MobileIron wants to attach EMM policy to data instead of apps, but there’s a catch

This week MobileIron MobileIron announced an updating their file syncing app, Docs@Work, so that it can be used as a client to access consumer file syncing products. But that's only part of the story.

This week MobileIron MobileIron announced an updating their file syncing app, Docs@Work, so that it can be used as a client to access consumer file syncing products. But that’s only part of the story. MobileIron also laid out plans for a new, more flexible way of doing enterprise mobility management: Instead of attaching policy to devices or to apps, they want to make it possible to attach policy directly to documents.

Here’s the plan in their own words:

“MobileIron Outlines the Three Phases to Secure the Personal Cloud

“Phase 1: Personal Cloud Access: Provide native access to popular cloud-based content repositories through a secure mobile interface. Users can now search and find their content across the cloud.

“Phase 2: File-Level Security: Establish file-level protections to ensure that enterprise information stored in the personal cloud is encrypted and cannot be accessed by unauthorized apps and users. When this phase is completed, IT will be able to create security policies that follow data wherever it lives.

“Phase 3: Best-of-Breed Ecosystem: Enable MobileIron’s application partners to access protected cloud data when authorized. When this phase is completed, users will be able to choose the best productivity solutions for them.”

Phase 1 is what’s coming out today. Phase 2 is a future transitional step. Phase 3 is the interesting part—it fits right in with the concept of having management policy to apply progressively smaller entities. Here’s an explanation of the concept

  • First we had MDM, where we applied policy to devices.
  • Now we also have MAM, so that we can apply policies just to apps and give users more freedom about what they do with the rest of their device.
  • The next logical step is to apply policies at the data or document level. This should give users more freedom about what apps they choose to do their job.

Because of the consumerization of IT, giving users more freedom over what apps they can choose while still maintaining policy is the holy grail. In theory this can enable “bring your own app.”

But there’s a catch: When policies are applied at the data level, you still need to have “known” apps that can recognize and respect the policies that come with the data. That’s why MobileIron is talking about having application partners in the press release—they need these partners to ensure their apps work with the data policy. Unfortunately this means that users choosing their own apps is limited to apps that come from these partners.

This also means that attaching policy to data will result in many of the same issues that comes with all the mobile app management partner ecosystems that are already available today—i.e. none of them are compatible with each other, so they’re inherently limited. It’s hard for ISVs to cater to all of the different ecosystems, too.

Some sort of open standards could help ease these issues, but it would take industry collaboration and pressure from customers. Since we’re still in the early stages of enterprise mobility, it will be a while before that pressure comes. MobileIron has talked about MAM standards in the past, but unfortunately that never went anywhere.

Also I should point out that for this conversation we’re only talking about MAM that’s built into apps, not the MAM that’s built into some mobile OSes. (Coincidentally, OS-based MAM also makes MAM standards a less urgent issue.)

Benefits

Since attaching policy to data instead of apps has many of the same issues as MAM, what are the benefits?

First, even though choice may be limited, it could still make it easier for users to switch between apps. There’s no need for IT to be aware of what apps are used—as long as they’re compatible, they’re fine. Though I wonder if this will still be such a big issue as enterprise mobility matures.

Second, it could allow companies think about policy in a new data-centric way. This could mean more opportunities to use DLP, which depending on your point of view this could be either a big leap forward or a mid-level annoyance.

I might be coming off as skeptical, but I do like this idea and I like that MobileIron is working on it. They’re definitely forward thinking and carefully considering the future of enterprise mobility management.

Join the conversation

4 comments

Send me notifications when other members comment.

Please create a username to comment.

Isn't this what Microsoft is already offering with Azure Rights Management in their Enterprise Mobility Suite?


Cancel

Essentially this should be pretty similar, but it seems like it should end up having more MAM-like features that aren't part of RMS.


Cancel

RMS what a complex joke and lock into MS.


Cancel

One of the challenges here is that content is not (for the foreseeable future) mobile-only - files especially need to be worked with on PCs and Macs as well. If you're really serious about data-centric security, you have to build for every platform.


The RMS lock in to MS (and the requirement to federate AD to Azure) is a big issue. We (WatchDox) and others that implement rights management have to do a quite a lot of engineering to interoperate with it on the platforms where users expect their docs to open in an Office application (PC and Mac).


Cancel

-ADS BY GOOGLE

SearchVirtualDesktop

SearchEnterpriseDesktop

SearchServerVirtualization

SearchVMware

Close