As more consumer devices enter the workplace, IT shops are busy with the increasing complexity of enterprise mobility management (EMM) and its accompanying security policies. Luckily, mobile content management (MCM) tools are here to make life a little easier.
EMM has a number of components, each aimed at a different element of overall mobility management. The most visible, of course, has been mobile device management (MDM), which also has the longest history. With bring your own device (BYOD) programs, however, management of the device alone is no longer the focus of EMM. Rather, a significant shift to the management of sensitive information has taken place, as organizations have realized that employee mobility is all about remote access to network services and access to said sensitive data -- which is sometimes stored on that BYOD device.
The rapidly-increasing deployment of MCM gets to the heart of the key concern regarding mobility in the modern BYOD workplace: How can IT maintain a secure environment when corporate secrets are on a device that is not even owned by the organization? That's why MCM tools, often in conjunction with mobile application management (MAM) and elements of mobile device management (particularly with respect to configuration, software updates, malware mitigation and the like), have become so popular in recent years.
What is mobile content management?
At the core of MCM is an encrypted, managed container on the mobile device, sometimes referred to as a sandbox. This area of storage holds all sensitive information, with management and other policies defined by the owner of the data. Implementations run the gamut from traditional server-based software running in the organization's data center to desktop as a service (DaaS), a cloud-based virtual desktop setup that is easily scalable and paid for via a monthly per-user fee.
As noted above, local policies determine what a user can do with data in the container. This can vary with user role, group membership and even location, time of day or type of network. For example, common restrictions decide which applications may access protected data and whether it can be printed, copied or even emailed. Backups are automatic in many cases, lessening the workload for the user and improving integrity with no additional effort or expense.
In fact, except for dealing with the restrictions put in place by policy, end users have little to learn. All that is required is authentication, again subject to policy, and reviewing a few key features of the MCM tools. Of course, if a device is lost or stolen or a worker leaves the firm, any sensitive data can be deleted without affecting any other aspect of the user's device. Finally, given that data is always encrypted, information thieves seeking corporate secrets are likely to be disappointed.
What's the future of MCM?
Many suppliers argue that MCM is most effective when coupled with MAM, and this makes a lot of sense. The whitelisting and blacklisting functions of MAM increase security and integrity, decreasing the chance for an errant or malicious application to cause any harm, even beyond the container. Directory integration is included to simplify administration and eliminate opportunities for redundant or out-of-sync authentication and permissions information. Other features include content integration across multiple enterprise and cloud storage services as well as support for collaboration.
While it is very likely that MCM tools will form the core of future EMM strategies in many organizations, we're also seeing the roll-up of distinct elements of EMM that began as point-product innovations into comprehensive and far more useful offerings. This is driven in part by the desire for one-stop shopping and competitive pressures in an area of IT that is likely to become oversupplied in the near future.
Yes, this introduces the possibility of winding up with orphan products or services, but such is the history of IT. Regardless, MCM tools should be on the shortlist for deployment in organizations everywhere. Remember, it's not just about the device; much more importantly, it's about the data.