Yesterday we covered the need for corporate data to be available on mobile devices. For today, let’s look at the added benefits that come from providing managed data to mobile devices.
When attempting to accommodate consumerization and BYOD, managing and locking down devices is the the first step that many people would take. However, much more value can be had if the first step is to provide mobile data management (the other MDM).
That seems counter-intuitive at first. Somebody might wonder,“Wait, you’re saying that I should provide data to devices before making sure they’re securely managed? That’s the wrong order!”
But that’s exactly the point, because providing a mobile data management solution kills two birds with one stone—it provides access to data and there’s management, too—it’s just the management is in a slightly different (and much easier to execute) location.
Mobile data management apps have most of the same features that device management solutions provide. Data can be encrypted, password protected, time-bombed, and remote-wiped; permission to save files on the device can be granted or denied; and security for data flowing to and from the device can be built in, as well. This can all be on devices that are completely unmanaged—with no passwords, unencrypted, the works.
What about other features, like blocking apps? While it’s not possible for a data management app to block other apps from being installed (which, by the way, most mobile device management solutions can’t actually do that either—instead they just remove corporate profiles if a blacklisted app is installed), it can prevent users from opening managed files in those apps.
Device management can be useful for distributing WiFi and VPN profiles, but chances are that that ship sailed a long time ago and users already figured out how to get on the network.
Aside from these data security features the other main reason to start a consumerization project with data management before device management is that devices need data no matter what. Mobile devices without data become expensive paperweights, or the data gets on them anyway via Dropbox (again, see yesterday’s article).
A mobile data management solution can be useful even if it’s the only app a company supports, with no other apps at all. Mobile versions of line-of-business apps—especially home-grown ones—don’t create themselves overnight, and there’s no Office for iPad, so why both putting data on the devices if there aren’t any apps? Most data management apps can view common file types, so they’re useful no matter what. And considering that the strong majority of use cases on mobile devices is for data consumption, the absence of those apps won’t matter for most of those use cases.
As organizations begin to deploy their own apps or vet third-party apps, they can gradually expand “open-in” privileges. Instead of apps having to have their own data connection to the outside world (or corporate environment), they can open files from the data management app, and save them back when done, instead of having their own storage.
How does the data get from the corporate environment into this mobile ecosystem? Many solutions ride on top of existing file servers, extending encrypted access to the mobile devices. Solutions that mirror corporate resources in the cloud can ensure consistent high performance access, too. Remember, though, if the corporate file servers are slow or on the other side of the country, users may be tempted to use consumer syncing services, but this issue would be present if the device was managed, too.
There is one caveat for all of these solutions, and it’s that the mobile data management app has to be rock-solid. The app has to be well designed so that problems like memory buffer overflow don’t accidentally expose data and that there’s nothing unencrypted left in memory. Also, the solution has to exist—the features I described here aren't any one product, but an ideal best of breed. There's been a huge influx of corporate file sharing solutions—recently we've covered Egnyte HybridCloud, GroupLogic activEcho, and AppSense Project Orca; we also have plans to talk to Citrix about Sharefile.
There are two options: have managed devices with no data, or have unmanaged devices with data (that happens to be managed). The first plan of action in a CoIT or BYOD scenario should be obvious: manage the data.