Buyer s Guide Mobile Device Management 5746091

November 2011 $99

Report ID: R3311111

Next

reports

Mobile DeviceManagementBuyer’s GuideAs a greater variety of smartphones and tablets tap into corporate

resources, IT must have a strategy for security, access control and

management. Our buyer’s guide helps you make the right call on

mobile device management tools.

By Jim Rapoza

reports. informationweek.com

http://reports.informationweek.com/

Previous Next

reports

reports.informationweek.com Month 2011 2

CONT

ENTS

TABLE OF

3 Author’s Bio

4 Executive Summary

5 Mobile Madness

6 Knowing the Platforms

7 Security

8 Administration

9 Under Control

14 Related Reports

Figures

5 Figure 1: Preferred Mobile Operating System

6 Figure 2: Smartphone Policy

7 Figure 3: Access to Company Resources via Personal Mobile Devices

8 Figure 4: Securing End User Devices

9 Figure 5: Organizational Approach to Consumer-Centric Technology

11 Figure 6: MDM Administration Features

12 Figure 7: MDM Platform and Reporting Features

13 Figure 8: MDM Security Features

ABOUT US

InformationWeek Reports’ analysts arm business technology decision-makerswith real-world perspective based onqualitative and quantitative research,business and technology assessment and planning tools, and adoption bestpractices gleaned from experience. Tocontact us, write to managing directorArt Wittmann at [email protected], content director Lorna Garey [email protected], editor-at-largeAndrew Conry-Murray at [email protected], and research managing editor Heather Vallis at [email protected]. Find all of our reports at reports.informationweek.com

M D M B u y e r ’ s G u i d e



November 2011 3

Previous Next

© 2011 InformationWeek, Reproduction Prohibited

reports

reports.informationweek.com

M D M B u y e r ’ s G u i d e Table of Contents

Jim Rapoza is an editor for Network Computing and a contributor to Informa-tionWeek Reports. He has been using, testing and writing about the newesttechnologies in software, enterprise hardware and the Internet for more than17 years. He served as the director of an award-winning technology testing labbased in Massachusetts and California. Rapoza is also the winner of five awardsof excellence in technology journalism and he was the co-chair of a summit ontechnology industry security practices. He is a frequent speaker at technologyconferences and expositions and has been regularly interviewed as a technol-ogy security expert by national and local media outlets including CNN, ABC,NPR and the Associated Press.

Jim RapozaInformationWeek Reports



November 2011 4

Previous Next

Smartphones and tablets running a variety of operating systems are flooding the enter-prise. Users expect access to critical resources such as email and business applications, andwill store sensitive information on the same machine they give to a restless five-year-old.While platforms from RIM and Microsoft are designed with enterprise managementneeds in mind, consumer-centric Apple iOS and Google Android devices are just as likelyto be in the hands of employees. Enter mobile device management (MDM). The productsput client software on users’ phones and tablets to help IT get a handle on mobile de-vices. Key features include the ability to encrypt data, remotely wipe a device if it’s lost orstolen, and perform inventory tracking and software updates. This buyer’s guide discusses the similarities and differences among MDM products, out-lines essential features and provides guidance on choosing products that match their fea-ture requirements. Included with the report are detailed tables that highlight featuresfrom 10 vendors. The tables were created based on vendor responses to our question-naire. We’ve also included the full questionnaire and response from each vendor.

EXECUTIVE


reports

SUM

MAR

Y

M D M B u y e r ’ s G u i d e Table of Contents



November 2011 5

The influx of consumer smartphones andtablets into the enterprise has become a ma-jor challenge for IT. Administrators must dealwith a wide selection of mobile devices andoperating systems, protect enterprise data,and control the apps and software installedon these devices. These challenges are exac-erbated by the fact that, in many cases, ITdoesn’t actually own the smartphones andtablets being used.Mobile device management (MDM) prod-ucts have been specifically designed to giveIT a greater degree of control over its mobileworkforce. However, MDM is still a relativelynew category with a variety of vendors andofferings. Some MDM products focus on onespecific mobile platform, such as Apple’s iOS.Some are designed for security, while othersare built for inventory, reporting and tracking.InformationWeek Analytics created a mobiledata management buyer’s guide to give ITprofessionals an overview of the vendors inthe market, as well as the features and capa-

Previous Next

If you could dictate one mobile operating system for smartphones or tablets to your employees, which would it be?

Preferred Mobile Operating System

Apple iOS

Android Phone

RIM Blackberry Phone

Android Tablet

Windows Phone 7

Windows Mobile

RIM Blackberry Tablet

HP Palm WebOS

Other

We wouldn’t want to dictate that choice

Don’t know

Data: InformationWeek Mobile OS Vendor Evaluation Survey of 651 business technology professionals, May 2011 R2900711/4

32%

18%

12%

8%

6%

4%

2%

2%

1%

14%

1%


Mobile Madness

reports M D M B u y e r ’ s G u i d e Table of Contents

Figure 1



November 2011 6

bilities available from their platforms. We as-sembled this guide from questionnaires sentto a large portion of the vendors in the mar-ket. We received 10 detailed responses. This buyer’s guide uses the vendor re-sponses and our own analysis to help IT de-fine an MDM strategy and offer guidelineswhen choosing an MDM product. We alsoprovide a detailed features chart for the 10 re-spondents. While some features, such as com-pany directory integration and remote wipe,cut across all of the products, there are manyareas of differentiation among the vendors.Finding the right MDM solution meansmatching your company needs with the rightproduct capabilities. We’ve also made thevendors’ completed questionnaires availablefor download.

Knowing the PlatformsThe first question to ask when looking at anMDM system is “What type of mobile devicesand platforms do you want and need to man-age?” Will your business require a productthat has broad support for various Android

versions, Apple, BlackBerry and Windows mo-bile devices? Or are you one of those luckyfew companies that standardized on one sin-gle mobile OS? It’s likely to be the formerrather than the later at most organizations.According to a recent IT Pro Ranking surveyabout mobile OSes, IT professionals chose Ap-ple iOS and Android phone OS as their pre-

ferred platforms. Given the presence that RIMhas already established in the enterprise, mostmobile environments are likely going to be amix of platforms.Two vendors in our buyer’s guide, AbsoluteSoftware and JAMF Software, currently onlysupport Apple iOS. Absolute plans to add An-droid support in the near future. The other

Previous Next

FAST FACT

7%Survey respondents

whose companies don’t

issue or support any

smartphones



Which of the following best describes your organization’s formal or informal policy on smartphones?

35% 27%

7%

8% 18%

5%

Smartphone Policy

Base: 595 respondents at organizations using or evaluating mobile operating systems for smartphonesData: InformationWeek Mobile OS Vendor Evaluation Survey of 651 business technology professionals, May 2011

R2900711/10

R

The organization issues a preferred smartphone, but will support a personal device

The organization lets users choose any smartphone, but owns and supports the phone

The organization issues smartphones tousers; personal devices are not supported

We don’t issue or support smartphones, butemployees still use personal devices for work

The organization supports anypersonal smartphone type

The organization supports a limited number of personal smartphone types

p o ohich of the f oW

tphon amarS

personal deusers;ganizahe orT

your ores yibest descrwing bollo

yoolicne P

edte not supporvices ar personal deotphones ttion issues smarganiza

mal pormal or inf oors f o’tionganizaour or tphones?y on smarolicmal p

vicet a personal dewill suppor but ,tphoneed smarerrefferrpr

tion issues a ganizahe orT

vice

ees still use personal deyemplot issue or suppor’e donW

orkor wvices fees still use personal de but,tphonest smart issue or suppor

ypetphone tpersonal smarts antion supporganizahe orT

number of personal smarhe orT

ypeyts an

vicet a personal dewill suppor

ts the phonewns and supporo bu ,, but tphoney smarchoose an

tion lets users ganizahe orT

ypestphone tnumber of personal smared ts a limittion supporganizahe or

vice

ts the phone but

tion lets users

ypes

InformationWData: espondents at organizations using or evaluating mobile operating systems for smartphonesBase: 595 r

endor Evaluation SurMobile OS V Vendor Evaluation Sureek WWeek espondents at organizations using or evaluating mobile operating systems for smartphones

ypetphone tpersonal smar

vey of 651 business technology prendor Evaluation Surespondents at organizations using or evaluating mobile operating systems for smartphones

number of personal smarype

May 2011ofessionals, vey of 651 business technology prespondents at organizations using or evaluating mobile operating systems for smartphones

ypestphone tnumber of personal smar

R2900711/10

ypes

Figure 2



November 2011 7

MDM vendors support multiple mobile oper-ating systems, but buyers need to realize thisdoes not mean the same capabilities can beapplied across all of the mobile platforms youneed to manage. For example, a product maysupport full disk encryption and encryptedfolders on Android, but only full disk encryp-tion on iOS.

