Mobile device management versus mobile data management: Which one is more important for BYOD?

Yesterday we covered the need for corporate data to be available on mobile devices. For today, let's look at the added benefits that come from providing managed data to mobile devices.

Yesterday we covered the need for corporate data to be available on mobile devices. For today, let’s look at the added benefits that come from providing managed data to mobile devices.

When attempting to accommodate consumerization and BYOD, managing and locking down devices is the the first step that many people would take. However, much more value can be had if the first step is to provide mobile data management (the other MDM).

That seems counter-intuitive at first. Somebody might wonder,“Wait, you’re saying that I should provide data to devices before making sure they’re securely managed? That’s the wrong order!”

But that’s exactly the point, because providing a mobile data management solution kills two birds with one stone—it provides access to data and there’s management, too—it’s just the management is in a slightly different (and much easier to execute) location.

Mobile data management apps have most of the same features that device management solutions provide. Data can be encrypted, password protected, time-bombed, and remote-wiped; permission to save files on the device can be granted or denied; and security for data flowing to and from the device can be built in, as well. This can all be on devices that are completely unmanaged—with no passwords, unencrypted, the works.

What about other features, like blocking apps? While it’s not possible for a data management app to block other apps from being installed (which, by the way, most mobile device management solutions can’t actually do that either—instead they just remove corporate profiles if a blacklisted app is installed), it can prevent users from opening managed files in those apps.

Device management can be useful for distributing WiFi and VPN profiles, but chances are that that ship sailed a long time ago and users already figured out how to get on the network.

Aside from these data security features the other main reason to start a consumerization project with data management before device management is that devices need data no matter what. Mobile devices without data become expensive paperweights, or the data gets on them anyway via Dropbox (again, see yesterday’s article).

A mobile data management solution can be useful even if it’s the only app a company supports, with no other apps at all. Mobile versions of line-of-business apps—especially home-grown ones—don’t create themselves overnight, and there’s no Office for iPad, so why both putting data on the devices if there aren’t any apps? Most data management apps can view common file types, so they’re useful no matter what. And considering that the strong majority of use cases on mobile devices is for data consumption, the absence of those apps won’t matter for most of those use cases.

As organizations begin to deploy their own apps or vet third-party apps, they can gradually expand “open-in” privileges. Instead of apps having to have their own data connection to the outside world (or corporate environment), they can open files from the data management app, and save them back when done, instead of having their own storage.

How does the data get from the corporate environment into this mobile ecosystem? Many solutions ride on top of existing file servers, extending encrypted access to the mobile devices. Solutions that mirror corporate resources in the cloud can ensure consistent high performance access, too. Remember, though, if the corporate file servers are slow or on the other side of the country, users may be tempted to use consumer syncing services, but this issue would be present if the device was managed, too.

There is one caveat for all of these solutions, and it’s that the mobile data management app has to be rock-solid. The app has to be well designed so that problems like memory buffer overflow don’t accidentally expose data  and that there’s nothing unencrypted left in memory. Also, the solution has to exist—the features I described here aren't any one product, but an ideal best of breed. There's been a huge influx of corporate file sharing solutions—recently we've covered Egnyte HybridCloud, GroupLogic activEcho, and AppSense Project Orca; we also have plans to talk to Citrix about Sharefile.

There are two options: have managed devices with no data, or have unmanaged devices with data (that happens to be managed). The first plan of action in a CoIT or BYOD scenario should be obvious: manage the data.


Join the conversation


Send me notifications when other members comment.

Please create a username to comment.

On the money, Jack!

MDM is all fine and good, but it's the data that matters.  Manage the apps, manage the content, manage the information, and regardless of what happens to the device, you are covered.


Securing the device is generally the first component of BYOD. (I prefer the term of Enterprise Mobility Management vs MDM because MDM is focused on device security only, not apps). It is not about the device. Two other components to consider - lowering support and operational costs of mobility along with mobile app protection or wrapping apps in FIPS "containers".


If you FULLY trust the underlying OS to safeguard Apps, their data and their network access... OK.  The IT person who buys off on that may not have that IT job for very long.  

I'm not comfortable with the debate, in any case.  Either/or?  No.  Moreover, way too many acronyms floating around "EMM" that describe aspects of enablement, management and security.  We're all too quick to paint these as product categories unto themselves and as necessarily competitive to one and other.  Hogwash.  We are ALL still scratching the surface of mobility management - problems, needs, etc.  There is no magic bullet.  And quite frankly, these can work in concert.

Lastly, as we obsess with the mobility management alphabet soup of acronyms, we get overly fixated on technology solutions to technical problems.  The casualty?  USER EXPERIENCE.  If we don't attend to that, it's #fail.   CoIT is really about users/employees voting their preference for user experience.  If we don't attend to it, users will vote all our wonderful acronyms to oblivion and before we get beyond "scratching the surface".


It's all about how much you trust the container and type of data. If that requires an encrypted managed device then perhaps a corporate owned laptop or VDI, client hypervisor etc are good enough. For tablets, phones etc, the idea of heavy duty hypervisors etc will kill the user experience and it will be rejected. All you need is something light weight with some security to give you the solution for some app types. Let's face it, on your iPad what percentage of apps are for work. I bet a tiny amount. That's ok, let those apps be managed in their own container without a s3it container like Good that requires less modification of apps.


Mobile device management is very important for BYOD than mobile data management.


Mobile Iron’s cellular device control solution includes data-driven mobile device control and app management with smart phone and tablet security.


I like the helpful information you provide in your articles.I enjoyed your helpful blog. awesome work.I read few blog posts on this internet site and I conceive that your web site is real interesting and has got sets of great info.