A lire sur: http://www.gartner.com/technology/reprints.do
23 May 2013 ID:G00250008
Analyst(s): Phillip Redman
VIEW SUMMARY
The critical capabilities for MDM take a deep look at the top technologies in MDM for policy compliance, mobile security management, mobile software management, mobile content management, analytics and delivery styles. This is pertinent data for telecom, network and client computing managers.
Overview
Key Findings
- Mobile device management (MDM) providers continue to partner, develop and acquire mobile technologies to support a broader enterprise strategy, including the areas of security, enterprise file synchronization and sharing (EFSS), and application management.
- The basic technology components of MDM are similar among MDM vendors, but the user experience, analytics and broader offerings are differentiated.
- The mobile-specific MDM companies are still providing leading vision and technology in MDM software, but the bigger software and security companies are catching up.
Recommendations
- Use MDM technologies, including containers, for securing enterprise data and enabling support for mobile content and users.
- Evaluate providers on technical critical capabilities and business factors, such as geographic reach, customer support and financial viability.
- Get details on mobile platform support, because MDM technologies still do not offer the same feature sets across mobile device platforms.
- Define and create mobile policies, continue to segment mobile users, and add support based on security, data, app, location and cost requirements.
What You Need to Know
This document was revised on 30 May 2013. The document you are viewing is the corrected version. For more information, see the Corrections page on gartner.com.
Although the advanced mobile technologies for hardware, software and network services are drivers for increased enterprise mobility and adoption, they're also inhibitors because of the large number of choices in each technology area and the fact that there is still not one mobile standard. Companies not only have to address the use of consumer-based, untrusted devices, but also must better secure and manage the corporate-specific data found on these devices. This complexity has kept horizontal mobile adoption fairly basic. Support for mobile email is universal today, but little else in MDM is widely adopted. Companies would like to offer more access to their applications and data, but are challenged on how to safely support and secure the data on mobile devices. There has been no one vendor to provide and support all these technologies and to create a simple off-the-shelf mobile enterprise solution. MDM is heading to become the major enterprise mobile platform that extends to securely supporting mobile hardware and software (apps and OSs).
Gartner recommends the following policies for applying MDM:
- Use mobile app containers — Most companies, even those that have MDM, have supported basic applications. Many have brought in MDM to limit the number and kinds of devices a user has, enforce a password and make sure local data at rest is encrypted. Gartner estimates only 20% of companies using MDM support email containerization, which limits what users can do on email in terms of opening and storing attachments, cut/copy/paste data, etc. Recommendations:
- Companies supporting enterprise mobile data on nonenterprise devices or enterprise devices permitting personal software should rethink their policies on how to support, secure and containerize their data.
- Companies supporting enterprise data on mobile devices should use MDM software to enforce policies and protect data, and use application or workspace containers to protect any kind of enterprise data and limit risk exposure. This applies to enterprise-owned devices and bring your own devices (BYODs).
- Segment enterprise mobile users — Another benefit of using MDM is that policies can be customized and designed for specific user profiles. One size does not fit all. Continue to analyze, identify and segment users based upon mobility patterns (degree of travel) and data security needs. This is important to do before MDM is implemented. MDM tools can enact policies across user segments differently based on those segment requirements.
- Define and create mobile policies across IT — MDM tools are only as good as the policies that are developed and implemented. Make sure that your company has already defined policies and user segments to achieve the desired results of an MDM implementation. IT can develop policies across the listed MDM critical capabilities as a guideline.
With MDM, there are many technology providers coming from many different areas to support the critical capabilities. Some vendors specialize in security, others come from the mobile application development space. Many of the providers in "Magic Quadrant for Mobile Application Development Platforms" also offer mobile app management, but often don't have a complete offering across the full MDM spectrum. It makes sense to have a single administrative tool. Many of these capabilities listed in this research are best offered in a bundle from MDM specialists.
MDM continues to be a competitive market. We assess the technologies of the top leaders as determined by our 2013 "Magic Quadrant for Mobile Device Management Software."
