MDM is dead; long live Mobile DATA management

by Andrew Braunberg

December 18 2012

Andrew Braunberg is a Research Director at NSS Labs, where his core areas of focus include enterprise mobility and network security.

Andrew Braunberg is a Research Director at NSS Labs

Given today's devices and corporate data accessed with them, tablets in particular need more than application-level policy enforcement.

The mobile device management (MDM) market has seen impressive growth in the last several years, but those specializing in data management are finding opportunities as employees lean on tablets for work. Enterprise requirements are quickly expanding to consider data protection in addition to baseline device controls.

Data protection is particularly important when addressing the security concerns that arise from the corporate use of tablets because of their utility as both data display (e.g. sales presentation) and data collection (e.g., health care providers collecting patient data) tools.

From a security perspective, traditional baseline requirements at the device level are well understood (e.g., passcode management, encryption, remote wipe) and are being addressed competently by vendors in the mobile device management market.

However, these are very coarse-grained controls when applied at the mobile device level. Given today’s devices and implementations, tablets in particular need to be augmented with application-level policy enforcement.

This is particularly true in environments that allow bring-your-own-device (BYOD). Look no further than the requirement to keep corporate and personal data separate on tablets and other mobile devices. This helps workers understand the need for a richer set of privacy, security, and compliance controls.

MDM overkill?

Unfortunately, mobile device management is typically too blunt an instrument for this requirement and this has led to a truly impressive degree of energy going into technical schemes to support the separation of work and personal activity on mobile devices.

These approaches include: a new class of secure enterprise-grade mobile apps; sandbox/container products that wall-off corporate apps from personal apps; client virtualization products that similarly split devices into corporate and personal domains; and application wrappers providing code libraries that can be used to “wrap” existing apps with additional security features.

The big - and honestly wide open - question is “Which of these techniques will prevail?” Regardless, IT and security teams need to find ways to reward the types of safe employee behavior administrators used to simply mandate, back when enterprises typically owned all the devices. Employees also need to be cognizant of their crucial role in mitigating mobile devices’ inherent risks and understand that this isn’t the “Wild West.”

Since corporate controls are required on the business “side” of every device, mobile security vendors also need to deliver products and services that don’t make this requirement too onerous for employees.

In general, technologies that respect and understand the end user experience win out in the new “Consumerization of IT” world in which we live. And, that is as it should be.

We should all be working to keep employees as productive and security-conscious as possible. The products that will ultimately win in the market will be those that find a way to deliver the management and security controls over corporate data that organizations require, while being minimally invasive for employees.

IT and security groups need to help steer employees to make smart choices with regard to the use of tablets and applications while providing employees with enough choice to keep them happy and productive.


Andrew Braunberg is a Research Director at NSS Labs, where his core areas of focus include enterprise mobility and network security.

Links & Apps

Share with: Comments (1)    v

Free newsletters for more tablet news, insights, apps and tips


  • Swarna
    1 year 11 months ago

    Great post!

    While I believe MDM features are still critically important, there is no doubt that MDM alone is only one piece of the overall mobility puzzle and agree that companies must look well beyond simply managing devices. Data is king! In fact, we (Symantec) recently created an infographic that highlights the five pillars that make up a strong foundation for secure, effective enterprise mobility to be built on, of which information protection is one of.

    The infographic can be seen here: (PDF).

    As you point out, there are various methods for going about mobile information protection. At Symantec, we believe mobile application management (MAM) -- the app wrapping method you mention -- is the most effective way to go about this. Both containers and virtualization, while largely effective at securing corporate data, limit end user productivity because they force users to use their devices in a certain way. On the other hand, with MAM controls such as authentication, encryption, data loss prevention and expiration can all be applied at the app level. In this way, complete end-to-end visibility and control over sensitive corporate data can be achieved and maintained without a heavy enterprise footprint on the device itself.

    Swarna Podila

Latest in tablet business / productivity