved equivalents, for example, then people will find a way of using them.

Consumerization of IT doesn't just mean bringing your own device to work and using consumer apps and services: its influence is also changing the way traditional enterprise apps look, feel and operate. Microsoft's SharePoint 2013 document management/collaboration server is a good example: not only does its user interface adopt the Windows 8 'modern' look, but it also adds a managed version of the consumer SkyDrive cloud storage service, incorporates Facebook-style status updates and includes an app development ecosystem.

BYOD (Bring Your Own Device) is a relatively recent term, but the process has been going on for quite some time.

The trouble is, of course, that those dull-but-worthy corporate IT purchasing guidelines were put in place for good reason: under-the-radar hardware can bring serious headaches for IT departments when it comes to software provisioning, device troubleshooting and -- in particular -- data security.

BYOD is already well established in businesses and still on the rise. One of the leading vendors of mobile management software, Good Technology, recently published its second annual survey of 100 of its customers, which showed that the percentage of BYOD-supporting enterprises rose from 72 to 76 percent between 2011 and 2012, while the percentage with no BYOD plans dropped from 9 to 5 percent.

Key findings from Good Technology's second annual survey of 100 of its customers: BYOD support is widespread, especially among larger enterprises, and employees are willing to pay for their own devices and data plans.

Other insights were that larger enterprises were most active in BYOD (75 percent of BYOD-supporting enterprises had over 2,000 employees, 46 percent had over 10,000) and, intriguingly, that many employees are willing to pay for the freedom to use their own kit: 50 percent of the BYOD-supporting companies in the survey require staff to pay for their own devices and data plans.

Those dull-but-worthy corporate IT purchasing guidelines were put in place for good reason

Consumerization of IT is clearly not going away, so enterprise IT managers cannot simply bury their heads in the sand. The challenge is to accommodate the 'work anywhere, anytime' productivity and user satisfaction benefits that consumerization and BYOD can bring, while retaining enough control to keep company data secure and compliance requirements satisfied.

This doesn't have to be a negative, finger-in-the-dyke operation for IT managers: handled properly, it can become a creative exercise, in which IT staff and employees collaborate to select and exploit a mix of devices, applications and services that will allow them to maximise productivity on their chosen devices without violating sensible corporate IT guidelines. However, this may often require significantly different skill sets than are commonly found in your average buttoned-down, Microsoft-dominated enterprise IT department.

In this article, we examine the classes of software that have developed to cope with the problems raised by BYOD, and the proliferation of portable computers in businesses generally -- namely Mobile Device Management (MDM) and Enterprise Mobility Management (EMM) suites. First we'll unpick the components of such products, then we'll summarise a series of recent analyst reports on MDM/EMM vendors, and finally examine an alternative approach.

A fully featured Mobile Device Management suite actually encompasses a lot more than just device management, although that remains the starting point for an end-to-end solution. The other layers that need addressing are the applications running on the devices, the network connection to the enterprise and the data that's accessed, shared or generated. The term that captures this expanded functionality is Enterprise Mobility Management (EMM), and many MDM vendors are busily extending their products in this direction.

Here's a quick tour of the functionality expected at each layer.

Device management
At the very minimum, an MDM suite must require users to set numeric or alphanumeric passwords for accessing their mobile devices, and renew them at some designated frequency. Encryption of corporate data must also be enforceable, along with remote locking and wiping of lost or stolen devices. Other basic device-level MDM functionality includes auditing (of device features, status and usage), location tracking, hardware management (disabling a device's camera or Bluetooth connectivity where necessary, for example) and Active Directory synchronisation (for integrating mobile device policies with existing IT management infrastructure). It goes without saying that the leading mobile platforms -- iOS and Android on smartphones and tablets, Mac OS X and Windows on notebooks -- must be supported.

Advanced device-level functionality includes support for additional platforms (Windows 8 and Windows Phone 8 being uppermost in many minds right now), the ability to separate personal and corporate profiles, and the ability to set context-aware policies that block access to certain capabilities (the device's camera, for example), at certain times or in certain places.

Application management
Control over the apps that employees run on their mobile devices is obviously essential: a rogue program downloaded from a mobile OS's native app store could easily compromise a corporate network, for example. So MDM suites should provide IT managers with an inventory of the apps running on users' mobile devices and ideally accommodate a customised enterprise app store where approved apps can be made available securely to particular users or groups. Another approach is to implement a blacklist of apps that are deemed insecure or damaging in some way to employee productivity. A more advanced -- and increasingly important -- feature is app-specific security via containerisation (also known as 'app-wrapping'), whereby important apps like corporate email get individual secure connections to the enterprise network.

Network management
A fully featured MDM/EMM suite needs to monitor device usage so that, should a potentially rogue app get downloaded (perhaps it's not yet on the blacklist, for example), it can control access to the corporate network. Obviously, unknown, unauthorised or jailbroken devices should not be allowed onto the network. Also, the suite's network security functionality should ideally integrate with any existing network security infrastructure.

Data management
Document repositories and collaboration tools such as Microsoft's SharePoint are widely used in larger businesses, but it's not a trivial matter to make them secure in a highly mobile enterprise -- and BYOD only exacerbates the problem. Content management in MDM/EMM suites needs to interface and synchronise with leading products like SharePoint, while ensuring that sensitive documents do not escape from the enterprise. If the MDM/EMM suite you're considering lacks this functionality, specialist products such as Colligo Briefcase are available to fill the gap.

