The difference between mobile management policies and technologies may come down to degrees of control, but deploying the wrong strategy can cost companies monetarily and kill employee morale.
When bring-your-own-device (BYOD) strategies first emerged several years ago, many corporations made device wiping a key goal; after all, the ability to delete data from an employee's smartphone or tablet appeared, on the surface, to be the best way to stop leaks or the misuse of sensitive information.
So, as employees, particularly senior-level workers, began demanding mobile devices for business use, IT often turned to either company-owned hardware or restrictive mobile device management (MDM) software.
Mobile Device Management
MDM allows IT to remotely enroll an employee or corporate-issued cell phone, tablet or other device and then track it, manage it and secure it through a profile specific to that employee and their tasks.
MDM lets a company provision and configure Wi-Fi access, install and manage enterprise apps such as email, and address any problems that arise on a device. It also allows IT to enforce device security, which can include locking out a device and wiping data if it's lost or an employee leaves a company.
(MDM policies typically involve having an employee sign an agreement allowing the company to delete data under those circumstances.)
One hitch in that scenario: Most employees are happier using their own mobile devices and don't like the idea of all their data, including personal photos and messages, being deleted.
Not only can MDM be overly invasive, it can also be wasteful. Many companies often over buy MDM software, expecting to use licenses for all employees. But they end up using licenses for a far smaller percentage of workers, according to research firm Gartner.
Mobile Application Management
There's a more targeted solution: mobile application management (MAM). This strategy locks down enterprise applications and the data associated with them -- not the devices themselves.
In short, MAM allows a company to control access to business applications and the content associated with them without controlling the entire physical device.
While corporate email is the most widely deployed form of MAM, employees may also be given secure access to a menu of applications, such as sales support, cloud storage or collaboration tools. Features such as copy and paste can also be limited, preventing employees from sharing corporate data with unapproved applications.
MAM allows IT to control just the access to and features of applications. That way, if an employee loses a device or leaves the company, the access to applications and business data can be removed from the smartphone, tablet or laptop, leaving personal data intact. MAM also allows applications to be remotely updated with new features and patches, making it easier to address new security threats quickly.
Sign up for CIO Asia eNewsletters.