Mobile device management (MDM) is an essential component of any sensible bring-your-own-device (BYOD) strategy. While having a degree of control over mobile devices used for work purposes is useful, it's important to recognise the limitations of the approach. The biggest one? What you can control is limited and constantly changing.
Mobile picture from Shutterstock
Because mobile device platforms vary in the degree to which they allow third-party software to control what happens on the device, that creates an immediate limit to how much you can effectively put into an MDM platform. Apple is the most obvious offender in this area -- iOS is effectively a sealed platform -- but it's a challenge for other devices as well.
Forrester analyst Tyler Shields puts this neatly in a recent blog post:
The available functionality is limited to those application programmer interfaces that are made available by the operating system vendor (Google or Apple). There is very little that traditional MDM offerings can do to differentiate themselves from the other 100+ vendors in the market.
Shields suggests that as a result, prices for MDM software will be on a continuous downward spiral, and many vendors will end up offering the basic services for free: " MDM should be free. I've been telling all of the vendors that I work with that if they don't put out their MDM offering in a freemium model very shortly, the other vendors will beat them to the punch. "
Yet even if a company does choose to offer basic MDM as part of a broader service it can pay for, the restriction on what you can on particular platforms still remains. Microsoft remains a good case in point. Earlier today, it announced expansions to its Intune subscription-based management platform, which includes new management functions for iOS devices. Here's how the announcement described it:
Support for new configuration settings in iOS 7, including the "Managed open in" capability to protect corporate data by controlling which apps and accounts are used to open documents and attachments, and disabling the fingerprint unlock feature.
The MDM features in Intune are indeed part of a broader mix that's worth paying for, rather than something sold on their own, just as Shields suggests. But it's very difficult to incorporate those features in time for device releases when the device comes from Apple. While much of what iOS 7 contained was evident in public betas, and the security features of the iPhone 5S were widely rumoured ahead of launch, rumours don't make for proper software management planning. Apple has no particular interest in developing enterprise-centric features, and there are still some aspects of iOS that are difficult to effectively manage remotely.
None of that means MDM isn't worthwhile. But we shouldn't kid ourselves that we can ever return to the total lockdown of the PC era. We can't.
Evolve is a weekly column at Lifehacker looking at trends and technologies IT workers need to know about to stay employed and improve their careers.