This content is part of the Conference Coverage: Citrix Synergy 2016 conference coverage

IT sees benefits in standalone mobile app management

Standalone mobile app management gives IT advantages around app wrapping, app-level encryption and controlling content of employees' devices not enrolled in MDM. Plus, it gives users more privacy.

IT has taken a liking to mobile app management because of its less invasive approach to security.

Users can take issue with mobile device management (MDM) software, because it gives IT full control over their smartphones and tablets -- raising concerns regarding their privacy. Mobile app management (MAM) eliminates that problem because it gives IT control over only the corporate apps on a device. MAM is a component of enterprise mobility management (EMM), and most large vendors in that market do not offer the technology as a standalone product. But Citrix will when it releases XenMobile 10.3.5 this month.

"Standalone MAM is an awesome idea," said Matt Kosht, an IT director at a utility company in Alaska. "People don't want their personal devices to have all this junk on it. And employees still have concerns, such as IT knowing all the apps they install."

After Kosht's company upgrades to Citrix XenMobile 10.3.5, it plans to implement the MAM-only offering for most of its employees. MDM can be overkill on users' personally-owned devices, because IT is only concerned about corporate data rather than the whole device, Kosht said.

"I don't care about the device itself," he said. "I care about the data on the device. I will only focus on the apps that have our data on it, and that is more palatable to an employee."

One issue with MDM that can be tough to deal with, for example, is when IT needs to wipe a device. An employee could lose some or all personal content -- contacts, photographs, et cetera  -- if IT does a full device wipe using MDM.

"Not everyone is sold on MDM," said Stephen Monteros, vice president of business development and strategy at SIGMAnet, a Citrix partner based in an Ontario, Calif. "It's a lot on the devices, it's a hassle administrating it, and that's why a lot of places just don't have it."

With MAM, IT can wipe individual apps and leave personal content alone. MAM also allows IT to individually wrap apps to secure corporate data without taking control of the entire device. That approach also means employees don't have to enter MDM account credentials to access their devices.

"The additional layer of security is important," said Jack Narcotta, analyst at Technology Business Research in Hampton, N.H. "MAM is a very prominent driver of what's happening in enterprise mobility strategies."

Standalone mobile app management

Citrix XenMobile 10.3.5 includes typical MAM features, such as app wrapping and selective app wiping, plus a "self-destruct" policy to erase managed apps after a certain amount of time if a device is lost or stolen. XenMobile's MAM-only option also lets IT take advantage of more than 50 other app-level policies. IT does not have to enroll a device to take advantage of the mobile app management capabilities, because they are separate from MDM.

MAM is a very prominent driver of what's happening in enterprise mobility strategies.
Jack Narcottaanalyst, Technology Business Research

When PostNL, the Netherlands' mail delivery service, decided to implement MAM, it chose a standalone offering from Boston-based Apperian. PostNL already had another vendor's MDM in place to manage the industrial devices that drivers used to collect signatures and perform other delivery tasks. But the company's IT leaders wanted a lighter touch for other use cases, most of which are BYOD scenarios.

"We did not want to manage the devices of our employees, because they're not owned by the company," said Babs Meelhuysen, PostNL's service portfolio manager. "We just want to manage the apps."

PostNL uses Apperian, which does not offer MDM, to sign and deploy enterprise apps to users' devices. The company plans to eventually use the product to enforce policy on specific apps as well, Meelhuysen said.

The case for MDM

Built-in MDM features in the major mobile OSes in recent years have minimized the need for third-party MDM software, Kosht said. Four years ago, for example, neither Apple iOS nor Google Android devices required a PIN, and they didn't have built-in encryption features. Apple added both of those features as of iOS 8, however, and Google and Apple have continued to build on their management and security features built into the OSes.

There are still scenarios where it's better to use MDM, however.

Kosht's company plans to use XenMobile MDM for its corporate-issued iPads equipped with credit card readers, to protect customers' financial data as much as possible. Because they are single-function corporate-owned devices, there is no personal privacy issue on the user side.

"Those are going to be heavily locked down," Kosht said.

Editorial director Colin Steele contributed to this report.

Next Steps

IT embraces common mobile app management features

Management features in the new Citrix XenMobile 10.3

How IT can use Citrix XenMobile for EMM

Dig Deeper on Enterprise mobile app strategy