A study by B2B International recently highlighted the slow adoption of mobile device management (MDM) software. It revealed that only 11 percent of the companies surveyed had an MDM solution in place to ensure those employees with mobile phones and tablets are complying with corporate security policies. This tells us that even though the entire industry is talking about bring your own device (BYOD) programs, very few companies are correctly implementing them.
According to Gartner, this problem will only grow in the coming years, as the BYOD trend shows no signs of slowing down. Shortly after the B2B International study, Gartner predicted that over the next five years, 65 percent of enterprises will adopt an MDM solution. However, the B2B study suggests that companies aren’t embracing the challenge of securing corporate data on mobile devices.
Our experience in working with SHI customers integrating mobile devices into their enterprises show the accuracy of both of these studies — MDM adoption is slow despite heavy BYOD use.
The IT departments I talk to recognize this problem and want to manage their devices, but they’re having problems determining which solution is best for them. They don’t want to spend money on one solution, only to find out six months later it wasn’t the right fit.
The problem lies within the industry. There’s so much noise that people are becoming confused. There are hardware solutions for BYOD, and there are software solutions. Some solutions are touted by big-box security companies, while others are from no-name, angel-funded startups. Without the proper education, companies don’t know which solution to choose, and the problem falls to the wayside.
So today, I’d like to share the top-five pieces of advice I give my customers to help them pick the correct MDM solution for their organization:
- Forget the single solution. Within every organization, there is tremendous diversity when it comes to the devices that need to be managed (smartphones, tablets, and other devices); the users that need to be supported (senior executives, field sales reps, customer service personnel, recruiters, customers, etc.); the data that needs to be protected (financial, sales, and customer); and the applications that need to be deployed (executive information systems, CRM, proposal generators, trouble tickets). Obviously, no one MDM solution is going to meet the needs of each user.
- Segment your users. Companies always assume that BYOD has to be implemented for every part of the organization, but we usually recommend that companies start small and grow from there. For example, maybe only the senior executives should be supported with BYOD, or just the sales team. Deploying with smaller chunks at first can simplify the problem and reduce the costs. Instead of 50,000 people to support, you might only have 500, or even 50.
- Deploy multiple solutions for multiple purposes. Because there isn’t one solution that will meet the needs of all users, and because users should be segmented into well-defined groups, it makes sense to deploy multiple solutions, each targeted at a distinct set of users.
- Dress in layers. We’re seeing customers have success when taking a tiered approach to mobile device management. Many will implement a hardware-based solution from Cisco or ForeScout to provide a basic network access control (NAC) infrastructure that supports a broad swath of the organization. Next, they layer on a software-based MDM solution for more sophisticated needs. Some companies have even deployed two software MDM solutions. For example, they’ll have Good and AirWatch running side-by-side. They’ll use Good for a containerized approach to protecting the devices and the data of a group that is dealing with very sensitive information, like human resources. For something a little lighter, such as sales, they’ll use a solution like AirWatch.
- Devices or applications? There’s a philosophical split in what customers want to manage. Do they want to manage the applications on a device, or do they want to manage the device itself? This decision has a number of implications, and there are some hard tradeoffs involved. There are a lot of differing opinions about which approach is better — a discussion best left for its own post in future. In fact, even industry giants are shifting on this issue. For example, Citrix recently acquired Zenprise, one of the top-five MDM solutions in the space today. But, if you’d spoken with Citrix in mid-November, you would have heard it vehemently insist that it wasn’t interested in managing the device. Now, it’s changed its tune, thanks to its new hybrid solution: Citrix does an excellent job of managing the applications, no matter what the device. And Zenprise manages the device — ensuring that geolocation is turned on and that the right software is updated.
Our last example of Citrix’s acquisition of Zenprise demonstrates both the importance of this market as well as its constant state of flux. It’s this confusing market that’s causing people to take a cautious approach to deploying MDM solutions.
But our work with clients shows that companies are beginning to take the first steps to finding the MDM solution that works best for them. We’ve seen a lot of customers put limited deployments and pilot programs in place now. And, as these customers gain experience with the technology, I have no doubt that we will see the adoption of MDM accelerate.