The case against MDM

Many Australian organisations that have embraced the first generation of mobile device management solutions have found them lacking in maturity and offering a poor user experience, according to 25+ CIOs interviewed for ‘The True Cost of MDM’ solutions study.

As described previously in this blog series, Mobile Device Management solutions hit the spotlight over the past four years as IT managers grappled with a rush of new consumer devices being brought into the workplace built on software platforms (iOS, Android) for which there was a distinct lack of management tools.

Organisations concerned about the nth degree of IT security on mobile devices — such as banks and government authorities — have used MDM solutions extensively in an effort to embrace a BYOD strategy or some other program of device choice whilst securing corporate applications and data.

But a large number of enterprise IT buyers — including DEEWR and Australia’s Department of Treasury — have pulled out the first generation of MDM solutions they purchased to manage these devices and have actively sought out new alternatives. Several others told iTnews they were on the cusp of doing the same.

Nearly all of the CIOs canvassed for the study expressed concerns that there was a lack of maturity in the enterprise mobility management solutions on the market today.

Concerns ranged from:

• Poor performance and end user experience
• Concerns over value for money
• Greater complexity in terms of setup and support

I’ll explore each in turn.

THE END USER EXPERIENCE

The primary reason for dissatisfaction with the current crop of MDM solutions concerns the end user experience.

The first generation of MDM solutions applied controls at the firmware level and have been deemed inappropriate for BYOD deployments as the solutions give IT administrators the ability to disable or wipe personal data as well as corporate data. The crudest among them also require the device to be set-up by the IT department rather than over-the-air.

Similarly, MDM solutions that rely on security features of the mobile ActiveSync protocol to secure email are not only adding little value, but deemed by some security experts (the DSD, among them) to be at risk from man-in-the-middle attacks.

Security-conscious IT managers have opted instead for containerised solutions, in which mobile applications such as email are viewed in an isolated ‘container’ on a user’s device, with native features of the device (such as copy and paste or even forwarding of emails) locked down for data within the contained environment.

One local council IT manager told iTnews he opted to go as far as using these solutions to prohibit users from sending emails from the device, allowing them only the option of reading corporate email when out of range of the company’s Wi-Fi network.

While these solutions tend to narrow an organisation’s risk profile, a cursory glance at user reviews on the Apple App Store and Google Play Store suggests the containerised solutions come at a cost in terms of the end user experience. Some comment that they’d prefer to go back to two devices — a corporate Blackberry and a personal iPhone/Android device — if it meant enjoying the native experience of their device of personal choice.

As Deloitte CIO Tim Fleming explained in an interview for this study:

“If you’re giving end users an email client that comes as part of the MDM solution, it is instant legacy, in my opinion. If a new version of iOS7 comes out with new features in the email client, your staff can’t use it because you’re stuck with what you purchased as part of the MDM.”

CIOs and IT Managers attending the Touch Tomorrow roadshow around Australia were each asked to list the drivers behind their enterprise mobility projects. In highly competitive industries — such as banking and financial services or oil&gas — attracting the next generation of worker (or retaining good staff) were often listed in the top three drivers. One IT manager in the finance said the cost of training a new graduate was calculated as being equal to six months of wages. There is clearly pressure on to keep these users happy.

IBRS analyst Dr Kevin McIsaac saw this as an indication that “user experience is king.”

“Everything else comes second,” he said.

“If you use MDM to lock down mobile devices to such a degree that it is no longer enjoyable to use and if users hate the email client, you won’t see adoption. There has to be a balance between user experience and security."

Read on for what CIO's think about the cost of MDM solutions, and the model organisations like Bankwest use to determine what level of support to provide for BYOD.