These mobile devices just aren't going away. What'll we do, Trevor?
I'm a busy man, lads, but pull up a chair for a bit
Mobile Device Management (MDM) has become an important sector of the IT industry, but is also something of a moving target.
Companies from the level of my own three man shop to the largest enterprises are weighing their options for securing mobile devices. For many, Microsoft's System Center 2012 is the barometer by which all other MDM solutions will be judged: it's a fine piece of software that has few true peers and is something many companies already have in their environment.
What else is out there? My investigations turned up nearly 100 active competitors in this market, and this market is red hot. Acquisitions are occurring on a near weekly basis. New competitors are springing up left and right; even Spiceworks is said to be pondering an entry. I've picked a few out at random to get a cross section of the market. Here's MDM 2013:
The best of the best
Fiberlink Mobility as a Service 360 (MaaS360) was the surprise 800lb gorilla of 2012's MDM scene. They have an excellent, comprehensive offering with pricing that is within reach of most SMBs. MaaS does not advertise its prices, but anecdotal evidence says they charge around $5 to $6 per device per month; they also offer the option to pay per user.) MaaS have won a slew of awards, got onto Gartner's Christmas list and otherwise made the competition cower in fear. These are the folks to watch this year.
Airwatch are one of the strongest competitors in the MDM market. They can go toe-to-toe on features, but have a pricing scheme that is friendly right down to the smallest business. They offer a cloud-based version of their software, an on-premise virtual appliance or an on premise physical appliance. They make their real money in support contracts, but don't have a reputation for cramming them down your throat.
Good for Enterprise has a unique take on MDM: it doesn't really do it. Instead it drops an encrypted container and a special app on your phone. You can only get access to the business goodies inside through the app. Good uses its own mail client to get the job done; Android users in particular are known to complain about the way it looks like a cheap knockoff of the iOS mail client. Proponents of the technology champion the ease of support offered by a homogenous interface. They are definitely enterprise priced.
Absolute Manage roll Windows and OS X endpoint security together with MDM. Their mobile offering is somewhat weaker than the market leaders, but not by much. Absolute gets kudos for adding patch management and asset inventory/license management; they are very well priced, especially above 100 devices.
MobileIron are old hands at this MDM thing by now. They have a mature, robust platform and work as closely with the mobile vendors to use the native client architecture to get things done. Their shtick is support and they are highly regarded in the large enterprise space. Prices start around $4 per device per month.
Sybase Afaria is a true enterprise solution. It is quite powerful, however it's reputedly quite a pig to manage, including up to eight separate servers just to make it go! It's one of the first big MDM solutions - hence the cruft - and plays in the top end of the features market. Licences cost about $39 per seat per year.
Blackberry Enterprise Server (Formerly Blackberry Mobile Fusion) is a top-notch MDM solution supporting Android, iOS and Blackberry's own devices. While it is naturally better at working with Blackberry's own handhelds than the competition, that is arguably because from an enterprise standpoint, Blackberry still makes the most secure devices. If you have Blackberry handhelds in your fleet, use BES 10. Other MDM software can support Blackberry devices; none do it as well as BES 10. Costs are very competitive with the rest of market; even though many lament the loss of the free "express" version of the software.
Next page: Good Enough
Re: MDM @Lusty
I really don't get it?
Your post reads like you take the view that everything that your employers use to ensure their compliance with statute and industry practice is part of a personal vendetta against you. Your post seems to suggest you thumb your nose to them?
By all means stop using corporate devices or corporate solutions on your own device - as you rightly say "they" can't stop you. I wonder though, how using your own unhardened device to store and manipulate sensitive data and perhaps use an unmanaged personal mailbox to share that data would be viewed in terms of your contractual duties around sensitive customer or corporate data.
You may well be right, I.T. Can't stop you, but any number of other people can, be they your employers, regulators or ultimately the cops.
MDM, as much as anything is there to place constraints *and protection* around users. Lose customer details from say a Good Technology mailbox and you're personally protected, but lose it from your mail account or contacts app and you really have no defence. It isn't big and it isn't clever...
In some places and some industries, some kind of lockdown of IT is a necessity and a legal obligation, and using a non-managed e-mail account for business can get you busted. On the other hand, the Dilbert cartoon has (or had) the recurring caricature charactersof Mordac the Preventer of Information Services, or something like that, the guy who won't let you use your USB ports or a password that you actually can remember and can type. And then he laughs at you. Actually laughs.
Most businesses and other ventures have data that they really don't want to have stolen or damaged. And most device misuse, from the point of view of the company, is games, social, and pornography. And maybe online shopping. So the only way to avoid being resisted by your own staff even when they aren't themselves stealing or damaging your data is to let them enjoy their business devices responsibly in all of those ways. Maybe on a time meter and with an appropriate warning that "You are about to access adult services that may contain unadvertised horsemeat", but flexible.
Let's face it, most people who are reading -this- page shouldn't be.
If you're working in a regulated industry such as Financial Services or Healthcare, your carefree approach to where data goes would probably result in your employer deeming you worthy of dismissal.
Re: MDM @Lusty
The issue is not about working round IT, per se, it's more about breaking company policy.
For what it's worth, I've seen people get fired for breaking company policy at Law firms, big banks and at a large Financial Services company. One was for sending confidential information to a personal email address, one was for losing data on a USB stick and another was for logging on to a transactional system as someone else because they didn't have the rights to do a task themselves.
In all these cases, the policies were set by the companies, not by a draconian IT department stuck in the 60s.
"Users who create content always have and always will control where that content goes, and there is literally nothing that IT can do to stop them"
No, the "crap" is not to stop you working but to protect the enterprise from fines from regulators because they can not demonstrate that they have made reasonable attempts at protecting data/adhering to the rules.
As a EU, do as you wish, but remember, EU's are not exempt from all those rules and regulations imposed on the organisation. Play dice with your future if you wish.