As you start to dig into the mobile device space, you're undoubtedly going to hear three acronyms thrown around: MDM, MAM, and MIM. So in this post I want to simply explain what each of these is and how they're different from each other.
(Editor's note: We published an updated version containing all the latest info on MDM, MAM, EMM, and UEM at the beginning of 2019.)
MDM (Mobile Device Management)
MDM stands for "Mobile Device Management." It typically comes in the form of software that companies can use to lock down, control, encrypt, and enforce policies on mobile devices such as tablets and smart phones.
In the old days (like, before 2007), most people associated MDM with Blackberries. But now that most users prefer iPhones and Android devices, many MDM software vendors have emerged that allow IT departments to manage these new devices just like they've been managing Blackberries for the past ten years.
The thing about MDM software is that it allows the IT department to have full control over the device—IT can "own" it and essentially do whatever they want to it. Back in the days of the corporate-issued Blackberry, this was okay. IT could say, "Here is your device. It's company-owned, so we're watching everything you do and you'd better behave." Users generally obliged and in those days virtually everyone carried two devices—a corporate-owned MDM-controlled "work phone" and a "I-can-drunk-text-all-I-want" personal phone.
But once the iPhone and Android phones came out, users started bringing their own personal devices into the office. IT departments initially balked at this, but then the MDM vendors came along and said, "Hey IT, don't worry, you can use our MDM software to control these iPhones and Androids to make them secure!"
IT said, "Great!" But for the users… this was not so great!
Think about it. If you're an end user and you buy your own iPhone and bring it into work, would you want give full control to your IT department? Do you want them to be able to see what apps you have installed and where the device is at all times? Do you want them to have the ability to remotely wipe your entire device, including anything personal you have on there? Do you want them to enforce a crazy-complex password with a 10-second screen lock timer that you'll have to fumble through every time you want to snap a photo of your kid?
MDM is like a root kit that your IT department puts on your phone. :( No thanks!
So while MDM was awesome in the days when companies owned the phones, now that users own their own phones and do some many personal things on them, MDM software is a bit heavy-handed. It's getting to be an anachronism in today's world. So what's the alternative? Enter MAM!
MAM (Mobile Application Management)
Mobile Application Management is like MDM, except it's only applied to specific applications on a device instead of the entire device. The general idea is that using MAM, an IT department could lock down, control and secure just their specific corporate applications, while everything else on the phone could be left up to the user.
For example, a company could use MAM to deliver secure email, calendar, contact, and expense reporting applications to an iPhone. So if the user just wanted to pop open their phone to snap a picture or play Angry Birds, they wouldn't need to use a password to unlock the phone. But if the user clicked on the email app, then they'd be prompted for a password to get into just that app.
The same goes for policy controls, encryption, remote wipe, etc. MAM could allow IT to encrypt just the data that's stored by the apps they deliver—the user's other apps would just be installed like normal. For remote wiping, the company could just wipe the corporate apps and data while leaving the user's personal apps alone. And, perhaps most importantly, when using MAM, the company doesn't have visibility to anything users do outside of their apps. So if you want to download Weekend Snogger Lite, then go for it!
So if MAM is so great, why isn't everyone using it? The main reason is that as of today, the MAM software isn't that great. It's getting there, and it's going to be great.. but right now? Meh.
The main problem is that users want to be able to download apps from the official app stores of their phone OS. (Apple App Store, Android Marketplace, etc.) The way the app stores are structured make it impossible for MAM vendors to get "in between" the app and the user's device. So MAM vendors have to get creative.
For example, some MAM vendors just write their own "secure" versions of apps. So if you use their MAM, you use their mail app, their calendar app, etc. This is cool because it's easy for users to download those apps from the app stores, but it also kind of sucks because these are "second rate" apps in terms of look-and-feel and functionality. (I mean who do you think can write a better mail app? Apple, or some random MAM vendor?) Also if you're getting your controllable apps from your MAM vendor, what happens if you want to control an app that the MAM vendor doesn't offer? (Some MAM vendors have SDKs and APIs to allow third-party app makers to plug-in to their security systems, but that still requires that those vendors take the time to plug in to those specific MAM platforms.. more if, if, if…)
Another approach MAM vendors take for application-specific security is to "wrap" regular off-the-shelf apps with their own layer of security, encryption, and control. This is awesome in concept, but tough in real life. The problem is that in order for an IT department to "wrap" an iOS or Android app, they have to get the app's original package files from whomever wrote the app. (Remember that the MAM software can't get in-between the device and the real app store.) So if you want to securely deploy Microsoft OneNote for iOS to your users, do you really think you can convince Microsoft to send you the .ipa file so you can wrap it with your chosen MAM tool?
I'm gonna say "no!"
So the bottom line for MAM is "Watch this space," but I'm not 100% in love with anything here yet. And I'm not 100% in love with MDM for user-owned devices either. So where does that leave us? Hello MIM!
MIM (Mobile Information Management)
MIM is "mobile information management" which could roughly be described as all those "Dropbox-like" cloud-based services that sync files and documents across different devices. (To be honest, a more appropriate name for this might be "mobile data management," but that would have the confusing acronym of "MDM" too, so the industry sort of collectively agreed to call it "MIM" instead.)
The cool thing about MIM is that it's good and real today. There are plenty of public services (Dropbox, Box, Microsoft SkyDrive, Google Drive, etc.) that users can get on their own today. And there are plenty of corporate-controlled on-premises versions of MIM products (Nomodesk, WatchDox, RES HyperDrive, Citrix ShareFile, VMware Octopus, etc.)
Ultimately these MIM products will be rolled into the larger service offerings that IT provides to users (just like email and calendar), and the client apps will be delivered to mobile devices via MDM or MAM. But MIM works with MDM/MAM—you'll ultimately have MDM+MIM or MAM+MIM.
MXM (Mobile "X" Management)
I'm sure that there will be plenty of other "M-something-M" products that come out in the future. VMware is talking about a hypervisor on mobile devices which they'll probably call something like "MVM." I can imagine security vendors selling "MSM" products—really the sky's the limit. But for now the Big 3 are MDM, MAM, and MIM. And now you can talk intelligently about what they are and how they work!
Bonus: BYOD (Bring Your Own Device)
Even though this post is about MxM acronyms, a lot of people toss in "BYOD" when they're talking about things like MDM. The reality, however, is that BYOD has nothing to do with MDM or MAM. BYOD is an ownership model, while MDM, MAM, and MIM are specific types of software companies can buy and use.
BYOD is the concept that end users can bring in their own mobile devices and hook them into IT's corporate resources. In many cases, companies choose to buy and use MDM, MAM, and/or MIM when they implement BYOD programs, but the two don't have to go together. Many companies let users hook up their personal mobile phones to the corporate email servers without having any specific kind of MDM or MAM.
So there you have it: MDM, MAM, MIM, and BYOD!