MIM – For The Win

by Brian Katz on March 5, 2012 · 6 comments

A few months ago I wrote a blogpost about how MDM (Mobile Device Management) had died. It was a slow painful death, but it was justified as it brought forth MAM (Mobile Application Management) and would lead to MIM (Mobile Information Management). Since that time I have had a lot of interesting discussions with many people on this topic but a recent tweet chat made me want to visit it again. I had been tweeting with Brian Reed, an amazingly smart person in the enterprise mobility management arena, and we seemed to be in violent disagreement. Brian was firmly on the side that you can’t get rid of MDM but you needed to build policies to protect devices. I was clearly on the side of MDM is dead and should be buried soon enough. Let’s move onto MAM and then MIM.

It’s easy to see where Brian is coming from. He has been eating, breathing and living MDM for the past few years through his company when there were no other options. You basically had the blackberry that was completely locked down and a bunch of Windows Mobile Devices that might be using ActiveSync. It was an easy life until the iPhone led to the birth of the smartphone and people wanted to be able to do their work from anywhere with any device.

Until a little more than a year ago, there were no other choices than MDM. Everyone was operating from a legacy mindset that you had to control the device. If there was corporate data on a device that the user possessed it had to be completely locked down and protected. This was a reasonable way of thinking because it was what you did with desktops and laptops. There was no other model to crib from.

The issue with this model became apparent with the advent of the Consumerization of IT (CoIT) and the clamor for Bring Your Own Device (BYOD). If people were bringing their own device and were paying for it themselves, could you really just wipe all the data from it if there was an issue? Could you invade someones privacy by knowing there location? Was it acceptable to limit what the user could do with their own device, especially on their time? These are all great questions and they had to be answered. MDM started to become more flexible. They worked with the OS and OEM providers to incorporate more pieces so they could do partial wipes and decide how much they wanted to own the phone. The issue here was that MDM still looked at it from a device perspective, a perspective that was difficult to justify when the business does not own the device.

Along came MAM, which started looking less at the device and more at the applications that were on the device. If you can control the applications that work with the business data, you no longer have to own the whole device. you can own just the pieces that work with the enterprise data. This is where the arguing starts. From an MDM vendor’s point of view, they should incorporate some MAM functionality but still be principally managing the device because that’s what’s more important. Their thinking goes that if we incorporate MAM we can write policies around the applications and fit them into our device view.

Quite frankly, this will eventually lead to complete failure to those companies that think this way and don’t start to pivot towards leading with MAM which includes MDM features. Once you understand that the current features set of MDM is just that, a set of features that you can incorporate in to MAM and then into MIM you are on your way. Policies shouldn’t be written in reference to devices. They should be written in reference to the enterprise data that the consumer is using. We currently put permissions on data in enterprises, why shouldn’t those permissions carry through to the end user’s device/use. If data shouldn’t be shared outside a company we put limits on the application that won’t allow the data to be mailed with a personal email account. If you shouldn’t be allowed to share the data we keep the screenshot activity from being used when that application is being used. In MDM you turn off screenshots for the whole device. You limit the ability to back up any data to iCloud or anywhere else. You essentially use a blunt instrument when you need a fine scalpel. When you use MAM you limit what can be done when an application is active. Mam requires that you work that into the app itself. The issue with MAM though, is that you are creating enterprise apps. If you want to use the same app for home as well as office use you need two copies of the app. The next step beyond MAM is MIM where the data carries the permissions as opposed to the app itself. You can use Quick Office to look at a Word Doc that your daughter emailed you and send back corrections but when you open an enterprise Word doc the app takes its cues from the permissions on the data and only allows those things permissible to occur. You only have one version of the app for both business and personal use. As data is what is important to any business, MIM will, in the end, win the enterprise mobility management race.

I am sure, as I will actually get a chance to sit down with Brian this week, hopefully over libations, that we will both come to a better understanding and move on to the next big issue in mobility, whatever that may be.

Previous post:

Next post: