Best BYOD management: Work zones for smartphones
November 19, 2012 06:00 AM ET
What's more, BNY Mellon may wipe devices -- including all personal apps and data -- that are lost or stolen, although MaaS360 and most other major MDM tools do allow selective wipes. Citing security concerns, Perkins declined to say how many times the company has had to wipe phones.
In contrast, only the corporate container is wiped from lost or stolen devices that just have email and calendar access via the Good technology.
A newer, more granular approach is to enclose individual apps in their own encrypted policy wrappers, or containers. This allows administrators to tailor policies to each app. The market for tools that support app wrapping is dominated by small vendors with proprietary products, including Mocana, Bitzer Mobile, OpenPeak and Nukona (which was recently acquired by Symantec).
For its part, RIM is working on adding this capability to its BlackBerry Mobile Fusion MDM software. (Mobile Fusion works with Android and iPhone devices in addition to BlackBerries.) Peter Devenyi, senior vice president of enterprise software at RIM, says the company's offering will be "a containerized solution where one can wrap an application without the need to modify source code so you can run it as a corporate application and manage it as a corporate asset."
With app-wrapping tools, "you can put together a pretty complete, fully wrapped productivity suite that's encrypted and controllable," says Jeff Fugitt, vice president of marketing at mobile integrator Vox Mobile. But the technology has not been widely adopted.
Forrester analyst Christian Kane describes app wrapping as an "application-level VPN" that lets administrators set policies to determine what the app can interact with on the user's device or on the Web, and what access the app has to back-end resources. It also allows for remote wiping of the container, including the app and any associated data.
"Application wrapping is not mature," and the existence of competing architectures in this nascent market is holding back growth, says Gartner's Redman. But, he adds, app wrapping will eventually be more widely adopted when the technology is integrated into the larger and more established MDM platforms.
The downside to app wrapping is that each application must be modified, which means administrators need access to the app's binary code. That means some apps that come preinstalled on Android or iOS phones may not be supported. Also, implementations may work more smoothly with Android devices than with iOS because of problems getting binary code for apps sold via Apple's App Store. For this reason, wrapping tools tend not to work with iPhone apps. For example, Mocana's Mobile App Protection product doesn't support the email client on the iPhone -- or other built-in apps, for that matter.
Users can get access to the binary code for free iOS apps, but for App Store wares that must be purchased, IT needs an agreement to buy direct from the provider and bypass Apple's store.
Apple currently turns a blind eye to users who employ app wrapping or change apps bought from its App Store, "but by their rules, you're not supposed to do that," says Redman. "They could clamp down and not allow that, although so far they haven't." Apple declined to comment.
Cloud-based MDM Services on the Horizon
Mobile device management typically involves installing agent software on each user's device and setting up a server-based management console. Don't want to do it yourself? Service providers that help IT manage mobile devices and software are plentiful.
For example, integrator Vox Mobile offers a "managed mobility" service that includes comprehensive monitoring and reporting, Fiberlink offers MaaS360 for corporate email and documents, and mobile carrier AT&T introduced its cloud-based Toggle mobile management service last year.
With Toggle, AT&T installs a "work container" on each smartphone, which the user logs in to with a password. Administrators can then manage container policies by way of a cloud-based portal and app store called Toggle Hub. In the third quarter, AT&T plans to add the ability to run antivirus scans on all managed devices, as well as the ability to lock or wipe the container.
"More and more of this will move into the cloud. But today, it's still a small percentage," says Phillip Redman, an analyst at Gartner.
"Where this is leading is dual data plans on the same device," says Mobeen Khan, executive director of advanced mobility solutions at AT&T. "You will have a phone number for the container and one for your personal device."
Anthony Perkins, CIO for BNY Mellon's Wealth Management business, is excited about that prospect. "We're talking with Verizon and AT&T about phones with a SIM that has two phone numbers," he says. Those devices are currently in development, and Perkins says that carriers are telling him they will be available in just a few years -- AT&T declined to comment on availability. But whether the time frame is two years or 10, he says, "that's probably the direction we'll go."
— Robert L. Mitchell