MDM/EMM: a meta-analysis
Mobile device management and enterprise mobility management have been hot topics for several years, and many analysts cover this well-populated market. To get an idea of the size of the MDM/EMM vendor population, and some consensus on the leading players, we've generated a simple ranking based on five 2012 research reports -- from Aragon Research, Forrester Research, Gartner, Info-Tech and The Radicati Group.

Most of these analysts distil their research by placing vendors into quadrants defined by various axes: Gartner's well-known Magic Quadrant, for example, has axes for 'Ability to Execute' and 'Completeness of Vision', resulting in quadrants named 'Leaders' (top right), 'Niche players' (bottom left), 'Challengers' (top left) and 'Visionaries' (bottom right). To generate our aggregate MDM vendor ranking, we simply gave three points for the 'best' (top right) position, one for the 'worst' (bottom left) and two for each of the remaining spots (top left, bottom right). The resulting chart looks like this:

mdm-vendor ranking
MDM/EMM vendors, ranked on scores generated from five recent analyst reports.

The ten top-ranked vendors (green bars) include a mixture of 'pure-play' MDM specialists and companies like Good Technology, SAP, Symantec and RIM with broader offerings. Some -- like AirWatch, MobileIron, SOTI and Zenprise -- offer both on-premise and cloud-based (SaaS) deployment, while others -- notably BoxTone and Good Technology -- only currently support on-premise solutions. The sole leading MDM vendor to go the cloud-only route is Fiberlink with its MaaS360 suite. In total, the five analyst reports covered 31 vendors -- and this isn't an exhaustive list by any means.

As well as mobile specialism and deployment method, key factors to consider when choosing an MDM/EMM vendor include whether mobile app and content management is supported, how well the separation of personal and corporate data is handled and whether the solution integrates with existing IT infrastructure management systems. Check out our MDM/EMM directory for more detail on the companies listed above.

We've seen from Good Technology's survey quoted earlier that in many BYOD-supporting companies, employees are prepared to pay for their own devices and data plans. In other companies, some or all of these costs are covered by the employer. However, all businesses need to avoid alienating employees by effectively turning their BYOD notebooks, tablets and smartphones into locked-down devices that hold little more appeal to work on than standard corporate-approved hardware. The key here, it seems, is how well MDM/EMM suites can separate personal and corporate usage -- particularly when it comes to remote wiping capability. But is there an alternative approach?

Mobile virtualisation: the alternative
Virtualisation has had a huge impact in datacenters and has long been used to run multiple OSs on desktop systems, but has yet to make similar inroads in the mobile space. That's likely to change, though, because virtualisation seems tailor-made for BYOD -- especially as mobile devices become ever more functional in terms of CPU and GPU power, storage capacity and connectivity.

The idea is that IT managers create a secure, managed, virtualised space on the mobile device in which all business-related activities occur. This is completely isolated from the device's native environment, which remains the user's personal domain.

Several solutions along these lines are available, including VMware's Horizon Mobile, which is now available for Android and iOS devices, along with the server-side Horizon Mobile Manager (HMM), where IT managers provision and administer users' virtual workspaces:

VMware's Horizon Mobile and Horizon Mobile Manager allows IT managers to create and administer secure virtual workspaces on employees' smartphones.

Desktop virtualisation is a well-established field, with products like Citrix XenDesktop and VMware View able to deliver secure virtualised desktop, web or SaaS applications, or complete desktop environments, to a variety of devices -- PCs, Macs, tablets and thin clients, for example. Such installations require a lot of on-premise infrastructure and IT management expertise, however, and so desktop virtualisation as a hosted service may prove a more attractive option for many smaller companies. Nivio, for example, provides access to Windows desktops, applications, storage and an administration interface on any device with an HTML5-compliant browser and an internet connection, and costs from $35-$60 per user per month. A similar service, Cloud Desktop, has just been announced by Mikogo. Desktone is a leading player in the DaaS (Desktop as a Service) market, its technology underpinning third-party offerings from Dell, Navisite, Fujitsu and Quest.

BYOD outlook
These days, cutting-edge technology tends to appear first in the consumer market. Once exposed to new tech, people will want to use it at work as soon as possible. If officially denied, they'll probably use it surreptitiously, with potentially serious security consequences.

Consumerization, BYOD and the increasing mobility of business computing create serious headaches for IT managers. But these trends also create opportunities for more flexible working patterns, leading to greater employee productivity and job satisfaction -- and ultimately a better return on investment in IT for the business. That's why the BYOD trend is here to stay, and why IT managers need to embrace it.

Mobile Device Management (MDM) is currently evolving into the wider field of Enterprise Mobility Management (EMM), a process that's likely to see further consolidation of today's sizeable vendor population. Larger businesses will want to integrate these products with existing IT systems management infrastructure and collaboration software, which will inevitably see even greater involvement in the MDM/EMM field from big software-and-services players like Microsoft and IBM.

For some companies, virtualisation may prove a more appropriate solution than a full-on enterprise mobility management suite. Here, the IT department simply commandeers part of the mobile device and provides secure access to virtualised business applications, or entire corporate desktops, hosted either in the company's or a service provider's datacenter.

We hear a lot about 'work-life balance' in today's world of increasingly capable and connected mobile devices. The challenge for business IT departments in the next few years is work out how best to accommodate these demands on employees' mobile devices.

Editorial standards