SecurityWhile these are called mobile device man-agement products, they could easily be re-ferred to as mobile security systems. One ofthe biggest forces driving companies to con-sider these products is the potential risk ofdata loss, particularly if a phone or tablet ismisplaced or stolen. Organizations also needto control access to corporate resources fromsmartphones and tablets.When it comes to finding a lost or stolen de-vice, nearly all of the MDM products use ge-olocation to pinpoint the whereabouts(which is great for determining if the phoneor tablet has just been misplaced or if it isspeeding away). If the device can’t be recov-

ered, the last defense to protect sensitive datais a remote wipe, which cleans all of the dataoff the device. All of the products in our sur-vey had remote wipe capabilities. Several,such as AirWatch and Sybase’s Afaria, can alsodo selective wipes. This gives IT the option toonly destroy company data and access mech-anisms, such as email, leaving the rest of the

personal data on the device untouched. That’sa useful level of granularity in an era whereemployees are bringing their own smart-phones and tablets into the office.The other way to protect data on a mobiledevice is to encrypt it, so even if the device islost, sensitive data is still secure. RIM’s Black-Berry and Apple’s iOS have built-in encryption

Previous Next



63%

37%

Do you allow employees to access company resources with their personally owned mobile devices and/or tablets?

Access to Company Resources ia Personal Mobile Devices

Data: InformationWeek OS Wars Survey of 441 business technology professionals, May 2011 R2890711/15

R

No

Yes

o w emploou alloo yD

o Cccess tAy rompaness co accees tyw emplo

i y ou ces y Resouro paompan

esYYes

o a ob ersonally oes with their pcesoury r

ersonal Mobile Dea a Pes and/or tablets? vicwned mobile deersonally o

viceses and/or tablets?

No

InformationWData:

vey of 441 business technology prars SurOS W Wars Sureek WWeek ofessionals, May 2011vey of 441 business technology professionals, May 2011 R2890711/15

Figure 3



November 2011 8

options—there’s no need for third-party soft-ware. Full disk encryption is also possible withAndroid, but only from an MDM product.Some products offer folder-level encryption,including AirWatch, Fiberlink Communica-tions and Zenprise. Absolute Software sup-ports folder-level encryption on iOS devices.As with selective wipe, folder-level encryptionis a welcome feature when dealing with em-ployee-owned devices. It lets IT create a pro-tected space for corporate data and encour-ages users to segregate personal andbusiness information.

AdministrationWhile security is clearly an important aspectof MDM products, you’d expect the systemmanagement features to be similarly extensive.However, at least when comparing these prod-ucts to classic PC management systems, theMDM products often come up a little short.One bread-and-butter feature of any sys-tems management product is its ability to in-stall, update and remove applications, and toremotely patch and update the operating

system. However, MDM products have limita-tions in this area, particularly around apps.This can be problematic: Just because an appis on the market doesn’t mean it’s safe(though Apple’s gatekeeping does a goodjob of preventing malicious software fromgetting into its app store).However, eight of the 10 vendors in ourbuyer’s guide offer whitelists and blacklists of

approved apps, and can stop blacklisted appsfrom accessing corporate resources. This istypically done through a form of network pol-icy enforcement. In the same way that a com-pany can define access to email or an HR in-tranet by setting policies for approvedconnections (Are you on the network or VPN?Do you have the proper access rights fromyour user login? and so on), they can apply

Previous Next



How do you ensure security of end user devices that may contain company data?

Securing End User Devices

End user education regarding device-specific security awareness

Written policies in place governing use, no technology enforcement

Technology enforcement of polices, such as NAC, remote wipe, mandatory lock

We rely on employees’ common sense

Require encryption of any data at rest on the device

Other

Note: Multiple responses allowedData: InformationWeek 2011 End User Device Management Survey of 551 business technology professionals, February 2011

R2110411/12

68%

62%

50%

48%

37%

1%

Figure 4



November 2011 9

this type of control on a mobile device.When it comes to in-house mobile apps,many MDM vendors offer internal app storesthat let IT distribute and update corporate appsand allow users to browse for approved apps. Inventory tracking is another core systemsmanagement requirement. All the MDM ven-dors offer some form of inventory tracking, buttheir capabilities vary. Some are highly detailed,showing every bit of information on device, OS,apps and usage history. Others provide basichardware inventory lists. Another valuable fea-ture lets IT set alerts around or prevent specifictypes of expensive mobile usage, such asroaming or exceeding a bandwidth cap.MDM products come in a variety of deploy-ment options. As with traditional desktop andlaptop management, the MDM products needto touch the device, either with a full client orlightweight agent. A central management plat-form collects data from the agents and lets ad-ministrators monitor the devices, push out poli-cies, update software and more. Some vendorsin our buyer’s guide, such as Sybase, offer thechoice of either on-premises software for the

management platform or a SaaS version that’shosted off site. Fiberlink Communications isSaaS-only, while Absolute Software, OdysseySoftware and Symantec only offer premises-based software.Starting prices range from as low as $9.95 perdevice up to $85 per device annually. Pricingmay change based on volume and feature set.

Some vendors offer monthly or annual fees.The monthly option will help reduce the initialexpense but may cost more in the long term.

Under ControlIT has wrestled with the issue of mobilecomputing since laptops became the de factocompute platform for most enterprise work-

Previous Next

FAST FACT

16%Companies with strict

consumer device policies



29%

13%

16%

19%

23%

What is your organization’s general approach as it relates to consumer-centric new technology such as the iPad?

Organizational Approach to Consumer-Centric Technology

Data: InformationWeek 2011 End User Device Management Survey of 551 business technology professionals, February 2011 R2110411/17

R

Proactive; we treat it like any new technology development and IT explores whether we can leverage within our enterprise

Strict; we have policies regarding newdevices and expect everyone to follow them

Resistant; any new device needs tomeet our design and security standards

before it’s even considered for a testNeutral; we don’t actively test or look at new devices, but we’re willing to listen if someone makes a suggestion or request

Accepting; we let employees use them if they see value

Figure 5



November 2011 10

ers, but consumer smartphones and tabletstake mobility challenges in entirely new direc-tions. They tend to live outside the boundariesof traditional management tools, particularlyApple and Android products. Thus, it’s imper-ative for IT to have a strategy for these de-vices. MDM products will play an importantrole in that strategy.

IT should also be aware that this is a newmarket, and consolidation of one form or an-other is likely. At one end of the spectrum,these upstart platforms may take over the roleof traditional desktop management systems.In fact, five of the vendors in our guide canmanage laptops. At the other end, the majormanagement and security vendors may get

into the market, likely via acquisition, so thevendor you choose today could become partof a larger organization in the future.Either way, mobile devices are on your net-work and being used to store and access vitalcompany data and resources. And if you wantto protect those resources, you need manageyour mobile workforce.

Previous Next



Related Report

How do you keep corporate datasafe when employees and businesspartners are accessing it on theirsmartphones and tablets? Find outin our Fundamentals report “DownSide of Mobile Apps: Keeping DataSafe on the Move.”

DownloadDownload



http://reports.informationweek.com/abstract/21/7675/Security/strategy-mobile-application-security.html

November 2011 11

Previous Next



Company Absolute Software

AirWatch Fiberlink Communications

JAMF Software

MobileIron Odyssey Software

Symantec Sybase Tangoe Zenprise

Administration Remote app management (install/remove apps)

Remote provisioning and app disable

Yes Yes In-house apps only

Publish and revoke on iOS and Android

Partial on iOS

Windows Mobile only

Yes Yes As allowed by each OS. For those

allow, we can notify and block

Remote OS upgrade

No Yes Yes No No Windows Mobile

Windows Mobile

Windows Mobile, Symbian, Android

Yes As allowed by each OS. For those

allow, we can notify

Compliance and policy enforcement

Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

Remote control No Yes Yes No Yes Yes BlackBerry, Windows Mobile

Yes Yes Yes

Communications capture

No Yes No No Call, SMS, data activity; SMS archiving

No No No Voice and SMS

Voice and SMS

Remote content backup

No No Settings, apps and corporate data

No No No No Yes No No

InformationWeek Mobile Device Management Buyer's Guide: Administration Features Figure 6



Previous Next





JAMF Software MobileIron Odyssey Software


Platform Mobile platforms supported

Android

(Q3 2011), iOS

Android, BlackBerry, iOS, Symbian, Windows Mobile, Windows Phone 7

Android, BlackBerry, iOS, Symbian, WebOS Windows Mobile, Windows Phone 7

iOS Android, BlackBerry, iOS, Symbian, WebOS, Windows Mobile, Windows Phone 7

Android, BlackBerry, iOS, Windows Mobile, Windows Phone 7

Android, BlackBerry, iOS, WebOS, Windows Mobile, Windows Phone 7

Android, Blackberry, iOS, Symbian, Windows Mobile

Android, BlackBerry, iOS, Symbian, Windows Mobile, Windows Phone 7

Android, BlackBerry, iOS, Palm, Symbian, WebOS, Windows Mobile

Tablet Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes Laptop Mac,

Windows No Mac, Windows Mac No Yes No Windows No No

Delivery model

Software SaaS, on-premises appliance or software

SaaS SaaS, on-premises software

SaaS, on-premises software

On-premise software

On-premise software

Hosted, on-premises software



Directory integration


Reporting Geolocation tracking

Yes Yes Yes No Yes Yes iOS only Yes Yes Yes

Usage analytics and tracking

No Yes Yes No Yes Yes No Yes Yes Yes

Usage alerts Roaming status

Yes Roaming and data use

Yes Roaming and voice/data/SMS use

No Roaming and data use

Roaming Roaming and data use

Roaming and data use

Inventory management

Yes Yes Yes Reporting Yes Yes Yes Yes Yes Yes

Pricing $9.95 per device per year

$3 per device per month; $40 perp. license per device

$4 per device per month; $10 per user, per month unlimited devices

$50 per device, with 20% annual maintenance

$4 per device per month; $75 perp. license per device

Mid-$20s to mid-$30s per device depending on volume

$62 for 1 unit

$29 per seat starting price

$2-$5 per device per month

$85 per device in first year; discounts beginning in second year

InformationWeek Mobile Device Management Buyer's Guide: Platform and Reporting Features Figure 7



November 2011 13

Previous Next





JAMF Software

MobileIron Odyssey Software


Security Rules engine for device security check


App whitelists/ blacklists

Yes Yes Yes No Yes Yes No Yes Yes Yes

Remote wipe Yes Yes Yes Yes Yes Yes Yes Yes Yes Yes

Remote camera control


Folder-level encryption

iOS Yes Yes No No No No No No Yes

Full disk encryption

iOS Yes Yes Yes Yes Yes Yes Yes No Yes

Sandbox corporate from personal data

iOS Yes Corporate documents

No Selective wipe visibility into data

Only Windows Mobile

No Yes No Yes

VPN Yes Yes Yes Yes Yes No Supports config. of native VPN apps

Yes Yes Yes

InformationWeek Mobile Device Management Buyer's Guide: Security Features Figure 8



SubscribeSubscribe

Newsletter

Want to stay current on all newInformationWeek Reports? Subscribe to our weeklynewsletter and never miss a beat.

November 2011 14

Previous Next


reports M D M B u y e r ’ s G u i d e

MOR

ELIKE THIS

Want More Like This?Making the right technology choices is a challenge for IT teams everywhere. Whether it’ssorting through vendor claims, justifying IT projects or implementing new systems, there’sno substitute for experience. And that’s what InformationWeek provides—analysis and ad-vice from IT professionals. Our Reports site houses more than 900 reports and briefs, andmore than 100 new reports are slated for release in 2012. Right now, you’ll find:

Research: IT Pro Ranking/Smartphones and Tablet OSes: Apple and Google topple theBlack Berry as consumer phones and tablets swarm the enterprise. And IT doesn’t seem to mind.

Research: 5 Steps to Clean Up the OS Mess:Windows is still ubiquitous, but the averagecompany now supports three OSes, our survey finds. Many companies also are letting devicesbased on almost any OS connect to the network, many without a clear policy on IT support.

Research: 2011 End User Device Survey: The forces of cloud, mobility and consumeriza-tion will eventually spell the end of the fat corporate desktop as we know it. Think you canhold the line against the trifecta of change?

Informed CIO: Reducing Mobile Device Risks to Enterprise Data: Smartphones have al-ready altered the enterprise risk landscape, and tablets will only accelerate the pace of change.Employees want access from their personal devices—and companies need to provide it.

PLUS: Find signature reports, such as the InformationWeek Salary Survey, InformationWeek500 and the annual State of Security report; full issues; and much more.

Table of Contents



http://links.techwebnewsletters.com/servlet/SignUpForm?f=491839

http://reports.informationweek.com/abstract/18/8034/Mobility-Wireless/it-pro-ranking-smartphone-and-tablet-oses.html

http://reports.informationweek.com/abstract/18/7697/Mobility-Wireless/research-the-os-mess.html

http://reports.informationweek.com/abstract/18/5975/Mobility-Wireless/research-end-user-devices.html

http://reports.informationweek.com/abstract/18/5215/Mobility-Wireless/informed-cio-mobile-device-security.html

Mobile Device Management Questionnaire: Absolute 1. Which mobile device operating system platforms can your product manage? These include Apple iOS (as well as iPad), Android, BlackBerry, and Windows Mobile. Absolute Manage Mobile Device Management currently supports iOS, and we anticipate release of a new version with support for Android in calendar Q3 2011. 2. Is your product available in a SaaS model, an internal software model, or both? Absolute Manage is a premise-based software solution only. 3. Does your product have the ability to enforce baseline security policies and settings (such as checking for required security products, proper passwords, and acceptance of company usage policies) on devices connecting to the network? Absolute Manage can enforce security policies such as password length and complexity standards, or requiring encrypted backups, through OTA-deployed configuration profiles on iOS devices. Additionally, it can detect noncompliance with company security policies, such as jail breaking, or installation of blacklisted apps. Administrators can report on noncompliance, or automate certain remedial actions, such as removing access to corporate resources such as email, Wi-Fi or VPN, or even wiping and resetting the device. 4. Can the product manage installed apps on mobile devices, for example, by being able to remotely update or remove apps from devices? Actually installing or removing apps remotely is not possible on the iOS operating system. However, Absolute Manage does provide extensive deployment and management options for both in-house and iTunes Store apps. In-House apps can be hosted by Absolute Manage, and published to the on-device user self-service portal (Absolute Apps) where users install with one tap. Subsequent updates are received via notifications similar to those used by the App Store. Administrators cannot actually remove these apps, but they can revoke the provisioning profile, which disables the app and removes access to any associated data. For iTunes App Store apps, Absolute Manage can also publish recommended apps to the on-device self-service portal, so that users may easily install approved apps without the need to search for them the iTunes App Store. Beyond that, Absolute Manage can automatically apply redemption codes purchased under the App Store Volume Purchase Program (ASVPP.) This program, which has recently been expanded from education customers to business customers, allows organizations to buy apps in bulk. Absolute Manage not only distributes the codes, but tracks redemption by device so that organizations can ensure license compliance. 5. Can GPS and other location information be used for tracking or device recovery? Yes. With Absolute Manage, administrators can track and map the location of iOS devices for recovery or workforce management. Tracking interval and accuracy are configurable, and can be reported as often as once per second, and as accurately as a ten meter radius.

6. Does your product have the ability to remotely wipe data from devices? Can this be done in a selective manner to wipe just corporate information and not personal user information? Absolute Manage can remotely wipe devices, resetting them to factory specs. It can also remove only corporate data – for example, removing corporate email Configuration Profiles removes access only to the data (email, contacts, calendar) associated with that profile, leaving personal email and other data untouched. 7. With your product, is it possible to enforce folder-level encryption, full disk encryption, or both for remote mobile devices? Absolute Manage does not provide encryption. 8. Can features of devices, such as cameras, be remotely disabled using your product? Yes. 9. Does your product provide monitoring services to track usage and look for exceptions or anomalous user behavior? No. 10. Is it possible to deploy company data to user-owned devices and keep that data separate from users’ personal data? We recommend provisioning corporate email via Configuration Profiles in order to leverage the built-in "sandboxing" of iOS. 11. What is the approximate or typical pricing for your product? MSRP begins at $9.95 per year per device, with significant discount for volume, longer terms and educational institutions. Perpetual licenses are also available. 12. Does the product offer out-of-the-box and/or customizable reports? There are some out of the box reports included, but the simple drag and drop reporting interface enables administrators to easily create or customize reports to fit their own needs, using any of the 60+ data points collected from the devices. Additionally, Absolute Manage administrators may create Custom Data Fields, which become part of the device record, to track information such as cost centers. Absolute Manage also automatically imports directory information from Active Directory/Open Directory and adds it to device records. All of this information is available for management and reporting. 13. Does the product offer out-of-the-box integration with third-party products such as security management systems, SIEM, help desk, or ticketing? If not out-of-box integration, does it offer APIs? Absolute Manage is easily integrated with third party management applications, and has pre-built integrations for WebHelpDesk and Microsoft SCCM.

Mobile Device Management Questionnaire: AirWatch 1. Which mobile device operating system platforms can your product manage? These include Apple iOS (as well as iPad), Android, BlackBerry, and Windows Mobile. AirWatch is a cross-platform mobile device management solution that secures and manages Apple iOS (iPhone, iPod & iPad), Android, BlackBerry, Symbian, Windows Mobile and Windows Phone mobile devices and tablets. 2. Is your product available in a SaaS model, an internal software model, or both? AirWatch’s scalable architecture enables the solution to be deployed on-premise (dedicated hardware or VM), as an appliance or SaaS and meets strict requirements for high availability and redundancy. Global customer deployments range from 50 devices to 100,000+. 3. Does your product have the ability to enforce baseline security policies and settings (such as checking for required security products, proper passwords, and acceptance of company usage policies) on devices connecting to the network? AirWatch provides the ability to configure security policies/settings, identify exceptions/threats and manage policy violations through a robust compliance engine. AirWatch’s security capabilities include: - Enterprise directory-based authentication - SCEP/Certificate Authority integration - Configurable device password policies - Device data encryption - Compromised device detection - Secure email gateway with device level access control and policies for securing attachments - Secure mobile web browser - Application lock down - Real-time monitoring of required security policies and security audits - Compliance engine to proactively manage security threats/exceptions - Events logs - Remote lock, corporate/selective or full wipe - Configurable privacy policies for employee-liable versus corporate-owned devices - Role-based console access with enterprise directory integration When a user enrolls their device with AirWatch, they must accept a company specific EULA describing corporate usage policies and MDM capabilities that will affect their device. 4. Can the product manage installed apps on mobile devices, for example, by being able to remotely update or remove apps from devices? AirWatch offers the ability to wirelessly distribute and update internal enterprise apps. IT administrators can monitor installed apps on mobile devices, manage app compliance via white lists and black lists and even remove apps from a device. Also, AirWatch can limit selection, recommend and ease the distribution of publicly available apps from the Apple AppStore or Android Market.

5. Can GPS and other location information be used for tracking or device recovery? AirWatch can track a device’s location via GPS or Wi-Fi information. With AirWatch, you can map a device’s current location as well as view historical breadcrumbs showing speed, location and direction. 6. Does your product have the ability to remotely wipe data from devices? Can this be done in a selective manner to wipe just corporate information and not personal user information? AirWatch supports both corporate or selective remote wipe as well as a full wipe, returning the device to factory defaults. When performing a selective wipe, AirWatch removes all corporate data and access to corporate services, such as VPN, Wi-Fi, Email and even applications. Also, AirWatch has developed a robust compliance engine that enables companies to define compliance policies and automated processes, which could trigger a remote device wipe in the event of a policy violation. 7. With your product, is it possible to enforce folder-level encryption, full disk encryption, or both for remote mobile devices? Depending on the mobile platform, AirWatch supports encryption of mobile device data and full disk encryption. 8. Can features of devices, such as cameras, be remotely disabled using your product? AirWatch can restrict specific device features such as, camera, YouTube, web browsers etc. and even lock down devices to IT-defined programs or apps. Capabilities vary by device platform. 9. Does your product provide monitoring services to track usage and look for exceptions or anomalous user behavior? AirWatch is designed to monitor a company’s entire fleet of devices in real-time and identify any exceptions/threats or anomalous user behavior. AirWatch’s alerting system can instantly notify both end users/IT when specific device or user actions occur. For example, AirWatch can detect when a device is roaming and alert the end user/IT, preventing data overages. 10. Is it possible to deploy company data to user-owned devices and keep that data separate from users’ personal data? AirWatch provisions corporate data and access to corporate services, such as Email, Calendar, Contact, VPN, Wi-Fi and even applications to all devices, including employee-liable devices. AirWatch has the ability to selectively manage corporate data and access separate from an end user’s personal data. 11. What is the approximate or typical pricing for your product? $3 – Monthly SaaS subscription per device $40 – Perpetual license per device 12. Does the product offer out-of-the-box and/or customizable reports? AirWatch offers an extensive library (100+) of out-of-the-box reports that can be customized based on various data elements and automatically distributed using subscriptions.

13. Does the product offer out-of-the-box integration with third-party products such as security management systems, SIEM, help desk, or ticketing? If not out-of-box integration, does it offer APIs? Out-of-the box, AirWatch integrates to enterprise infrastructure such as Microsoft Exchange, BPOS, Office 365, Lotus Notes, Gmail for Business, LDAP/AD, SAML, PKI (Certificate Authority). AirWatch also integrates to help desk or ticketing systems, business intelligence tools, alerting and more using APIs and a complete DataMart for easy export of data.

Mobile Device Management Questionnaire: Fiberlink 1. Which mobile device operating system platforms can your product manage? These include Apple iOS (as well as iPad), Android, BlackBerry, and Windows Mobile. Fiberlink’s MaaS360 platform provides comprehensive management capabilities across a wide range of smartphones and tablets including iOS, Android, BlackBerry, Windows Phone 7, Windows Mobile, Symbian, and WebOS devices. 2. Is your product available in a SaaS model, an internal software model, or both? MaaS360 is built on a multi-tenant infrastructure and delivered as a cloud-based, SaaS model. Customers can access the platform from the Internet and provision a fully operational Mobile Device Management solution in minutes. This approach delivers rapid time to value with the flexibility to start managing a small group of users and scale from 10 to 100,000 plus users as needs changes, reaping the benefits of a pay-as-you-go subscription model. 3. Does your product have the ability to enforce baseline security policies and settings (such as checking for required security products, proper passwords, and acceptance of company usage policies) on devices connecting to the network? MaaS360 provides all of the essential capabilities to enforce baseline security policies including:

OTA configuration Customizable acceptable use policy Passcode enforcement Wifi, VPN, and email settings Remote lock and full wipe Selective wipe of corporate data Device restrictions Jailbreak and root detection Device location

MaaS360 goes above and beyond these baseline securities policies to provide more advanced management capabilities. MaaS360’s Compliance Engine lets IT administrators easily define and implement powerful compliance rules for smartphones and tablets to deal with specific events and contextual changes. Managed devices are continuously monitored against defined rules or events. If a security policy violation occurs, MaaS360 can be configured to immediately and automatically take actions such as warning the user with onscreen messaging, blocking corporate email access or even wiping the device’s memory to factory default settings. 4. Can the product manage installed apps on mobile devices, for example, by being able to remotely update or remove apps from devices?

MaaS360 provides organizations with a private, easy-to-use system to categorize, distribute and update in-house developed enterprise applications, as well as view Apple Store and Android Market applications recommended, approved, and unapproved by the enterprise. MaaS360 also provides the ability to remove apps from devices. 5. Can GPS and other location information be used for tracking or device recovery? Yes . Device location via GPS is supported for device types which allow for this type of technology to be used. Ex. An end user reports back to the help desk that they may have lost their smartphone. IT staff can locate down to the street address where that device currently is. MaaS360 also provides the last know IP connection which the device had or currently has. 6. Does your product have the ability to remotely wipe data from devices? Can this be done in a selective manner to wipe just corporate information and not personal user information? MaaS360 supports both full factory wipe as well as selective wipe which will remove corporate data such as e-mail, calendaring, contacts, corporate apps and data, while leaving personal data such as pictures and music. 7. With your product, is it possible to enforce folder-level encryption, full disk encryption, or both for remote mobile devices? MaaS360 is able to detect and enforce encryption standards on devices across folder-level and full disk where applicable by the device or OS platform. MaaS360 can require the user to take the required action to encrypt the device. If for example the user fails to encrypt the device, MaaS360 is able to detect this and automatically take a predefined action on that device such as block access to corporate data, perform a selective wipe, remove a Wi-Fi or VPN profiles, and other actions. 8. Can features of devices, such as cameras, be remotely disabled using your product? Yes, Cameras can be disabled remotely. In addition, features such as Bluetooth, USB, Device Tethering, and the use of iTunes App Store can be remotely disabled. These are included as part of MaaS360’s baseline security policy settings that can be configured by the IT administrator. 9. Does your product provide monitoring services to track usage and look for exceptions or anomalous user behavior? Yes. MaaS360 provides service management with real-time monitoring and tracking usage and can flag and take automated actions on exceptions and anomalous behavior. Malicious application install, data roaming, and SIM changes are some examples of anomalous behavior companies can detect by using MaaS360. MaaS360 also enables behavior modification techniques to help prevent ongoing and repeat violations.

