MoDM, MADM and MEM: re-categorizing the software for managing mobile devices in the enterprise
Now that millions of tablets and tens of millions of smart-phones are being bought each year, additional management capabilities are required by all organizations whose employees wish to bring these to work and use them within the corporate environment. This is throwing up a myriad of new challenges. Arguably, this justifies a more extensive hierarchy which reflects the various different additional extended capabilities that are needed to satisfy an enterprise’s requirements for mobile. These might be called ‘MoDM’, ‘MADM’ and ‘MEM’.
Mobile Device Management – often reduced to MDM (which far too often is confused with that other ‘MDM’ – Meta Data Management) – is most often applied to software which assists enterprises to handle multiple mobile devices like mobile phones (and especially RIM’s Blackberries). This is an established field which emerged from the need to provide organizations with smart-phone configuration and management, including some levels of security. Many of the 40+ vendors that Constellation knows of in this space have been extending their products’ capabilities, most notably to include iOS devices (iPhones and iPads), Android devices (tablets and smart-phones) and (for some vendors) other devices like Windows Mobile, RIM’s QNX (used on the Playbook) and even Nokia’s fading Symbian. To remove the confusion with ‘traditional MDM’, this category might now be more happily referred to as MoDM.
MADM – Mobile Apps and Data Management – goes a distinct stage further than mobile phone configuration and management. With the purchase of smart-phones and tablets by the millions or tens of millions, the new endpoint to secure is less and less the device and more and more about the apps and data that run on each device. The issues here concern security and compliance but with an added complication. BYOD (Bring Your Own Device) is the term used to describe the reality* that ever more people are buying their own smart-phones and/or tablets, rather than their employer buying enterprise-dedicated devices – which has been the expectation for PCs and even for Blackberries. This different ownership generates a conflict of interest: the BYOD device is the property of the employee who may be happy to use it to support the organization’s objectives, but not if the organization insists on taking control of the device; at the same time organizations must avoid compromising their security of data and applications. One extreme approach is to forbid non-enterprise devices from being used for corporate purposes – but this has minimal chance of succeeding (except in certain circumstance, like secure government use). The previous mid-way solution – to provide a corporate mobile phone to employees with employees being responsible for any personal mobile phone – is less practical as mobile devices add capabilities and processing power. Furthermore, the sandbox model of both iOS and Android combines app and data so that the client/server approach used with PCs (and early smart-phones) in the past is no longer adequate to maintain adequate separation (then the data was on the sever and only presented on the client whereas now it may be within the app). MADM refers, therefore, to a category of solution which addresses the management of mobile device apps and data so that personal and organizational apps and data are kept distinct while still observing both the device owner’s interests and the requirements of the organization.
MEM – Mobile Enterprise Management – goes beyond MADM. MEM should provide the total solution (including the functions of MoDM and MADM) within an architected approach that manages everything from: deployment and delivery of apps/data to and from devices; a delineated separation between app developers, whether internal or external, administrators and users; the capability to handle multiple destination platforms (preferably without needing separate functions to be developed); and adaptability as platforms change. MEM must also be able to scale (to tens of thousands or more users) and operate across boundaries (organizational, political, geographical, etc.). It must be able to distinguish between point and policy requirements, for example whether storage can be local temporarily for when someone is offline, and be able to police as well as verify this. All this must occur while recognizing the need to observe relevant regulatory and legislative requirements (SOXX, HIPAA, etc.) and provide the necessary supporting documentation to demonstrate that compliance.
MoDM today is broadly mature, but limited. MADM is becoming a bigger and bigger concern, at least in those organizations that understand the issues. MEM is broader and deeper still. Indeed MEM, to work, requires some form of architected approach so that, for example, compliance is provable.
MADM and MEM solutions are emerging. Enterprises that wish to accommodate BYOD (after all this has attractions as it can reduce capital costs and maintenance) while also keeping employees productive need to take action. They must understand that MADM and MEM are different to and move beyond MoDM – which is why these additional categories are desirable. They draw attention where enterprises need to focus.
* for example, see Consumerization of IT report (September 2011) from Dimension Research which found that “87% of employees use personal devices for work”.
Note 1 Constellation will shortly be producing a Quark (short report) which explores what clients should expect from each of MoDM, MADM and MEM. This will be followed by a Constellation Report which examines the vendors which supply MoDM, MADM and MEM.
Note 2 Constellation is researching the potential for a Constellation Enterprise Mobility Maturity Index (CEMMI) via which enterprises can self-assess their current and future positioning, and compare this to other enterprises.