Mobile Device Managers (MDMs) make a lot of sense when you are trying to control whom can access your enterprise network and applications from particular phones and tablets. But to effectively evaluate these products, you should first consider what exactly are you trying to control: the apps on particular devices, the pairing of a user with his or her device, the device itself, or the collection of files on each device. Each MDM has a somewhat different perspective, and has strengths and weaknesses in terms of what it can control best.
In my review today for Network World, I looked at six different products: AirWatch (pictured above), Apperian’s EASE, BlackBerry’s Enterprise Server 10 (BES10), Divide, Fixmo, and Good Technology’s Good for Enterprise. No single MDM product won this review; all had serious flaws that would prevent them from being successfully deployed, depending on your circumstances.
The need for better mobile security is obvious: witness this story from last year about a hospital volunteer taking pictures of patient records with his phone and them selling them. Sadly, most current MDMs still wouldn’t be able to prevent something this overt.
The MDM arena is still pretty immature, akin to where the anti-virus world was decades ago. Security profiles are somewhat clunky to install and administer and some vendors don’t support vintage versions of iOS or Android. Topping this off: once you find phones that have been compromised, there is no easy way to return them back to a pristine condition, largely through the fault of the mobile OS vendors.
Expect to pay between $20 to $75 per user or per device per year, which can add up if you have a lot of phones to protect. Few vendors are transparent about their pricing (Airwatch and Blackberry are notable exceptions).
Good and BlackBerry do the best jobs of protecting your messaging infrastructure, so if that is the primary reason for picking an MDM product you should start with these two. Divide had the most appealing management console and overall simplest setup routines, and also supports licensing unlimited devices per user. And Apperian is great for corporations that have developed a large collection of their own apps and want a consistent set of security policies when deploying them.
You can see the full range of screenshots for my review in this deck.
Interestingly there is another side to MDM for carriers as well who have a real headache supporting customers. One such is AetherPal. Nokia Siemens also has a product.
David – do you have any experience and perception of Windows Intune as a MDM?
Experience — just using the AV features on desktops.
Perception — doubt that it has the features of the other products that I have tried.
Hi David, what did you think of Fiberlink (now IBM’s) maas360.com?