10. Is it possible to deploy company data to user-owned devices and keep that data separate from users’ personal data? MaaS360 allows organizations to distribute documents remotely to their users. Once these documents are received by the end users device, they can be kept in a separate ”container” for viewing. The user will not be able to save these documents or open them with other applications. IT admins have the ability to remove these documents at any time from the device. In addition, MaaS360 is able to remotely deploy and wipe corporate data such as e-mail, calendaring, contacts, Wi-Fi Profiles, and VPN settings. 11. What is the approximate or typical pricing for your product? Volume pricing for MaaS360 starts at $4 per device, per month or $10 per user, for an unlimited number of devices. These models can be combining across an organization for the most flexible approach. The pricing is inclusive of 24x7x365 customer support, training, maintenance, installation, and product updates. 12. Does the product offer out-of-the-box and/or customizable reports? Mobile Device Reporting in MaaS360 includes My Watch List (real-time), Mobile Intelligence Dashboards, and Device Management View (real-time). The different areas of reporting have navigation between them for a seamless workflow and experience. MaaS360 provides additional reporting features within these main areas (ex. Smart Search, Device Grouping) and together, combine for a detailed and flexible reporting capability. MaaS360 platform offers robust reporting across MDM as a standalone offering or in combination with DTM for a single pane of glass experience. My Watchlist: My Watch List section lists the real-time device monitoring metrics for smartphones and tablets (also available for desktops and laptops). A predefined list of best practice items are provided to the customer by default and a customer can customize or create their own personalized watch list items. Also, My Watch List alerts are automatically delivered to IT staff on a daily and weekly basis. Mobile Intelligence Dashboards: Mobility Intelligence Dashboards (MI) provide an interactive summary and detailed reports for users. Charts and graphs show how many of your devices are owned by the company and how many are owned by the users, number of devices by platform and type, time series of enrolled devices by month for the last 6 months, and approved, blocked or quarantined devices. Clicking on part of the graph provides a drill down into a more detail report that is automatically filtered to show the data from the graph. Available tabs allow users to navigate to the detailed data then apply additional filters. Customers are able to see their entire device environment at a summary level then drill in and around the data. Device Management View: MaaS360’s Device Management View provides a wealth of information about devices. Users can see inventory, security and compliance, status information, and lots more. Information here is specific to an individual device and very detailed. In addition, features such as Smart Search and Device Grouping are available for detailed information across multiple devices.

Smart Search: The Smart Search feature allows IT staff to create ad-hoc reporting and grouping

across almost every device attribute available from MaaS360. This allows for flexibility in IT operations as well as custom reports. Smart Search can be performed on custom device attributes that have been created and assigned by IT staff (Ex. Business unit, warranty expiration, etc…).

Device Groups: Provides canned reports which customers can access quickly from a drop down menu or portal navigation. These reports include predefined criteria such as devices which are personally owned vs. corporate owned. Customers can create their own device groups based upon the hundreds of available attributes and save them for shared viewing within the organization or private viewing.

13. Does the product offer out-of-the-box integration with third-party products such as security management systems, SIEM, help desk, or ticketing? If not out-of-box integration, does it offer APIs? MaaS360 offers integration with other third part products and systems via an API. The web-services API requires no infrastructure to implement and typically integrates into third party system in an hour. MaaS360 reporting data can be exported in several common file formats for easy import into third party systems.

Mobile Device Management Questionnaire: JAMF 1. Which mobile device operating system platforms can your product manage? These include Apple iOS (as well as iPad), Android, BlackBerry, and Windows Mobile. iOS – iPad, iPhone, and iPod touch devices. 2. Is your product available in a SaaS model, an internal software model, or both? Software is available for premise or cloud based installations. No SAAS offering directly from JAMF Software at the moment, although our MSP partner network do offer SAAS offerings using our software. (More deals available if you’re interested.) 3. Does your product have the ability to enforce baseline security policies and settings (such as checking for required security products, proper passwords, and acceptance of company usage policies) on devices connecting to the network? Yes. 4. Can the product manage installed apps on mobile devices, for example, by being able to remotely update or remove apps from devices? Yes, with caveats. The capability to remotely update or remove App Store apps over-the-air is not currently provided by Apple’s iOS Mobile Device Management API. However, we can control updates of in-house apps using automated sync to iTunes – which we can manage using the Casper Suite’s Mac OS X management capabilities. (For more information, please see the Mobile Point of Sale workflow in our webinar entitled “An Introduction to iOS Management – http://jamfsoftware.com/solutions/ios-management.) 5. Can GPS and other location information be used for tracking or device recovery? The Casper Suite does not currently include this capability. Our approach is to integrate with, extend and augment Apple’s offerings, so we often recommend using Apple’s native technologies when available. In this scenario, we might recommend using MobileMe (FindMyPhone) to locate and track a device if determined to be prudent. In many scenarios, an IT department considers the data to be more valuable than the hardware, so they would leverage the Casper Suite’s security capabilities to remotely wipe or lock a lost iOS device. 6. Does your product have the ability to remotely wipe data from devices? Can this be done in a selective manner to wipe just corporate information and not personal user information? Yes, the Casper Suite is able to remotely wipe an entire device. The Casper Suite is also able to revoke access to any systems on which access has been granted using MDM. So, removing corporate email accounts and the associated data while leaving personal email accounts, revoking network access that was granted using MDM, etc. 7. With your product, is it possible to enforce folder-level encryption, full disk encryption, or both for remote mobile devices?

It is possible to enforce full disk encryption (data encryption). Would need clarification on what exactly is meant by folder-level encryption for iOS, as this is most likely referring to other operating systems. It most likely would not be possible (depending on definition) with the iOS MDM API. 8. Can features of devices, such as cameras, be remotely disabled using your product? Yes. 9. Does your product provide monitoring services to track usage and look for exceptions or anomalous user behavior? Yes. Software and hardware inventory can be queried, alerts can be sent based on wide range of device settings. 10. Is it possible to deploy company data to user-owned devices and keep that data separate from users’ personal data? No. 11. What is the approximate or typical pricing for your product? Pricing is tiered based on quantity and type of organization. Significant volume discounts are available. Additionally, K-12 education customers receive a 100% discount on license pricing and higher education customers receive a 70% discount on license pricing. (I could provide more specific information in conjunction with our sales team if it would be helpful.) 12. Does the product offer out-of-the-box and/or customizable reports? Yes. 13. Does the product offer out-of-the-box integration with third-party products such as security management systems, SIEM, help desk, or ticketing? If not out-of-box integration, does it offer APIs? Yes. The Casper Suite offers out-of-the-box integration with some third-party products. We also offer a RESTful API (http://jamfsoftware.com/developer-resources/) that can be used to develop integrations between the Casper Suite and other systems. Our custom development team is also available to build custom integrations using the JSS API to integrate with customers’ business systems.

