The rise of BYOD and the expectations of “anywhere, any device” access within the work environment brings up the discussion of MDM versus MAM. What you’re really talking about in this conversation is how you control mobile devices within your organization. When you get right down to it, the question of how you address mobile challenges is less a technical question than a cultural one.
MDM vs. MAM
You can’t address the cultural question without understanding the technology first. The terms are relatively self-explanatory.
Mobile Device Management: Addresses the device as a whole unit.
Mobile Application Management: Addresses the applications/data on the specific device.
One way to think of them is that MDM is the whole enchilada and MAM is the jalapeno, cheese, refried beans, lettuce, etc. The first gives you the basic food; the second gives you finer control. You can use both technologies in conjunction or separately. That comes down to the use cases and the differences in how MDM and MAM handle these scenarios.
One of your employees uses their personal iPad for work. They check their corporate email and have file shares on the device, as permitted by the organization’s BYOD policies. They took a ton of pictures at their child’s first birthday over the weekend on the same iPad. They end up losing the device (under their couch, but they don’t know that yet) and call you to report the problem.
If you use MDM, you have two options: you leave the device alone and hope it turns up, or you blow it up remotely. With MAM, you can remove the sensitive corporate data to prevent it from getting compromised, but your employee still has their personal pictures.
This scenario presents a cultural decision, as you’re deciding how much respect you have for your employee’s different data types and their personal device, balanced against the data risk of possibly having corporate data exposed.
Another employee frantically calls you to tell you they just got mugged, and their device has been stolen. You face a very different scenario here, because you know the device is compromised. MDM offers the better option in this scenario because you don’t face a cultural decision. It’s likely better on the personal and corporate side to take the nuclear option and wipe the device. MAM is not as relevant for this scenario.
Scenario 1 (Revisited):
What if the employee in the first scenario doesn’t find their device under the couch? When you use MAM and MDM together, you have the flexibility to address this problem. MAM will let you wipe the sensitive corporate data immediately but allow you to wait until you know the device can’t be found before you wipe the rest of the device with MDM.
Your employee is leaving the company, either voluntarily or involuntarily. They may or may not be cooperating with you fully, and you have less of a hold on them during this stage. They have corporate information on their personal device, and you need to minimize the risk of compromised data.
MDM opens your company up to a legal suit because you’re wiping data that just isn’t yours. You don’t want to have personnel issues that end up in the courtroom, as they’re major time and money sinks. Your only other option with MDM alone is the honor system, where you trust the employee to wipe the data once they leave. MAM lets you be more selective about the data, so you can wipe the corporate information only. Corporate security is respected, and personal property is as well.
So Which Is Best?
MAM gives you more flexibility, but it’s more expensive and complex to implement. MDM is more ubiquitous and easier to implement, but it’s not appropriate for all situations. What should you do? Consider the cultural and legal issues.
What are your BYOD policies? You probably get a lot of productivity out of your mobile workforce – it’s becoming the norm in many if not most workplaces. People are generally going to end up with at least some corporate data on their devices, unless you have draconian policies and the ability to enforce them. Your employees are a precious resource, and you don’t necessarily want to upset them with overbearing rules (that are often a living nightmare to enforce). If you have the option, then don’t turn it into a fight. Protect yourself with a blend of MDM and MAM so you prevent problems instead of reacting to them.