Mobile Application Management (MAM)
Mobile Application Management (MAM) is a term that refers to software and services used to secure, manage and distribute mobile applications used in enterprise settings on mobile devices like smartphones and tablet computers. Mobile Application Management can apply to company-owned mobile devices as well as BYOD ("Bring Your Own Devices"). MAM solutions typically offer a variety of capabilities and services, including application delivery and software licensing, application configuration, app authorization, usage tracking and [[Application_Lifecycle_Management_(ALM)]|application lifecycle management (ALM)]].[1]
In tandem with mobile device management (MDM), MAM is part of a larger field that provides more control over a device's specific operating system (OS) and firmware settings. Both security management practices have emerged with the common use of smartphones in personal and business situations. Specifically, MAM and MDM are emerging enterprise security components because of a phenomenon known as Bring Your Own Device (BYOD), where many employees use their personal devices to access company data, or use company-issued devices in ways that have the potential to jeopardize data assets. In struggling with the [^BYOD-Bring-Your-Own-Device|BYOD] movement and mobile security, businesses are trying to limit unauthorized use of internal data without harming the job function capability of their employees. For example, if a sales force has critical internal information in a remote database, and the company can save money by allowing sales professionals to use their personal smartphones in sales/client interactions, the company still must try to ensure that these devices are locked to unauthorized viewing or data theft. MAM focuses on locking down mobile apps, allowing more secure information access. An example is the use of auto-login password technology. As with laptop or desktop computers, many mobile device users can set their devices up to remember individual app passwords. This streamlines logins but also means that another individual has the ability to go straight into a mobile app to view sensitive company data. MAM may include controls and techniques that disable or prevent auto-logins, allowing individual apps to be built with better overall security.[2]
With a MAM system, the company can have control over what mobile apps it provides to employees, when those apps are updated, and when they are removed from devices. Generally, MAM will incorporate an enterprise app store that is similar to the typical app store on a mobile device for the purposes of supplying updates and adding and removing apps from use. This also allows the company to keep track of how the app performs and how it is used. In addition, the system administrator will be able to remotely remove, or wipe, all data from these applications. The major features of a MAM system include delivery, updating, wrapping, version and configuration management, performance monitoring, tracking and reporting, event management, usage analytics, user authentication, push services, crash log reporting, and user authentication. As mobile devices become much more widely used in the business world, being able to employ these features across a range of devices and operating systems becomes a much more pressing issue. MAM offers a simple solution to this problem.[3]
History of MAM[4]
Enterprise mobile application management has been driven by the widespread adoption and use of mobile applications in business settings. In 2010 International Data Corporation reported that smartphone use in the workplace will double between 2009 and 2014. The “bring your own device” (BYOD) phenomenon is a factor behind mobile application management, with personal PC, smartphone and tablet use in business settings (vs. business-owned devices) rising from 31 percent in 2010 to 41 percent in 2011. When an employee brings a personal device into an enterprise setting, mobile application management enables the corporate IT staff to download required applications, control access to business data, and remove locally cached business data from the device if it is lost, or when its owner no longer works with the company. Use of mobile devices in the workplace is also being driven from above. According to Forrester Research, businesses now see mobile as an opportunity to drive innovation across a wide range of business processes. Forrester issued a forecast in August 2011 predicting that the “mobile management services market” would reach $6.6 billion by 2015 – a 69 percent increase over a previous forecast issued six months earlier. Citing the plethora of mobile devices in the enterprise – and a growing demand for mobile apps from employees, line-of-business decision-makers, and customers – the report states that organizations are broadening their “mobility strategy” beyond mobile device management to “managing a growing number of mobile applications.”