http://jamfsoftware.com/developer-resources/

Mobile Device Management Questionnaire: MobileIron 1. Which mobile device operating system platforms can your product manage? These include Apple iOS (as well as iPad), Android, BlackBerry, and Windows Mobile. Android, BlackBerry, iOS, Symbian, WebOS, Windows Phone 7, Windows Mobile 2. Is your product available in a SaaS model, an internal software model, or both? Both – we will announce that our SaaS offering is GA at the beginning of August, it has been in beta with 11 customers including 5 Fortune 1000 companies 3. Does your product have the ability to enforce baseline security policies and settings (such as checking for required security products, proper passwords, and acceptance of company usage policies) on devices connecting to the network? Yes 4. Can the product manage installed apps on mobile devices, for example, by being able to remotely update or remove apps from devices? Yes, MobileIron delivered the industry’s first Enterprise App Storefront in December 2009. Using MobileIron’s Enterprise App Storefront, IT publishes approved internal and external applications, and defines access based on employee role or IT policy. Employees then browse their Enterprise App Store and click on the app icon to install the application. The Enterprise App Storefront also ensures that internal apps are never made public. Note that on iOS and Android, we manage the end-to-end provisioning of apps but the operating system requires the user’s consent to accept the app installation. In Dec 2010, MobileIron introduced App Control, the ability to monitor application inventory and take action if users download unapproved apps. In the case of a less serious threat, this can be sending the user an alert or blocking access to corporate resources. In a more serious situation, IT can wipe all enterprise data from the device. Recent attacks by malware-infected apps have made Android security a very real concern for enterprises. In June 2011, MobileIron introduced App Data Visibility to bring Android security to a new level by identifying which permissions Android apps have and therefore which datathey are trying to access. 5. Can GPS and other location information be used for tracking or device recovery? Yes 6. Does your product have the ability to remotely wipe data from devices? Can this be done in a selective manner to wipe just corporate information and not personal user information? Yes to both. In fact, MobileIron was the first to offer selective wipe to remove corporate information while preserving personal data. 7. With your product, is it possible to enforce folder-level encryption, full disk encryption, or both for remote mobile devices? Yes, where encryption is an option, we monitor encryption state and enforce/report on it. 8. Can features of devices, such as cameras, be remotely disabled using your product? Yes

9. Does your product provide monitoring services to track usage and look for exceptions or anomalous user behavior? Yes 10. Is it possible to deploy company data to user-owned devices and keep that data separate from users’ personal data? Yes, we provide the ability to provision and selectively wipe a device. On iOS this means configuring the device for enterprise use and then selectively wiping enterprise email and configurations while leaving personal content alone if the employee leaves the company. 11. What is the approximate or typical pricing for your product? Customers buy MobileIron either by subscription or perpetual license. Costs are: Subscription: $4 per device per month Perpetual: $75 per device 12. Does the product offer out-of-the-box and/or customizable reports? Yes 13. Does the product offer out-of-the-box integration with third-party products such as security management systems, SIEM, help desk, or ticketing? If not out-of-box integration, does it offer APIs? Yes MobileIron integrates with third-party systems and also has an API.

Mobile Device Management Questionnaire: Odyssey 1. Which mobile device operating system platforms can your product manage? These include Apple iOS (as well as iPad), Android, BlackBerry, and Windows Mobile. A: iOS (iPad), Android, Blackberry, Windows Phone, Windows Mobile, Windows Embedded CE 2. Is your product available in a SaaS model, an internal software model, or both? A: Internal Software Model (i.e. on-premise solution) 3. Does your product have the ability to enforce baseline security policies and settings (such as checking for required security products, proper passwords, and acceptance of company usage policies) on devices connecting to the network? A: Yes 4. Can the product manage installed apps on mobile devices, for example, by being able to remotely update or remove apps from devices? A: Yes, as permitted by the mobile device platforms. 5. Can GPS and other location information be used for tracking or device recovery? A: Yes 6. Does your product have the ability to remotely wipe data from devices? Can this be done in a selective manner to wipe just corporate information and not personal user information? A: Yes. Full device wipe is available on all supported mobile platforms. Selective wipe is available on iOS and Windows Mobile. 7. With your product, is it possible to enforce folder-level encryption, full disk encryption, or both for remote mobile devices? A: Yes. Athena can invoke the mobile platforms’ native data encryption capabilities. 8. Can features of devices, such as cameras, be remotely disabled using your product? A: Yes. Athena can remotely disable device features such as cameras on mobile platforms that support these capabilities (e.g. iOS). 9. Does your product provide monitoring services to track usage and look for exceptions or anomalous user behavior? A: Yes. Athena reports comprehensive hardware, software and device health information. Exceptions and anomalous user behavior such as installing unapproved applications can not only be tracked, but can automatically result in remediation – for example, disabling access to corporate e-mail. 10. Is it possible to deploy company data to user-owned devices and keep that data separate from users’ personal data? A: Athena does not manage the separation of corporate data from users’ personal data on devices. In our experience, there is no practical way to truly enforce this short of the device platform vendors addressing it – even with products that claim to have a secure mobile messaging application. However, Athena is able to selectively wipe data from devices such as iOS and Windows Mobile.

11. What is the approximate or typical pricing for your product? A: Depending on the number of devices being managed, license pricing for Athena is in the mid $20s to mid-$30s per device. 12. Does the product offer out-of-the-box and/or customizable reports? A: Yes. Athena offers both out-of-the-box and customizable reports. 13. Does the product offer out-of-the-box integration with third-party products such as security management systems, SIEM, help desk, or ticketing? If not out-of-box integration, does it offer APIs? A: Yes. Athena is implemented as a set of mobile device management extensions to the Microsoft System Center Configuration Manager enterprise management platform. Athena leverages to Configuration Manager infrastructure and its inherent scalability, security and reliability – no Odyssey Software-specific server, appliance or console is required.

InformationWeek Mobile Device Management Questionnaire: Sybase Afaria

1. Which mobile device operating system platforms can your product manage? Afaria supports a variety of mobile device operating systems that are prevalent in the enterprise today, including RIM BlackBerry, iOS (iPhone and iPad), Android, Windows Mobile and Symbian. One of the strengths of Afaria is in hiding the differences across varying operating systems and manufacturers to provide common key capabilities such as application deployment, security (remote wipe, password controls), asset collection and beyond.

2. Is your product available in a SaaS model, an internal software model, or both?

Afaria simplifies complexity by delivering device and applications management capabilities in a hosted or on-premise model.

3. Does your product have the ability to enforce baseline security policies and settings (such as

checking for required security products, proper passwords, and acceptance of company usage policies) on devices connecting to the network?

Yes, Afaria has the ability to enforce baseline security policies and settings, including passwords, VPN and WIFI certificate requirements, application security requirements – just to name a few with our Access Control component.

4. Can the product manage installed apps on mobile devices, for example, by being able to remotely update or remove apps from devices? Afaria has a central administration console that can remotely update or remove apps from device. The level of functionality and the way it is implemented is dependent on the OS manufacturer. To combat the platform differences, Afaria has added application management capabilities to the core product that allows administrators to control app-level settings and security.

5. Can GPS and other location information be used for tracking or device recovery?

Afaria is adding location information that can be used to track devices and view which devices are in high-cost roaming environments (see iPad screen shot).

6. Does your product have the ability to remotely wipe data from devices? Can this be done in a selective manner to wipe just corporate information and not personal user information? Afaria has selective remote wipe functionality enabling IT to only wipe corporate data without the end user losing any personal, music or photo data. Some of our customers also demand full device wipe so we provide both options.

7. With your product, is it possible to enforce folder-level encryption, full disk encryption, or both for remote mobile devices? We provide device-level encryption for Windows Mobile and Symbian and can enable built-in bit locker security on Win32. For Android and iOS we enforce security policies while leaving the actually encryption to the device manufacturers.

8. Can features of devices, such as cameras, be remotely disabled using your product? Afaria can remotely disable camera functionality on device. For iOS we can control all the features found in the Apple Configuration Utility. For Android, it is manufacturer dependent.

9. Does your product provide monitoring services to track usage and look for exceptions or anomalous user behavior?

Afaria collects large amounts of data on device and user usage (it is configurable); The usage data is used by our customers differently depending on their industry. For instance, in the pharmaceutical industry our customers track the delivery of all drug information and store it up to two years for legal and compliance purposes.

10. Is it possible to deploy company data to user-owned devices and keep that data separate from users’ personal data? Yes. Afaria uses the built-in features of memory isolation of iOS and Android to keep application data separate. With iOS 5 it is even easier to separate personal and enterprise email (no forwarding from other accounts). For Android email, we use the Nitrodesk Touchdown email client to keep data separate.

11. What is the approximate or typical pricing for your product? Pricing for Afaria varies depending on deployment. Seats start at $29.

12. Does the product offer out-of-the-box and/or customizable reports? Afaria has a very rich set of out-of-the-box reports. Administrators can also build custom views and additional reports. SAP Business Objects customers can also use our deep reporting tools to get additional flexibility.

13. Does the product offer out-of-the-box integration with third-party products such as security management systems, SIEM, help desk, or ticketing? If not out-of-box integration, does it offer APIs? Afaria integrates with back-end systems in several ways including back-end database integration, Web services APIs, and SNMP traps through the alerting console.

