The case against MDM

Value for money?

As prior posts in this blog have demonstrated, a basic MDM package represents only a fraction of the cost of provisioning mobile devices to employees. The security solution usually costs between $120-$150 per user, per year in the context of a total annual price of $1000-$1300 per user, per year (including device, voice, data and MDM).

CIOs nonetheless struggle to see the solutions as providing value for money.

“There is no way I could justify that sort of price for MDM,” said Vito Forte, CIO of Fortescue Metals.

“Any cost-benefit analysis around MDM hasn’t come close to stacking up for us,” said the client computing manager of one university in New South Wales.

“The ROI will take multiple years and quantifying those figures into a Benefit-Cost Analysis is too much effort,” said the IT manager at a WA-based engineering firm.

Dr McIsaac argues that “Airwatch, Mobile Iron and the like have grossly oversold their value.”

He feels MDM should eventually be bundled as part of every corporate mobile connectivity plan at little more than $0.50 per user, per month. Indeed, just as this blog goes to print, another of the MDM vendors have annnounced short-term discounts.

Cost offset

The costs of providing MDM can easily be cancelled out in a business plan, however, depending on the organisation’s broader enterprise strategy.

There exists a temptation for many organisations to use a “BYOD strategy” to remove the cost of provisioning smartphones and tablets to staff.

“We sometimes state a requirement in our job advertisements that staff must have a reliable vehicle,” said one IT manager, working in secondary education, at a Touch Tomorrow event. “Might we one day reach that point with computing? We say - here is a reliable standard of device, you need to meet it as part of your job description.”

MDM vendors argue that because their solutions and services cost comparatively less than the cost of provisioning a device, organisations can use a BYOD project to provide mobile access to applications for a greater number of staff than those currently on fleet plans.

But this assumes that the organisation’s CFO won’t view the BYOD policy as an excuse to bank any savings that result, reducing the total client computing budget rather than investing those cost savings in enabling wider enterprise mobility.

Mobile application management

As previous posts have demonstrated, basic MDM packages tend to cost less than the Blackberry Enterprise Server (BES)-based solutions deployed in the past. But extend an MDM solution beyond firmware and basic email, calendaring etc, and the solutions start to cost more.

Enter Mobile Application Management (MAM) — the concept of extending the security framework developed by the MDM vendors to other mobile applications.

MAM varies in complexity between the various solution vendors and has become the latest means of differentiation. Some users, such as the Rottnest Island Authority in Western Australia, have embraced these solutions to enable users to not only view documents in a secure mobile container, but also edit them.

Joe Robens, IT strategy manager at Australian export success Aristocrat, told iTnews he has avoided container solutions as he is a “big advocate for using the native features of the device.

“I don’t want a tool that detracts from the power of the device,” he said.

He believes Mobile Application Management is a more mature approach.

“We should be looking at what’s going to be on the devices, not think about protecting the device itself,” he said.

The right approach was for access credentials to apply to access to data, without any data resting on the device.

“It’s a different layer of security - a different thinking,” Robens said. “If we encrypt the data and applications, we’ve got security, regardless of whether its a fleet device or a BYOD device.”

But Robens cautions that MAM must be demand-led, and he has worked in relatively few organisations that have a genuine requirement.

“Things like app-wrapping - having those security features with the native feel - is certainly something I’d push towards when we get closer to needing it. But at the moment, there isn’t a demand. If the maturity isn’t there in your organisation, you’re doing it for the sake of doing it. We’d need a good business case to justify putting the time in to get it done."

Indeed, few CIOs found business units knocking down their door for mobile access to a wider set of applications.

Most said their mobility use cases rarely stretched beyond secure email and device management.

Andrew Cann, CIO at the West Australian Department of Sport and Recreation, said that in his experience with past employers, MAM features were found to be “extra options we didn’t need.”

“We could have considered TRIM integration [in addition to MDM],” he said, “but that couldn’t justify the extra spend.

“There is a limited number of third-party applications integrated with [MDM vendors] so far.”

SET-UP AND SUPPORT COSTS

Organisations deploying MDM also must bear the cost of setting up the solution. Even if the MDM solution is a cloud-based, subscription service, it nonetheless tends to require changes be made behind the firewall.

The CIO of an Australian retailer told iTnews that unless your enterprise has a large IT shop, some attention should be paid to the skills requirement.

“We looked at purchasing the software perpetually versus the cloud — we chose the former and actually ended up paying more in long run,” he said.

“There is a cost associated with setting it up and working it all out that is hard to calculate from the outset. If you can absorb that cost in your current headcount, that’s fine. But if you’re running lean like a lot of IT shops are, I’d be wary. A better approach would be to bundle MDM with your mobile contracts and pay per OpEx model.”

From there the organisation must consider the additional cost of each platform that needs to be supported under the enterprise mobility plan.

CIOs from several organisations seeking a new MDM solution told iTnews they were trialling Blackberry’s new device-agnostic Enterprise Server, in the hope that sunk costs in this infrastructure and associated skills might reduce the cost of supporting a greater variety of devices. But being that this new tool is new to market, the jury is still out on this product.

Most see Blackberry’s move as “too little, too late”, but are prepared to try out the tool in the hope of avoiding the cost of setting up a new infrastructure.

The cost of supporting each additional mobile platform, above and beyond the devices an organisation might provision, is where many CIOs feel the rubber will hit the road.

No studies have been done to date on the additional cost of supporting each new mobile platform.

Bankwest, one of WA's biggest and most innovative IT employers, supports BYOD and the IT department "advocates flexible working options" for staff, according to CTO Nick Lewins.

The bank provides staff a standard Dell laptop with a standard operating environment (SOE) that makes connecting within its activity-based workplace a breeze, and also a choice of Samsung Galaxy 4s or Blackberries.

But staff can choose to access their corporate applications via BYOD laptops using virtual desktop infrastructure (VDI) access or email from other smartphones using a containerised MDM solution. Staff that insist on using BYOD devices can recoup around $30 per month in their expenses.

While Bankwest provides support for the devices it provisions, the VDI access and containerised mobile solution, this doesn't mean (and perhaps shouldn't) that staff can take a BYOD device to the helpdesk and expect hardware or other software support.

None of the CIOs canvassed for this study said they intend to provide hardware support to mobile devices owned by staff.

Dr McIsaac has a simple solution for those that are burdened with this issue. He recommends IT shops set a minimum standard of one or two mobile operating systems, rather than devices, and keep in stock a few devices that represent the absolute lowest common denominator for each of those platforms.

That way, when a staff member seeks support for their own choice of device, the IT department can offer an inferior smartphone or tablet for a two or four week period to ensure staff remain productive, but leave the onus on the staff to have their choice of device fixed elsewhere.

Somewhere along the line, Forte stresses, users have to understand that BYOD is a "program of choice" for which support is limited.

Have you investigated the cost of supporting multiple mobile devices? Do you provide hardware or applications support on BYOD devices? Have your say on our enterprise mobility survey.