Why is the MAM marketplace so confusing?[5]
Like any emerging technology area, different aspects of MAM (and EMM in general) arrived at different times, and there was a lot of hype and marketing messages that could lead to confusion. Let’s take a look at how this unfolded. With the launch of the iPhone in 2007, enterprise mobility went from an orderly realm where a company could standardize on corporate BlackBerrys to the Wild West of iOS, Android, and BYOD. Early iOS and Android devices had very few enterprise security and management features, and the resulting hand-wringing was inevitable. Soon enough, though, the first enterprise-oriented third-party email clients arrived on the scene with NitroDesk TouchDown in 2008 and Good for Enterprise in 2009. These apps could provide an island of trust on otherwise unmanaged devices. Then in 2010, mobile device management as we know it arrived on the scene with iOS’s over-the-air enrollment and configuration capabilities and Android’s Device Administration API. This was a huge step forward! But while some people were overjoyed and thinking, “Hurray, we can finally turn an iPhone into a BlackBerry,” many users didn’t like the idea. Around 2011 and 2012, there was a lot of debate between using MDM and using third-party enterprise email clients, which by that point had evolved into full-fledged MAM. The result? A lot of confusion. (Plus, even within MAM itself there were debates between SDK and app wrapping approaches.) By 2013, the debate settled down, and most EMM vendors began to offer both MDM and MAM. However, the quiet period didn’t last long, as the idea of using devices with MAM features built directly into the OS (instead of into apps) began spreading. There were some earlier efforts at this that never really got much traction, so built-in MAM features really started getting attention with iOS 7 (in 2013), Samsung Knox 2.0 (in 2014) and Android for Work (announced in 2014, first available in 2015, and still spreading today). The initial reaction to these built-in MAM features (which actually rely on MDM underneath) was to wonder about the future of MAM features that get built into apps. To a significant extent, that debate and the resulting confusion still exist today. Other newer technologies like virtual mobile infrastructure and cloud access security brokers are also at times positioned as alternatives to MDM and MAM, leading to further debates.
MAM vs. MDM[6]
Mobile device management and mobile application management are two of the more popular technologies for enabling secure smartphone and tablet use in the enterprise. They have different use cases, but some of their features overlap, and more vendors are combining the two technologies into single products. That means mobile device management vs. mobile application management isn't necessarily the discussion for the IT department; instead, it should be the users' needs, the organization's security and compliance requirements, and other factors, that decide which technologies will best help meet those objectives. It may be one technology or the other, but it may also be a combination of both.
Mobile device management (MDM) takes a full-device approach to securing and controlling smartphones and tablets. IT can secure access to the device by requiring the use of a passcode and keep sensitive data out of the wrong hands by remotely wiping a lost or stolen device. Other basic features of MDM tools include the ability to enforce policies, track inventory and perform real-time monitoring and reporting. The problem with MDM is that the full-device approach can be too heavy-handed in an era where employees, not their employers, own their smartphones and tablets. Users may wonder, "If I only use my phone to check email at night, why do I have to enter my work password every time I want to use the phone?" or, "If I lose my phone, why does my IT department want to remotely wipe pictures of my dog?"
Mobile application management (MAM) offers more granular controls. MAM gives IT the ability to manage and secure only those apps that were specifically developed to work with a particular MAM product. In the example above, IT could wipe or cut off access to the employee's corporate email without deleting his dog photos. In fact, IT wouldn't even know the dog photos were on the device in the first place. Admins can also use MAM to deploy apps and limit the sharing of corporate data among apps. But MAM has its own challenges as well. Because every app requires unique coding to work with each individual MAM product, the availability of apps for a specific platform can be limited.
Mobile Application Management (MAM): Pros and Cons[7]
- Pros
- Legal can clearly distinguish what information is contained on the phone that has any type of corporate or sensitive data on it.
- Policies are pushed only to the container; user experience is not impacted for the entire phone.
- The phone itself has a clear distinction of personal and corporate protections.
- The ability to protect a smaller landscape and support more devices becomes a realization.
- Can develop applications within the container and support the ability for single-sign-on and other components all within the self contained encrypted volume.
- Cons
- Loss of native apps and the “look and feel” of what the user is typically accustomed to.
See Also
Mobile Application
Enterprise Mobility Management (EMM)
Mobile Content Management (MCM)
Mobile Device Management
Mobile Information Management (MIM)
Enterprise Mobility
Mobile Security
Bring Your Own Device (BYOD)
References
- ↑ Definition of Mobile Application Management (MAM) Webopedia
- ↑ Explaining Mobile Application Management (MAM) Techopedia
- ↑ What is Mobile Application Management (MAM) Kony
- ↑ History of Mobile Application Management (MAM) Wikipedia
- ↑ Why is the MAM marketplace so confusing? Jack Madden
- ↑ MAM vs. MDM Techtarget
- ↑ Pros and Cons of Mobile Application Management (MAM) TrustedSec
Further Reading
- The Future of Mobile Application Management (MAM) Wired
- Mobile application management (MAM) has put MDM in its place NetworkWorld
- The Battle Between MDM and MAM: Where MAM fills the Gap Infosys
- EMM vs. MAM: Are We Doing Mobile Security All Wrong? TechRepublic