BYOD Smackdown 2012: Zenprise MDM can work for BYOD, if you're careful

Zenprise is the first mobile device management vendor that I'm writing about for the BYOD Smackdown 2012.

Zenprise is the first mobile device management vendor that I’m writing about for the BYOD Smackdown 2012. While Zenprise, as an MDM vendor, approaches BYOD differently than application management, data management, or split persona solutions, a careful implementation can create an environment that addresses the needs of users that choose to bring their own device. Zenprise was founded in 2003.

The basics of Zenprise

Zenprise puts management capabilities around the entire mobile device, not just individual applications or data. However, Zenprise includes application and data management features, because while a locked-down device these would be very secure, it also would be useless.

For apps, Zenprise supports pushing apps to users based on role, blacklisting and whitelisting, and creating corporate app stores. It’s possible to set up secure encrypted tunnels for specific applications, as well.

Zenprise’s mobile data management feature is called Mobile DLP, and is optional. Mobile DLP provides exactly what would be expected of any other mobile data management solution: a secure document container on the devices, file synchronization, version control, clipboard and open-in restrictions, selective container wiping.

When it comes to managing the device itself, there’s a lot that Zenprise can do—much more, in fact, than the other types of BYOD solutions we’ve examined so far—and this reflects its province as an MDM solution. There are extensive capabilities around monitoring device usage, network configuration, and authentication; on-premise versions of Zenprise can block rogue unauthorised devices.

How Zenprise enables BYOD

MDM solutions typically allow organizations to set different controls for different user groups or types of devices, and can be applied to personal devices just as easily as devices that are corporate owned. The important point to remember is that the BYOD-friendliness of an environment is always dependent on how the solution is implemented. Since most features can be turned on and off, it’s up organizations themselves to decide how to everything will work.

It’s important that a program that controls personal devices be optional—managing users’ personal devices is tricky, because different users will be comfortable with different amounts of control. An organization can use the carrot on a string approach: by providing incentives like greater access to corporate applications if a user agrees to have their device be managed. If they’re not comfortable with the trade off, they can always opt out. Carefully-worded user agreements are necessary, too. This is the time to make sure that all the users actually read their company’s internal emails.

And of course we’re only talking about MDM in the context of BYOD. When it comes to MDM in the context of corporate devices, the situation is a lot easier. The greatest benefit is that organizations can provide their users with trendy, new devices, while still having the same amount of control as with other devices that are more commonly associated with corporate management. It doesn’t require rogue users or BYOD in order to get popular consumer devices into the enterprise.

At the end of the day, MDM solutions like Zenprise can make great BYOD solutions if implemented carefully and for the right reasons. For more about the relationship between BYOD and MDM, check out: Think MDM will enable BYOD? Think again! Let's look at the difference and Do companies have to play by the same rules when it comes to BYOD tablets?

Feature overview

This feature overview will be updated from time to time. If you notice any inaccuracies, please comment or email me at There are a lot of vendors and features to keep track of, and I want to be sure and keep everything straight.

  • Platform iOS, Android, Windows Mobile, BlackBerry, and Symbian
  • Architecture the entire device is managed
  • Security device-levels, secure "tunnels" for apps to communicate
  • App sources enterprise deploys from packege, or users can download from public stores, if allowed
  • App stores yes, also apps can be pushed according to role
  • Split plans/phone numbers no
  • On-site requirements optional
  • Provisioning invite users by sending them a link
  • MDM capabilities password policy, two factor authentication, auto wipe, block jailbroken devices, remote wipe, set network access profiles



Start the conversation

Send me notifications when other members comment.

Please create a username to comment.