What does it mean to manage a mobile device, say a smartphone like an Apple iPhone or one with Google’s Android operating system?
At the lowest level, the device level, you might want to
- establish a policy for length and structure of passwords
- set or reset a password
- detect whether the phone had been jail-broken or rooted
- configure device-wide VPN
- set power management policies
- manage the low level security of the filesystem or other local storage
- wipe the device entirely or reset it to factory settings
Above that, at the application level, you might want to
- inventory the device for installed applications
- install or update applications
- set security policies for use of the applications, their data, and their network connections
- selectively remove an application or its data
- configure application-specific VPN
- manage anti-virus and other security tools for browsers and other applications that access the web
- manage installation and use of an enterprise application store behind a firewall, private hosted outside, or via external sites like the Apple iTunes Store or the Android Marketplace
The first list of items, with additional functions, is part of Mobile Device Management, or MDM. Note that people do sometimes confuse “MDM” in this context with “Master Data Management.”
The second collection is part of Mobile Application Management, sometimes shortened to MAM.
The first thing to notice is that what I deemed “management” often has a lot to do with security, especially when the phone is used to access enterprise data and systems.
Second, in practice, those who provide MDM functionality often provide some MAM functionality, and vice-versa. That is, a vendor might say “I can give you an enterprise app store but can also wipe devices.”
BYOD, or “bring your own device” complicates things because I probably do not want the organization for which I work to impose overbearing policies that affect my personal use of my phone. I certainly don’t want them to wipe my entire device if I leave the organization juto remove all traces of enterprise data or network access.
So the line is blurry between MDM and MAM, and I think we should get rid of the distinction altogether. That is, let’s just talk about Mobile Management and combine the two categories above. It will simplify things, remove the imprecision of the definitions, and bring better clarity to what vendors do and do not offer.
So if we can agree that Mobile Management consists of 27 common capabilities (for example), a vendor that offers 5 of them can be more fairly compared with one that offers 25.
No doubt that vendor proving minimum capability will embellish the description by adding “but we do it from the cloud!” (grin)