MDM for parents: You want it too
Do you have kids? Do you have kids with phones or tablets? Me too, and I bet you want what I want: control over when, where and whether my kids can use their devices. Maybe even how they use them. The security industry is working on a solution which should address these concerns.
My colleague Jason Perlow beat me to the punch on this story, raising the need for something like MDM with which parents could manage their kids' devices. I'll just agree here with his reasons for why it's necessary. And yet, there's no effective way for parents to exercise such control.
There are plenty of consumer mobile security products available, and there are plenty of parental control products available and there are plenty of mobile device management (MDM) products. The intersection of these is rather obvious when you think about it, and yet nobody's doing it. Yet.
What could parental MDM do? Jason covered some of this, but consider this list:
- What they call Telecom Expense Management (TEM) on the business end allows parents to meter kids' variable costs.
- Find My Child — Through the miracle of geolocation parents can find out where kids are.
Geofencing — Parents could define locations where kids are allowed to use the device, or even specific apps, and where they are not allowed.
Time limits — Parents could set a hours of the day during which the device may not be used, or a maximum number of hours per day for use.
The Family App Store — One common feature in the newer versions of enterprise MDM is a corporate app store. This is a store in which IT can place in-house and purchased applications for users. A family app store could function similarly. More on this below.
Limiting in-app purchases
App-specific configuratons
The answer is an MDM hosted service for parents. The MDM companies (the biggies are AirWatch, MobileIron, Citrix and Fiberlink) might seem like the obvious candidates to offer parental MDM, but these companies are entirely business-focused. I spoke with AirWatch Chairman Alan Dabbiere about the prospects for a consumer-parental MDM market and he was unhesitant: It's going to happen, everyone's working on it.
Why hasn't it happened yet? Perhaps the biggest reason is that it's still a seller's market for business MDM and these companies can make more money selling more enterprise licenses than branching out into consumer services.
One big problem: none of the MDM companies have any experience working with consumers. Established consumer security companies (Symantec, Kaspersky, McAfee) not only have existing relationships with consumers, they have existing subscription relationships with consumers. The obvious answer is for MDM and consumer security companies to partner on it. Adding device management becomes just another $XX per month.
There are a few companies in both markets: Both Symantec and Kaspersky offer MDM to business customers. Neither has a significant presence in the market, especially for hosted services, and parental MDM would have to be hosted.
Dabbiere says they also see the major mobile carriers as possible partners, but they make less sense to me than the consumer security companies. It's true that they already have the consumer relationship and a monthly bill — that's their biggest advantage — but they don't have any particular expertise with consumer security software other than what they might license from the consumer security companies. So perhaps it's a three-way deal, although that would thin out the profits a bit.
I do think the security companies have too much to offer to be out of the deal. Consider the Family App Store I mentioned above: The consumer security companies are well-placed to put ratings and classifications on apps. Parents can then specify characteristics and ratings levels acceptable for the store, and any other apps have to go through the parent.
There are some technical problems with the family MDM scenario. Dabbiere pointed out the biggest one to me: Mobile operating systems allow only one MDM system in control of a device. This creates a potential problem for parents' devices which are under management by an employer's MDM.
The only obvious solution is for the parents to use the same MDM company as the employer, but this hardly seems like an adequate solution. Dabbiere argues that the problem works well for them, as they are the market leader, especially in hosted solutions (these are his assertions, I don't know if they're true), so they are in a better position to manage both. (Perhaps parental MDM could be an employer benefit…)
The other major technical problem is the fact that the manageability of the device differs greatly between operating systems. iOS 7 greatly expanded the scope of MDM capabilities built into the OS, but it won't allow the MDM to configure public apps when they are downloaded to the device. There are still more management hooks in Android and Windows Phone than iOS.
And once you get into Windows 8 devices the manageability goes up several levels, although this has not heretofore been a focus of MDM companies. Dabbiere says that they have Windows and Mac clients for their products and these would be valuable for parental control too. Is your kid actually doing his homework in his room with the door closed or is he playing Minecraft?
As the Los Angeles Unified School District found out, it's possible on some platforms for kids to remove protection simply by removing the user profile. The problem there was with iOS, and Apple will be plugging that hole soon, but even if it does happen the administrator (parent) gets a prompt alert that it has happened. Then the parent goes to the carrier to disable the device.
I know from personal experience and from other stories, like the LA iPad story, that if restrictions on mobile users are too strict, the users will push back and try to get around them. So much as I want to have the control, I know I have to exercise it carefully. It's like any other privilege with a kid: you want them to show they are responsible so that you don't have to restrict them. Eventually they'll be grown up and you won't be able to anyway.