BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
MAM software enables IT administrators to apply and enforce corporate policies on mobile apps, and to limit the sharing of corporate data among apps. It also enables the separation of enterprise apps and data from personal content on the same device. Other common MAM features and capabilities include software delivery -- often through an enterprise app store -- software license management, app configuration, inventory management and application lifecycle management.
Why mobile application management is important
Mobile application management provides IT administrators with a more granular way to control and secure corporate data, which is important in the era of bring your own device (BYOD).
Traditionally, IT departments relied on mobile device management (MDM) software, which provides device activation, enrollment and provisioning capabilities, remote wipe, and other device-level functionality. This approach sufficed for scenarios in which an organization purchased mobile devices for employees who used them only for work-related matters.
But after Apple released the iPhone in 2007, followed by the release of Google Android-powered smartphones, more employees began using their personal devices for work. Many of these employees were reluctant to allow their IT departments to remote wipe their personal devices, blacklist certain apps or use other MDM capabilities.
As enterprise mobile tech evolves, it needs to be carefully managed.
As the workforce grew more tech savvy, it became more difficult for organizations to completely block end users from doing work on personal devices. As such, these devices went unsecured, which created an enterprise risk.
MAM emerged to help solve this problem. It enables IT administrators to apply and enforce policies only on specified apps that access corporate data, leaving personal apps and data untouched. Some of MAM's functionality is similar to that of MDM. With MAM, IT can remote wipe an app, but not the whole device, as is the case with MDM, for example.
How MAM works
There are several different approaches to mobile application management.
Software development kits (SDKs) and application wrapping. These methods involve additional code being added to an app, either during – SDKs -- or after -- app wrapping -- the development process. This code connects the app to back-end MAM software, enabling IT administrators to apply and enforce policies on the app and take other measures to protect its data.
Containerization. This approach, also known as application sandboxing, isolates an app or group of apps from other apps on a device. Data within this isolated area, known as a container, cannot leave, and apps within the container cannot interact with those on the outside. An extreme example of containerization is dual persona technology, which creates two completely separate user interfaces -- one for work and one for personal use -- on the same device.
Device-level MAM. A more recent development in the MAM market is the ability to control and secure apps through the MDM protocols built into mobile operating systems. Apple's Managed Open In feature, introduced in iOS 7, gives IT the ability to control how apps share data with each other. An admin can prevent a user from taking a document received in their corporate email app and uploading it to a personal cloud storage app, for example.
Google Android uses sandboxing to create a secure, managed work profile that contains corporate apps and data on personal devices. Samsung offers similar capabilities on its Android devices through its Knox technology.
The major drawback to app wrapping, MAM SDKs and third-party containerization is that they do not always work across all mobile apps, operating systems and devices. The wrapping and SDK approaches require access to an app's source code, which is not always available -- especially for apps in a public app store. And Apple does not allow developers to abstract apps from iOS, which containerization and dual persona require.
In response to this challenge, a group of enterprise mobility management (EMM) vendors formed the AppConfig Community in 2016. AppConfig aims to ensure more standardized use of MAM by promoting the use of the MAM features built into mobile operating systems over the use of third-party MAM technologies.
MAM vs. MDM and EMM
Mobile application management was available as a stand-alone product from several vendors in the early days of the BYOD era. As the market matured, however, major enterprise software companies acquired stand-alone MDM and MAM vendors and began bundling their products. This collection of technologies is now known as EMM.
Although there was some MAM vs. MDM debate at first, it is now common for organizations to rely on a combination of the technologies to meet their security and IT administration requirements. An IT department may use MDM to enforce basic security measures, such as the use of a device passcode, and may also rely on MAM to prevent data leakage from corporate apps, for example.
Major vendors and products
The 2017 Gartner Magic Quadrant for EMM named four vendors as market leaders: VMware, MobileIron, IBM and BlackBerry. Other major vendors include Citrix and Microsoft. All of these vendors offer mobile application management as part of their EMM suites.
There are still some vendors that focus solely on MAM or enterprise app stores, as well, including Apperian -- owned by Arxan -- Appaloosa and App47.