Mobile Device Management Questionnaire: Symantec Mobile Management 1. Which mobile device operating system platforms can your product manage? These include Apple iOS (as well as iPad), Android, BlackBerry, and Windows Mobile. Symantec Mobile Management supports Android, iOS, BlackBerry and Windows Mobile. 2. Is your product available in a SaaS model, an internal software model, or both? Symantec Mobile Management is available in an internal software model. 3. Does your product have the ability to enforce baseline security policies and settings (such as checking for required security products, proper passwords, and acceptance of company usage policies) on devices connecting to the network? Yes. Policies, passwords, etc. can be enforced using Symantec Mobile Management in order to enable access to company resources. 4. Can the product manage installed apps on mobile devices, for example, by being able to remotely update or remove apps from devices? Yes, but for Windows Mobile only. iOS will only allow removal of corporate apps delivered using the Volume Purchase Program capability. 5. Can GPS and other location information be used for tracking or device recovery? Yes. Symantec Mobile Management can provide the last known location of iOS devices and this capability will soon be available for Android devices as well. 6. Does your product have the ability to remotely wipe data from devices? Can this be done in a selective manner to wipe just corporate information and not personal user information? Yes, Symantec Mobile Management features the capability to remotely wipe devices of data. Selective wipe is available for iOS devices. 7. With your product, is it possible to enforce folder-level encryption, full disk encryption, or both for remote mobile devices? Symantec Mobile Management is capable of enforcing full disk encryption only. Most mobile operating systems only provide device-level configuration settings and no APIs for any other level of encryption. 8. Can features of devices, such as cameras, be remotely disabled using your product? Yes, Symantec Mobile Management is capable of remotely disabling devices features, such as cameras. 9. Does your product provide monitoring services to track usage and look for exceptions or anomalous user behavior?

Symantec Mobile Management can control and limit usage, as in data roaming, but it does not monitor use. Anomalous behavior, such as jail breaking, is detected by Symantec Mobile Management and it can thus deny access to such devices. 10. Is it possible to deploy company data to user-owned devices and keep that data separate from users’ personal data? Yes. Corporate apps and data may be deployed and removed separately from personal/public apps and data with Symantec Mobile Management, with specific platforms supporting different levels of segregation depending on their design and APIs. 11. What is the approximate or typical pricing for your product? Pricing for Symantec Mobile Management is $62 MSRP for one unit. 12. Does the product offer out-of-the-box and/or customizable reports? Yes, both. 13. Does the product offer out-of-the-box integration with third-party products such as security management systems, SIEM, help desk, or ticketing? If not out-of-box integration, does it offer APIs? Yes, Symantec Mobile Management offers out-of-the-box integration with security management systems, help desk and ticketing all via the Symantec Management Platform. SIEM integration is not yet available, but is planned. APIs are also offered for additional integration, as well as a workflow engine that provides visual configuration of automated processes.

Mobile Device Management Questionnaire: Tangoe Tangoe MDM 1. Which mobile device operating system platforms can your product manage? These include Apple iOS (as well as iPad), Android, BlackBerry, and Windows Mobile. iOS, Android, Blackberry, Windows Mobile, Windows Phone 7, and Symbian 2. Is your product available in a SaaS model, an internal software model, or both? On-Premise software model and Hosted Managed Services model 3. Does your product have the ability to enforce baseline security policies and settings (such as checking for required security products, proper passwords, and acceptance of company usage policies) on devices connecting to the network? Yes, for all supported mobile platforms 4. Can the product manage installed apps on mobile devices, for example, by being able to remotely update or remove apps from devices? Yes. Tangoe MDM supports pushing applications to BlackBerry, Android, Windows Mobile, and iOS (enterprise apps only). We can remove applications from BlackBerry, Android, and Windows Mobile devices. 5. Can GPS and other location information be used for tracking or device recovery? Yes. 6. Does your product have the ability to remotely wipe data from devices? Yes. Can this be done in a selective manner to wipe just corporate information and not personal user information? Yes 7. With your product, is it possible to enforce folder-level encryption, full disk encryption, or both for remote mobile devices? No 8. Can features of devices, such as cameras, be remotely disabled using your product? Yes 9. Does your product provide monitoring services to track usage and look for exceptions or anomalous user behavior? Yes 10. Is it possible to deploy company data to user-owned devices and keep that data separate from users’ personal data? No 11. What is the approximate or typical pricing for your product? 12. Does the product offer out-of-the-box and/or customizable reports? Yes 13. Does the product offer out-of-the-box integration with third-party products such as security management systems, SIEM, help desk, or ticketing? If not out-of-box integration, does it offer APIs? No

Page 1 of 5

Mobile Device Management Questionnaire: Zenprise Zenprise, Inc. As the global mobile worker population approaches 1.2 billion in 2013 (according to IDC), and IT is grappling with how to secure and manage the billions of mobile devices used by these workers, Zenprise’s strategy to meet this need is by protecting the entire mobile enterprise. With the opportunity presented by the mobile enterprise comes intense hype and confusion over the best approach to ensure not only that devices are secure, but that the information and applications being accessed are safe from tampering and theft . At the core of Zenprise’s strategy is Zenprise Mobile Manager, which is the only enterprise mobile management and security solution with a demonstrated ability to scale to tens and even hundreds of thousands of devices – table stakes in this next phase of market development beyond the pilot. Today, Zenprise is continuing to execute on this strategy by adding a cloud offering to its portfolio with Zencloud™, the industry’s first cloud based mobile security and device management solution with 100 percent SLA. Basic level security, such as enforcing password protection or wiping a device clean if it is lost or stolen, is no longer sufficient for enterprises. They need the security surrounding devices to be on par with the security of the overall network. Zenprise has expanded its mobile management solutions to encompass the protection of not only the devices themselves, but the applications running on them, as well as the networks they are accessing. The Company has done this with global enterprise deployments in mind, not small pilot deployments, meaning it can protect and manage hundreds of thousands of devices and with a level of resiliency and redundancy not previously available. It’s not new news that IT is faced with an onslaught of requests to allow network and application access for personal devices – the iPad is to thank for that. Almost as quickly as the iPad--and now a whole slew of Android devices--came on the scene, the number one and two top mobility challenges for IT have become data and network security and device manageability, according to IDC. CIO Magazine’s 2011 State of the CIO survey underscored this issue is top of mind with senior IT executives, noting that the next generation workforce, ubiquitous data and the consumerization of IT are three of the top five trends driving change for IT. Zenprise’s strategy to protect the mobile enterprise is anchored by three tenets:

1. Protecting the device isn’t enough. Zenprise’s fully integrated platform is set apart by a Triple Defense approach which not only secures the device, but provides comprehensive security for applications and information residing on and accessed by that device, and the network on which it is communicating. It does this by providing a security solution that goes everywhere the data goes, securing every point in the enterprise's mobile environment.

2. If the server goes down, protection and management must continue. Zenprise has built in high availability and redundancy into its product because of the critical importance of mobile security. Products with no high availability can create huge exposure- any server outages result in the entire enterprise compromised and exposed.

Page 2 of 5

3. The mobile enterprise encompasses tens of thousands of devices, not tens or hundreds. With the challenge of heterogeneous mobile device management being relatively new, it’s been common for enterprises to pilot solutions with 50-200 devices. However, true protection of the mobile enterprise will require the ability to secure and manage every device touching the network. Today, Zenprise’s largest customer is protecting more than 65,000 devices, and future customers are looking at as many as five million devices.

1. Which mobile device operating system platforms can your product manage? These include Apple iOS (as well as iPad), Android, BlackBerry, and Windows Mobile. Zenprise supports Apple iOS (iPhone, iPod touch, iPad), Android, BlackBerry, Windows Mobile, Windows Phone 7, WinCE, webOS, Palm and Symbian. 2. Is your product available in a SaaS model, an internal software model, or both? Both. Zenprise MobileManager: Zenprise MobileManager provides IT with the control and visibility needed to proactively manage and secure mobile devices, applications and corporate assets, while empowering mobile workers to be productive from anywhere at any time. Many processes are automated and managed over-the-air or on-device to eliminate guesswork and save time for IT and help desk teams so they can focus on meeting SLAs. Zenprise MobileManager makes it easier to track, support and secure iPhone, iPad, BlackBerry, Google Android, Windows Mobile, Windows Phone 7, and WinCE devices throughout the mobile lifecycle. Unlike other solutions currently available, Zenprise provides customers with a triple layer of security that operates at the device, application and network tiers; thereby providing a security solution that goes everywhere the data goes, securing every point in the enterprise’s mobile environment. Zenprise Triple Defense is comprised of three components:

Dynamic Defense: provides contextually aware device security, automatically detecting potential threats and intelligently adjusting security settings to mitigate risk

App Tunnels: provide flexible application security that allows IT to offer mobile users secure,

encrypted access to specific business applications from their smartphone or tablet

Zenprise Secure Mobile Gateway: brings intelligent security to the network by providing application whitelisting and blacklisting capabilities for both iOS and Android devices. This functionality ensures that only approved applications are given access to the corporate network, including personal or consumer applications installed on employee-owned devices. Zenprise Secure Mobile Gateway automatically blocks users violating a whitelist or blacklist by quarantining their devices from the enterprise network.

Zencloud: Building on Zenprise’s strategy to provide security beyond the mobile device, Zencloud is a cloud offering that offers the flexibility to run in several modes—as a public cloud, a private cloud, or in a hybrid mode. This innovative offering is the only one of its kind available today. Zencloud enables

Page 3 of 5

enterprises to perform core mobile device management functions and set security policies on devices, while also enforcing these policies. This enables them to seal the enterprise perimeter from mobile threats; thereby making it a ―closed-loop‖ solution. Mobile device management, including enrolling new users, configuring new devices, provisioning applications and security policies are all handled in the public cloud. This provides customers with a comprehensive set of functions that help get mobile devices into a managed state. The optional hybrid mode leverages the Zenprise Secure Mobile Gateway™, delivering advanced mobile security at the enterprise perimeter. This hybrid offering provides comprehensive security including blocking unmanaged devices, users and blacklisted applications. Customers can also set up rules to permit certain device types or operating systems onto the corporate network. Zenprise is providing Zencloud customers with an unprecedented 100 percent SLA. Under terms of the SLA, if a customer experiences any downtime as a result of an outage, Zenprise will provide service credits for every minute of downtime. 3. Does your product have the ability to enforce baseline security policies and settings (such as checking for required security products, proper passwords, and acceptance of company usage policies) on devices connecting to the network? Yes. Zenprise Security Manager provides a smartphone audit feature that enables IT to:

enforce compliance of corporate policies through real-time device introspection ensure that all smartphones are running only the latest software patches and firmware protect working smartphones and prevent security breaches by validating that only company-

approved mobile applications are available to your mobile workforce By upholding policies, enforcing passwords, enabling content encryption, and disabling Bluetooth or camera features, IT can mitigate risks and protect your company from non-compliance penalties 4. Can the product manage installed apps on mobile devices, for example, by being able to remotely update or remove apps from devices? Yes. Zenprise MobileManager has an Enterprise App Store feature that is designed to enable administrators to quickly configure and provision enterprise applications on smartphones and tablets while freeing up workers to remain productive. Zenprise Enterprise Application Store includes IT ―Favorites,‖ (application discovery) making it easier for users to find safe and approved business applications to download. Further, Zenprise MobileManager will automatically detect when a user installs an application outside of the approved list and prevent blacklisted applications from launching (software updates).

Application discovery, e.g. through private application stores: Zenprise ships with private application stores that allow IT to distribute internally developed apps or third party apps directly to end users. Whereas most MDM vendors require user action to install apps (user must open the enterprise app store & click on app to download), Zenprise can silently install applications without any user involvement. The net result is fewer support calls to the IT Help Desk.

Zenprise Secure Mobile Gateway brings intelligent security to the network by providing application whitelisting and blacklisting capabilities for both iOS and Android devices. This

http://zenprise.com/news_and_events/press_releases/Zenprise_introduces_industrys_first_secure_mobile_gateway_as_part_of_Zenprise_MobileManager/

Page 4 of 5

functionality ensures that only approved applications are given access to the corporate network, including personal or consumer applications installed on employee-owned devices. Zenprise Secure Mobile Gateway automatically blocks users violating a whitelist or blacklist by quarantining their devices from the enterprise network.

5. Can GPS and other location information be used for tracking or device recovery? Yes 6. Does your product have the ability to remotely wipe data from devices? Can this be done in a selective manner to wipe just corporate information and not personal user information? Yes, IT help desk representatives can immediately lock-down and remotely wipe a BlackBerry, Android, iPhone, iPad or other smartphone clean of corporate data to prevent unauthorized use. With Zenprise's "Selective Wipe" capability, IT can remove enterprise-specific data and applications while keeping an employee's applications, data and settings intact. 7. With your product, is it possible to enforce folder-level encryption, full disk encryption, or both for remote mobile devices? Yes. 8. Can features of devices, such as cameras, be remotely disabled using your product? Yes. 9. Does your product provide monitoring services to track usage and look for exceptions or anomalous user behavior? Yes, for example IT can be proactively notified when a user begins roaming internationally. Zenprise MobileManager can also detect and block jail-broken devices, quarantine devices that are infected with malware, block devices that are violating set policies or trying to access data/applications they don’t have permissions for (application whitelists/blacklists) and disable blacklisted applications on devices. 10. Is it possible to deploy company data to user-owned devices and keep that data separate from users’ personal data? Yes. App Tunnels provide flexible application security that allows IT to offer mobile users secure, encrypted access to specific business applications from their smartphone or tablet. 11. What is the approximate or typical pricing for your product? 12. Does the product offer out-of-the-box and/or customizable reports? Yes. Zenprise helps organizations control mobile costs throughout the entire mobile lifecycle. Zenprise reduces wireless costs by decommissioning unused smartphones, optimizing plans according to business policies, negotiating volume discounts and managing international roaming. With real-time and historical reports, businesses have the visibility they need to proactively monitor employee mobile usage and enforce corporate wireless policies so that additional cost savings can be achieved. Zenprise also provides reports showing company-owned devices vs. personal-owned devices, device types, OS types and compliance Zenprise provides complete visibility and control across the entire mobile service, from data centers across carrier networks to devices and applications. A full-service dashboard provides a holistic view of the mobile service, which can be customized to the needs of administrators, help desk operators and

Page 5 of 5

extended IT staff, enabling each support tier to quickly diagnose and solve mobile problems. Enterprise Platform Integration (e.g.: Exchange Active Sync, LDAP, BES, Certificate authority, Trouble Ticketing and Help Desk such as Remedy, Network Mgmt such as Tivoli)

Zenprise has out of the box integration with Remedy, Microsoft Systems Center, Tivoli, HP Openview, BMC Patrol. 13. Does the product offer out-of-the-box integration with third-party products such as security management systems, SIEM, help desk, or ticketing? If not out-of-box integration, does it offer APIs? Yes. Our product has a unified web based console. Zenprise does offer integration with SIEM that provides trigger alerts of unauthorized access to files; thereby preventing data leakage. Additionally, the product has over 260+ web service APIs that customers are using to automate many common tasks. As an example, we have a customer who uses Zenprise MobileManager web services APIs to integrate device data and management capabilities into their expense management solution that is delivered as a portal-based expense management solution to many EMEA-based customers and telecom providers. Customers have used the APIs to integrate with workflow systems (e.g., when user’s boss approves device for use, command automatically sent to Zenprise to provision a device). Additionally, Zenprise has specific capabilities in each of the areas below:

OTA provisioning: We can activate new devices OTA. End users can either download the Zenprise app from the platform respective app stores, or can point their browser to a corporate provided URL to initiate enrollment.

Role-based access: Zenprise ships with multiple levels of roles based access typical for the tasks

that need to be performed at the help desk, operator, administrator, and super user.

Group-based actions: Zenprise can apply policies to multiple groups of users, can take action across groups of users (wipe, change passcode, etc)

Remote Control (realtime or permission based): Zenprise has both real-time and permission

based remote control for BlackBerry, Windows Mobile, & Android. We believe that we are the only company today with remote control capabilities for Android. Our remote control capabilities also ships with the ability to initiate chat between the administrator & user, the ability to initiate VOIP connections via our remote control (helps save expenses when user is international), the ability to remotely view and kill processes running on the devices.

Enterprise Platform Integration (e.g.: Exchange Active Sync, LDAP, BES, Certificate authority,

Trouble Ticketing and Help Desk such as Remedy, Network Mgmt such as Tivoli): Zenprise has out of the box integration with Remedy, Microsoft Systems Center, Tivoli, HP Openview, and BMC Patrol.

Zenprise now can be used with Crystal Reporting to generate over 200 custom reports.

Date post:	28-Nov-2014
Category:	Documents
Upload:	jgarrits
View:	454 times
Download:	6 times

Buyer s Guide Mobile Device Management 5746091

Documents