Sergey Nivens - Fotolia


MAM ensures mobile data security in ways MDM can't

IT can add several important controls through mobile application management, such as app wrapping, containerization, lifecycle management and enterprise app stores.

With many enterprise employees working on personally-owned mobile devices, IT needs app-level management to secure data and measure applications' success.

Mobile app management (MAM) is a key component for any organization seeking to implement a broader enterprise mobility management (EMM) initiative. MAM is sometimes offered as a standalone service as well.

Initially, the mobility management market was comprised solely of mobile device management (MDM) tools. Then MAM and mobile information management came along. MDM deals with provisioning, enrolling, wiping and locking down devices, whereas MAM provides granular support for app tracking and analytics, software provisioning, lifecycle management, access control and security. As more specific and specialized management tools emerged, some vendors put all those capabilities into one product and called it EMM.

Device and application management work well together, but they do not replace each other. MAM can supplement a productive mobile deployment by managing a level deeper -- and arguably more critical to business workflows -- than just the devices. For IT and end users, MAM provides controls, security and analytics on a device-agnostic basis.

Why use MAM?

The granular control MAM affords is an ideal management tool for organizations that support a bring your own device (BYOD) program. In the event of a security or data breach, an IT administrator can wipe the data from a MAM-controlled application without touching an end user's personal information elsewhere on the device. This approach benefits IT and users. Admins control the flow of business information, and there are established limits to what they can and can't do to users' personal devices.

MAM is a win-win for organizations because it gives IT control without interfering with users' devices.

Once an organization determines which applications are for official work purposes, it can use MAM to enforce policies around those applications. (MAM platforms can cover internally-developed and third-party applications.) IT can blacklist or whitelist applications, which lets admins control which apps employees can and can't use for work.

Some MAM platforms give IT the opportunity to create and develop a custom enterprise application store where employees can choose from apps IT has already approved. Admins can assign groups of applications to specific groups of users. And the application stores offer many features employees may be familiar with as consumers, including application descriptions and user ratings. More advanced features for a custom app store include custom branding and single sign-on integration.

One significant benefit of MAM: Alongside other aspects of an effective EMM platform, it can constantly monitor the security and usage of a given enterprise application. For instance, MAM tools can detect if a user has deleted or needs to update a required app.

What MAM can do

For devices running Apple's iOS operating system, there is a built-in MAM capability called Managed Open In, which gives IT more control over the movement of data among the many applications installed on users' devices. The feature, which debuted in iOS 7, can limit which applications workers can use to open certain file types, which stops them from transferring data between managed and unmanaged applications. Organizations can also integrate MAM with bulk application purchases, such as through Apple's Volume Purchase Program.

Apple's Managed Open In feature ties into Configuration Profiles, allowing iOS administrators to set and enforce policies regarding user access to specific data through specific applications.

MAM also helps with application lifecycle management (ALM). This process tracks an app's features and usage, as well as any changes to it from the initial planning and implementation phases to its retirement. ALM lets IT test an application's performance and usefulness to determine if workers should continue to use it or if it should be replaced.

In addition, mobile app management provides IT the ability to track and maintain application licenses amongst users in an organization to ensure compliance, and to regain the licenses once a user leaves an organization. IT can also push updates and notifications to managed applications through a MAM admin console.

There are several ways IT can implement MAM, mostly falling into two categories: containerization and application wrapping. With containerization, mobile data security and management features are built directly into applications. This keeps the data within those applications in the confines of a specific management platform. For end users, containerized applications that are properly coded should provide a similar experience to non-containerized applications.

With application wrapping, a management vendor provides mobile data security features that IT can put on top of the application's code after the app is built. This may be a better option for IT shops with limited resources, because it does not require any development capabilities.

MAM isn't the be-all and end-all of mobility management, but it has grown increasingly important as a device-agnostic approach compatible with the diversity of device types found in BYOD programs and organizations' reliance on mobile applications for critical productivity processes. MAM is a win-win for organizations because it gives IT control without interfering with users' devices.

Next Steps

Is MAM worth the extra cost and complexity?

Is it time to merge desktop and mobile app management?

How much do you know about mobile data security?

Dig Deeper on EMM tools | Enterprise mobility management technology