Right now, mobile app management (MAM) is one of the enterprise mobility management techniques with the smallest footprint. The next logical step is to manage data itself, regardless of what app is used to manipulate it. However, there will be some difficulties.
What do we want?
In any enterprise mobility management situation, the company will want to make sure that corporate data is protected by policies, which usually means password enforcement, encryption, offline usage, sharing data with other apps, remote wipe, VPNs, and such. (Say what you want about policy versus compliance versus security—for now we’re just going to consider it all together). On the other side of the situation, users want to have as much freedom as possible for how they access and manipulate corporate data.
For years, combining corporate policies with mobile access meant using a BlackBerry. Then MDM came along and made it so users could choose iPhones and Android phones instead, and still comply with policies.
After that, mobile app management meant that not only could users choose iOS and Android devices, they could also have a lot more freedom about how they used their devices. Certain policies could be applied to just a few corporate apps, meaning users could treat the rest of the phone however they wanted. This made it a lot more safe and convenient for corporate and personal data and apps to reside together on the same device.
The next logical step is to shrink the footprint of corporate policy even more using mobile information management (MIM). The idea with MIM is that management policy is combined and delivered directly with corporate data, so that users can choose any app they want and the corporate policy will still be in place.
This is getting closer to the ideal of enabling total user freedom while still protecting corporate data with policies. But ultimately it’s impossible to satisfy both goals completely—there must be a compromise somewhere. For mobile information management, this means that users can’t actually choose any app they want.
Why? Because while MIM policies may be delivered with along with the data, they still need a client application to actually enforce them. And in order for that to work, the company needs to trust that a client app will faithfully respect the policies. There are a few ways to get that trust, which can be enforced by—you guessed it—policies.
- The client app can be certified or come from a known source.
- Use mobile app management technology.
- The client app and the corporate data can be inextricably linked together by their very nature.
(Technically, it’s also possible to manage the app indirectly by simply managing the device on which it’s running, but that doesn’t really count for this conversation.)
Yes, some of these techniques can be a pain—there’s a lot of concern about how to get apps into a MAM ecosystem. But that will get easier as the industry grows or if formal or de facto standards for MAM come along. And a lot of corporate-generated data is intrinsically tied to the app that’s used to create it.
Overall, it's important to remember that using enterprise mobility management policies to protect corporate data will always require a compromise somewhere. We can aspire to make that compromise as small as possible, but true mobile information management will remain elusive.