It has become fashionable in some circles to suggest that Mobile Device Management (MDM) is dead, but nothing could be further from the truth. While MDM is still very much in its infancy, its boundaries continue to expand. It's no wonder people (even the experts) are confused.
It's hard to believe, but only ten years ago built-in Wi-Fi was just an option on laptops. And although laptops definitely changed the endpoint management landscape, companies were still able to maintain the typical "top-down lockdown" approach via client management software, VPNs and restricted admin rights. BlackBerry offered the same fenced-in, cookie-cutter approach for managing smartphones.
Although the iPhone entered the market in 2007 to great fanfare, it was the iPad in early 2010 that forever kicked in the doors to a well-managed network. The iPad was a favourite of senior management who had no qualms about jumping the queue in IT to get their latest toy supported. This led to the Apple MDM API and a trickle-down effect that quickly became a deluge of bring-your-own-device (BYOD) users.
Suddenly, the top-down lockdown approach wasn't possible since the devices were no longer owned by the company, and limiting what type of device an employee could use was also off the table. That ship sailed the day the CEO brought in his first iPad.
The struggle to define best practices for MDM and client management continues to this day.
But it's important to remember that we're not redefining devices – let Apple, Samsung, and Microsoft do that. All we need to worry about is how these devices will be managed.
BYOD, CYOD, and COPE – does it matter?
There are three drivers to the new management landscape:
1. The typical user relies on more than one device and for the foreseeable future, one of these devices will be a computer. This means that MDM cannot replace traditional client management technology. Instead it must complement and coordinate with it. Ideally it will be an integrated part of the same infrastructure. This perspective is supported by leading industry analysts who agree (in a rare moment of consensus) that separate management frameworks for different form factors is unsustainable in the long run. Ultimately, the practices and tools for client and mobile device management must converge.
2. As the price of the hardware has come down, the value (and portability) of corporate data has gone up. This has introduced entirely new risks or emphasised existing hazards. After all, companies that allow Outlook Web Access from employee-owned computers are facing no greater risk when they provision email to employee-owned smartphones. But the risks are real and they've become one of the biggest considerations when it comes to device management.
3. It's not only about the device… it's about the user getting what they need when they need it. As ownership has shifted to the end user, it's become increasingly clear that it doesn't really matter if they are using a laptop, tablet or smartphone. They just want to have their stuff. Users want to be productive on the devices they've chosen, regardless of operating system or form factor. And if you don't help them, they will help themselves. This is a problem for the top-down lockdown approach because the more troublesome the restrictions, the more likely the user will be to circumvent them – not maliciously, but simply in order to get the apps and data (the stuff) they need to be productive.
Add this up and it points to a new management paradigm that is user-centric, not user-restrictive – an approach that focuses less on the device and more on security for corporate data and apps. It's not about BYOD, CYOD, COPE, or any other acronym. In the end, it doesn't really matter who owns the device – instead IT should focus on who is using it and how. A policy-driven, user-centric framework will adapt easily to this approach.