My way through the MDM-jungle
A lot of companies need a Mobile Device Management (MDM) sooner or later. And so did we.But which one is the right one?The MDM Market is overcrowded. There are about 30 different solutions out there which all do the same things. I worked my may through them and share my experience with the best ones with you.
All do setting profiles and restrictions, share some files, installing apps and wiping data remotely in case something goes wrong.
But deciding on a good one is tedious. There are some buyers guides with very nice sentences in it like:
“This MDM offers EMM, BYOD, MAM, MEM, MBM, MCM, ACE, Mobile Security, App Wrapping, SDK, Identity Management, Container Management, Telecom Management, Multiuser Management.”
I couldn’t make much sense of those letters this to I started googling to decipher all those acronyms. You can find the result of this searching at the bottom of this page. While doing so I came to the conclusion that these therms are too broad. Different MDM providers understand different things under the same acronym. So they become even more unhelpful.
So this meant a shift in strategy. With different review sites I narrowed down the MDM selection to the better half of them. What I also found was that basically all of them support: BYOD,COPE,COBO and cloud- and on-premise-hosting. Supporting all this things was a major selling point in the past but is now standard. So you can switch your MDM-strategy also later on without having to change your MDM.
Then my journey in the MDM-jungle began by testing them one by one. Almost all of them offer a 30 day trial version, which is more or less cumbersome to get. Some you can just download, some need registering and some of them let you enter a phone number and then let you wait (sometimes multiple days!?) for them to call you and then send you a email with the download link.
During testing if found that all of them handle basic MDM functionality good.
But there are some mayor differences in special features , the apps they provide and the usability of their dashboards.
Those things are also partly personal preferences and can only be answered for you if you try them yourself. So I ordered the best quarter of all MDMs into four categories which should help you as a starting point for your own evaluation:
Just-works , Best Price/Value , Open-source and Security-focused
One MDM of each category is presented in more detail. At the end there is a little comparison of the special features of the presented MDMs.
Just-works - AirWatch from VMWare
AirWatch is one of the big names in the MDM department, one could call them the silverback of the MDMs. They offer a very nice control panel and airwatch runs on every operating system from iOS to Android, over Blackberry and even Symbian. All desktop operating systems are supported as well (including Chromebooks). Their enrollment process is fast and easy to do.
They supply their solution with some productivity apps. There are secure and synchronized E-mail, calendar, contacts, file management, and chat-apps. You can put apps of your choice in their app catalog and let your users download them. Self-developed apps can be wrapped with their app wrapper and also run in the encrypted container.
Airwatch can be hosted on-premise or in the VMWare cloud.
Key Features
True all platforms solution - With AirWatch’s ability to run on effectively every operating system out there enables you to allow BYOD without any worries. Every device and operating system can still be managed with ease from one central administrator panel.
Tested and proven - Over the years AirWatch has slowly grown to the market leader. They have been decorated a leader of the MDM industry multiple years in row by Gartner, a well known information technology research and advisory company. A lot of companies trust and use VMWare’s AirWatch.
Integration of third party services - You probably have already some IT infrastructure. With AirWatch its possible to integrate existing solutions like Microsoft 365, Dropbox, Cisco or Xamarin into one managed system.
See all of their features at their website.
All in all AirWatch is a very solid and extensive solution which can simplify your IT management greatly. If you need something that just works AirWatch surely is a good candidate. But their service comes at a price. They are definitely not the cheapest MDM around.
A close runner-up in this category is Mobile Iron and definitely worth a look. They have a good comprehensive explanation how MDMs work on their website.
Best Price/Value - AppTec360 EMM
The price is always a criteria when looking for any solution. But often buying cheap means buying twice. This is definitely not the case with AppTec360.
It has all the features needed to get your MDM up and running. Looking at their customer list it’s also proven that it scales well. They don’t offer an extensive app setup or other fancy features but everything they do offer works as expected.
They target solid performance at a very competitive price point. They’re a swiss company with servers in Switzerland and Germany specializing in MDM. This is one of the few MDMs which is an all european solution and doesn’t communicate to servers oversee. They also offer full on-premise hosting.
If you want to try it out, you can do this without any hassle in 5 minutes. Their MDM is free for up to 25 devices with on-premise hosting. For a small business this is great, because you get all features, not just a lite-version. They have both, a monthly subscription model and a one-time-purchase model with on premise hosting. They pricing model is very modular, support for example costs extra. See details here.
Key Features
Clean and tidy handling - Their dashboard is very organized, the menus are logical. You can find anything you need in a timely manner. It looks like an MDM-iTunes. You can see it in action in this video.
Content Box - Their mobile content management offers an app in which your employees can access your company data securely and easily. But this feature costs extra.
Universal Gateway - Their “Zero Touch Authentication” enables you to set up emails without any interaction on the device itself. They also have features like a guest mode and so on.
Extremely competitive Prize - Their solution costs 3-6 times less per device than their competitors. If you’re content with a clean and effective MDM without any clutter you’re good to go.
All features are listed here.
All in all you get a good usability with focus on core MDM tasks. That all their servers are hosted in Europe also helps against unwanted eyes on your data. Their modular pricing system allows you to only pay for the services you really need.
Open-Source - WSO2
If you are a friend of open source software WSO2 is the way to go for you. Their Code is 100% open source, you can have complete insight on Github.
Their Enterprise Mobility Manager (EMM, basically an umbrella therm including MDM and more) is build up with modular parts so you can put together a system perfectly fitted for you needs. As always with open source projects some technical knowledge is needed to get it up and running.
WSO2 is free to use. You can download their EMM now. Their business model revolves around providing trainings and 24/7 support. Also cloud hosting is offered by them, but you’re likely to host it yourself if your interested in this kind of MDM. If you want to get a feel for this MDM you best try out their quick start guide which takes about 45 minutes to complete. We made good experiences with WSO2’s EMM after some tinkering.
Key Features
Completely Customizable - 100% open source also means 100% customizable. You can have full control over what services are integrated and they even offer to develop custom features for you. But all features for normal use where present and worked well in our test.
Part of a comprehensive platform - EMM is only a small part of WSO2’s product stack. They offer also analytics, identity management and security, integration, IoT device management and more. See the complete platform here.
Free to use - If your IT allows it, you can get a competitive EMM for free. Combined with the high customization degree allows you to have a tailor-made solution. Their customers range from small companies to fortune 500 enterprises.
See a detailed list of all their features here.
If you know what you are doing you probably will get very happy with WSO2’s EMM. As far as we are aware this is the only truly open source MDM available. It does a good job at what it does and is definitely worth checking out.
Security-focused - MaaS360 from FiberLink (IBM)
Strict security around corporate data is always a good idea. Security-focused MDMs let you put your corporate related apps into an encrypted container where they are separated from other (private) apps but can still communicate to one another. (If you’re interested in technical details see these PDFs: Android, iOS)
Actually a good usability is also very important. Otherwise users are tempted to write passwords on post-its or communicate over other channels which may be insecure. (Effectively creating a shadow IT).
MaaS360 from the IBM owned company Fiberlink offers containerization and a lot of other security measures still while maintaining good usability. You can even wrap your self developed apps to put them in the container as well.
Key Features
Fully containerized MAM (Mobile Application Management) - MaaS360 comes with an enterprise app catalog and offers full containerization for enterprise apps. Containerization also means you can wipe your data remotely, fully and securely.
Mobile Threat Management - Offers a system to scan and protect your devices against mobile malware in real-time. Whit this you can gain visibility of threats instantly and react before they compromise corporate data on the device.
Mobile Enterprise Gateway - Since Fiberlink is owned by IBM they also have a great focus on mobile enterprise usage. MaaS360 enables collaboration in accordance to your authorization, encryption and containerization policies. There is a built in way for distributing documents securely to the devices. MaaS360 is compatible with other IBM services.
lots of other features are visible on the IBM MaaS360 Website
All in all MaaS360 is a versatile solution witch offers good security without sacrificing usability and without an overly complicated setup. Since they are owned and pushed by IBM they offer regular updates and one can be fairly sure that they will continue this service for the coming years.
Another good solution security-wise is Citrix’s XenMobile. Also with a big focus on security comes Blackberry’s BES12.
Special Features Comparison
Under the basic features for I unterstand these:
Mobile Device Management (MDM)
Mobile Application Management (MAM)
Mobile Content/Email Management (MCM/MEM)
Policy and Configuration Management.
All presented MDM do those well.
Single-Sign-On is a very nice feature not mentioned in this post so far. It’s cumbersome to set up, but once you have it you, adding a new user is a breeze. It means coupling all in-app accounts and email and so on to your company login, so a user has to sign-in just once and all the other sign-ins are handled automatically.
So lets now compare our candidates
| Criteria | AirWatch | AppTec360 | WSO2 | MaaS360 |
|---|---|---|---|---|
| Time to add a new device | 3 min | 5 min | 10 min | 5 min |
| Built-in Apps | MDM-Client, Mail, Calendar, Contacts, Browser, Chat, Filemanager | MDM-Client, Filemanager (optional) | MDM-Client | MDM-Client, Mail, Calendar, Contacts, Browser |
| Supported platforms (Only mobile platforms listed) | Android, iOS, Windows, BlackBerry, Symbian | Android, iOS, Windows | Android, iOS, Windows | Android, iOS, Windows |
| API for containerization | Yes | No | Probably | Yes (but only on apps on which you have source-code access) |
| Single-Sign-On (works only with adapted apps) | Yes (Wrapping only on Android) | No | Yes | Yes |
| One time purchase option (with on-premise hosting) | Yes (there is still a monthly maintenance cost) | Yes | free | No |
| Prize * per device/month | 3,5 - 7,5 € | 1 € (without support) | free (support costs per month) | 3 - 5 € (their support gives you detailed information) |
*Note that prices of MDM are often not public because they vary strongly depending on your configuration and the number of devices. They cost usually between 2-6 € per device/month + sometimes some initial costs. To get a precise number you have to get in touch with them.
I hope this blog helps you on your own way through the jungle!
Here are links to all mentioned MDMs as a starting point:
MDM acronyms and therms
| Acronym/Therm | Description |
|---|---|
| ACE | App Configuration for Enterprise. So you can not only download apps for you users but set them up at the same time. Goes into the same direction as Single-Sign-On. |
| App Wrapping | Applying a management layer to a mobile app that does not change the underlying application. Usually needed for containerization or Single-Sign-On. |
| BYOD | Bring-Your-Own-Device: Employees to use their own device during work to access corporate data. This device is secured by the your MDM-solution and keeps corporate data separated from personal data. |
| COPE | Company Owned, Personal Enabled: Employees obtain a device from their company, but are allowed to use it privately also. From an MDM-perspective this approach is similar to BYOD, but gives the company more control over what devices in which configuration are used. |
| COBO | Company Owned, Business only: Employees obtain a device from their company and are not allowed to use it privately at all. This can improve security because no private use means the devices can be locked down severely. |
| CYOD | Choose-Your-Own-Device: Normally equivalent to a COPE setup. This therm is sometimes used if the employee can choose a device from a range of different devices offered by the company. |
| Container Management | A designated and encrypted area of a device that separates sensitive corporate information from the owner’s personal data and apps. The container protects the corporate data from malware that may infect the device if an employee were to download a corrupted personal app. |
| Containerization | An alternative to full machine virtualization that involves surrounds an application in a container with its own operating environment. This can improve security greatly. |
| DaaS | Desktop-as-a-Service: A cloud service in which the back-end of a virtual desktop infrastructure (VDI) is hosted by a cloud service provider. |
| EMM | Enterprise Mobility Management: The umbrella term for managing and securing mobile devices and all of their components including networks, apps connections. Includes an MDM. |
| Identity Management | The managing and administration of identifying individuals and authenticating their identity across an enterprise and establishing boundaries based on clearance level. |
| MAM | Mobile Applications Management: Basically functionality like installing apps, blocking certain other apps, deleting apps and so on. And all this remotely. |
| MBM | Mobile Browsing Management: Enables secure browsing and provides the ability to customize settings like block websites and certain networks. |
| MCM | Mobile Content Management: A system to synchronize and distribute corporate data to your mobile devices securely. This often means using the file manager app from the MDM. MDM |
| MEM | Mobile Email Management: Maximizes the efficiency of email and handles high volume email by being highly customizable |
| PIM | Personal Information Manager: A type of application software that functions as a personal organizer. This tool facilities the recording, tracking, and management of certain types of personal information. |
| Telecom Management | A strategic goal to create or identify standard interfaces that would allow a network to be managed consistently across all network element suppliers. This may apply to wireless communications, cable TV, as well as private and public wired networks. |
| VDI | Virtual Desktop Infrastructure: Hosting a desktop operating system within a virtual machine (VM) running on a centralized server. This is a variation on the client/server computing model, sometimes referred to as server-based computing. |
