Bring-your-own-device (BYOD) has emerged as an institution in corporate America today – but does the acronym stand for bring your own device or bring your own disaster? Surveys show that up to 90 percent of corporations use some form of BYOD, but that up to 80 percent of BYOD activity is “inadequately” managed by IT departments. Gartner estimates that over the next five years, two in three companies will add a mobile device management (MDM) solution. Meanwhile, Osterman Research highlights that this surge in MDM activity will double IT costs for managing devices year over year.
So, is MDM the answer to controlling end-user device anarchy or is it simply a way for IT to deliver a short-term, feel-good fix?
The problem is: MDM isn't a security system. It's a policy and configuration management tool. MDM manages “some” of the applications and “some” parts of the device OS. However, due to OS limitations, ongoing change and fickle BYOD user behavior, MDM is not a security sure thing. For example, Android devices don't support native encryption, and MDM platforms require the use of third-party device add-ons to plug the gap.
So is there hope for a happy medium between corporate IT and BYOD? MDM platforms are evolving to become more complete content and document management systems and, where necessary, to focus on app-specific containers. IT is becoming more enlightened and starting to supplement MDM with additional security in the form of identity management and data rights management. IT is also moving to take a more active role in BYOD by separating devices into distinct trusted, tolerated and unsupported classes.
MDM has existed for more than 15 years, but its longevity and legitimacy are being challenged by BYOD. What comes next? Only time will tell.