Analysis
Introduction
Mobility is a priority at most enterprises. During the past two years, it has been ranked second in the list of CIO priorities (see "Hunting and Harvesting in a Digital World: The 2013 CIO Agenda"). Enterprises continue to see value in supporting access to their data for mobile users as a way to increase productivity and become more responsive in a faster business world. Access to faster speed, wireless networks and more powerful devices is driving the opportunity to support more-complex data on devices. Two major trends continue to challenge that type of support: (1) IT no longer can pick the mobile platform that is the most secure, manageable and lowest cost. (2) Devices in the enterprise are diverse. There is no one standard; these devices were designed with consumer needs first. That means that enterprises will continue to struggle to meet a lot of basic security and support needs. Diversity is an opportunity and a challenge to enterprise IT.
Consequently, many companies have been adopting mobile device management to enforce enterprise policy (mostly around data security) and to help enable enterprise content on MDM devices. In the past three years, the adoption of MDM has grown rapidly: 30% of midsize and large companies use some type of MDM software, and 80% at least use Microsoft Exchange ActiveSync (EAS) to enforce policies on enterprise devices. Although the basic capabilities of MDM (hardware, software, security and network management) remain the same, MDM providers have broadened their offerings to go deeper into security, application and content management. Enterprises are looking for a single solution to help them secure their data, as well as enable their data on these devices. The MDM market is also diverse, with a large number of competitors. It is beginning to show signs of consolidation and moving to the next phase of maturity, deepening functionality and the breadth of offerings. MDM will continue to be important to enterprises, and careful due diligence on the technical and business factors will help companies make the right decisions.
Product Class Definition
Gartner defines MDM as a range of products and services that enables organizations to deploy and support corporate applications to mobile devices, such as smartphones and tablets, enforcing policies and maintaining the desired level of IT control across multiple platforms. Mobile devices may be corporate and personal assets, as in BYOD programs. Areas of functionality include provisioning and decommissioning, inventory management, application management and security. The primary delivery model is on-premises, but MDM can also be offered as software as a service (SaaS) or through the cloud. See "Magic Quadrant for Mobile Device Management Software" for a complete description of the market, and the vendors delivering such products or services.
This research focuses on a subset of commercial offerings, encompassing the products and services that get the most attention and requests for advice from Gartner's client base.
Critical Capabilities Definition
The growing demand for MDM by IT organizations has motivated a large number of technology providers to enter the market with MDM offerings. These products and services enable IT organizations to maintain control, automate management and minimize risks, while delivering consumer mobility to the workforce.
Regarding basic management functions (e.g., provisioning and inventory management), most policy-based management offerings are progressively becoming similar, with little differentiation among competing vendors. They differentiate, instead, on enhanced capabilities, such as containerization, application management, document sharing and the cloud delivery model.
This research examines seven critical capabilities that differentiate competing MDM products in different use cases:
- Policy enforcement and compliance
- Mobile security management
- Mobile software management
- Mobile content management
- Scalability
- Delivery
- Analytics
Although Gartner has created a list of capabilities, some of the policies and functions may be found across multiple capabilities and are not necessarily exclusive to one domain. Often in mobile, capabilities need to work together and can be interchangeable. For example, app management can include whitelisting or blacklisting, which is also a security feature. Detailed information about each critical capability follows:
- Policy enforcement and compliance: This varies in capability by mobile OS, but includes:
- Detect and enforce OS platforms and versions, installed applications and manipulated data
- Detect jailbroken iOS devices and rooted Android devices
- Filter (restrict) access from noncompliant devices to corporate servers (e.g., email)
- Restrict the number of devices per user
- Restrict downloadable applications through whitelists and blacklists
- Monitor access to app stores and application downloads, put prohibited applications on quarantine, and/or send alerts to IT, managers and users about policy violations
- Monitor access to Web services, social networks and app stores; send alerts to IT, managers and users about policy violations, and/or cut off access
- Enforce mobile communication expense policies in real time
- Detect policy violations (e.g., international roaming), and take action if needed (e.g., disable access to servers, and/or send alerts to IT, managers and users about policy violations)
- Enforce separation of personal versus corporate content
- Manage corporate applications on personal devices, and manage personal applications on corporate devices
- Tag content as personal or corporate through flags
- Detect separation violations, and send alerts to IT, managers and users, if needed
- Prohibit exporting data outside the container (e.g., when opening an email attachment) if a container is in use, and regulate interactions among different enterprise containers
- Restrict or prohibit access to corporate servers (e.g., to email servers and accounts) in case of policy violations
- Mobile Security Management: This is a set of mechanisms to protect corporate data on a device and corporate back-end systems, and to preserve compliance with regulations. It may include:
- Password enforcement (complexity and rotation)
- Device lock (after a given time of inactivity)
- Remote wipe, selective remote wipe (e.g., only corporate content) and total remote wipe (e.g., a hard wipe, with data not recoverable after deletion)
- Local data encryption (phone memory and external memory cards)
- Certificate-based authentication (includes device ID, OS version and phone number) and certificate distribution
- Monitoring devices, and data manipulation on devices
- Rogue application protection (e.g., application quarantine)
- Certifications (e.g., Federal Information Processing Standard [FIPS] 140-2)
- Firewalls
- Antivirus software
- Device mobile VPN and app-based VPN
- Message archiving (SMS, IM, email, etc.) and retrieval, and recording of historical events for audit trails and reporting
- Containerization (for a definition of containerization, see "Technology Overview of Mobile Application Containers for Enterprise Data Management and Security")
- Mobile Software Management: A set of mechanisms for over the air (OTA) software upgrades, application inventory and distribution, such as:
- App store capability
- OS support and updates
- Enterprise app procurement and provisioning — Apple Volume Purchase Program or other enterprise volume purchasing program integration
- Software updates for applications or OSs
- Patches/fixes
- Backup/restore
- Background synchronization
- Mobile Content Management: A set of mechanisms to support file synchronization and sharing, file distribution, and secure and manageable folders on mobile devices with policy enforcement. It may include:
- File synchronization and backup, transparent to the user
- File sharing with other employees or among applications
- File distribution to a group of users, security and management policy enforcement
- Scalability: This refers to MDM deployments in mass volume:
- Platform scalability for over 20,000 devices supported
- High availability and disaster recovery techniques
- Delivery:
- On-premises — appliance, virtual appliance
- SaaS — hosted, cloud
- Ease of implementation, timing
- Pricing policies — per user, per device, perpetual licensing
- Analytics: Approaches used to support enterprise data needs include:
- Dashboarding
- Reporting
- Analysis
- Software/network usage
Use Cases
This research identifies the four typical use cases discussed in Gartner client inquiries. These cases highlight the differences among selected products/services, and rate them differently under specific conditions.
Case 1 — Regulated Deployments:
- These organizations operate in heavily regulated sectors — such as financial services, healthcare, military and defense, and government — that must be compliant with sector-specific regulations, such as the U.S. Health Insurance Portability and Accountability Act (HIPAA), and must pass periodical audits or fall under organized union rules.
- These organizations have a strong focus on security and control (e.g., for culture or market competition).
- These organizations often aim to support BYOD programs with personal and corporate devices, but are limited because of security needs.
- In all cases, strong IT security and control requirements include local data encryption for corporate information, certificate-based authentication, and isolation of corporate from personal content.
Case 2 — Flexible Deployments:
- These organizations operate in nonregulated sectors (e.g., retail and delivery services) that do not require a complete corporate lockdown on devices, and can live with basic security and management support.
- BYOD programs often are required, in addition to supporting corporate devices.
- Employees are required to work with native applications, such as a native email client and browser.
- Provisioning, inventory and policy enforcement extended to the entire device is a management priority. There is little or no demand for containerization.
Case 3 — Agile Deployments:
- These organizations operate in nonregulated sectors, planning to manage mobility through third-party service providers with the balance of the market demand toward on-premises versus SaaS and cloud offerings. Vendors with the highest agility are able to meet that market demand for preferred delivery methods.
- Organizations aim to contain or optimize mobility costs, or to avoid big upfront costs.
- Organizations plan to support a small number of mobile users initially, and to grow incrementally over time to midsize and large deployments.
- BYOD programs often are required, in addition to supporting corporate devices.
Case 4 — Mass Deployments:
- These are large-scale deployments, from more than 20,000 up to hundreds of thousands, with related requirements for high availability, disaster recovery, quality of service, etc.
- There is a need to monitor and control end-to-end mobile deployments.
Like our report last year, the third and fourth use cases are not necessarily mutually exclusive of the first and second use cases. A regulated organization may also look for agile or mass deployments. In this research, we capture the scenarios requiring MDM investment decisions to highlight the product capabilities. Clients that are comfortable with the security/compliance/containerization capabilities of vendors on their shortlists, but have doubts about scalability, should focus on Case 4 to assess their mass deployment capabilities. Case 3 is a likely fit for organizations that have initial experience with mobility, and Case 4 will work for organizations that already have mobility experience, and are about to scale up to big deployment volumes. Case 1 and Case 2 focus on the level of control and lockdown needed, and are mutually exclusive.
Table 1 shows the weighting for all use cases in this research. Each use case weighs the capabilities individually based on the needs of that case, which impacts the score. Each vendor may have a different position based on its capability and the weighting for each. The overall use case is the general scoring for the vendor's product, with all weights being equal (see Figure 1).
Source: Gartner (May 2013)
Figure 1. Overall Score for Each Vendor's Product Based on the Nonweighted Score for Each Critical Capability
Source: Gartner (May 2013)
Inclusion Criteria
This research considers the selection of MDM products and services offered by vendors included in "Magic Quadrant for Mobile Device Management Software." Although there was a large vetting process starting with over 120 vendors, there were 18 vendors eventually included in the "Magic Quadrant for Mobile Device Management Software." There were two main requirements for inclusion in the 2013 MDM Critical Capabilities research:
- Inclusion in the Magic Quadrant for MDM
- Placement in the Leaders Quadrant
Critical Capabilities Rating
Each product that meets our inclusion criteria has been evaluated on several critical capabilities, on a scale from 1.0 (lowest ranking) to 5.0 (highest ranking). To determine an overall score for each product in the use cases, the ratings in Table 2 are affected by the weightings shown in Table 1.
Source: Gartner (May 2013)
Product viability is distinct from the critical capability scores for each product. Product viability is our assessment of the vendor's strategy and its ability to enhance and support a product throughout its expected life cycle. It is not an evaluation of the vendor as a whole. Four major areas are considered:
- Strategy includes how a vendor's strategy for a particular product fits in relation to the vendor's other product lines, its market direction and its business overall.
- Support includes the quality of technical and account support, as well as customer experiences with that product.
- Execution considers a vendor's structure and processes for sales, marketing, pricing and deal management.
- Investment considers the vendor's financial health and the likelihood of the individual business unit responsible for a product to continue investing in it.
Each product is rated on a five-point scale from poor to outstanding for each of these four areas, and is then assigned an overall product viability rating (see Figure 2).
Figure 2. Overall Score for Each Vendor's Product Based on the Nonweighted Score for Each Critical Capability
Source: Gartner (May 2013)
Product Viability
MDM is a much more competitive market than almost any other market that Gartner covers. Many vendors offer some type of MDM software or service. These include Amtel, Apperian, AppSense, Aruba Networks, AT&T (Toggle), Bitzer Mobile, Capricode, Centrify, Cortado, Dell Kace, Excitor, Fixmo, ForeScout Technologies, Globo Mobile, Ibelem, Juniper Networks, Kony, Cicso-Meraki, Microsoft, Mobile Active Defense, MobileFrame, MobileSpaces, Mobiquant, Notify Technology, Novell, OpenPeak, Portsys, Samsung SDS, Seven Principles, SilverbackMDM, Smith Micro Software, The Institution and VMware.
Our research has shown over 125 companies have at least one core MDM capability as an MDM product. MDM core product offerings and the critical capabilities associated with those offerings rapidly evolve from year to year. It is a challenge for all vendors, even the strongest ones, to keep pace. This Critical Capabilities research rates the product offerings of only the top six vendors in the MDM market. Although there are some differences to the products and approaches of these vendors, each vendor listed here will have a strong product viability and a strong competitive offering for MDM (see Table 3).
Vendor/Product Name
|
AirWatch
|
Citrix Systems
|
Fiberlink
|
Good Technology
|
MobileIron
|
SAP
|
|---|---|---|---|---|---|---|
Product Viability
|
Outstanding
|
Outstanding
|
Excellent
|
Excellent
|
Excellent
|
Good
|
Source: Gartner (May 2013)
The weighted capabilities scores for all use cases are displayed as components of the overall score. We show comparisons for deployment for four types of use cases: regulated (see Figure 3), flexible (see Figure 4), agile (see Figure 5) and mass (see Figure 6).
Source: Gartner (May 2013)
Source: Gartner (May 2013)
Source: Gartner (May 2013)
Source: Gartner (May 2013)
Vendors
AirWatch
AirWatch, based in Atlanta, Georgia, has had a long history in supporting mobile technologies and has been a strong player in MDM. It has been listed twice in the Leaders Quadrant of the Gartner MDM Magic Quadrant. In the past year it grew rapidly, totaling more than 1,000 employees, creating sophisticated business processes and moving its headquarters into a large space. It also has developed a large presence in Europe. It recently announced a large first-round financing of $200 million, which will enable it to continue to expand, acquire and invest in MDM technology. Compared with most other vendors, AirWatch offers the most diverse delivery channels, supporting strong offerings for on-premises and cloud. Its cloud business has surpassed the on-premises and is its primary go-to-market delivery. This has been adopted by small companies that do not want to invest in on-premises equipment, and large companies that are looking to reduce their footprints globally. AirWatch has some of the largest MDM implementations to date.
AirWatch continues to add capabilities to its main MDM tool, specifically around security and network management. It has been a bit slower than main competitors to add deeper mobile application management (MAM), especially for app catalogs and containerization, which were only launched in the latest versions in 1Q13. It has had a basic mobile content management system — Content Locker — that was recently expanded to offer an email attachment solution and the ability to share content among users in v.6.4, which has just become generally available in the market. Although AirWatch has strong execution in its plans, its vision does not go as deep into enterprise mobility, compared with other vendors (see Table 4).
Source: Gartner (May 2013)
Citrix Systems
Citrix Systems, based in Santa Clara, California, is an independent software vendor (ISV) that delivers cloud computing platforms and has increased its focus on mobile work styles. Citrix has a two-part strategy:
- Provide software and infrastructure that help enterprise IT organizations and cloud service providers deliver public and private cloud services. This includes virtualization software, cloud management platform software and networking infrastructure.
- Offer mobile solutions, which enable mobile work styles (i.e., the way people use mobility for work). Citrix is one of the few ISVs that offers competitive products in cloud computing, mobility, virtualization, networking and collaboration.
Citrix's mobile solution revolves around XenMobile, which includes its MDM, MAM and secure email products. Two products are XenMobile App Edition (formerly CloudGateway) and XenMobile MDM. XenMobile MDM edition is based on Citrix's recent acquisition of Zenprise, which has been quickly integrated into the Citrix family of products in branding and overall on-premises, and the cloud solutions infrastructure. Citrix offers a bundle to XenMobile Enterprise, supports mobile app management as part of its MDX offering, and ShareFile for mobile content management, which has ranked high as an EFSS product in Gartner evaluations. While Citrix's strength lies in its breadth of products, its customer support and strong channel, it also is newer to mobile. Although the main MDM components can be purchased separately for on-premises use, the broader capabilities require a large investment, especially when bundled with its data sharing and virtualization products (see Table 5).
Source: Gartner (May 2013)
Fiberlink
Fiberlink is located in Blue Bell, Pennsylvania, and is the only provider in this research that only offers a multitenant SaaS solution. Although Gartner sees a growing interest in cloud MDM, fewer than 20% of MDM lines were managed in the cloud in 2012, which has restricted the growth and adoption of Fiberlink in the past. However, Fiberlink grew last year with its ease and speed of installation, leading policy management functions, user experience and appeal to the small or midsize business (SMB) market. Its unique MaaS360 Cloud Extender technology enables enterprises to integrate into Fiberlink's corporate systems, such as Active Directory, Exchange and Certificate Authority, with the MaaS360 cloud securely without making any configuration changes to corporate firewalls and network configurations.
Although its average seat sales may be lower than main competitors, it has been able to compete with top quarterly sales, due mostly to its inside sales force and its simple and consistent pricing model. Fiberlink has had strong basic MDM components, but has lagged somewhat behind competitors in advanced mobile application and content management. Recent releases to support increased capability for EFSS, secure email, browser and containerization solutions have brought it back to level. It does not have the application partnerships that its competitors have lined up and lags behind on mobile application support for third-party apps and app catalogs (see Table 6).
Source: Gartner (May 2013)
Good Technology
Based in Sunnyvale, California, Good Technology provides multiplatform enterprise mobility, security and management software, and has had the most successful implementation of enterprise mobile email to date. Its product offerings include Good for Enterprise (GFE), Good Dynamics, Good Connect and Good Share, although mainly GFE is covered here. Good acquired two companies in the past year to expand its offering on mobile software management to support app-neutral (wrapping) containerization and cloud-based app management (Good AppCentral) and EFSS (Good Share). It is working on integrating these solutions into a single administrative system and to offer a full enterprise mobility management option. Good's strengths have historically not been in analytics; therefore, last year, it entered into a partnership with BoxTone to bundle in its capabilities in this area. Good's primary MAM product, Good Dynamics, shows strong application integration and workflow. To date, it has over 25 third-party apps available, and the number is increasing. Good's delivery is mainly on-premises servers. Although it has partners for application hosting, that is not its primary strength (see Table 7).
Source: Gartner (May 2013)
MobileIron
Located in Mountain View, California, MobileIron has grown fast since its initial launch just about three years ago. One of the latest mobile startups listed here, it has been a leader in the MDM Magic Quadrant for the past two years based on its strong vision of enterprise mobility and execution in developing a global MDM organization. Its focus on customer support has done a good job of scaling as its business has grown, although it often had challenges as most of its products are delivered through value-added reseller (VAR) partners and supported by in-house sales. In the past year, MobileIron brought global Level 1 support back in-house, which has greatly improved responsiveness and those capabilities. Its primary delivery is through an on-premises appliance, but it launched its cloud capability, Connected Cloud, in 2011, with improved scaling and an SMB-focused version in 2012. It has done extensive resiliency testing with its cloud products. It greatly improved its security offerings in the past year, supporting security tunneling, containerization with its newer AppConnect product and the first to launch a managed enterprise email solution using the native iOS application and DLP for secure attachment management. In mobile software management, MobileIron focused on its app-specific technology and limited the number of app partners for AppConnect, but has seen recent numbers of partner increase to about 30, with more in the pipeline. It has had strong execution for enterprise MDM and has one of the strongest visions for enterprise mobile technology of the vendors on the Gartner MDM Magic Quadrant (see Table 8).
Source: Gartner (May 2013)
SAP
SAP, with global headquarters in Walldorf, Germany, and U.S. headquarters in Newtown Square, Pennsylvania, has come a long way in the past year with its MDM product, Afaria, and related Enterprise Mobility Management (EMM) suite. It has made significant investments in increasing the utility and navigation of the tool, as well as reducing complexity without foregoing any functionality. Since the last report, SAP launched enterprise app store and storefront capabilities, as well as a mobile content management offering called SAP Mobile Documents. SAP has lagged leading competitors by four to six months in some MDM features. SAP has an extensive and growing array of business partners in its mobile ecosystem, including carriers, VARs, system integrators and a strong direct sales group. The company's strategy has been to bundle together its mobile management and app development products, and it has increased its market presence significantly in the past year. However, SAP has a significant channel in white-label and OEM agreements. SAP is expanding into additional reseller agreements with leading IT organizations (ITOs), VARs and telco partners that SAP expects to have a large impact on sales.
Another big change for SAP is its support for cloud-based offerings. In September 2012, it announced a partnership with Amazon Web Services to host and deliver Afaria. This has greatly increased SAP's ability to support proofs of concept and testing, as well as a reduction in licensing prices. Marketing this option has been limited; therefore, awareness is not high, and SAP needs to market this more aggressively to expand service to enterprises that prefer cloud-based approaches to MDM.
SAP has become more aggressive in partnering where it doesn't have its own technology. For secure email, it has a partnership with NitroDesk for TouchDown, and another for containerization. These products have limited integration with the main Afaria product, but change is expected sometime this year. Partnering has inherent trade-offs as the flexibility in allowing enterprises to choose sometimes makes a less-cohesive option compared with competitors that have their own capabilities and are able to offer an integrated, end-to-end solution. Although later to the market than its competitors in mobile content and software management, SAP's native capabilities for analytics are strong, supporting SAP BusinessObjects for reporting and customized reports through SAP BusinessObjects Mobile Business Intelligence (see Table 9).
Source: Gartner (May 2013)
Additional research contribution and review: Van Baker, Ken Dulaney, Leif-Olof Wallin and Monica Basso
Aucun commentaire:
Enregistrer un commentaire