The number of personally-owned mobile devices that are showing up in the workplace continues to pose challenges for companies of all sizes. From basic security concerns to concerns about the compromise of intellectual property, the risks are not trivial matters. A 2011 study found that nearly half of all devices connecting to business applications were consumer-owned. That was a 10 percent increase over the previous year. The push is not only coming from the bottom up. By 2014, Gartner predicts 90 percent of organizations will allow personal devices and corporate applications to merrily coexist.
While network access control, or NAC, has been widely deployed, the newer kid on the block for managing mobile devices in the workplace is MDM, or mobile device management software. Not only is MDM use on the rise, but it is moving to the cloud, and it is being combined with NAC. As of June 2012, Gartner reported that 85 percent of MDM product buys were being used in-house on companies’ own servers, but the shift to the cloud was picking up because of how quickly users can be accommodated when using MDM in the cloud. The sale of MDM products is expected to grow between 15 and 20 percent each year for the next several years while sales of NAC products are expected to increase 10 percent during 2012.
According to an Osterman Research survey, nearly 70 percent of those firms going to a cloud MDM solution are doing so to get simpler administration and maintenance. Nearly 40 percent expect lower costs and 21 percent are doing it to avoid using their IT staff for mobile device management. While an MDM solution by itself may work for many companies, there are others that may need to incorporate NAC.
At its core, NAC is network-centered. When a mobile device tries to connect to the network the NAC software goes into action validating the device, its security scheme, and even the user. If all checks out, that is, it meets the established security requirements of the network, then the device is allowed to connect. Otherwise, it can’t.
MDM is device-centered. The MDM product installs client software on the devices that allow automatic and administrator control of them. The MDM solution keeps track of the devices and knows how many there are, where they are, and what they are. It automatically takes care of application updates and ensures the device data is encrypted. Because MDM solutions are device specific they, in effect, extend control of the devices beyond the walls of the organization. For example, if a device is lost or stolen, it can be remotely locked, or, its data can be wiped.
One reason NAC is being wedded to MDM is because it secures more than mobile devices. It also handles, PCs, printers, scanners, security cameras and anything else that needs to use, or be connected to the network. So, in the NAC/MDM world, NAC takes care of the network, including mobile device connectivity and conformance, while MDM extends the organization’s reach beyond its network and four walls, making it possible to protect organizational interests should the device become lost, stolen or compromised.
While owners of the personal mobile devices may not be enthused about the company having this level of control over them, the reality is that most will probably never know unless they read the fine print in their agreement with the organization that spells out the details of the relationship between their device and the organization’s network.
Some industry watchers say MDM is not handling Android well yet and that the industry will remain fragmented through 2015. In the meantime there is no shortage of vendors and options. Some leaders in MDM include MobileIron, AirWatch, Fiberlink and Zenprise, according to Gartner. In fact, Fiberlink recently announced a partnership with ForeScout where the two will be providing a cloud-based, NAC/MDM solution, which could be a harbinger of many more of these types of marriages to come.
Sources for this article: