Key Considerations in Evaluating & Selecting a MDM Solution

Key Considerations in Evaluating & Selecting a MDM Solution

February 2012 Galvin Consulting, LLC

1 Copyright © Galvin Consulting, LLC INDIVIDUAL LICENSE February 2012

TABLE OF CONTENTS

Executive Summary ............................................................................................................... 6

Target Audience .................................................................................................................... 7

Background and Methodology ............................................................................................... 8

Current State of the Mobility Market ..................................................................................... 9

Mobility Growth Statistics ............................................................................................................... 9

Mobility Device Management Size and Forecast......................................................................... 10

Mobile Device Management Background ............................................................................. 11

Key Components of Mobile Device Management .............................................................................. 11

Mobile Device Management Market Evolution ................................................................................. 12

The Alphabet Soup of Mobility: Understanding Differences between MDM, EMM, MEAP and

MAM ............................................................................................................................................... 14

Nomenclature: A Window into Mobility Evolution .................................................................... 14

Mobile Device Management Segmentation ......................................................................... 17

Segmentation Frameworks .......................................................................................................... 17

Segmentation by Vertical Industry .............................................................................................. 17

Segmentation by Functionality ..................................................................................................... 19

Segmentation by Company Size ................................................................................................... 20

Segmentation by Pace of Adoption ............................................................................................. 20

Additional Factors Impacting MDM Adoption and Growth ................................................... 21

Dynamic Market Causing Some Firms to Delay MDM Implementations ............................................ 21

Preference for Exchange ActiveSync ................................................................................................. 22

Still Trying to Secure Assets .............................................................................................................. 23

Corporate Culture ............................................................................................................................. 23

Key Players in the Mobile Device Management Market........................................................ 26

Mobile Device Management Industry Structure ......................................................................... 27

Mobile Device Management Vendor Offerings.................................................................................. 30

Mobile Device Management Vertical Expertise ................................................................................. 37

Needs and Benefits Addressed by Mobile Device Management Vendors .............................. 39

Overview ......................................................................................................................................... 39

Mobile Device Proliferation .......................................................................................................... 41

Mobility Fragmentation ................................................................................................................. 43

Growing Privacy and Legal Concerns: Whose Property Is It? .................................................... 46

Growing Importance of Mobile Applications ............................................................................... 48

Customers Struggle with Application Management ............................................................... 49

The Growing Influence of Mobile Application Management Vendors .................................. 51


Variety of Delivery Models Allows Customers Greater Choice ....................................................... 55

Vendors Adding Cloud to their On-Premise Solution Offerings ............................................. 55

Cloud-only Offerings ................................................................................................................. 56

On-Premise Only Offerings ....................................................................................................... 57

Cloud Solutions through Partnerships ..................................................................................... 58

Choice is Critical......................................................................................................................... 59

Transition Challenges from On-Premise to Cloud Architectures ........................................... 60

Mobile Device Management Pricing Comparisons ...................................................................... 67

Increased Security Concerns Drive Greater Interest in MDM Solutions .................................... 70

Container Approach to Mobile Security .................................................................................. 72

Platform versus Container Approach ....................................................................................... 73

Mobile Application Security in Enterprise BYOD Environments ............................................ 74

Tension between Security Risks and Long-term Business Potential ......................................... 77

Mobile Device Management ROI ......................................................................................... 78

Mobile Device Management Partnerships............................................................................ 81

Partnerships Essential to Meeting Customer Needs ................................................................... 81

MDM Partner Ecosystems are Rich and Varied ........................................................................... 81

MDM Partnerships with OEMs ................................................................................................. 83

MDM Partnerships with Carriers.............................................................................................. 84

MDM Partnerships in Adjacent Industries .............................................................................. 84

MDMs Provide Partner Training ............................................................................................... 86

MDMs Seek Best-of-Breed Partners ........................................................................................ 86

Additional Partnership Strategies ............................................................................................ 87

Mobile Device Management Geographic Coverage .............................................................. 93

Mobile Device Management Support ................................................................................... 96

Key Considerations When Evaluating and Choosing a MDM Vendor ....................................105

Additional Considerations for Selecting a Mobile Device Management Vendor .................... 112

Policies and Procedures ......................................................................................................114

Mobile Device Management Trends on the Horizon ............................................................117

Conclusions and Mobile Device Management Industry SWOT Analysis ................................124

Appendix: Vendor Profiles .................................................................................................127

Mobile Device Management Vendors ........................................................................................ 127

Absolute Software ................................................................................................................... 127

AirWatch .................................................................................................................................. 129

AT&T ......................................................................................................................................... 131

BoxTone ................................................................................................................................... 133

Fiberlink.................................................................................................................................... 136

Good Technology..................................................................................................................... 139


McAfee ..................................................................................................................................... 143

Mformation.............................................................................................................................. 146

MobileIron ............................................................................................................................... 148

Motorola Solutions .................................................................................................................. 150

RIM/Ubitexx ............................................................................................................................. 153

SAP ............................................................................................................................................ 154

SOTI .......................................................................................................................................... 158

Syclo ......................................................................................................................................... 162

Tangoe ...................................................................................................................................... 164

Wavelink .................................................................................................................................. 167

Zenprise .................................................................................................................................... 169

Additional Strategic Mobility Market Players ............................................................................ 173

Apperian ................................................................................................................................... 173

Bitzer Mobile ........................................................................................................................... 175

Endeavour Software Technologies, Inc.................................................................................. 179

Enterproid ................................................................................................................................ 180

Partnerpedia ............................................................................................................................ 184

About Galvin Consulting, LLC ..............................................................................................186

License ...............................................................................................................................186

No Unauthorized Distribution .............................................................................................186

Disclaimer ..........................................................................................................................187

Contact Information ...........................................................................................................187


LIST OF TABLES

Table 1: US Penetration of Smartphone Devices Between 2009 - 2011

Table 2: US Penetration of Smartphone Devices by Age Group Between 2009 - 2011

Table 3: Top Smartphone Platforms

Table 4: Mobile Device Management Company Backgrounds

Table 5: Mobile Device Management Vendor Offerings

Table 6: Mobile Device Management Vendor Vertical Expertise

Table 7: Key Benefits Provided by Mobile Device Management Solutions

Table 8: Mobile Device Management Vendor Delivery Options

Table 9: Mobile Device Management Vendor Pricing Models

Table 10: Vendor Approaches to Mobility Management: Platform versus Container

Table 11: Mobile Device Management Technology Partnerships

Table 12: Mobile Device Management Vendor Geographic Coverage

Table 13: Mobile Device Management Vendor Support Offerings

Table 14: Considerations for Implementing Mobility Policies and Procedures

Table 15: Sample Reimbursement Policy Matrix

Table 16: Mobile Device Management Industry SWOT Analysis


LIST OF CASE STUDIES

Case Study 1: Tangoe Predicts BYOD Trends

Case Study 2: Fiberlink on Fire

Case Study 3: Fiberlink: Applications in the Cloud

Case Study 4: MobileIron’s AppConnect Helps Secure Enterprise Applications

Case Study 5: Mformation Highlights Cloud Security

Case Study 6: SAP Offers Cloud-based Afaria with Key Partner Offerings

Case Study 7: Zenprise’s Evolution from On-Premise to the Cloud

Case Study 8: McAfee’s Three Pillars of Mobile Security

Case Study 9: Absolute Software Provides Secure Document Access and Control through

AbsoluteSafe

Case Study 10: Enterproid’s Divide

Case Study 11: Wavelink Stresses Importance of Controlled Application Rollouts

Case Study 12: AT&T’s Focus on Mobile Security

Case Study 13: SOTI’s MobiControl Saves Auto Glass Business

Case Study 14: MDM Partnerships: Critical to Future Success

Case Study 15: Good Dynamics Promotes Secure Application Development through

Partnerships

Case Study 16: Syclo’s Partner Structure

Case Study 17: Motorola Solutions: Plug-In Partner Model

Case Study 18: BoxTone and 3LM Partner to Provide Secure Android to Security-Conscious

Customers

Case Study 19: AirWatch Scales with Global Customers


EXECUTIVE SUMMARY

As worldwide growth in the mobility market surges among business and personal users,

organizations are seeking ways to monitor, manage and secure mobile devices, data and

applications. Security concerns among IT managers about sensitive data leaving corporate

environments have led many executives to assess mobile device management (MDM) solutions.

MDM vendors provide customers with a way to manage, secure, support and track mobile

devices throughout their enterprise. Typical functionality includes over-the-air updates; asset

management; support for applications; the ability to locate, lock, and wipe devices; policy

control and password management; device diagnostics and reporting; and security and

compliance enforcement.

A key driver of MDM growth has been the BYOD – Bring Your Own Device – and

consumerization of IT phenomena. As consumers increasingly bring smartphones, tablets and

other mobile devices into enterprise settings, they expect access to corporate networks and

support by enterprise IT departments. This, along with device and mobile operating system

fragmentation – particularly on Android-based devices – has overwhelmed IT managers and led

to greater interest in MDM solutions.

Due to the significant and accelerating growth in mobility, vendors have entered the mobile

device management market to capitalize on the need to secure data and devices. As a result,

the MDM market has become crowded, with a mentality sometimes referred to as the “Wild

West.” Additionally, vendors from adjacent industries, including mobile application

management (MAM), are seeking to capture a portion of the mobility market. In some cases,

MDM vendors are partnering with complimentary firms such as MAMs in order to provide a

comprehensive approach to customers. MDM executives realize the market is moving too fast

to develop solutions on their own and emphasize strong partner ecosystems.

The MDM market can be segmented in a variety of ways. When MDM vendors look at their

own market opportunities, they utilize both vertical and functional segmentation approaches,

targeting industries and groups of users that are most likely to adopt a mobile device

management solution quickly and comprehensively. It is also common for MDM players to

segment the market based on customers’ size and rate of adoption.

When evaluating the MDM industry structure, there are two principal types of vendors: large

companies that offer mobile device management as part of a larger set of offerings and smaller

players who are primarily or exclusively focused on the mobile device management market.

Larger players are typically public, while smaller players are generally private. Smaller firms are

often funded by venture capital backing.


TARGET AUDIENCE

Key Considerations in Evaluating and Selecting a Mobile Device Management Solution serves

a growing audience of IT managers within medium-to-large organizations who are considering

the deployment of mobile device management solutions within their organizations. The report

highlights the core capabilities provided by top-tier MDM providers, the benefits MDM

solutions provide, and the innovative ways mobility is being used within organizations today.

The report also presents comprehensive and detailed recommendations for the types of issues

IT executives should consider before and during their discussions with mobile device

management vendors, highlighting key questions and capabilities prospective customers should

raise to discern whether a specific solution is a good “fit” for their needs. Additionally, the

study provides recommendations about internal policies and procedures that will aid in

organizations’ long-term mobility success.

Finally, the report is helpful to customers who may be considering adjacent mobility players,

such as mobile application management vendors – either in addition to or in place of MDM

solutions. Through in-depth discussions with these market players, we are able to present the

similarities and differences in their approaches to mobility management.


BACKGROUND AND METHODOLOGY

Primary and secondary research for this study took place during October 2011 – January 2012

and included interviews with IT executives from mobile device management vendors, mobile

application management companies, and mobile enterprise application platform vendors.

Additional participants included IT enterprise customers, partners, and subject matter experts.

Report contributors included company presidents, CXOs, VPs, senior/executive directors, and

senior managers. Participants were represented from marketing, engineering, business

development, communications and corporate strategy and provided both tactical and strategic

feedback regarding their organization’s mobility technology. In-depth face-to-face and

telephone interviews were conducted with approximately 60 executives during the research

process. Research also included participation in webinars and online forums, as well as live

discussions at industry events.


“We never would have guessed that

this many people would be moving

this fast in the industry at this point”. Alison Welch George, Senior Business

Development Manager, SAP

CURRENT STATE OF THE MOBILE INDUSTRY

Mobility Growth Statistics The mobility market has grown exponentially during the past several years, a trend that is

expected to accelerate. For example, at the end of

2011, there were nearly 6 billion mobile subscribers

worldwide, or 87 percent of the world’s population,

according to mobiThinking, which also reports that

India and China each have nearly 1 billion mobile

subscribers, representing 30 percent of the world’s

mobile users. CTIA reports that there were 322

million mobile subscribers in the United States as of

June 2011.

As shown in Table 1, smartphone penetration in the United States has more than doubled

between 2009 and 2011, while feature phone penetration has seen a corresponding decline in

users.

Table 1: US Penetration of Smartphone Devices Between 2009 – 2011

2009 2011

Smartphone Penetration 18% 44%

Feature Phone Penetration 82% 56%

Source: Nielsen, December 2011 (The Mobile Media Report: State of the Media, Q3 2011)

Smartphone penetration by age group shows that the highest percentage of smartphone users

are in the 25-to-34 age group category, both in 2009 and 2011, as highlighted in Table 2.

Table 2: US Penetration of Smartphone Devices by Age Group Between 2009 - 2011

Smartphone Penetration by Age in 2009 Smartphone Penetration by Age in 2011

Source: Nielsen, December 2011 (The Mobile Media Report: State of the Media, Q3 2011)


Table 3 highlights market share changes in smartphone platforms between June and November

2011. According to comScore, Google and Apple continue to dominate the smartphone market,

both gaining share. While RIM and Microsoft continue to struggle, most observers agree that

these vendors are still very solid contenders in the mobility market.

Table 3: Top Smartphone Platforms Share of Smartphone Subscribers

June 2011 September 2011 November 2011

Google 40.2% 44.8% 46.9%

Apple 26.6% 27.4% 28.7%

RIM 23.5% 18.9% 16.6%

Microsoft 5.8% 5.6% 5.2%

Symbian 2.0% 1.8% 1.5% Source: comScore MobiLens, November and December 2011

Mobile Device Management Size and Forecast As these statistics show, mobile devices now permeate most – if not all – aspects of society,

including personal and professional spaces, as the line between personal and professional use

of mobile devices continues to blur. As employees increasingly bring their personal devices to

work, most organizations do not have the resources required to manually manage the large

influx of devices. Additionally IT departments have seen their budgets shrink during the past

three-to-four years and have been told to do more with less. While many IT managers have

leveraged efficiencies and made do with fewer resources, they are finding it difficult to

approach mobility management in the same way they have handled other priorities – mobility

is too complex and IT departments are now too lean to handle all of this work in-house. As a

result, companies are outsourcing the task of mobile device management, mobile application

management, and mobile security management to outside vendors.

As a result of this trend, the market for mobile device management has grown as more vendors

seek to capitalize on the need for data and device management. Visiongain predicts that the

mobile device management market will reach $3.54 billion by 2016, of which $2 billion will be

accounted for by the enterprise segment.

Many observers describe the growth of MDM vendors (now over 60 companies) as the “Wild

West” or a “land grab.” According to Alan Dabbiere, Chairman of AirWatch, “Our company has

grown from less than 15 customers in the Fall of 2010 to over 1,500 a year later. We’ve grown

from 150 to 300 employees during the same time frame and expect to double that number by

late 2012. We will need to be thousands of employees to handle the global nature of what’s

happening.”


“It’s a great time to work in the

mobile industry because confusion

breeds opportunity.” Peter DeNagy, Principal Consultant at Enterprise

Mobility Strategies

Joe Granda, EVP of Marketing at Syclo, agrees, noting there has been a significant amount of

education in the market during the past year, resulting in an increased awareness and comfort

level around mobile device management solutions.

MDM is also considered a “hot topic” in the mobile

space because customers are struggling to learn

which solutions and vendors to select, particularly in

a market where there are few differentiators

between MDM providers.

Even with the abundance of players, the market

offers significant opportunity, and new companies continue to join the market to take

advantage of what many believe is still a nascent market. As officials at McAfee state,

“Realistically, the mobile security market is still in its infancy. We’re just getting started and

there’s a long way to go.”

MOBILE DEVICE MANAGEMENT BACKGROUND

Key Components of Mobile Device Management

What is mobile device management, and what are the key components that make up a MDM

solution? Most industry observers agree that there are several key components of any MDM

solution, including:

MDM Server and Client: MDM solutions typically include a server component, which

sends out management commands to mobile devices across a network, as well as a

client component, which resides on the end-user’s device and receives and implements

the management commands. The client and server could come from a single vendor or

different vendors.

MDM Software: MDM software monitors and manages mobile devices, generally

smartphones and tablets, which are deployed across an enterprise or service provider

environment. Software distribution includes deployment, installation, updating,

deletion and blocking.

Remote Management: Remote Management provides IT administrators with a venue

to manage mobile devices, usually over-the-air (OTA). This typically includes software

upgrades and patches that can install silently in the background, configuration of

devices based on “policies,” remotely wiping and/or locking mobile devices if they are

lost or stolen, and providing remote troubleshooting.


Security Management: This element includes device, data, network and perimeter

security. MDM vendors help to ensure that sensitive data is encrypted and that security

policies are centrally enforced using certificate authentication, monitoring and

enforcement tools, root detection, jailbreak detection, sniffer sensors, password

settings, application-level security, SSL encryption, and app tunnels.

Policy Management: Users can be segregated into different groups based on policies.

Groups are defined by IT administrators and can include classifications such as a user’s

role in the organization, department, geography, or seniority. Policy management is

important because it allows IT managers to quickly assign policies to large groups of

users, ensuring accuracy, consistency, and lower IT overhead.

Telecom Expense Management: “TEM” focuses on understanding and controlling

telecom equipment and services costs and often includes mobile devices and services

plans. TEM may or may not be included in MDM vendor portfolios. Some MDM players

believe TEM is essential, particularly as end-users consume more data and bandwidth.

Other MDM vendors view TEM as non-essential to their core focus and choose instead

to offer core device management capabilities, partnering instead with third parties who

specialize in the TEM market.

Mobile Device Management Market Evolution Research In Motion (RIM) is generally considered the “grand-daddy” of mobile device

management, with its BlackBerry Enterprise Server, or “BES,” introduced in 1999 as a way to

manage and control BlackBerry devices. BES is the middleware component of RIM’s BlackBerry

wireless platform that connects to messaging and collaboration software on enterprise

networks. Until recently, BES only managed BlackBerry devices. In November 2011, RIM

announced “BlackBerry Mobile Fusion,” a new offering that includes mobile device

management of BlackBerry smartphones and PlayBook tablets, as well as other mobile devices

running iOS and Android operating systems.

Customers and industry watchers welcome RIM’s introduction of a multi-platform OS MDM

offering, although there is a general sentiment within the market that RIM should have

executed this strategy years earlier, helping it to remain relevant in the enterprise environment

by deepening RIM’s portfolio to include mobile management – a competitive advantage over

Apple and Google. With its Mobile Fusion offering, RIM will become further embedded within

enterprise environments and customers are hopeful that BlackBerry Mobile Fusion will be able

to provide additional choice, especially for customers who have a large investment in

BlackBerry infrastructure. According to Stewart Hubbard, VP of Operations at Coldwater Creek,


“MDM is nothing new, having been

around since the days of laptops.

Mobile devices such as phones and

tablets are no different than the

drivers of laptops. What has

changed, however, is the complexity

of heterogeneous platforms and

applications which IT will have a

difficult time managing. This is

further complicated by the fact that

it’s now an end-user driven paradigm

versus the traditional top-down

approach of corporate IT.” Sam Liu,

VP of Marketing, Partnerpedia

“We are interested in where BlackBerry is going to go with its platform. It's too bad RIM didn't

offer this earlier.”

Even before BES, mobile device management existed, according to industry veterans. Jay

Cichosz, VP of Marketing at Wavelink, for example, notes that the first mobile devices ran DOS:

“When Windows CE was introduced for ruggedized devices, there was a need for MDM because

the utility that worked on DOS devices didn’t work on CE devices. Now that we're running into

Android, iOS, RIM and whatever else is coming along, the need to have a system that can

manage across all of those various platforms is becoming more relevant.”

Sam Liu, VP of Marketing at Partnerpedia, adds that “MDM is nothing new, having been around

since the days of laptops. Mobile devices such as

phones and tablets are no different than the drivers

of laptops. What has changed, however, is the

complexity of heterogeneous platforms and

applications which IT will have a difficult time

managing. This is further complicated by the fact

that it’s now an end-user driven paradigm versus the

traditional top-down approach of corporate IT.”

Unlike laptops, when corporate applications were

essentially corporate email and that was largely

provided by a singular device – BlackBerry – the

world of mobility today has diversified into

hundreds of permutations. The numbers and types

of devices, and the numbers and types of

applications, have grown exponentially.

Provisioning all of these devices has been a key

driver that has fueled the growth of the MDM market. In the past, companies had to physically

and manually remove devices from the field to do updates and patches. Remote diagnostics

was non-existent and making changes to configuration settings had to be done at a central

location. Removing mobility tools from workers resulted in down-time. There was also the

requirement to have high levels of inventories for spare parts and devices.

Against this backdrop came Over-the-Air (OTA) programming and provisioning, which allows

software updates and new configuration settings to be deployed on devices over a wireless

network, typically on demand. OTA capabilities allow application deployment, updates and roll -

outs consistently across a wide range of devices, giving customers a reliable and repeatable

model to support customers.


The Alphabet Soup of Mobility: Understanding the Differences between MDM, EMM, MEAP

and MAM

Different acronyms have arisen in the discussion of mobility management, including “MDM,”

“EMM,” “MEAP,” and “MAM.” Each acronym represents a different type of player in the

market, with some overlap, partnerships, and increasingly fuzzy lines between these categories

of players.

MDM (Mobile Device Management): MDM vendors typically focus on device

management, securing, monitoring, managing, provisioning, and auditing mobile

devices deployed across an enterprise. Typically solutions include a server component,

which sends out the management commands to the mobile devices, and a client

command, which runs on the handset and receives and implements the management

commands.

EMM (Enterprise Mobility Management): EMM goes beyond MDM to encompass all

aspects of mobility management, and not just device management. EMM includes

wireless networks and mobility services, as well as application management, security,

and, often, telecom expense management.

Mobile Enterprise Application Platform (MEAP): MEAP vendors provide tools for the

development of mobile applications, helping organizations develop mobile software

across a plethora of different device types and mobile operating systems. MEAPs

typically provide mobile application development templates to simplify and accelerate

mobile application development time frames.

Mobile Application Management (MAM): MAM vendors are relatively new players in

the mobility industry and offer a compliment to MDM vendors, although many industry

observers believe MDM and MAM will eventually converge. MAM vendors help

organizations create, deploy, and manage in-house and market applications, often going

beyond simple applications (such as email, calendar and contact databases) and offering

mobile enterprise applications for business system services, such as Customer

Relationship Management (CRM), Enterprise Resource Planning (ERP), Business

Intelligence (BI), and location-based services, such as geo-fencing.

Nomenclature: A Window into Mobility Evolution

Which term or acronym individuals use in their mobility discussions provides a window into

their current thinking in terms of mobility management. MDM vendors, traditionally selling to

and aligned with enterprise IT departments, commonly use terms such as “control,” “secure,”

“lock down,” and “access.” Users are denied access until they “conform” to prescribed

corporate mobility policies. Primary concerns include data leakage, theft, control and


regulation. Although some MDM vendors prefer to take a “carrot and stick” approach, trying to

coax users into compliance with corporate policies about upgrading to a new mobile OS, for

example, uncooperative users are dealt with by blocking or quarantining their access.

MAM vendors, while emphasizing their strong commitment to security (sometimes through

partnerships), like to stress their greater focus on end-user experience. MAMs typically work

with a broader array of corporate constituents than just IT departments, including sales

managers and marketing directors. MAMs see mobile phones as a gaming platform, a camera,

a 2-way communications device, or as a computer more powerful than laptops of several

generations ago. This group asks, “How can we help customers gain competitive advantage for

their businesses by using mobility as a business tool?”

MAM vendor Apperian believes that Enterprise App Stores, or App Catalogs, are the primary

entry point for employees into the world of corporate applications and should be friendly, easy,

branded, intuitive, and “opt in-able.” Employees are invited – or “pulled” – into the experience

by installing their company’s private application catalogs onto their phones. Apperian contrasts

this with the centralized, “push” approach of MDM vendors.

Advocates for “Enterprise Mobility Management” insist that MDM is now an antiquated

misnomer. Representatives from SAP, for example, believe the term MDM is too limiting and

that Enterprise Mobility Management should be used instead. As SAP explains, mobility

management is not just management of the device but also application management and

security management.

AT&T MDM executives add that MDM is nothing new and has traditionally been associated

with loss and theft management. Today, AT&T officials note, MDM is much more concerned

with the overall mobilization of the enterprise space.

Fiberlink and SOTI both position themselves as being in the Enterprise Mobility Management

market. Neil Florio, Fiberlink’s VP of Marketing, describes the distinction between EMM and

MDM as such: “Enterprise mobility management is really the higher level category and mobile

device management is a component of that. EMM can include many different lifecycle aspects,

including mobile device management, application management, document management,

expense management, and security management. They all fall under the EMM umbrella.”

Crystal Wong Kruger, Senior Manager for Business Development at SOTI, notes that while the

acronym “EMM” is increasingly being used, most RFP/RFI requests still refer to the technology

as “MDM.” Wong Kruger states that SOTI’s decision to promote itself as an EMDM (Enterprise

Mobile Device Management) solution vendor helps it to make the distinction between itself

and new market entrants and to address how it can support different stages in enterprise

mobility evolution. Importantly, Wong Kruger also points out that including the term


“Who cares about the physical

phone? What businesses really care

about is protecting the company

data, access to the back-end

compute systems, and the corporate

intranet. The real issue is not focused

on the cost of a device; the issue is all

about the mission critical information

that resides on the device. It’s all

about preventing corporate data

leakage and ensuring that corporate

intellectual property is protected.”

Peter DeNagy, Principal Consultant,

Enterprise Mobility Strategies

“enterprise” in any classification can make small and medium businesses feel left out of the

mobility management discussion.

Other vendors are not so absolute. Adam Stein, Director of Marketing at MobileIron, believes

that terminology is beside the point, noting “You can pick your three-letter acronym of choice.

The real question is: What are people trying to do

with it?”

And this has become the crux of the issue. As mobile

device management grows and matures – and

arguably becomes a requirement by enterprises –

corporate IT managers are starting to de-emphasize

“device” management and are instead focusing on

the “data” and “application” protection and management elements of enterprise mobility. As

Peter DeNagy, Principal Consultant at Enterprise Mobility Strategies, points out, “Who cares

about the physical phone? What businesses really care about is protecting the company data,

access to the back-end compute systems, and the corporate intranet. The real issue is not

focused on the cost of a device; the issue is all about

the mission critical information that resides on the

device. It’s all about preventing corporate data

leakage and ensuring that corporate intellectual

property is protected.”

John Herrema, SVP of Corporate Strategy at Good

Technology, concurs, noting “What's really

interesting about mobile device management is that,

in almost all cases, you're able to manage the heck

out of the device but that doesn't ensure that you're

properly managing the data and preventing data

loss.” Herrema states that Good’s solution – using a

container approach – focuses on control and

ensuring data loss prevention as the primary goal. If

customers want to manage aspects of the whole

device, Good allows them to do this as well.

Herrema asserts that this approach and Good’s

overall philosophy differs from that of other MDM

players, who focus on the wrong “d” – device management instead of data management.

“You can pick your three-letter

acronym of choice. The real question

is: What are people trying to do with

it?” Adam Stein, Director of Marketing,

MobileIron


MOBILE DEVICE MANAGEMENT SEGMENTATION

Segmentation Frameworks

Different observers segment the MDM market differently, with some experts using vertical

industries as a logical framework, while others use functionality, company size, or the pace of

adoption. In some instances, industry experts report that segmentation discussions are

irrelevant because mobility – and the need for mobile management – is simply so widespread.

Similar to differences in nomenclature, the lack of concrete segmentation reinforces the fact

that the mobile device management market continues to evolve as technology and end-user

needs change.

Segmentation by Vertical Industry Which companies are at the forefront of mobility management? And what is driving their push

toward greater mobility adoption? Some industry veterans point to specific verticals as

mobility thought leaders.

Education is an industry using mobility adoption in a transformative way, both at the K-

12 level and in colleges and universities. A key value proposition relating to mobility in

education surrounds book purchases and replacements. College students can now

download and access textbooks onto their tablets, not just for a semester, but for their

entire university careers. As online learning grows, companies such as Blackboard are

adding mobile applications to their online teaching classrooms, including campus maps,

news, university activities, library resources, and real-time bus locations/routes.

Mobility in K-12 education includes mobile homework and assignments, online

textbooks, interactive activity sheets, and interactive education with gaming to foster

greater engagement in learning. Applications help students master reading, languages,

math, science and other topics in an interactive format. Students and teachers can use

tablets interactively to demonstrate a concept or practice a task. Learning assessments

can be done online, with tests automatically increasing or decreasing in difficulty

depending upon the student’s ability.

Healthcare is frequently cited as an industry moving quickly to the forefront of mobility.

Why? mHealth holds the promise of significant cost savings, particularly in

demographics with aging populations, and for consumers in need of chronic disease

management and monitoring. Federal government initiatives toward adopting

Electronic Health Records (EHRs), Electronic Medical Records (EMRs) and a Health

Information Exchange (HIE) have also provided a significant impetus for mobility in the

healthcare setting. As Peter DeNagy, Principal Consultant at Enterprise Mobility


Strategies, states, “There are many opportunities relating to mobile health, including

telemedicine, remote diagnostics, medical imaging, remote consultation, access to the

EMR/EHR system, records validation, and prescription validation.”

Tim Williams, Director of Product Management at Absolute Software, echoes this

sentiment, noting that BYOD in health care settings was started and driven by doctors

bringing their iPads to health care settings and requesting support. Williams adds that

health care IT managers are very cognizant of health care requirements and understand

that there are even greater risks and compliance costs around this information.

Nevertheless, these IT managers are also quicker than most organizations to understand

that they set the policy, even for doctors.

Financial Services firms are using mobile device management to prevent employees

from forwarding confidential information on mobile devices to their personal email

accounts, download it to home computers, or sync it to services such as Dropbox.

Companies in this industry are also using MDM functionality to perform context-aware

mobile security that disables specific applications by time of day, location, employee

role, and device type. White- and black-listing of applications is used, as is blocking out-

of-compliance devices from corporate network access.

Real estate agencies are increasingly arming their representatives with tablets to deliver

real-time listings, allowing mobile agents to garner a competitive advantage over agents

who continue to rely on traditional MLS listings. MDM vendors can deliver secure files,

including disclosure statements, purchase agreements, and good faith estimates,

directly to mobile devices. Consumers are also taking advantage of mobility in the real

estate market: Zillow reports that nearly 1.8 million homes are viewed daily on Zillow’s

mobile applications, with 30 percent of Zillow’s weekend traffic and 20 percent of its

overall traffic coming from mobile devices.

Retail stores are using mobile devices to combine in-store and digital shopping. For

example, in October 2011 Lowe’s announced that it would deploy 50 ,000 iPhones to

store employees that will allow them to process credit and debit card transactions on

the retail floor. Also in October 2011, Sears announced that it was deploying 5,000 iPad

and 11,000 iPod touch devices to approximately 450 Sears and Kmart stores throughout

the United States that will allow associates to check available inventory at various

locations, order products online if an item is out of stock, and access product

information and videos. Customers will also be able to comparison shop due to free Wi-

Fi at some locations. Luxury retailer LVMH, which owns high-end stores such as Sephora

and Le Bon Marché, is adding secure iPad kiosks to its stores to help customers find

products; the secure browser will ensure that employees only use the devices for work-

related browsing. Lowe’s, LVMH, and Sears are all AirWatch customers.


Defense and aerospace firms are increasingly using mobile device management to more

efficiently run their businesses. One aerospace company, for example, is using

Zenprise’s secure file sharing application to deliver electronic versions of inspection

documents directly to the iPads of its engineers. The content is time-expired, allowing

the vendor to meet its compliance requirements and save millions of dollars in fines

each year.

Defense contractor DynCorp, an AirWatch customer, has also utilized MDM capabilities

in its operations around the world. Bill DeWeese, IT Manager for Enterprise Mobility,

notes that DynCorp has realized millions of dollars in savings per day just by automating

time keeping between its facilities in the United States and overseas, reducing errors

and eliminating time-consuming manual processes.

Travel and hospitality companies are using mobile devices in a variety of ways,

including as kiosks for guest check-in. For example, a Zenprise hospitality customer is

deploying iPads for guest check-in at its resorts. Other hotels provide tablet devices to

customers in their rooms; for returning guests, the preferences are already configured

to favorite web sites or applications. Guests can use the tablets to explore new

surroundings, both in the hotel and in nearby communities. Hotels report that the

tablets have resulted in higher customer satisfaction, loyalty and guest spending.

Segmentation by Functionality

Instead of segmenting the market by vertical, some MDM vendors instead view opportunities

by the types of uses their customers are targeting. In essence, this view is one that cuts across

industry and, instead, looks at functionality. For example, officials at AT&T report that MDM

transcends all 12 of the verticals it targets, making it more of a horizontal offering.

Officials at SOTI agree, noting that a key segment SOTI targets is organizations deploying

mission critical, line of business applications who want the ability to silently install, update, and

disable applications; lock down devices into kiosk modes; and provide live technical support

through remote control tools. At the other end of the spectrum, SOTI customers include

companies that are primarily interested in enforcing a corporate sandbox and controlling access

to email. In this latter instance, customers prefer to have minimal impact on the end-user

experience when employees are using their devices.

Fiberlink also segments the market in terms of best practice MDM essentials and advanced

management/security capabilities. Best practice essentials include OTA enrollment,

configuration, security policy management (such as pass codes, Wi-Fi and VPN profiles),

reporting, remote lock/wipe, selective wipe, and a self-service portal for end-users. More

advanced functionality includes the ability to automatically and/or continuously monitor


remote devices, and well as to provide automated enforcement, certificate management, and

application or document security.

Mformation’s Marketing Director, Rob Dalgety, believes that most enterprises are looking for

six-to-eight key capabilities, or building blocks, to support their mobilized enterprises today.

These include device management; expense management; application development,

deployment and management; and endpoint security requirements. Within these core

capabilities, Dalgety believes that enterprises have different priorities depending upon their

current mobility evolution and long-term mobility strategy.

Segmentation by Company Size

When examining mobility in terms of company size, we find that large organizations are

adopting mobility at a very rapid pace. Companies with hundreds or thousands of devices in

the field need mobile device management solutions to help manage the complexity of so many

end-points.

Larger organizations typically have concerns around security, data leakage and compliance, and

MDM solutions help manage this risk. The emphasis on ensuring an enterprise-grade solution –

along with details about architecture – is typically central to the discussions. Additionally, IT

managers at large enterprises place significant emphasis on the ability to optimize their

businesses for mobility.

Segmentation by Pace of Adoption

When looked at from a relative perspective, one could argue that mobility deployments are

increasing – albeit at a different pace – for all organizations. While some companies may be

slower or more methodical in their implementation plans than others, mobility has permeated

the infrastructures of most industries, companies, and institutions. Early adopters are now

revising their strategies, or deploying new methodologies. These firms are often taking what

they learned in their mobility implementations for email, calendar and PIM and applying these

lessons to more advanced mobility strategies, such as mobile integration with back-end

systems, including Enterprise Resource Planning, Customer Relationship Management and

Business Intelligence. Companies that are slower to adopt are evaluating their mobility options.

According to Kelly Ungs, Senior Director of Channel Sales at Wavelink, “All companies – large

and small – have compliance reasons for managing mobile devices, whether due to government

regulations, such as HIPAA and Sarbanes-Oxley, or due to their own internal corporate finance

or operations policies. The liabilities organizations expose themselves to without MDM are

huge.”


Alison Welch George, Senior Business Development Manager at SAP, agrees. Welch George

describes the mobile device evolution from one in which field- and task-based employees, such

as those in sales, utilities, health care, and construction, were the biggest users of mobility

infrastructure in the past. In contrast, devices are currently entering the work force and are

being used for more than just task work. According to Welch George, “Mobility usage today is

really evening out into a much more horizontal approach, covering all industries at different

levels.”

Mobile devices are increasingly viewed as just another end-point in enterprise IT

infrastructures, needing to be managed and secured in the same way as other assets in

corporate environments. Until recently, mobile devices were restricted to email as the end

point. As the power capabilities of these devices has grown, in terms of network bandwidth

and usability, standard corporate applications beyond just email are now easily accessible to

mobile workers. Suddenly a workforce exists that can perform work anywhere and anytime,

not just restricted to a laptop or desktop in an office setting.

ADDITIONAL FACTORS IMPACTING MDM ADOPTION AND GROWTH

Despite the widespread growth of mobile devices and projections for even greater growth in

the coming years, not all organizations have adopted mobility management solutions. Some

enterprise IT managers indicate that they are considering MDM in 2012, while others are

“making do” with a patchwork of different systems. Despite dire warnings of security

infractions that could imperil companies without MDM, these IT managers have taken a “go

slow” approach to MDM adoption.

It’s also important to keep mobilization in perspective. As Andy Smith, VP of Product

Management at MAM vendor Bitzer Mobile notes, “The people who are calling us and selecting

us are already thinking about mobility. However, this is not necessarily where the industry is as

a whole. It's not as far along as I'd like to think. While there is no question that mobility

management is growing really, really fast, it’s not as penetrated as it appears if you’re living it

day-to-day.”

Dynamic Market Causing Some Firms to Delay MDM Implementations

For some companies, the dynamic nature of the mobility market has had a direct impact on

their decision to deploy mobile solutions. For example, while retailer Coldwater Creek

recognizes the need for a long-term mobility solution, it is taking a slower approach to mobile

device management. Instead of deploying a full-blown MDM solution, VP of Operations

Stewart Hubbard notes that his firm is utilizing its existing BES server to manage BlackBerry


After running rogue device

assessments in enterprises, Zenprise

found as many as 10,000 unknown

devices accessing corporate

networks.

devices and has extended its existing agreement with JAMF for management of Macintosh

computers to include JAMF’s Casper Suite for iOS device management.

Preference for Exchange ActiveSync

Other companies have opted not to purchase MDM solutions, at least for the time being,

deciding instead to utilize Microsoft Exchange to secure and manage their mobile devices.

Exchange Server 2007 and Exchange 2010 both manage mobile devices through ActiveSync

mailbox policies, while MDM solutions use group policies. Why is this distinction important?

While ActiveSync provides mobile device management and policy controls to synchronize email,

contacts, calendar, tasks and notes from a messaging server to mobile devices, Exchange Server

relates to passwords, device hardware and mobile applications through individual mailboxes,

tying policies not to a device or user account, but to the mailbox itself. MDM solutions, in

contrast, apply settings through group policies, often to hundreds or thousands of users at

once. MDM offerings also have many more policies settings than Exchange, and Exchange can

only provide full device wipe, not selective wipe.

IT managers may also be in denial, or simply unaware, of the need for mobile device

management. According to AirWatch’s Chairman,

Alan Dabbiere, “We spoke with a F500 company

recently who thought they had 20-to-30 devices that

were employee-owned. After running an ActiveSync

report, they found over 2,000 unique connected

smart devices that they didn’t know about, including

both iOS and Android devices.” Zenprise has found

similar scenarios: after running rogue device

assessments in enterprises, it found as many as 10,000 unknown devices accessing corporate

networks.

Not surprisingly, MDM vendors guide customers away from solutions such as Exchange

ActiveSync. Alison Welch George, Senior Business Development Manager at SAP, notes that

“Microsoft's ActiveSync is a very bare-bones MDM and is not really in the same category as

traditional MDM vendors.” Welch George includes Google’s MDM offering that was announced

in November 2011 and released one month later – Google MDM layered into Google Apps – in

the same category. Officials at McAfee agree; a McAfee FAQ states that “Exchange and other

device-specific management tools offer subsets of [MDM functionality] for specific applications

and devices. Enterprise-class support … is most efficient when device management integrates

into other endpoint and security management processes.”


“It’s more about culture than

anything else in terms of how rapidly

companies deploy mobility.” John

Herrema, SVP, Corporate Strategy, Good

Technology

Still Trying to Secure Assets

While some organizations are far advanced down the path of mobility, other firms are still just

trying to secure mobile assets. Mike Hulthen, VP of Development at Motorola Solutions,

believes that most enterprises today are still just trying to “see” their assets, get them under

management, and manage corporate applications, including removing them if employees elect

to go off MDM support. According to Hulthen, “There are always some outliers, but in general

people are just trying to get hold of these BYOD devices.” Rob Dalgety, Director of Marketing at

Mformation agrees, stating “A key issue for 2012 is one in which IT managers are still grappling

with trying to manage individual-liable devices that are entering their networks and the need to

put in place a coherent approach and solution in this area.”

Officials at AT&T concur, noting that the need for management is a key driver in the market

today. Companies large and small are asking vendors to give them the means to manage

mobility – the “fencing” they need to coral mobility and bring it under control. Once the

fencing is built, follow-on discussions about value-added capabilities can take place. AT&T

believes that this framework applies from a business security and business cost savings

perspective, but also from the standpoint of how customers can use mobility to differentiate

themselves within their own businesses.

Tim Williams, Director of Product Management at Absolute Software, reports that many

customers need help in developing their long-term mobility strategies. IT managers feel that

since their employees are bringing mobile devices into the workplace, IT must support them

without stipulation. Williams advises clients that they can draw some boundaries, such as

allowing Android devices at specific release levels, noting “Organizations just need to throw a

lasso around some of these devices and get started.”

Corporate Culture

Corporate culture can also have a significant impact

on how quickly and aggressively organizations adopt

mobility management platforms. Some companies,

even within the same industry, and even in

industries known for aggressive mobile adoption,

can move at a slower pace than others. For

example, John Herrema, SVP of Corporate Strategy

at Good Technology, in describing the rapidity with

which Good customers move from Proof of Concept to mass deployment, notes that “It’s more

about culture than anything else in terms of how rapidly companies deploy mobility.” Herrema

cited a recent example of two companies – both in the same vertical and under the same


regulatory constraints – taking very different approaches toward mobility deployment, both in

terms of overall pace and formal “Bring Your Own Device” support, primarily due to cultural

reasons.


KEY PLAYERS IN THE MDM MARKET

NEEDS AND BENEFITS ADDRESSED BY MDM VENDORS

MDM ROI

MDM PARTNERSHIPS

MDM GEOGRAPHIC COVERAGE

MDM SUPPORT


KEY PLAYERS IN THE MOBILE DEVICE MANAGEMENT MARKET

While there are many vendors in the MDM market, less than 20 are considered top-tier players.

These companies include:

Absolute Software AirWatch AT&T BoxTone Fiberlink Good Technology McAfee Mformation MobileIron Motorola Solutions SAP SOTI Syclo Tangoe Wavelink Zenprise

IBM may soon be added to this list following its acquisition of BigFix in June 2010. IBM’s Tivoli

Endpoint Manager, which is based on BigFix’s architecture, provides mobile device

management capabilities, including selective wipe, passcode configuration and enforcement,

encryption, and compliance management. The offering will draw upon IBM’s cross-platform

capabilities and allow organizations to manage smartphones and tablets, as well as laptops,

desktop PCs, and servers. Endpoint Manager for Mobile devices supports iOS, Android,

Symbian, Windows Mobile and Windows Phone devices. IBM Endpoint Manager for Mobile

Devices is currently in Beta testing.

With its announcement of support for iOS and Android devices through its Mobile Fusion

offering in November 2011, RIM is also expected to become a larger player in the overall mobile

device management industry. While RIM has managed its BlackBerry Enterprise Servers (BES)

in the past for device management and support of customers with BlackBerry environments,

RIM’s BlackBerry Mobile Fusion offering will help the company expand to wider markets,

particularly as more enterprise customers support “Bring Your Own Device” environments that

have increased the diversity and volume of mobile devices in their corporate networks.


Mobile Device Management Industry Structure

The MDM market includes two principal types of vendors: vendors that are large, multi-

national, global corporations that offer mobile device management as part of a larger basket of

technology offerings, and smaller players who focus exclusively or primarily on mobile device

management solutions. Larger players are typically public, while smaller players are generally

private.

Smaller mobile device management players may be backed by venture capital firms. For

example Good Technology has received VC funding from Allegis Capital, Blueprint Ventures,

Draper Fisher Jurvetson, ePlanet Ventures, GKM Newport, Meritech, Oak Investment Partners,

and Rustic Canyon Partners, while Zenprise has received $85 million in venture funding from

Greylock Partners, Bay Partners, Ignition Partners, Mayfield Fund, Rembrandt Venture Partners,

and Shasta Ventures.

Many MDM players have reported “explosive” revenue, employee, and customer growth

during 2011. For example, AirWatch now has 450 employees and expects to nearly double this

figure by the end of 2012. MobileIron’s customer base grew 600 percent year-over-year

between 2010 and 2011, including 435 new customers in Q4 2011. Zenprise reports that it is

quadrupling its customer base worldwide and tripling employee headcount.

Table 4 provides a summary of key corporate statistics, where available, for key players in the

mobile device management market.


Table 4: Mobile Device Management Company Backgrounds

Vendor # of MDM Employees

Annual MDM

Revenues (US$)

Total MDM

Licenses Total MDM Customers

Year Founded Public or Private

Absolute Software

Does not disclose

$72 M Does not disclose

Does not disclose

1993 Public – TOR: ABT.TO

AirWatch 450 $20-30 M Deploy-ments

exceed-ing

50,000 devices, growing

to 100,000+

1,500 2003 Private (Parent company: Wandering WiFi); 200+

million in assets

AT&T Does not disclose

Does not disclose

Does not disclose

Does not disclose

1983 Public – NYSE: T

BoxTone 120 Does not disclose

but states Revenue CAGR is >100%

1.2 million

400+ 2000 Private, VC Funded

Fiberlink ~250 $35-50 M 200,000 600 1991 Fiberlink is a 100% private company and has raised

over $50m of private equity. Fiberlink is majority owned by: Goldman Sachs,

GE Equity, Technology Crossover Ventures, and

Edison Ventures

Good Technology

500 Does not disclose

Does not disclose

4,500+ Enterprise customers

1996 Private (VC funded, including Allegis Capital,

Blueprint Ventures, Draper Fisher Jurvetson, ePlanet Ventures, GKM Newport, Meritech, Oak Investment

Partners, Rustic Canyon Partners

McAfee Does not disclose

Does not disclose

Does not disclose

Does not disclose

Trust Digital: 2004;

McAfee: 1987

Public (Parent company: Intel. McAfee acquired Trust Digital in 2010.)

NASDAQ: INTC


Table 4: Mobile Device Management Company Backgrounds (continued)

Vendor # of MDM Employees

Annual MDM

Revenues (US$)

Total MDM

Licenses Total MDM Customers

Year Founded Public or Private

Mformation 150 Does not disclose

Does not disclose

60 mobile operators and MSPs

1999 Private (VC funded, including Battery Ventures, Carmel Ventures, Deutsche Bank, Kingdon Capital, Intel

Capital, North Bridge Venture Partners,

QuestMark Partners, Visa International and Wasatch

Advisors Inc.)

MobileIron 250 Does not disclose

Does not disclose

1,500+ corporate customers

2007 VC Funded ($57 million total as of August 2011)

Motorola Solutions

Does not disclose

Does not disclose

Over 5 million licenses

sold

Does not disclose

1928 Public – NYSE: MSI

SAP Does not disclose

Does not disclose

Does not disclose

Does not disclose

Sybase: 1984; SAP:

1972

Public (SAP acquired Sybase in 2010.) NYSE:

SAP

SOTI 150 Does not disclose

Deploy-ing 70-100K new

licenses/month

80,000 1995 Private (Profitable)

Syclo 100+ Does not disclose

Does not disclose

750+ 1995 Private

Tangoe 1,000+ $100 million

(estimated)

Manages 2 million devices,

10% directly

by MDM clients

100 2000 Public – NASDAQ: TNGO

Wavelink Does not disclose

Does not disclose

10 million+

8,000 1992 Private (key investor is WestView Capital Partners)

Zenprise 200+ Does not disclose

Does not disclose

1,000+ 2003 Private ($85 million VC funding as of October

2011, including Greylock Partners, Bay Partners,

Ignition Partners, Mayfield Fund, Rembrandt Venture Partners, Shasta Ventures)


Mobile Device Management Vendor Offerings Many of the mobile device management offerings in the market today are similar. Indeed,

MDM vendors themselves admit that differentiation is difficult to discern and urge customers

to “dig into the details” to truly understand the differences in architecture, security, target

markets and overall approach. Table 5 provides a summary of MDM offerings from key players

in the market, along with each vendor’s “value proposition” and a list of key customers.

Table 5: Mobile Device Management Vendor Offerings

Vendor Key

Offerings Key Features Value Proposition Key

Customers

Absolute Software

Absolute Manage MDM

Application Management allows customers to track installed apps, build device records, publish a list of approved apps onto each device and allow single-click app downloads. Apps by Absolute allow customers to securely host, remotely deploy, and distribute in-house apps to end users, as well as provide users with a list of recommended Apple or Android apps. AbsoluteSafe allows IT administrators to distribute files without email. Security, Change, & Configuration Management includes ability to lock/wipe, manage/deploy profiles, restrict apps, set up VPN, disable camera, deploy web clips. Asset Inventory provides >65 HW and SW data points, including Apple’s VSPP.

Absolute Software is expanding its cross-platform management tools to cross-management of devices, addressing the convergence of security and management with a device- agnostic management approach. Absolute Software works hard to leverage customers’ existing resources and provide solutions adaptable to existing environments.

Detroit Public Schools, Eisenhower Medical Center, Glassboro Public Schools, La Jolla Institute for Allergy and Immunology, Old Dominion University, Texas Department of Public Safety

AirWatch Enterprise App Catalog

HTML5-based user I/F

MAM SAML integr.

for mobile devices

Integration to Microsoft BPOS-D, Office 365, and Gmail

Secure Email Gateway

Secure Content Locker

SDK Library

AirWatch MDM includes: highly scalable solution, OTA enrollment and configuration, asset management, accounts and services integration, policy enforcement, restriction enforcement, device/data security, multi-tenant architecture, web-based multi-lingual console, role-based access, intelligent notifications, reporting and alerts, SDK library for ISVs and enterprise customers, enterprise app catalog and distribution, full certificate management, advanced branding and white labeling, and device retirement. HTML5 is fully integrated into AirWatch’s management console, user self-service portal and application catalog modules.

AirWatch states that it provides mobile security, along with MDM, MAM and mobile content management (MCM) at the lowest price. The software supports all WWAN and WLAN mobile devices and all major mobile platforms and carriers with a multi-tenant architecture. AirWatch highlights its rich partner ecosystem as a key benefit to customers.

Austin Convention Center, AXA, Best Buy, Children’s Healthcare of Atlanta, Coca-Cola, Duty Free Stores, Home Depot, Inova Health System, Level 3 Commun-ications, Lowes, LVMH, Sears, Target, Tiffany & Co, Urban Outfitters


Table 5: Mobile Device Management Vendor Offerings (continued)

Vendor Key


Customers

AT&T Good for Enterprise

McAfee Enterprise Mobility Manage-ment

MobileIron VSP

Mformation BES

solutions

Good: Provides enterprise-grade wireless email, PIM and IT security and management tools. McAfee: Provides a security solution to protect mobile devices and data. MobileIron: VSP from AT&T combines data-driven smartphone management with real-time wireless cost control. BES: Provide IT with simplified management, centralized control and wireless email.

Partnerships provide not only best-in-class support, technology and scope, but the security, capabilities, functionalities and OS support customers need. Together, AT&T and its partners can support all customers vertically and horizontally.

New York Life, Union Bank, Large transporta-tion company (using MobileIron’s Cloud Connect)

BoxTone Security & Compli-ance

Asset & Expense

Service Desk

User Self-Service

Incident Manage-ment

Perfor-mance Manage-ment

BoxTone’s MDM offering includes OTA provisioning, configuration and changed management through direct linkage to Active Directory Group Policy. BoxTone monitors for lost and rogue devices, as well as devices in non-compliance with IT policies. Application Management includes an Enterprise App Catalog of custom in-house and commercial applications.

BoxTone’s platform is built upon an ITSM/ITIL foundation for device, support, business and operations management. BoxTone uses ITSM best practices to address the full mobile lifecycle, providing an industrial-strength platform with built-to-last reliability and security.

BP, BT, Citigroup, Kaiser Permanente, M.D. Anderson Cancer Center, US Bank, US Government (Army, Congress, EPA, GSA, Postal Service, State Department), University of Pittsburgh Medical Center

Fiberlink MDM MAM

(including AppCloud & App-Extender)

Secure Document Sharing

Mobile Expense Manage-ment

Laptop Manage-ment

Fiberlink offers MDM for all major MOSs through its SaaS-based offering, including 2 ways of managing devices: via ActiveSync and direct to the device. Mobile App Management includes enterprise app catalogs for iOS and Android devices; app lifecycle management; white/black lists and controls on accessing apps; AppExtender (API & SDK) for authentication, authorization, updates, compliance status, device query, and mobility intelligence; and the MaaS350 cloud for app distribution. Compliance Engine provides compliance monitoring and enforcement for specific rules.

Fiberlink advertises its cloud-based technology and delivery model as unique in the MDM market. Its SaaS model allows Fiberlink to “support new devices and operating systems as rapidly as they become available.”

Bank of New York Mellon, CDW, Centene Corporation, Fluor, GSA, LinkedIn, Panduit, Phillips-Van Heusen, Sutter Health, Vinson & Elkins, VMware, Yale New Haven Health System



Vendor Key


Customers

Good Technology

Good Dynamics

Good for Enterprise

Good for Govern-ment

Good for OEMs/Carriers

Good Dynamics allows customers to separate work and personal data in a secure container. It is FIPS-certified, making it an attractive choice for regulated industries and government customers. Good for Enterprise includes Mobile Control (web-based portal), Mobile Messaging (enterprise messaging and collaboration), and Mobile Access (secure browser and app access). Good for Government provides military-grade mobile security, including Bluetooth & USB Common Access Card support, PKI support, & certificate verification. Good for OEMs/Carriers includes Good Mobile Email, Good Mobile Social Networking, Good Mobile Instant Messaging, & Good Mobile UI-Less.

Good has been providing MDM solutions for 10+ and “we’ve built up a lot of IP to apply to customer problems.” Good’s container approach appeals to security-conscious and highly regulated customers.

Crowley Maritime, Downey Brand LLP, Gates Corporation, Government of District of Columbian, Napa County, Patagonia, Perkins+Will, Specialized Bicycles, Union Bank, U.S. DoD

McAfee Enterprise Mobility Manage-ment

Includes device management (OTA provisioning, real-time device access and asset information, and device information) ; audit and compliance service (visualizes mobile assets, identifies and blocks rogue assets, provides silent OTA remediation, reports compliance status and activity); device agents (password, PKI, 2-factor authentication, and remote wipe; native device encryption; Wi-Fi & VPN configuration & management); and integration with ePolicy Orchestrator (centralized visibility and control, integrates with ePO dashboard).

McAfee believes that EMM “tucks in nicely” alongside other McAfee enterprise solutions that customers already have in place, allowing companies to extend their security-connected infrastructure. McAfee also believes it is well suited to unifying heterogeneous environments.

CSL Behring, Ellis Medicine, Riverside Healthcare

Mformation Enterprise Manager

Enterprise Manager supports cloud-based deployments and includes inventory management and reporting, lock/wipe, app display/management, tablet support, enterprise service configurations, policy control and password management, security compliance reports, and device diagnostics.

Mformation sells exclusively to MSPs and CSPs and can support large-scale deployments across different mobile OSs that integrate with other mobility solutions (such as TEM and encryption) within an ITSM framework.

Airtel, AT&T, Bell, Clearwire, ISEC7, LG Electronics, Orange Business Services, Sprint, Telefonica, T-Mobile, UQ Comm., Vodafone



Vendor Key


Customers

MobileIron Virtual Smart-phone Platform (VSP)

Sentry Connected

Cloud MyPhone

@Work Enterprise

App Storefront

VSP is the “central hub” of the MobileIron solution and can be deployed as a physical hardware appliance or as a virtual appliance (using VMware ESX). MobileIron released version 4.5 of VSP in November 2011, which included additional security features for Android devices and support for Android 4.0 security. Sentry provides access control for email and is an optional component. Connected Cloud, announced in August 2011, is a multi-tenant SaaS service allowing customers to administer their solution via a web browser/Internet and integrate with existing security infrastructure. Enterprise App Storefront includes an app distribution library, app security and access control, and app inventory.

VSP is a “simple-to-install server that plugs into corporate networks and lets customers quickly gain control of their smartphone operations.” MyPhone@Work provides an enterprise app storefront with a catalog of mobile apps tailored to enterprise users. Apps are approved by IT and available in commercial app stores or created by IT for internal use.

Amlyin Pharmaceu-ticals, City of Redlands Police Dept, City of Stockholm, Colt Car Company, Curtiss-Wright, Daimler Trucks North America, Fairfield Residential, Fenwick & West, Helsana, Kindred Healthcare, KLA-Tencor, Land Securities, Life Technologies, Logica, Mercedes Benz, NETGEAR, New York Life Insurance, Norton Rose, Thames River Capital, U of Connecticut Health Center, Wyndham

Motorola Solutions

Mobility Services Platform 4.0

Multi-OS support, including smartphones and tablets, BYOD management, self-service portal, configuration/application management, remote OTA provisioning and analysis, and remote lock/wipe; “Hardened” Android support , including IT controls, OTA remote updates, management of white lists for approved apps, and secure internal & external storage policies; and enhanced security, including remote lock/wipe and automated device certificate renewal and maintenance.

Motorola Solutions scales to up to 250K licenses simultaneously supported. Motorola Solutions can also manage rugged and consumer devices from a single pane of glass. As a F500 company, Motorola Solutions has a diverse breadth of offerings.

Baylor Health Care, Bumrungrad International Hospital, Memorial Medical Center, Sunnybrook Health Sciences Centre



Vendor Key

Offerings Key Features Value

Proposition Key

Customers

SAP Sybase Afaria, including Advanced Enterprise Security (AES) for Samsung devices and Applica-tion Develop-ment Tools.

Sybase Unwired Platform

Afaria for iOS 4: Delivery of in-house applications OTA, asset information provided from a single console, separate management of enterprise and personal applications, extension of corporate security policies to IL devices, remote lock/wipe, enterprise-grade security using policy-based model. Afaria for Android: Management of IL and CL devices, strong security policy enforcement, provisioning of enterprise-class apps, partnership with NitroDesk Touchdown for secure corporate email. AES for Samsung Devices: Security management, application management, configuration management, Exchange client configuration, and OTA deployment for Galaxy S and S2 (Android 2.3+). App Development Tools: SAP is using the SQL Anywhere database to synchronize application deployments by enterprises and ISVs. Sybase Unwired Platform: Mobile enterprise application platform that allows enterprise developers to build applications that connect business data to mobile workers.

As an industry leader in back-end data management, SAP believes that mobility is a natural progression that allows customers to access data and act on it in real-time. SAP describes mobility as part of a larger ecosystem that makes Afaria more simplistic even with additional layers, including pre-built applications that can be accessed via self-service portals through application libraries, as well as custom applications through Sybase Unwired Platform (SUP).

City of Oakland Police Dept, Cox, Duke Univ. Health System, eFleet, Ergon Energy, Faith Footwear, Hurley, Jazz Pharma., Kindred Healthcare, Kwik Trip, National Institute of Statistics, Novo Nordisk, Good Samaritan Society, Tasty Baking Company, United Utilities, US Census

SOTI Mobi-Control

MobiAssist MobiScan

MobiControl is SOTI’s primary MDM tool for enterprises and includes management console, deployment server, MS SQL database, and device agent. MobiControl includes a web console, help desk tools, device provisioning, location services for GPS-enabled devices, data sync, advanced security (including standalone or AD authentication), asset management and CRM, and alerts and reporting. MobiControl is also available in v9.01 for Samsung Android devices. MobiAssist is a separate product for BlackBerry devices which compliments the BES and provides remote support for IT helpdesks and advanced diagnostics (SOTI plans to integrate MobiAssist into MobiControl in Q2 2012). MobiScan is targeted at customers with mobile field workers. Out-of-the-box configuration is designed to quickly establish connections to MobiControl and MobiAssist servers.

SOTI believes it solves unique challenges for customers who are deploying, managing, securing, supporting and tracking remote mobile and desktop devices. SOTI advertises that it is compatible with both consumer and ruggedized devices.

Bayer, BMW, Chevron, Coca-Cola, DHL, Dollar Rent-a-Car, Energizer, Honda, Honeywell, Johnson & Johnson, Kellogg’s, TJX, Marks & Spencer, McDonald’s, McKesson, Medtronic, Microsoft, Pfizer, Raytheon, Shell, Siemens, Southwest Airlines, Tesco, VW, Waste Management



Vendor Key


Proposition Key

Customers

Syclo Agentry MDM

Syclo has recognized most of its success in the MEAP market and offers its Agentry MDM platform bundled for free as a compliment to customers who purchase Syclco’s MEAP offering. Key MDM functionality includes Security (strong authentication, role-based access, remote device wipe, data encryption, centralized management); Management & Analytics (integration management, server/cluster management, OTA commissioning and application deployment, update and patch management, remote device troubleshooting); Connectivity (available on- or off-line, option of Wi-Fi or cellular networks, data compression); and Integration (database connection via ODBC and SQLNet; prebuilt enterprise system connectors, APIs and web services; enterprise application tools).

Syclo believes that applications are at the heart of any mobility offering and has over 2,000 developers working on the Agentry platform. Additionally, Syclo has a well-developed partner program and is using partners to expand globally.

Abbott Labs, Amgen, Astra Zeneca, Baxter, Bristol- Myers Squibb, Carefusion, DePuy Ortho, Johnson & Johnson, Merck, Sanofi-aventis

Tangoe Tangoe MDM

Tangoe is best known for its Telecom Expense Management (TEM) services, aggressively looking for ways to lower fixed and mobile communications costs in real-time for SMS, voice, and data that is tracked against carrier plans. Tangoe’s MDM offering includes multi-OS platform management, support for CL and IL devices, multi-server management views, a self-service provisioning portal, role-based security, client application for policy management and monitoring, and automated application deployment.

Tangoe advertises that it is the only vendor to support application deployment throttling (control of deployment volume) based on wireless host server statistics. Tangoe promotes its ability to provide end-to-end mobility management.

It is Tangoe’s policy to protect the anonymity of its global customers. References and client contacts are routinely furnished to companies during the evaluation/ purchase process.



Vendor Key


Proposition Key Customers

Wavelink Avalanche Avalanche

Telicost Wavelink

Studio Wavelink

Avalanche SecurePlus

Avalanche provides mobile device and infrastructure management across wireless LANs and WWANs. Avalanche includes software and configuration management, security, mobile remote help desk support, location-based services, alerts and reports, performance & statistics, and infrastructure management. Versions include Site Edition and Mobility Center. Avalanche Telicost provides real-time monitoring, reporting and analysis of data, voice, SMS and roaming consumption. Wavelink Studio is a family of products that allow developers to create wireless applications that are platform, device and OS agnostic. SecurePlus is a plug-in to Avalanche that provides advanced user authentication and security on Windows CE mobile devices.

Wavelink has nearly 15 years of MDM experience and over 10,000 customers in all verticals that use Avalanche software. Wavelink supports large installments of 130,000 devices. Real-time expense management tools provided through Telicost send alerts to users and IT admins. to keep costs low.

3M, Ace Hardware, Boeing, Bridgestone Firestone, Cardinal Health, CeBIT, City of Aurora, GE Healthcare, GM, Jade, J. Crew, Macy’s, McKesson, Nestle, Nike, Norway Airports, Penske, Pepsi, Pinellas County Jail, Ryder, Saddle Creek, Saint Agnes Medical Center, St. Vincent’s Hospital, Target, Tesco, University of Maryland, VW

Zenprise Mobile Manager

Zencloud

MobileManager includes configuration management (enable corporate email; configure enterprise resources such as Wi-Fi, VPN, proxy server; enable universal PKI; restrict resources/apps; define and enforce OS and patch levels; and delineate between IL and CL devices); provisioning (enforce policies, distribute applications via enterprise app store); security (enforce passcodes; integrate with 2-factor authentication; locate/lock device; full/selective/auto wipe; passcode history; block jail broken or rooted devices; enable app tunnels; app black/white listing; block unauthorized/non-compliant devices; set Dynamic Defense context-aware policies); tracking (detect user, device, system, service issues; maintain HW/SW inventory; maintain asset details; report on device statistics and service details); and Decommissioning (full/selective device wipe; identify inactive devices). Zencloud is a multi-tenant offering that can run as a public, private, or hybrid cloud. Zenprise’s cloud facilities are SAS70 Type II, FISMA Moderate compliant, and Federal Cloud Certified.

Zenprise solutions are is “powerful yet simple” – simple for administrators and users, powerful in terms of end-to-end security and multi-tenant architecture.

Baker Hughes, Boston Red Sox, Cegdim, CITCO, Conoco-Philips, CVS Caremark, Grant Thornton, Jelly Belly, Knight Transportation, Monsanto, Ross, Scent Hughes, Sears, Sysco


Mobile Device Management Vertical Expertise

Mobile device management vendors typically operate across a wide cross-section of vertical

markets, sometimes specializing in specific industries. For example, while AirWatch supports

customers in over 15 vertical markets, it has an especially strong focus on healthcare, retail,

manufacturing, and technology.

Interviews with MDM executives found that many vendors approach marketing and sales

discussions based less on vertical focus and more on the scale and size of the organization.

Additionally, some mobile device management vendors state that their ROI calculations are

done at a high level across many different industries, and not for specific verticals. This is

particularly true in smaller MDM organizations which may have fewer resources to devote to

specific verticals. Larger MDM players may also have the benefit of more fully developed

vertical programs across their organizations that MDM groups within these companies can

leverage.

Table 6 presents a summary of the vertical industries being served by key mobile device

management players.


Table 6: Mobile Device Management Vendor Vertical Expertise

Vendor Health

Care Financial Services

Public Sector Transportation Retail Other

Absolute Software

● ● Education

AirWatch ● ● ● ● ● Distribution, Field Services, Hospitality, Manufacturing, Education

AT&T ● ● ● ● ● Education, Energy/Utilities, Hospitality, Manufacturing, Media,

Technology

BoxTone ● ● ● ● ● Accounting/Legal/Professional Services, Energy & Utilities,

Manufacturing, Media, MSPs

Fiberlink ● ● ● ● ● Automotive, Consulting, Energy, Media, Insurance, Travel

Good Technology

● ● ● ● Information Technology, Legal, Life Sciences, Management & Professional

Services, Manufacturing, Telecommunications

McAfee ● ● ●

Mformation ● ● ● ● ●

MobileIron ● ● ● ● ● Technology, Hospitality, Legal, Manufacturing

Motorola Solutions

● ● ● ● ● Education, Energy/Utilities, Hospitality, Manufacturing,

Technology

SAP ● ● ● ● ● Education, Energy/Utilities, Hospitality, Manufacturing,

Technology

SOTI ● ● ● ● ● Manufacturing, Logistics

Syclo ● ● ● Utilities, Oil/Gas, Asset Management, CRM Field Service, Manufacturing,

Water/Wastewater Tangoe ● ● Limited ● ● Advertising, Aerospace, Business

Services, Manufacturing, Real Estate

Wavelink ● ● ● ● ● Manufacturing Zenprise ● ● ● ● ● Oil & Gas, Legal, Telecom, Insurance


NEEDS AND BENEFITS ADDRESSED BY MOBILE DEVICE MANAGEMENT VENDORS

Overview

Mobile device management vendors provide numerous benefits for enterprise customers,

including improved ROI/TCO, more efficient and productive employees, greater customer and

employee loyalty, and improved data and device security. In Table 7 and the ensuing

discussion, we highlight and discuss key reasons organizations are considering and adopting

mobile management solutions.

Table 7: Key Benefits Provided by Mobile Device Management Solutions Benefit Examples

Lower TCO Reduce telecom expense through telecom expense

management programs

Lower provisioning costs by provisioning devices OTA and

remotely

Self-service portals lower IT administrative

overhead Improved ROI ROI improvements include

significant hard dollar savings, totaling millions in

some cases

Soft ROI examples include greater productivity and

improved employee morale

Mobile apps are driving significant ROI today and

will generate even greater ROI in the future

Reduce Complexity Customers can upgrade software on all devices

simultaneously

Solutions allow user self-service and administration

IT can restrict corporate devices to specific

versions or OS levels

Increase Security

Includes sandboxing, containerizing and

segmenting personal and corporate data

Application tunnels run from a container to an enterprise

back-end system

Document control provides time- and

location-based access to documents

Improve Employee Experience

Allow employees to bring and use their own personal

devices

Develop and deploy mobile apps that create greater

efficiencies and productivity

Solicit and utilize stakeholder involvement

and testing Reduce Liability and Legal Concerns

Devices can be tracked, locked and wiped if lost or

stolen

Departed employees no longer have access to

sensitive company information

BYOD environments may restrict corporate

liability to business data only

Increase Productivity and Efficiency

Mobile integrations with business system services,

such as BI, ERP & CRM

Reduced duplication and manual processes lead to

greater effectiveness

Less down time and “waiting around”

generates higher sales

Improve Customer Experience

Tablet kiosks help drive greater engagement and

higher spend

Customers are more loyal and willing to re-purchase

Data is more accurate and accessible

Improve Support Self-service portals fit new end-user paradigm

Partner support provides comprehensive assistance

Customers can choose low-, mid-, or premium-level support contracts

Provide Greater Choice

Customers can choose on-premise, cloud/hosted, or

appliance solutions

Vendors offer platform and container offerings

Partnerships allow vendors to provide more comprehensive offerings

Offer Attractive Pricing

SaaS and appliance pricing offer reasonable per user

and per month fees

Greater competition within the MDM market has driven

down all pricing

Some vendors offer warranties or free

support


MDM solutions provide significant benefits because they address critical needs in the market

that IT executives continue to struggle with, including:

The proliferation of mobile devices, along with the “consumerization of IT,” has

overwhelmed corporate IT departments as more employees bring their mobile devices

to work and want access to corporate networks.

The fragmentation of device types and mobile operating systems, particularly for

Android devices, has led to the need for more systematic management and control over

mobility end-points.

Privacy and legal concerns surrounding BYOD policies, particularly with regard to wiping

employee-owned devices, has caused IT managers to investigate solutions that protect

them from future liability.

The explosion in the number of applications being downloaded and used, including the

need to secure and provision these applications, has led IT executives to turn to MDM

(and MAM) vendors for greater assistance in creating, deploying and managing

applications.

Customers are struggling to develop, deploy and manage applications as they

transition from public app store applications to custom applications that are tailored

specifically to their industries or businesses. As a result, Mobile Application

Management vendors are exerting greater influence in enterprise settings, challenging

MDM vendors for the application component of the mobile enterprise.

The proliferation of delivery models, including on-premise; SaaS models via private,

public, and hybrid clouds; and appliances, has offered greater choice, but also raises

concerns about security in cloud-based environments.

Increased security concerns among organizational executives, most notably in highly

regulated industries, such as healthcare, financial services and government, has led to

the need for tracking and auditing employees and devices.

Remote storage for mobile devices, including the storage of confidential corporate

documents in public digital vaults, iCloud and other non-secure environments, is a

growing concern for CIOs, regardless of industry.

The tension between security risks and long-term business potential when mobility is

fully unleashed has led many IT executives to seek out best practices to take advantage

of the efficiencies, productivity and greater competitiveness promised by mobile

solutions.

These categories are described in greater detail in the following sections.


“Christmas is coming and I’m

expecting to have hundreds of users

in sales and marketing coming to me

in January, asking for support of their

new devices.” Enterprise IT manager,

December 2011

Mobile Device Proliferation

The days of BlackBerry devices ruling the corporate

environment, and being handed out to corporate

executives as a seniority perk, are over. Today,

millions of devices have flooded into the work place

by employees at all levels of the organization.

Cimarron Buser, VP of Business Development at

Apperian, states “Mobility is a wave that has already

crashed. It’s the laggards that still haven’t gotten

on-board.” IT managers are struggling to deal with

the scale and complexity they’ve inherited. As one

overwhelmed IT manager stated in December 2011,

“Christmas is coming and I’m expecting to have

hundreds of users in sales and marketing coming to

me in January, asking for support of their new

devices.”

Bring Your Own Device (BYOD) trends point to even

greater usage of personal devices in corporate

settings in coming months. A survey by Good

Technology of its customer base in October 2011

found that enterprises are increasingly embracing

BYOD policies, including those in highly regulated

industries, such as finance/insurance and healthcare.

Good’s survey found that 72 percent of its customers

are formally supporting BYOD programs, an increase

from January 2011, when 60 percent of Good

customers supported formal BYOD programs. An

additional 19 percent of Good respondents from the

October survey indicated that they were either

planning or considering a BYOD program within the

next six-to-12 months.

MobileIron is seeing similar statistics: at an October

2011 MobileIron User Conference, 75 percent of

MobileIron customers indicated that they are either

considering a BYOD policy or already have a BYOD

policy in place. While not all environments have

Tangoe Predicts BYOD Trends

Tangoe believes that BYOD will become

available as a software stack due to the

growing importance of security and

mobility, specifically authentication,

verification, identity management and

single sign-on. As part of an integrated

solution, IT executives will not have to

piece all of these components together

themselves.

Tangoe also believes that BYOD is

causing a reduction in the growth rate

of email, as users increasingly

collaborate in real-time and transition

to texting, social networking and file

downloading services.

By integrating social networking sites

into MS Outlook, enterprises can take

advantage of real-time collaboration

within social networking platforms,

giving corporate IT control over

sensitive corporate data within a secure

enterprise environment while realizing

the benefits of real-time decision

making and interaction.

Tangoe predicts that BYOD will also

change the relationship between IT and

Finance. While these two groups did

not collaborate extensively in the past,

BYOD will force more interactions,

including discussions about cost

management and reimbursement

policies.


moved to BYOD models, there is a general

acknowledgement that heterogeneous environments

are here to stay. Smart corporations are looking

ahead and putting frameworks in place to support new

employee-liable devices, devices that may not even

exist yet.

The importance of BYOD in the MDM market cannot

be overstated. Whereas enterprises could keep tight

control over corporate assets and inventory in the past

– maintaining a uniform operating system, installing

the “right” applications that ran on the OS,

implementing lock-down controls, and returning

devices to the corporation when employees departed

– that model has crumbled over the past 18-to-24

months as unknown devices have begun connecting

and operating on enterprise networks. IT departments

have had to expand the types of devices they are

supporting and there has been an overall “mixing” of

corporate and consumer data on employee-liable

devices.

According to John Herrema, Good’s SVP of Corporate

Policy, “CIOs see a great opportunity to leverage the

technology their users are already using, but they

want to be able to do that correctly, especially if

organizations are large, complex, regulated, or

security-conscious.” Herrema believes the trend

toward greater BYOD policies will continue, if not

accelerate, allowing organizations to open up mobility

broadly to 50-to-80 percent of their employees, not

just 30 percent of senior executives, sales, and similar

roles who traditionally enjoyed mobility privileges in

the past.

The “consumerization of IT” has brought about a

transformation in corporate and organizational work

spaces, as employees increasingly demand access to

corporate networks. This is a trend that is especially

Tangoe Predicts BYOD Trends

Tangoe believes that BYOD will

become available as a software stack

due to the growing importance of

security and mobility, specifically

authentication, verification, identity

management and single sign-on. As

part of an integrated solution, IT

executives will not have to piece all of

these components together

themselves.

Tangoe also believes that BYOD is

causing a reduction in the growth rate

of email, as users increasingly

collaborate in real-time and transition

to texting, social networking and file

downloading services.

By integrating social networking sites

into MS Outlook, enterprises can take

advantage of real-time collaboration

within social networking platforms,

giving corporate IT control over

sensitive corporate data within a

secure enterprise environment while

realizing the benefits of real-time

decision making and interaction.

Tangoe predicts that BYOD will also

change the relationship between IT

and Finance. While these two groups

did not collaborate extensively in the

past, BYOD will force more

interactions, including discussions

about cost management and

Fiberlink on Fire

On February 1, 2012 Fiberlink

announced enterprise support for the

Amazon Kindle Fire. Fiberlink will

support the Fire through both

ActiveSync and device agents.

Because the Kindle Fire does not yet

support Google’s Cloud to Device

Messaging Framework (C2DM),

Fiberlink created built-in timers that

allow MaaS360 servers to regularly

check to see if there are any actions

pending on Kindle Fire devices, such as

the need to perform device wipe or

passcode reset.

MaaS360 leverages TouchDown for

secure email, allowing it to provide

integration for Kindle Fire with

TouchDown’s secure email container.

Fiberlink customers can set granular

policies, such as disallowing

documents to be forwarded or saved

as attachments on mobile devices.

Fiberlink also provides a simple

connection back to the network for

email and document access.

Additional MaaS360 support for Kindle

Fire includes: OTA device

configuration management, security

policy enforcement, real-time

reporting, and alerting and auto-

quarantining if Kindle Fire devices

attempt to connect to the corporate

network.


“In the old days you had a BlackBerry

Enterprise Server (BES) administrator

in your IT department. Now you

have a BES administrator on

steroids.” Peter DeNagy, Principal

Consultant at Enterprise Mobility

Strategies

playing out in companies with younger workers, often dubbed “Generation Y,” “millenials,” and

“digital natives.” These workers have specific expectations about how, where and when they

access and use technology. In many instances, this generation is more tech savvy than their

older colleagues, who are often satisfied with company-issued BlackBerry devices. Younger

workers, in contrast, want to use their own personal devices anytime, anyplace. As shown in

Table 2, 53 percent of 18-24 year olds and 64 percent of 25-24 year olds own smartphones.

Many organizations adopt BYOD policies to attract and retain the best workers. According to

John Herrema, Senior Vice President of Corporate Strategy at Good Technology, “If a company

is seen as unreasonably saying ‘No’ to employee requests, that organization simply cannot hire

the best people they want to hire, particularly from Generation Y.”

Officials at McAfee agree, stating “The 18-to-24 year old demographic considers mobile devices

a birth right as much as they consider social media a birth right, while BlackBerry devices are

sufficient for individuals over 50. As you go into younger and younger demographics, both the

expectation about what technology people should be able to use, as well as the benefits that

technology brings, definitely gets broader.”

Even in corporate environments that do not have BYOD policies in place and instead issue

corporate-liable devices, an MDM solution is viewed as essential. Large deployments are

especially well suited to MDM solutions because the MDM software allows IT managers to

quickly and easily deploy and configure the devices over the air (OTA). As AirWatch Chairman

Alan Dabbiere states, “It would crush an organization’s IT staff to get involved in the installation

of every device.”

Mobility Fragmentation

The fragmentation of mobile devices, and Android devices especially, can be overwhelming to

IT managers. As one industry veteran points out,

Samsung alone released 134 Android-based phones in

North America in 2011. Other popular handset

manufacturers releasing Android-based devices on a

steady basis include Acer, ASUSTek, Dell, HTC,

Huawei, LG, Motorola, NEC, Lenovo, Sony Ericsson,

Toshiba, and ZTE. There are secondary and tertiary

tiers of manufacturers as well.

In addition to the plethora of devices and device

types, there are multiple operating system versions associated with Android devices, including:


Cupcake: Released in April 2009, Android 1.5 included new UI enhancements and new

features, including virtual keyboard, animated window transitions, voice search, support

for widgets, and video recording/playback in MPEG-4 and 3GP formats.

Donut: Released in September 2009, Android 1.6 included a quick search box and

expanded search framework; updated UI with integrated camera, camcorder and

gallery; VPN control panel; Android Market updates; text-to-speech engine; expanded

support for screen densities and resolutions; and telephony support for CDMA.

Éclair: Released in October 2009, Android 2.0 featured support for MS Exchange to sync

email, Bluetooth 2.1 support, new browser interface and support for HTML5, improved

virtual keyboard, Quick Contact, new calendar features, integration with Facebook, and

updated search features.

Froyo: Released in May 2010, Android 2.2 included a JIT Compiler for faster applications

and improved battery life; automatic application updates; new Linux kernel; Adobe

Flash support; integration of Chrome’s V8 JavaScript engine into the browser

application; support for Android Cloud to Device Messaging (C2DM) service (enabling

push notifications); and improved MS Exchange support, including security policies,

auto-discovery, GAL look-up, calendar sync and remote wipe.

This release was critical for the mobile device management market, in that it included

APIs and integrations to MDM platforms, as well as the ability to perform remote wipe

and password enforcement. This is the first release in which Android was generally

considered “enterprise-ready,” although many IT managers continue to express

concerns about security on Android devices.

Gingerbread: Released in December 2010, Android 2.3 featured an on-screen

keyboard; UI changes, including new color schemes, simplicity and speed; application

and power management for better insight about what is running in the background; SIP

Internet calling, directly integrating VoIP; Download Manager, allowing easier access to

files downloaded from the browser, email or other applications; Native Development Kit

(NDK) for Native development; Near Field Communications (NFC); new audio effects;

and support for multiple cameras.

Honeycomb: Released in February 2011, Android 3.0 was the first tablet-only Android

update and supported applications and programs specifically designed for tablet

computers. The Motorola Xoom tablet was the first device to feature this version. Key

features of Honeycomb included a new user interface, including improved multi-tasking,

home screen customization, widgets and notifications; an improved camera/gallery for

larger screens; an Action Bar to display applications in use; a System Bar for global

status and notifications; new connectivity features; a customizable home screen;


browser enhancements; support for multi-core processors; and improved keyboard and

cut/paste functionality.

Importantly, the Honeycomb release also included critical features for enterprises,

including the ability of enterprise application developers to add new types of policies,

including encrypted storage, password expiration, password history, and password

complex characters.

Ice Cream Sandwich: ICS was announced in October 2011 and the source code for

Android 4.0.1 was released in November 2011. Unlike previous releases, Android 4.0

combines the same OS for mobile phones and tablets and is considered one of Google’s

largest Android OS updates. Key features of ICS included an updated UI designed to

work without buttons; “back,” “home,” and a newly created “multi-tasking” virtual

button at the bottom of the screen that expand/contract depending on user activity;

auto-syncing of browser with Chrome bookmarks; new tabbed web browser with up to

16 tabs; more powerful home screen than previous versions for placing widgets and

icons across different pages; automatic folder creation/deletion; permanent search

screen at the top of the home screen; unlock with facial recognition; improved

notifications functionality; social networking integration (“People” app); improved NFC

(“Android Beam”); and data usage settings that allow users to set alerts when they

approach usage limits, as well as data disabling when usage limits are reached.

Due to the BYOD phenomenon, employees are bringing not only Android-based devices into

their work spaces, but other mobile devices and operating systems as well. While the

fragmentation associated with these devices is not as extreme as it is with Android, IT managers

must still add Apple, Microsoft, and RIM devices and OSs to their list of support requirements.

Still, some CIOs are pushing back against fragmentation, marking a line in the sand and

restricting device choice, even in BYOD environments. This is particularly true in highly

regulated industries. These IT departments have decided that they will not shoulder the

burden of supporting every device form factor and every device OS. Examples include:

Coldwater Creek: While Coldwater Creek issues corporate-owned BlackBerry devices

and will allow employees to use their own iOS devices, it will not allow or support

Android devices due to security concerns surrounding the Android platform.

Gannett: Media and marketing solutions company Gannett made the decision in

December 2011 that it would standardize on the Apple iPhone 4S instead of Android

phones. A key reason for this decision was “the wide variety of [Android] versions, plus

inconsistent functionality by vendors/devices.”


Growing Privacy and Legal Concerns: Whose Property Is It?

Because of the lack of precedence for individual-liable devices in corporate settings, privacy and

legal issues are a significant concern for officials managing mobility policy. A starting point in

most legal conversations is “Whose property is it?” For corporate-liable (CL) devices, this is

fairly straightforward: since the company purchased the device and pays for the monthly

service, the company owns the device and all associated data on it.

In Individual Liable (IL) or BYOD environments, the answer to this question is not so

straightforward since courts have not clearly defined privacy and data ownership rules for

mobile devices. While an employee may own the device, the company may own the corporate

data on that device. When companies perform monitoring of their IT assets, personal

information from employee devices may also be monitored. If an employee is fired or resigns,

IT managers must ensure that the corporate data is completely removed, or wiped, from that

device. But what if personal data is also wiped? There are also potential issues with

contractors and consultants, who may want access to the corporate network for their personal

devices but are not employees of the firm.

While BYOD environments are growing due to ease of use and employee satisfaction, the BYOD

trend is fueling legal concerns too. Increasingly, corporate executives realize that if they only

lock down a portion of an employee’s device, such as corporate data residing in a container,

they are only liable for damages relating to that data, and not for inappropriate or illegal

actions relating to the rest of the employee’s device. See no evil, hear no evil. This concern

over legal exposure is also driving the movement toward application management instead of

device management.

Research for this paper found that there is universal agreement on the need for organizations

to take certain steps with regard to mobility to protect themselves from potential liability:

Organizations should define what is meant by a mobile device, include smartphones,

tablets, laptops, netbooks, and similar devices.

It is critical to get explicit employee consent for any monitoring or access the company

may initiate of IL devices, including written consent of the company’s employee mobility

policy.

There should be explicit wording about the extent and terms of support for employee-

and company-owned devices, regardless of whether the organization is providing

support itself or through an MDM provider.


Additionally, corporate policies need to clearly spell out and define all aspects of the

firm’s mobility policies, including the possibility that the entire device may be

monitored, accessed, and/or wiped.

Companies must take steps to monitor only what is needed for legitimate business

purposes on employee-owned devices. If an employee downloads an application onto

his or her personal device and a member of the company’s Help Desk staff comments on

it, for example, there may be issues of employee privacy violation.

In developing mobility policies, representatives from IT, legal and Human Resources

should provide input and guidance.

Companies also need to be aware of different laws when operating in multiple geographic

markets. For example, in some countries, such as China, Germany and France, it is illegal to

wipe an employee-owned device. Additionally, companies operating in these geographies are

not allowed to extract application inventory if they blacklist certain applications. AirWatch

Chairman Alan Dabbiere notes that, “While AirWatch can track employees, devices and vehicles

for Coca-Cola in the United States, it cannot do this in other countries, such as Germany or

France. Software needs to comply on a global basis to what features really mean.”

Alison Welch George, Senior Business Development Manager at SAP, notes that SAP takes a

very hard line between consumer and corporate data if a device must be wiped due to loss or

theft. Afaria allows IT managers to separate personal data from corporate data, which Welch

George asserts is not universal among all vendors.


Growing Importance of Mobile Applications

Mobile applications are driving much of the growth in

the mobility market. As Joe Granda, EVP of

Marketing at Syclo states, “It all starts with

applications. If you don’t have applications, what’s

the point of having a mobile device?” As of January

2012, Apple’s iTunes store offered more than

560,000 applications, while Google’s Android Market

is quickly catching up and offers over 400,000

applications, also as of January 2012. Other mobile

application stores include BlackBerry App World,

Nokia Ovi Store, Samsung Apps, and Windows Phone

Marketplace. In October 2011, Berg Insight forecast

that mobile application downloads worldwide will

grow at a compound annual growth rate of 57

percent between 2010 and 2015, reaching nearly 100

billion total app downloads by the end of the period.

Fiberlink reports that it has seen much greater

interest in application development, deployment and

management within the last three-to-six months,

with some companies that have more advanced

capabilities moving faster than others. Because

Fiberlink deploys its MDM solution solely as a SaaS-

based offering on a common platform, it can

aggregate data to see which applications are most

popular by category and recommend those

applications to customers.

As application proliferation increases, different types

of applications have been introduced, including on-

device, thick client standalone applications, thin

client web-clip applications, and applications that are

a blend of on-device code as well as back-end

database/back-end application server. Increasingly

customers are blending these applications depending

on their needs. For example, BoxTone has numerous

health care customers that are running Cerner and

Fiberlink: Applications in the Cloud

Fiberlink’s “AppCloud” allows companies to upload their applications to the MaaS360 platform, where Fiberlink puts a secure wrapper around the application. Users who try to download the app must first authenticate to gain access.

AppCloud is available from nearly 100K endpoints in Fiberlink’s global content distribution network. This allows users in Europe, for example, to download a local copy instead of transferring information from a site in the United States or other geographical location. Fiberlink partners with Akami for its global content distribution services.

Fiberlink also offers “AppExtender,” which allows organizations to leverage a set of Fiberlink APIs to build in-house enterprise apps. APIs include different types of functionality, such as the ability to authenticate/authorize users, query a device and pull back device information. Customers can also get performance and reporting data about specific applications. Fiberlink believes AppExtender allows customers to enhance the security and operational efficiency of their apps.

AppCloud and AppExtender are designed for corporate, in-house apps, and not for the Apple or Android public app stores. Fiberlink’s Enterprise Application catalog helps manage public applications.


McKesson applications, along with diagnostic imaging

and ultrasound applications that use a sensor and

display on an iPad.

As organizations increasingly utilize applications for

productivity gains beyond just email, calendar, and

contacts, they are looking to mobility vendors for help

in supporting their application creation, deployment,

management, and integration. Companies have come

to realize that putting high-value applications on

mobile devices will increase productivity and employee

commitment to the company. According to Cimarron

Buser, VP of Business Development at Mobile

Application Management vendor Apperian, “We want

to make sure individuals feel good about the

applications they’re using and the experience they’re

having with these applications. If they do, the

company will ultimately benefit.”

The majority of Wavelink’s MDM customers –

enterprise-level companies – understand the long-

term benefits of utilizing and controlling mobile

applications to drive better performance. Jay Cichosz,

VP of Marketing, notes that “Wavelink customers are

definitely trying to use mobility to integrate with back-

end systems and to use mobility for more of a strategic

purpose.”

Customers Struggle with Application Management

While some customers have moved beyond basic

applications to more advanced capabilities, many

companies struggle with how to manage all of the

applications end-users are putting onto their mobile

devices, including securing and provisioning the

applications and managing third party versus in-house

applications. Increasingly, organizations are creating

their own version of an application store, using app

libraries for mass deployments and upgrades, and

building policies and resources directly into their MDM

MobileIron’s AppConnect Helps Secure Enterprise Applications

In September 2011, MobileIron announced “AppConnect,” a collaboration with nine partners that provides enterprises with a tool to secure application ‘data at rest’ and ‘data in motion’ across the application lifecycle.

AppConnect secures company-developed apps, third party apps from the Android Market, and other mobile application distribution services.

AppConnect can be natively installed on MobileIron’s VSP platform and is available to MobileIron customers and developers at no charge.

AppConnect capabilities include authentication, configuration, authorization, access control, analytics, and removal.

AppConnect partners include: Accellion, Box, GoodReader, GroupLogic, NitroDesk, Quickoffice, Roambi, Wyse PocketCloud and Xora Sign On.


“If you narrowly define MAM as just

offering an enterprise application

store, then MDM and MAM are

converging. However, I think that

MAM is more than just enterprise

application stores and I'm worried

that the definition of MAM is getting

watered down to that.” Andy Smith,

VP of Product Marketing, Bitzer Mobile

consoles. Creating a “single pane of glass” that provides a unified view of public and private

applications is critical.

While MDM vendors have increased their capabilities

and offerings around third party applications –

applications found on iTunes or in the Android

Market, for example – there is still work to be done in

terms of MDM vendor development, deployment and

management of custom applications. Most MDM

vendors provide an application store front but this is

not synonymous with custom application

development. When asked if MDM and MAM

markets are converging, Andy Smith, VP of Product

Management at Bitzer Mobile, responded “If you

narrowly define MAM as just offering an enterprise

application store, then MDM and MAM are

converging. However, I think that MAM is more than just enterprise application stores and I'm

worried that the definition of MAM is getting watered down to that.”

Custie Crampton, VP of MDM Technology at Tangoe, agrees that application management is

more of an advanced capability and notes that “Device management is not really part of

application management.” Officials at Tangoe project that custom and private application

development will continue to be a separate entity from public application stores for most

customers, with a difficult path to the creation of a single enterprise store front that manages

different applications done by different developers. Tangoe believes that MDM vendors will

need to provide a single interface that displays both private and public application lists.

Sam Liu, VP of Marketing at MAM vendor Partnerpedia, juxtaposes the role MAMs play to that

of MDMs, noting that the application store paradigm that MAM vendors create is usually not

something MDMs provide. Liu believes that MAM vendors retain a focus on applications and

users, versus devices and device control, which is typically the domain of MDM vendors.

Partnerpedia has agreements in place with distributors of third party business applications that

it makes available to IT customers for purchase or download. Partnerpedia also offers a service

for customers to develop and build custom applications if they desire unique applications

unavailable in the market currently. Additionally, Partnerpedia has built a community of

approximately 5,000 members, including ISVs and VARs, whom customers can contact for

further assistance with mobile application development. According to Liu, “We know they need

this, because they just don’t have this expertise in-house.”


The Growing Influence of Mobile Application Management Vendors

As applications grow increasingly important in enterprise mobility, more companies are seeking

outside assistance for application creation, distribution and management. Increasingly, they

are looking to Mobile Application Management vendors to play this role, sometimes combining

MDM and MAM application development, distribution and management efforts, and in other

cases bypassing MDM application solutions altogether.

Mobile Application Management vendors such as Apperian, Bitzer Mobile and Partnerpedia

have entered the mobility market with a focus on improved applications and user experience.

Andy Smith, VP of Product Management at Bitzer Mobile, notes that, “While MDM players have

gotten a lot of traction initially, enterprises are increasingly looking to MAMs for a better user

experience, particularly as customers move from corporate-liable to BYOD policies.” Smith

believes that customers may initially select an MDM vendor because it is “easy” and “familiar”

but then decide that MAM vendors provide greater efficiencies and benefits.

Sam Liu, VP of Marketing at Partnerpedia, describes traditional mobile device management as

very device centric, focusing on specific corporate assets. Liu describes his view of the market

as one that is evolving from a time when applications were built internally or sourced from

large vendors, such as SAP, and deployed and implemented internally before being rolled out.

In this top-down approach, IT either performed or controlled nearly every aspect of application

development, deployment and management. Application cycles were also longer – generally

about 18 months for IT to build and roll out new applications from start to finish – and the

application had a life cycle of three years or more.

In contrast, Liu describes the current environment as one that drives life cycles for mobile

applications to under 12 months, resulting in a situation in which most IT departments “just

can’t keep up.” Adding to the problem is the fact that most IT developers have minimal

knowledge about mobile development. According to Liu, “The world of mobile development is

a fragmented world of a new generation of developers. Traditional IT just cannot keep up with

that.”

Alison Welch George, Senior Business Development Manager at SAP, describes how SAP’s

Afaria offering has been impacted by the accelerated schedules: “Afaria is on a release

schedule of dot releases every other month and full releases every quarter. We're releasing

new product on a less than 60-day cycle. A lot of those are new features to support a new OS

that just came out. It's not necessarily bug fixes – we’re actually adding features that were just

announced by Apple or Android.” Welch George adds that SAP employees “drink a lot more

coffee” lately.


One result of collapsing release

schedules is that IT departments are

increasingly being forced to open up

application sourcing, procurement

and development strategies to

outside vendors and external

sources.

Fiberlink, whose MaaS360 offering is hosted, does a new release every three weeks, and

sometimes more often. According to Fiberlink’s VP of Marketing, Neil Florio, “These are

typically releases with new features and functionality added.”

One result of collapsing release schedules is that IT departments are increasingly being forced

to open up application sourcing, procurement and

development strategies to outside vendors and

external sources. Applications are becoming a blend

of market apps from iTunes and the Android Market,

as well as internal corporate and third party

applications. IT departments will need to create a

framework in which they can quickly and efficiently

build a corporate catalog of applications that come

from multiple sources, transparent to end-users.

Moreover, corporate application catalogs need to

have the look and functionality of those that users are already accustomed to seeing.

According to Bill DeWeese, IT Manager for Enterprise Mobility at DynCorp International, “A lot

of MDM vendors don’t seem to get it, to see [application catalogs] from an end-user’s point of

view. [Our application store] doesn't look as aesthetically pleasing as the rest of the

applications on the iPhone. It doesn't look as good as it should, and it doesn't work as well as it

should. Instead, it looks like an IT shop built it. I think it needs to mimic the success that iTunes

has had.”

Bitzer Mobile, interested in better understanding the views of enterprise users with regard to

BYOD and end user experience, conducted a mobile industry study in December 2011 and

published the results in January 2012. Among Bitzer’s findings:

91 percent of users would be “very frustrated” if their company wiped personal data

from their mobile device.

81 percent of users would be “very frustrated” if they were forced to enter a password

every time they wanted to access personal applications, such as Facebook.

47 percent of users would decline enterprise access if they were forced to give up iCloud

or Android Backup Manager.

41 percent of users would be “very unwilling” to give up the use of Pandora or Spotify in

exchange for access to corporate information.

Bitzer Mobile believes the preservation of a positive user experience is essential.

Sam Liu of Partnerpedia believes that MDM vendors are a good fit for IT managers, who are

accustomed to top-down control focused on device-level security. In contrast, Liu believes that


There is clearly a need for balance

between security and end user

experience. If companies tip too far

to the security side of the scale,

mobile devices become unusable; if

they tip toward user experience,

there are invariably security holes.

Understanding the importance and

implications of both is key.

MAMs are better equipped to address the needs of end-users, which revolve around

application convenience, ease of use, and productivity tools, all within a collaborative

environment that invites users to be participative.

Liu believes that “consumerization” can be examined in two ways:

Consumerization coming from end users and their experience with consumer

application stores.

Resulting impacts of consumerization on IT departments, which is concerned with

corporate security, policies and procedures.

Liu acknowledges the security concerns surrounding mobility that many IT executives are

struggling with today. At the same time, he cautions against an over-reaction in which IT loses

sight of the ultimate drivers of mobility – the end-user and greater work force productivity. Liu

believes that, as IT managers feel confident that they have addressed enterprise security needs

and have adequately “locked down the fort,” they will increasingly turn their attention to the

organization’s application strategy, which includes figuring out ways to make end-users more

productive.

There is clearly a need for balance between security and end user experience. If companies tip

too far to the security side of the scale, mobile devices become unusable; if they tip toward

user experience, there are invariably security holes.

Understanding the importance and implications of

both is key. Brian Reed, Chief Marketing Officer at

BoxTone, notes that “Organizations need to look at

the entire lifecycle of the device and the applications

and all of the human beings interacting with that

device, including the IT department and the users

themselves. Mobile devices then need to integrate

with existing systems already in place – core IT

infrastructure – and not be a new mobile island of

mobile ‘stuff’ that hangs off the side of IT.”

Many mobile applications that are labeled as third party, pre-packaged applications still require

customization, in some cases significant customization. Bitzer Mobile is trying to convince

customers that its solution is a credible alternative when MDM solutions require significant

customization, which is expensive and time-consuming. Bitzer’s Andy Smith tries to convince

application decision makers that they can write a Bitzer virtualization layer and run it as a

mobile application in the Bitzer Mobile container for any customization that needs to be done.


Apperian plans to use crowd sourcing

to engage users in conversations

about which applications are

important and what problems users

are trying to solve, serving as a

facilitator throughout the

discussions.

According to Smith, “Applications will have a native look and feel on end users’ devices and can

be deployed across multiple devices.”

Some organizations are taking user input to new levels for application deployment. For

example, mobile application management vendor Apperian plans to add crowd sourcing to its

repertoire, engaging end-users in conversations about

which applications are important, what problems

users are trying to solve, and serving as a facilitator

throughout the discussions. As Cimarron Buser, VP of

Business Development for Apperian notes, “It’s

important that you’re not just giving users a wiki or a

bulletin board to submit their ideas but, instead,

driving creative ideas out into the organization.”

Apperian does this by sponsoring contests that give

away free iPads, for example, to those users with the

best ideas, thereby driving up response rates and innovation simultaneously.

There is some overlap between MDM and MAM players, as vendors from both worlds unite

through partnerships. For example, Apperian is partnering with BoxTone to provide BoxTone

customers with more advanced application management solutions. When BoxTone customers

complete the device enrollment process, they see an HTML clip in the final step that installs the

Apperian application catalog. Alan Murray, Apperian’s SVP of Product, notes that the Apperian-

BoxTone partnership allows both companies to showcase their strengths: Apperian’s core

competencies are based around users and user experience, while BoxTone comes from an

infrastructure standpoint. Murray adds that “Integration with other MDM partners is always a

possibility. We’re definitely on the outlook but it’s the type of thing that doesn’t happen

quickly. You’ve got to trust them and get to know them, feel comfortable with their approach.”

Apperian also announced a new service for AT&T in January 2012 that uses Apperian’s EASE

(Enterprise App Services Environment) platform. Called “AT&T Mobile Application

Management,” the service provides human resource management, sales force/CRM, eCatalogs,

and product promotion applications that can be uploaded and assigned to groups. AT&T

customers can create and secure custom, enterprise applications and deploy them over-the-air

to employee devices. The service is managed through a web-based management portal.

Automatic updates take place after users tap an icon. AT&T Mobile Application Management

is a cloud-based service that supports iOS and Android devices. AT&T officials state that they

may add this offering and capability to MobileIron or McAfee’s platforms to enhance these

solutions.


Most observers agree that MAM is not a replacement for MDM – at least not yet. According to

Sam Liu, VP of Marketing at Partnerpedia, “We can do some device management and we've

seen MDM vendors that also offer MAM-like capabilities. However, there is currently no single

vendor, either in the MDM or the MAM category, who does both well.” Cimarron Buser, VP of

Business Development at Apperian, agrees, noting “Some of our customers have MDM

solutions and may use those for certain devices, which may be company-issued. These same

customers will use the Apperian solution for all employees because they need application

management, which spans the entire population. It’s not an ‘either/or’ scenario.” Buser adds

that the individuals purchasing MDM and MAM solutions are often different individuals with

different sets of needs.

Variety of Delivery Models Allows Customers Greater Choice

While mobile device management has traditionally been offered as an on-premise solution, a

delivery model that remains a significant portion of the MDM installed base, customers are

increasingly evaluating other delivery models as potential options. For example, Jay Cichosz, VP

of Marketing at Wavelink, notes that Wavelink’s installed base is primarily utilizing on-premise

solutions and enterprise customers remain interested in retaining control through on-premise

systems. Nevertheless, Cichosz states that “more new customers are definitely interested in

our SaaS model.” Key benefits of cloud-based solutions are that they offer lower TCO, instant

scalability, faster deployments and upgrades, and lower internal IT personnel costs.

Vendors Adding Cloud to their On-Premise Solution Offerings

Cloud-based offerings are increasingly common among MDM vendors who began with on-

premise solutions. Companies such as MobileIron, Motorola Solutions, SOTI, Tangoe, Wavelink,

and Zenprise have added hosted offerings to their repertoires in the recent past. Executives at

these firms report that the cloud-based segment of their businesses is growing at a rapid rate:

AT&T is utilizing the MobileIron Connected Cloud platform for its cloud-based MDM

offering; AT&T reports that it is gaining “significant traction” and the offering is

expected to do very well.

MobileIron states that customers frequently request demonstrations of its Connected

Cloud offering, introduced in August 2011, adding that between 20-to-30 percent of its

customers have elected to purchase its cloud-based solution.

Motorola Solutions states that, while its cloud base is a smaller percentage of its

existing business, “We definitely see a healthy ramp.” Motorola Solutions predicts that

its cloud-based MDM offering will likely always be a smaller part of its overall business,


based on the company’s history and length of time in the market, but cloud will be a

very important growth engine for the future.

SOTI notes that the majority of its installed base today uses on-premise equipment but

more customers are increasingly asking for SaaS in the cloud. SOTI also supports a SaaS

model with on-premise architecture where customers pay a monthly subscription fee to

support the required number of devices during the time.

Tangoe reports that it has “strong interest” from on-premise customers to move to

Tangoe’s managed offering. Tangoe predicts that pattern will continue through 2012.

Given the strong potential for cloud-based offerings, vendors such as Absolute Software and

McAfee, which currently offer only on-premise MDM solutions, are exploring SaaS-based

offerings. According to McAfee officials, the company is working with a number of partners to

provide a cloud-based offering for its Enterprise Mobility Management solution. McAfee also

plans to develop its own, organic MDM SaaS offering.

Cloud-only Offerings

In contrast to a dual delivery approach, Fiberlink believes that a single delivery model is

preferable. Fiberlink offers only a SaaS-based offering and believes it is the only “true” multi-

tenant cloud-based architecture for MDM. Jonathan Dale, Product Marketing Manager at

Fiberlink, states that customers can scale to an unlimited number of devices. When customers

enroll in Fiberlink’s MaaS360 offering, Fiberlink carves out a tenant and creates a billing account

in the background, tying each account into Salesforce and Fiberlink’s internal billing and finance

systems, as well as assigning the customer rights and responsibilities.

Fiberlink’s Dale cautions that trying to keep up with the pace of change with different delivery

models across multiple device types is too challenging to do well. Dale argues that vendors

who offer both approaches need to make code changes across their on-premise services, as

well as a different set of code changes across their cloud-based platform. Fiberlink adopted its

cloud-based approach in 2007 and has “never wavered from this vision or execution.”


Mformation also offers a single delivery vehicle – off-

premise – and is unusual in the industry due to its

model of selling via managed service providers (MSPs)

and communications service providers (CSPs), and not

directly to the enterprise. Mformation believes that,

while MSPs and CSPs are a smaller percentage of the

market today, these channels will only increase as the

market develops and matures. Mformation also

predicts that the MDM market will continue to follow a

more general IT trend and increasingly shift from on-

premise to cloud-based solutions. According to Rob

Dalgety, Director of Marketing at Mformation, “The

only question is: How quickly will it move?”

On-Premise Only Offerings

Good Technology is unique in discontinuing its

CloudSync MDM offering at a time when the general

market is rushing toward cloud anything. Good

currently offers its on-premise Good for Enterprise and

Good for Government as the company’s primary

solutions for mobile security and management. Good

believes that delivering end-to-end security with

consistent, government-grade data encryption across

all of the platforms and devices it supports requires an

on-premise solution with a footprint behind the

corporate firewall and on the device itself, particularly

when the “business” apps and data being accessed are

based on on-premise systems. John Herrema, Good’s

SVP of Corporate Strategy, points out that Good does

have a cloud component – Good’s Network Operations

Center, which facilitates secure connectivity without

having to open up holes to the firewall – and that its

Good Dynamics mobile apps framework supports both

“on-premise” and “cloud” apps. However, Herrema

notes that when it comes to consistently securing data

and apps that are based on on-premise systems (e.g.,

an on-premise Exchange server or an Intranet server),

Good must do so at the end-points to avoid “man-in-

Mformation Highlights Cloud

Security

Mformation takes cloud security

seriously and protects data in transit

using SSL.

While native data at rest is OS

dependent, Mformation has fully

integrated partners that handle both

individual application wrapping (fine-

grained container) and containers

(course-grained container) that

protect data at rest.

For access authentication and

authorization, Mformation’s security

service is implemented on the

concept of Access Control Lists (roles)

after user name and password

credentials are successfully met.


the-middle” and other security issues.

Cloud Solutions through Partnerships

Another approach to cloud-based MDM being taken by

some vendors is to offer cloud-based solutions through

partners. Zenprise, for example, built MobileManager

to be a partner offering and is currently working with

partners to market and sell Zencloud. McAfee is

currently offering Enterprise Mobility Management

(EMM) as an on-premise solution but will launch EMM

as a cloud service in 2012, both through McAfee’s

partners and as an organic offering from McAfee.

SAP is also working with partners to provide a cloud-

based MDM solution. SAP has historically offered

Afaria as an on-premise solution, something it

continues to do today. As more customers request

cloud-based offerings, SAP wanted to ensure it could

meet those needs. Recognizing partner strengths in

cloud-based infrastructure, SAP announced an

agreement for cloud-based MDM on Afaria with

Verizon in May 2011. SAP subsequently added

partnerships with Accenture, Orange Business Services

(a division of France Telecom), and Dutch company

VeliQ (formerly known as VeiligMobiel). SAP

specifically chose firms with deep, cloud-based

experience.

Russell Fry, Senior Director and Mobility Solution

Executive at SAP, sounds a cautionary tone when

discussing cloud-based approaches to enterprise

mobility management. While the cloud is very “trendy”

and the long-term prospects for SaaS are “exciting,” Fry

notes that mobility solutions are increasingly

connected into back-end systems and services,

including different corporate directories, LDAP, and

certificate authorities – and not just a BES or messaging

server. According to Fry, “As customers create these

more passionate back-ends, they're asking for a lot of

SAP Offers Cloud-based

Afaria with Key Partner

Offerings

SAP is offering cloud-based MDM

through partnerships with four key

partners:

Accenture

Orange Business Services

VeliQ

Verizon

Partners use Afaria as the

underlying platform and have built

their own front-end user interface

on top of Afaria, providing a cloud-

based portal for customers who

want cloud-based Afaria.

SAP’s partners all utilize the same

technology, implementation, and

look and feel for their solutions,

although they package and sell

their offerings differently.

SAP states that it has seen a large

interest in cloud-based solutions,

especially from its customers in

EMEA. Smaller companies, in

particular, like the payment

structure afforded by cloud-based

offerings.


firewall rules to take place, a lot of traversing down

from the clouds, down into the DMZ, typically into

multiple, one-way ports or firewalls, having that data

analyzed, and then creating a return trip. We have

interdependencies on the communication protocols

between the platforms. We can't re-write ActiveSync

to behave faster and have lower latencies. We do see

things improving, but the cloud is not perfect yet. We

all need to be aware – our customers included – of the

interdependencies of these back-end systems and

connection points that can complicate what a cloud

feature will look like.”

Choice is Critical

Increasingly, the emphasis for MDM vendors is on

choice and allowing customers to decide the best fit to

meet their needs. Peter Cannon, Senior Product

Manager at Wavelink, acknowledges that Android and

iOS platforms are well suited for the cloud and typically

offered by vendors who are new to the market. At the

same time, choice is important for those companies

and industries that are highly security conscious and do

not want to have mobile devices “speaking over an

open Internet, even if it is encrypted and controlled.”

Cannon foresees Wavelink continuing with both

approaches but cautions that the company’s SaaS

solution is usually an entry point for customers, adding

that, “As customers grow and become more

sophisticated, many will chose to bring the system

behind their firewall anyway.”

Motorola Solutions also believes that delivery choice is

key. Motorola Solutions’ MSP platform is available as

an on-premise offering, as well as through the

company’s large and growing Advanced Services

organization. According to Kevin Goulet, Motorola

Solutions’ Senior Director of Strategy and Product

Management, “The beauty of having our product both

Zenprise’s Evolution from On-Premise to the Cloud

Like many MDM vendors, Zenprise initially offered its mobile device management software as an on-premise solution. In July 2011, Zenprise released Zencloud as an alternative to its on-premise MobileManager solution. Zencloud is a multi-tenant solution that logically separates customer information. According to Ahmed Datoo, Zenprise’s CMO, “Any issues with corruption would only impact a single customer’s data, not the entire customer population.”

Zenprise puts cloud-related databases with sensitive information behind the DMZ so that critical information is not accessed via the public Internet.

LDAP information is also kept out of the DMZ in Zenprise configurations, and Zenprise does not sync LDAP data to the cloud.

Zenprise describes its security policies as end-to-end, providing device, network, application & data security.

Using a combination of public, private and hybrid clouds, Zenprise sold a 40,000 seat hybrid cloud contract in late 2011 to a customer integrating its existing on-premise resources into the

cloud.


ways is that customers have choice. Some customers want certain parts of their infrastructure

owned and operated for a certain geographic area, while others want it hosted. Regardless of

what the customer likes, we can provide it to them either way, either on a pay-per-use basis or

on an owned and operated basis.”

Jayaraman Raghuraman (“Raghu”), VP of Americas at Endeavour Software Technologies, a

mobile and enterprise application development firm, also believes that offering customers an

on-premise and cloud-based solution is critical, going so far as to predict that MDM providers

who do not offer both delivery models are likely to fail. Why? “There are still customers that

don't want to allow other companies to manage their infrastructure because of the importance

of mobile device security, particularly in industries such as banking and insurance. For at least

the next two years, the ability to offer on-premise will still be a need.”

Transition Challenges from On-Premise to Cloud Architectures

Some argue that pivoting from an on-premise architecture to a cloud-based architecture is

difficult, if not impossible. Alan Murray, SVP of Product at Apperian, argues that companies

that have built their products with an on-premise state-of-mind, on-premise engineers, and on-

premise delivery models will find it difficult to pivot their technology and will essentially need

to re-build. Murray adds that competitors who move from one deployment model to another

face “an incredibly expensive period, and a period of slower growth and innovation.”

Alan Dabbiere, Chairman at AirWatch, echoes these sentiments, stating that vendors who try to

move from single-tenant, on-premise solutions to a multi-tenant SaaS architecture are doing a

“re-write.” Dabbiere warns that many vendors who claim to do multi-tenancy are really just

standing up separate instances of the software for each customer, adding “As these companies

continue to scale, their success becomes their undoing and they implode under the weight of

their own success.”

Officials at Mformation also concur. Rob Dalgety, Mformation’s Marketing Director, states that

there are multiple key factors – tenancy, device support requirements, the need to support

many in- and out-bound transactions, a different approach to integration with Exchange Active

Directory, database partitioning, application delivery at scale, and API support – that can be

substantially different in cloud versus on-premise environments. For example, Dalgety notes

that a large MSP deployment may need to support hundreds if not thousands of concurrent

enterprise administrators – a significantly larger number than the typical user load in behind-

the-firewall solutions.

Others argue that the transition from on-premise to a hosted platform is not difficult, at least

not for firms who architected their solutions in such a way as to anticipate such a transition.

Tim Williams, Director of Product Management at Absolute Software, notes that his firm “has


“Moving from a single-tenant code

base to multi-tenancy is not

impossible, but it is also non-trivial,

represents real work, and requires a

different mindset. It takes time,

energy, and the right talent.” Senior

Mobile Security Official at McAfee

been offering a SaaS-based solution with Computrace since the 1990s, so SaaS is not new to us.

Moving Absolute Manage MDM to the cloud is just a matter of integrating technologies that we

already have. It's simply a matter of converging our products in a way that makes the

capabilities of our cloud solutions available on-premise and our premise-based solutions

available in the cloud. That's part of our plan and our strategy.”

Officials at Wavelink state that they build products to please customers, not just to make a

product announcement or to impress venture capitalists. According to Peter Cannon, Senior

Product Manager at Wavelink, “Moving from a single tenant, on-premise solution to multi-

tenancy is something we’ve been hard at work on for the past few years. Our architecture was

built in such a way as to make the transition to multi-tenancy more conducive than others. A

lot depends on how much you've painted yourself into a corner with technology choices in the

past. We are fortunate to have a good, solid architecture to begin with and strong engineering

to help us make that transition.” Wavelink does express skepticism about the possibility of

newer entrants making this transition, however.

Syclo is another MDM provider who believes that moving from an on-premise solution to a

cloud-based solution is not difficult. According to Joe Granda, Syclo’s EVP of Marketing, “It’s

more difficult to go the other way. Why? On-premise providers know how to implement the

solution and are just putting the solution into a different server farm that’s in a hosted

environment. In contrast, SaaS providers do not have

a vehicle – such as a professional services team or

partnerships with global service providers – to deliver

on-premise solutions.” Granda believes that SaaS

environments are consistent and monolithic with few

changes, unlike on-premise environments, which are

“accustomed to a wider range of challenges.”

A senior mobile security official at McAfee takes the

middle road between these two views, noting that

moving from a single-tenant code base to multi-tenancy is not impossible, but it is also “non-

trivial,” represents “real work,” and requires a different mindset. It takes “time, energy, and

the right talent.” Ahmed Datoo, CMO at Zenprise, agrees, noting that companies that

architected their solutions using an on-premise model are now “struggling” as they transition to

cloud-based models but, with time, will eventually reach their goals.

Table 8 provides a detailed description of the delivery options offered by the mobile device

management vendors profiled in this study.


Table 8: Mobile Device Management Vendor Delivery Options

Vendor On-Premise SaaS Other

Absolute Software

Absolute Manage MDM is offered only as an on-premise solution today. Key features include application management; security, change & configuration management; automated patch; computer imaging; asset inventory; and power management.

Absolute Software does not offer a SaaS-based MDM solution currently but is evaluating this as an offering. Absolute Software has been providing a SaaS-based solution with Computrace since the 1990s and states that “SaaS is not new to us … it just requires integration of existing technologies.”

NA

AirWatch Software is deployed behind the corporate firewall (perpetual licensing per device up to 100,000+ devices with implementation services and support included). AirWatch’s on-premise model is available with annual maintenance and support at 20% of license fees. Approximately 20% of AirWatch revenues are from on-premise sales.

Supports 100,000+ devices through its 24x7 NOC with standard SLA of > 99.9% uptime. Approximately 70% of AirWatch revenues are from SaaS deployments.

AirWatch offers an Appliance in which perpetual licenses are sold to small-to-medium sized organizations with fewer than 5,000 devices. Maintenance and support is included for the first year and available at 20% of license fees starting in the second year. Roughly 10% of AirWatch revenues are from Appliance sales.

AT&T AT&T offers on-premise solutions through its partnerships with Good Technology, McAfee and MobileIron. McAfee’s EMM from AT&T is only available to customers with an AT&T business or government agreement and a Foundation account number.

AT&T offers hosted offerings through its partnership with MobileIron, utilizing MobileIron’s multi-tenant Connected Cloud solution. AT&T will provide support to hosted customers depending on the scale of deployment. Support will include a 3-tiered offering, from light support to fully administered support.

NA

BoxTone BoxTone’s on-premise Enterprise Mobility Management platform leverages BoxTone’s history in systems and application performance management and includes device management, support management and operations management.

BoxTone offers its solution in a private cloud only (not public cloud). Customers can deploy BoxTone on their own private cloud or through a private cloud provider (such as CSC, Dell, Fujitsu, HP, or Xerox/ACS). BoxTone has no plans to compete against low-end SaaS vendors such as Fiberlink and AirWatch but instead targets “industrial strength, mission-critical” deployments to F2500 businesses and government agencies.

NA


Table 8: Mobile Device Management Vendor Delivery Options (continued)


Fiberlink NA MaaS360 is a subscription service that includes on-demand access, upgrades, maintenance, and 24x7 support.

NA

Good Technology

Good is best known for its container approach to MDM, which builds policy controls into the solution and allows IT policy, not end-users, to govern the behavior and ultimate control of applications. Good believes that by controlling data and not devices, it is solving the crux of enterprise data leakage concerns while still protecting the user experience.

Good has discontinued its CloudSync offering, believing that delivery of its end-to-end application securely, with end-to-end encryption, requires a footprint behind the customer’s firewall. Good’s Network Operations Center facilitates secure connectivity without “opening up holes” in the firewall.

NA

McAfee Enterprise Mobility Management (EMM) provides device management (iOS, Android, Windows Phone 7, BlackBerry); audit & compliance service; device agents; and ePO integration. AT&T offers EMM to its customers.

McAfee does not offer EMM as a SaaS-based offering currently. McAfee is working with several partners, and internally, to offer this capability and is expected to announce offerings in 2012.

NA

Mformation NA Mformation provides its Enterprise Manager hosted solution exclusively to MSPs and CSPs. Mformation Enterprise Manager can support large-scale deployments (hundreds of millions of devices), transactions (millions/day) and tenants/enterprises on a single platform instance.

NA




MobileIron MobileIron offers VSP as its on-premise solution. Key components of VSP include Advanced Management: multi-platform support (iOS, Android, BlackBerry, Windows); monitoring and reporting (Atlas); application management; email access control (Sentry); advanced security; enterprise privacy; lost phone recovery; administration; and enterprise integration; Mobile Activity Intelligence: visibility and reporting, privacy policies, real-time roaming controls, exception and abuse control, and event center (alert triggers). MyPhone@Work: Usage visibility; app discovery; self-service.

Connected Cloud is MobileIron’s SaaS service and provides the same VSP features and functionality without installing a server in a data center. MobileIron states that Connected Cloud can be fully integrated and operational in less than an hour. MobileIron currently supports iOS and Android on Connected Cloud and expects to offer support for BlackBerry and MobileIron Sentry in 2012. In November 2011, MobileIron announced the opening of an Australian datacenter for Connected Cloud, from which it will support customers from various Australian and New Zealand verticals, including automotive, high technology, healthcare and government.

MobileIron offers perpetual licenses with an additional annual support fee, as well as a monthly subscription that includes support.

Motorola Solutions

MSP4, announced in January 2012, is Motorola Solutions’ latest update to its MDM offering. Key features include a single management interface for multi-OS support of enterprise and BYOD devices, self-enrollment, configuration & application management, remote OTA control, remote lock/wipe, enhanced security with AE256 encryption and centrally-managed keys, forced updates, and application white lists.

Motorola Solutions offers MSP as a managed, hosted solution through its “significantly sized and increasingly growing” Advanced Services organization.

NA




SAP SAP’s Afaria offering is an on-premise solution that was developed in the early 1990s, providing the company with “a great deal of experience in this space.” SAP plans to update Afaria’s user interface in Q1 2012. Key features include policy management and enforcement, asset tracking, enterprise-grade security, OTA application delivery and client-side application portal, and secure email through TouchDown.

SAP offers hosted Afaria through partnerships with Accenture, Orange Business Services, VeliQ, and Verizon. Verizon became the first company to sign an agreement to sell SAP’s cloud-based Afaria when it extended an existing agreement in place with SAP in May 2011. This initiative is part of SAP’s Managed Mobility Offering (MMO), which is comprised of a team solely focused on service providers, the cloud and multi-domain software instances that have provided additional capabilities to Afaria for greater scale and concurrent sessions. SAP expects more vendors to utilize its cloud-based capabilities to white label their brands for end-user customers.

SAP offers an appliance model for Afaria for Proof

of Concept customers. Developed in Q4 2011, this

appliance provides a behind-the-firewall

solution for PoC customers.

SOTI MobiControl on-premise provides asset management and CRM, diagnostics, alerts and reporting, data sync, device provisioning, help desk tools, advanced security (user/hardware authentication, data encryption/process run control, kiosk mode operation), and location services.

MobiControl Cloud is hosted in the cloud by SOTI and is a turnkey solution with no hardware or infrastructure costs. Customers can increase deployments as needed without adding additional servers. SOTI targets enterprises that want to start a pilot quickly without dedicated resources and SMBs who want to minimize server and software maintenance costs.

SaaS with in-premise architecture allows customers to purchase perpetual and transferrable software licenses. Servers can be installed in the DMZ. Solution can be installed on a virtual machine. SOTI targets security conscious customers and enterprises with data centers.

Syclo Syclo includes Agentry MDM at no additional cost to customers who purchase its MEAP product. Key MDM functionality includes multi-OS platform support, security, management and analytics, connectivity, and integration.

Syclo typically provides Agentry in the cloud through partners, including CSC, IBM, and West Interactive, who deploy Agentry on Syclo’s behalf. Some partners re-label Agentry as their own, while others promote it as Syclo’s offering.

NA




Tangoe Tangoe’s on-premise MDM solution includes real-time security and compliance services, application management, management through a central console, help desk support, and device recycling.

Tangoe offers a multi-tenant, hosted solution, segregating customer data to meet security compliance requirements. Tangoe’s MDM databases are built on SQL Server 2008, and all communications are handled over SSL with authentication handled directly by the enterprise’s corporate directory. Tangoe states that it has developed specialized components that allow its hosted solution to integrate with customers’ internal resources. Tangoe operates its cloud services from its SAS70-certified data centers using SCEP servers.

Tangoe offers site hosting at customer sites, remotely managing all servers; partial hosting (Tangoe hosts the customer’s Domino BES server and MDM solution while the customer’s Domino email server stays onsite), and full hosting (Tangoe hosts the entire mobile infrastructure, including Exchange or Domino email servers).

Wavelink Avalanche is Wavelink’s on-premise MDM solution. Available as Site Edition (SE) for organizations that do not require wireless infrastructure management or a distributed server architecture. SE is designed to install quickly and easily. It supports multiple consoles but must perform a migration to Avalanche MC to run in a distributed model. Avalanche is also available as Mobility Center (MC), which includes the ability to deploy in a centralized or distributed model. Can install on different servers.

Avalanche On Demand is targeted at wireless enterprises and offers multi-tenancy to support hosted solutions, including SaaS and managed services. Includes support for new firmware and devices, along with additional language support.

Managed Services is a hosted solution in

which all of the administration and

system management are done by Wavelink,

including daily monitoring and

management of mobile device inventory and

alerts.

Zenprise MobileManager provides configuration management, provisioning, security that places Zenprise databases behind the DMZ, remote user support, monitoring, and de-commissioning of inactive devices.

Zencloud offers a multi-tenant offering that can run as a public, private, or hybrid cloud. The hybrid configuration requires Zenprise’s Secure Mobile Gateway for perimeter security; the ability to block unmanaged devices, users, and blacklisted applications; and the creation of rules to allow specific devices and OSs onto the corporate network. Zenprise cloud offerings are supported from data centers in the US, Europe and Asia and include a 100% SLA, including service credits for every minute of customer downtime as a result of an outage.

NA


Mobile Device Management Pricing Comparisons

MDM pricing is generally done on a per device, per month basis for SaaS models and a per

device basis for on-premise configurations. Perpetual pricing is typically a cost per device,

along with an annual maintenance charge of approximately 20 percent of the license fees

beginning in the second year. Appliance pricing usually includes a one-time hardware purchase

and some number of licenses. Optional hardware and services may also be available.

Pricing varies depending on the volume of licenses purchased, the type of licenses acquired

(premium versus standard), and customer status – discounts are typically offered to

educational institutions and non-profit companies. Discounts are also provided for longer term

duration contracts and large volume contracts.

While not all vendors were willing to divulge their MDM pricing, many were. Moreover, some

vendors shared that they continue to closely monitor per user pricing, as well as maintenance

and support pricing, to ensure they remain competitive in the crowded MDM market.

Table 9 provides available pricing details on vendors' on-premise, SaaS and appliance offerings.


Table 9: Mobile Device Management Vendor Pricing Models

Vendor Description

Absolute Software

Absolute Software offers two pricing models: term and perpetual. A 1-year subscription for standalone Absolute Manage MDM is US$11.95/user (list), and a perpetual license is $21/user plus $4.20/user/year for maintenance (list). Absolute Software offers volume and multiple-term subscription discounts. Education customers also receive “significant” discounts.

AirWatch AirWatch offers three pricing and delivery models: SaaS, on-premise and appliance. Pricing for SaaS is $3/device/month with software maintenance and support included. Optional components that can be added include remote control subscription ($.75/device), secure email gateway subscription ($.75/device), secure email gateway hardware ($6,500), basic service pack ($2,000), advanced service pack ($5,000), and enterprise service pack ($10,000). On-premise pricing is $40/device (one-time fee), annual software maintenance and support (20% of license fees), and basic service pack ($2,000). Optional components include remote control license ($10/device), secure email gateway license ($10/device), secure email gateway hardware ($6,500), advanced service pack ($5,000), and enterprise service pack ($10,000). Appliance pricing is hardware, including a 1-year warranty ($6,500), 50 perpetual licenses (included), annual software maintenance and support (20% of license fees starting in second year; first year is included), and basic service pack ($2,000). Optional components include perpetual license ($40/device), remote control license ($10/device), secure email gateway license ($10/device), secure email gateway hardware ($6,500), advanced service pack ($5,000), and enterprise service pack ($10,000). AirWatch offers additional discounts to education and non-profit customers, as well as volume-based discounts.

AT&T AT&T is partnering with MDM vendors Good Technology, McAfee and MobileIron and offers on-premise solutions from all three, as well as MobileIron’s Connected Cloud SaaS offering. Customers that purchase on-premise solutions purchase the equipment for a one-time cost and pay a monthly fee per user or a slightly lower annual license/user. The cost includes both the technology and support. Pricing for McAfee’s EMM on-premise solution through AT&T is: $5.99/seat/month for 50-1,000 active seats; $4.99/seat/month for 1,001 – 10,000 active seats; and $3.99/seat/month for 10,000+ active seats. AT&T is finalizing support pricing for its hosted solution; the price range from “light” to “full” is expected to be $.75 - $5/user/month.

BoxTone BoxTone software is priced per module per device and starts at $35 perpetual per module or $3 per month subscription.

Fiberlink Fiberlink offers a 30-day free evaluation trial. Thereafter, pricing for enterprise accounts is based on the number of devices managed on the MaaS360 platform each month, with rates between $4 - $6/user/month. Customers may alternately elect to purchase user-based pricing that includes an unlimited number of managed devices per user for a flat fee of $10/month. Pricing under both models is all inclusive - Fiberlink does not charge additional fees for activation, installation, maintenance, upgrades, or support. All customers receive 24x7x365 live support with their subscriptions.

Good Technology Both the iOS and Android versions of Good for Enterprise start at a list price of $159/device and include a one-time server access license of $1500. Basic support costs $20-$35/device/year. Volume discounts are available using the same processes and approval levels as the current Good for Enterprise model.

McAfee McAfee declined to provide pricing for this study.


Table 9: Mobile Device Management Vendor Pricing Models (continued)

Vendor Description

Mformation Mformation offers both perpetual and term license models, depending upon the delivery and sell-through scenario.

MobileIron MobileIron offers perpetual licenses with an additional annual support fee, as well as a monthly subscription that includes support. Additionally, MobileIron offers an on-premise solution and a subscription-based SaaS service (Connected Cloud). Pricing for both the on-premise and SaaS models is $4/user/month. Perpetual licenses are $75/device with a 20% annual maintenance fee; support pricing is the same for both on-premise and SaaS configurations.

Motorola Solutions

Motorola Solutions does not provide product pricing but states that pricing for both MSP on-premise and SaaS-based offerings is “very competitive.”

SAP SAP does not provide product pricing. SAP SaaS partner The Principal Consulting , Inc. (TPC) advertises Afaria OnDemand for $4/device/month with no upfront license purchase required. TPC states that its Rapid Deployment Solution is available for Production in 1.5 weeks.

SOTI SOTI’s MobiControl product is available as an on-premise solution, a SaaS solution, and a SaaS model with on-premise architecture. Pricing for on-premise is $66 for “premium” licenses (those supporting advanced MDM features for rugged devices running Windows Mobile/CE) and $33 for Android and iOS licenses. SOTI offers volume discounts starting at 200 licenses and site licensing is available for deployments over 10,000 licenses. There are no server costs, only a cost per device license. SOTI’s SaaS list pricing is $3/device/month.

Syclo Syclo declined to provide pricing information for this study. Tangoe Tangoe does not provide specific pricing but notes that its pricing is flexible—by device and

by user—and is designed to maximize customer ROI and value.

Wavelink Avalanche is priced at $50 per device for on-premise and $4.50 per month for SaaS deployments.

Zenprise Zenprise on-premise pricing starts at $4/device/month via a subscription model with discounts for term duration and volume. Zencloud pricing starts at $4.75/device/ month with discounts for term duration and volume. Zenprise Mobile DLP starts at $2.50 and $3.00/device/month for on-premise and cloud, respectively.


Increased Security Concerns Drive Greater

Interest in MDM Solutions

CIOs, CISOs and other IT executives cite security

concerns as a primary reason for evaluating and

selecting MDM solutions. As growing numbers of

employees bring their personal mobile devices to work,

there are security implications in terms of device

management, information management, and file

management, as well as issues of overall information

security and integrity if an employee leaves the

organization. Because of the large influx of personal

devices coming into the work place, IT departments are

finding it difficult to enforce policies on employee-

owned devices in the same way they enforced policies

on corporate-owned devices.

Stepping back and viewing the situation in relation to

computing platforms over the past decade, mobile

security is still considered to be in its infancy. Whereas

operating systems in the past evolved slowly and

predictably and were dominated by Windows, the

environment today is one of numerous mobile

operating systems, along with physical device

platforms from dozens of manufacturers. While

vendors are racing to respond to enterprise demands

for mobile security, the sheer complexity of the mobile

environment has made progress challenging for the

industry as a whole.

Nowhere is security a higher priority than in highly

regulated industries. Alan Arenas-Grube, Practice

Manager for Mobility at Paragon Development

Systems, hears frequently from his health care clients

about security and compliance concerns, including both

patient privacy and HIPAA compliance, as well as

ensuring that corporate data remains within the

organization when an employee leaves. Arenas-Grube

maintains that mobile devices are “completely end-

McAfee’s Three Pillars of

Mobile Security

McAfee officials believe there are

three key components to a robust

mobile security solution:

Device Protection: Includes data and

device protection using MDM

software, anti-malware protection

and Web protection.

Data Protection: Includes protecting

sensitive enterprise data by

preventing data leakage, utilizing anti-

theft and loss features and

maintaining strict separation of

personal and business information.

Application Protection: Involves

protecting users from rogue and

malicious applications.

For details on McAfee’s offerings in

each category, please see the McAfee

profile at the end of this study.


user focused, making it very difficult for enterprises

because they are used to ruling with an iron fist.” The

plethora of devices coming into corporate

environments has led to security breaches, such as

physicians working in two different hospitals who may

connect data between the organizations through their

own personal devices. In most instances, Arenas-

Grube believes these scenarios are unintentional, not

malicious. Still, security remains a key concern for

health care IT managers, as well as other highly

regulated industries, such as financial services and

government/defense.

Tim Williams, Director of Product Management at

Absolute Software, notes that one of the trends

Absolute Software is seeing today is that MDM has

accelerated the convergence between end-point

management and end-point security. While security

has always been a concern with client management, it

now leads the conversation in discussions around

mobile device management. Williams adds that the

shift from tight IT control in the past to BYOD

environments today is causing organizations to view

their security priorities differently. Notes Williams,

“While companies used to have a device perimeter

that was bounded by the company network, now they

have a data perimeter that doesn't really have any

boundaries at all because IT doesn't own the devices.

In addition, IT doesn't own the networks when users

are on 3G or 4G networks.” As a result, IT managers

increasingly view security as delivering a service or

delivering access, while still maintaining control of the

data.

MDM vendors are increasingly offering customers the

ability to put documents in secure settings with no

ability to forward, cut/copy/paste or view the

information offline. AirWatch, for example,

implemented Secure Content Locker on its MDM

Absolute Software Provides Secure Document Access and Control through AbsoluteSafe

One example of secure document management is that of Absolute Software’s support for a federal government customer who reviews classified documents in closed-door meetings.

The customer, who also has a paper-free initiative, wanted access to the same information on iPads that they have to classified paper documents, while maintaining the same degree of control.

With its AbsoluteSafe product, Absolute Software can assign classified documents with a scheduled time window that coincides with the meeting.

Appropriate devices that will be participating in the meeting have sole access to the documents. At the end of the scheduled time window, the document is automatically deleted from all devices.

Additionally, Absolute Software can turn off the ability of participants to take a screen capture of the information.

A persistent connection is not required to delete documents.


platform as a secure venue for files and email attachments that customers and employees can

access but not compromise. AirWatch has full data loss prevention capabilities for each

document and can even restrict access to view-only mode from the server – when the user logs

off, the document is gone, since it was never downloaded to the user’s device initially.

AirWatch Chairman Alan Dabbiere notes that investment banks have shown keen interest in

these capabilities so that they can restrict dissemination of their research on stocks and other

investments.

Container Approach to Mobile Security

One approach some MDM vendors have taken in addressing security concerns around mobile

data is to adopt a container architecture. Good Technology is perhaps most closely associated

with the container approach and uses this architecture as a way of ensuring consistent security

across all platforms and devices (e.g., by enabling end-to-end data encryption even in cases

where the device itself does not support this) and by controlling the behavior of “business”

applications to prevent data loss to other “personal” apps and services, particularly in BYOD

environments where users may download applications that blur the line between business and

personal use, such as Dropbox, Box.net, Keynote, and Evernote. Good for Enterprise encrypts

data from the corporate server and allows IT to define policies that determine the extent to

which the data may be shared with other IT-approved apps.

According to John Herrema, Good’s SVP for Corporate Strategy, Good’s applications, and those

based on Good Dynamics, have policy controls built into them, permitting customers to allow or

disallow specific policies, such as cut/copy/paste into or out of applications, the opening of

attachments or documents in certain applications, and address book synchronization. Herrema

notes that Good’s strategy of having policy controls built into the applications themselves

makes a significant difference and is the only way for customers to truly prevent data loss and

leakage, especially in a BYOD world where the user expects to be able to use whatever

“personal” apps and services appeal to that user and to do so without IT policy or privacy

interference based on “blacklisting” or similar techniques. Alan Arenas-Grube, Mobility

Practice Manager at Paragon Development Systems, agrees, adding that, “Delivering

documents using a containerized approach is the most secure approach.”

AT&T’s October 2011 launch of Toggle also represents a containerized approach. Toggle is a

BYOD solution that provides basic MDM functionality (lock, wipe, locate, inventory, track),

separating the device into two separate and distinct personas. Users can “toggle” by clicking on

the shortcut on the home screen and quickly move from one container to the other. AT&T

officials responsible for MDM offerings state that Toggle is an MDM compliment rather than

traditional MDM, working toward AT&T’s goal of OS agnosticism and integration with other


AT&T Advanced Mobility Solutions products, most

notably MDM and MEAP. Toggle runs on Enterproid’s

Divide platform.

There are several key differences between Enterproid’s

container approach and Good Technology’s approach.

First, Good is on-premise while Enterproid is cloud-

based. Second, Enterproid only allows IT

administrators to see what is in the container, not the

entire device, while IT administrators for Good can see

across both personal and business applications.

Zenprise also uses a container for secure file sharing in

which IT managers can specify, on a document-by-

document basis, whether to allow a user to download a

document into Zenprise’s secure container. For

companies who are “extra paranoid” about security,

Ahmed Datoo, Zenprise’s CMO, explains that users can

be restricted to only viewing the document via a

network connection, and never actually downloading it.

If the user downloads a document into Zenprise's

secure container, Zenprise also has the ability to do a

selective wipe so that if a user leaves the company and

had viewed the document on their personal device,

Zenprise can remove all of the corporate documents

from their device.

Platform versus Container Approach

One of the principal differences between MDM

offerings is whether the systems are based on a

platform approach or a container approach. Key

differences include:

Platform Approach: This category of vendors

includes companies that manage the device all

the way down to the operating system level.

Vendors in this category work closely with

hardware manufacturers, including handset and

tablet manufacturers, to ensure they have

Enterproid’s Divide

Enterproid’s Divide platform offers

two portals:

Divide Manager is similar to a

MDM console and allows the IT

administrator to see the entire

universe of devices connecting to the

IT environment but only provides

visibility into the corporate container.

My Divide is an employee

portal that allows users to wipe the

entire device, including the corporate

container.

Why does Enterproid give users so

much control?

Enterproid believes that companies

can achieve desired cost savings and

scale by leveraging the devices

employees have already purchased

and are using on a daily basis.

Even if employees wipe their entire

device, the corporate data itself is not

lost because it resides on the

organization’s servers or on the

applications themselves.


access to the APIs into which their systems will connect. Companies in this grouping

also tend to stress the fact that their customers enjoy a “native” user experience, which

allows end-users to utilize their mobile phone’s user interface, for example.

Container Approach: As the name implies, sensitive information is put into a

“container” or sandbox and managed within that container. Typically, personal data in a

BYOD environment is kept out of the container so that any wipe of corporate data is

clean and does not disturb personal information, a key legal consideration for many

firms.

Table 10 highlights MDM vendors utilizing a platform approach, a container approach, or both.

Table 10: Vendor Approaches to Mobility Management: Platform versus Container Vendor Platform Container

Absolute Software ●

AirWatch ● ● (Secure Content Locker)

AT&T ● ● (Partnership with Good)

BoxTone ● ● (Partnership with Good)

Fiberlink ● ● (Secure Document Sharing)

Good Technology ●

McAfee ●

Mformation ● ● (Through partners)

MobileIron ●

Motorola Solutions ●

SAP ●

SOTI ●

Syclo ●

Tangoe ●

Wavelink ●

Zenprise ● ●

Mobile Application Security in Enterprise BYOD Environments

There is tension in BYOD environments between who decides whether applications are

acceptable in a corporate setting. Do users get to decide? Or IT managers? While applications

may not inherently be malicious or considered malware, certain applications may be more

appropriate in personal environments than on corporate networks, particularly from a security

and compliance standpoint. For example, if a healthcare worker transfers patient information

to Dropbox, there are immediate security and compliance issues associated with this action,


and no amount of device wipe, encryption or

password-level security will prevent data loss and

leakage.

With the proliferation of applications and the

increasing reach of mobile devices, access to back-end

systems from mobile devices has led some companies

to impose restrictions on applications and devices.

Kelly Ungs, Senior Director of Channel Sales at

Wavelink, notes that, while the “Internet lingo around

app stores sounds really great and is a really cool story

to tell,” in reality, most customers rolling out mobility

today are not getting their applications from public

application stores. Instead, companies are closely

controlling their applications and making sure they are

configured in a specific way, ensuring that users have

the correct versions and levels of applications on their

devices. Otherwise, companies will not grant access to

their critical back-end systems.

In addition to security concerns surrounding BYOD,

many CIOs also have ongoing concerns about security

with cloud-based MDM solutions. While IT executives

appreciate the choice between on-premise and hosted

solutions, concerns linger about co-mingling data, loss

of transparency and control, and the difficulty of

guaranteeing regulatory compliance when data is

moved to the cloud. Large enterprises and companies

in highly-regulated industries are especially wary of

moving their on-premise data to a cloud-based

infrastructure. According to Alison Welch George,

Senior Business Development Manager at SAP, “Larger

companies want to remain on-premise; cloud-based

solutions are still a very nervous thing for them.”

Wavelink Stresses

Importance of Controlled

Application Rollouts

Officials at Wavelink report that most

of their customers prefer to deploy

and manage specific applications,

such as applications related to ERP or

field service management, that are

integrated with back-end systems.

As a result, Wavelink customers

generally obtain their applications,

create the specific configurations they

want their employees to run on

mobile devices, ensure they have the

correct versions and levels of

applications on the devices, and

conduct a managed deployment.

It is a very closely controlled process

to ensure the applications are secure

and are doing what they are intended

to do as they integrate into complex

back-end systems such as SAP and

Oracle databases.


“We might consider cloud-based

MDM in the future but security is and

will remain our greatest concern in

terms of the ability to consume data

inside the firewall from some other

platform outside the firewall.”

Stewart Hubbard, VP of Technology

Operations, Coldwater Creek

Brian Reed, Chief Marketing Officer at BoxTone, agrees, citing several examples of prominent

cloud-based MDM vendors with lackluster data security. Reed described a demonstration of a

man-in-the-middle attack on a mobile device that was corrupted and hijacked during a leading

industry trade show, even though it was running MDM software. Reed notes “There are some

real issues with amateur hour in the cloud.” He adds that, “With regulated industries, there are

many audits to ensure that the software is defensible

and security is architected, but there remain many

insecurities and improper designs in the market

today.” With its regulated industry focus, BoxTone

offers hosting in private clouds, as well as on-premise

solutions.

Crystal Wong Kruger, Senior Manager for Business

Development at SOTI, agrees that there are security

concerns around cloud-based offerings for some

customers, including large enterprises and certain

verticals, including public sector, financial services and health care. At the same time, Wong

Kruger adds that many of these types of organizations are interested in access to a pilot server

in the cloud to bypass the often lengthy internal processes required for on-premise

installations, including trials.

A key factor that organizations considering cloud-based solutions should consider is the

physical location of the servers in which their data will reside. For example, the data that

companies have on cloud servers in some jurisdictions may be subject to more or less legal

protection than what is afforded in the United States. Customers should ask probing questions

about the exact location of their data if it is stored in the cloud.

For companies ultra-concerned about security in which the company’s ultimate livelihood

hinges on protecting secure data, Alan Arenas-Grube from Paragon recommends not using an

MDM solution to secure data but instead utilizing a document loss prevention or protection

system. While there are variations of vendor capabilities on the MDM security continuum,

Arenas-Grube believes that MDM platforms are ultimately best suited for device management

and device administration, and not as security platforms.


Tension between Security Risks and Long-term

Business Potential

While the focus on MDM in the past centered largely

around security concerns, there is an increased focus

on how mobility will lead to greater productivity.

Employees and executives who are away from their

desktop computers want productivity on their mobile

devices to allow them to get their work done and

enable them to react to data on their device in real

time, instead of just consuming the content and then

going back to their offices and taking action.

Sam Liu, VP of Marketing at Partnerpedia, advises IT

managers to think about what’s truly driving the

consumerization of IT and the reasons it is happening.

IT executives need to acknowledge the paradigm shift

when it comes to enterprise mobility and consider how

they will consolidate, manage, publish and distribute

applications from disparate sources to heterogeneous

devices in an end-user driven world. According to Liu,

“This is the piece that some IT managers forget about

because they’re so focused on IT security.”

Bitzer Mobile’s VP of Product Management Andy Smith

echoes Liu’s sentiments, stating it is critical for CIOs

and business leaders to engage in conversations about

user experience and security. Smith urges decision

makers to “think about the end-goals of the

mobilization solutions they’re trying to put together”

and determine if there is a way to meet security goals

while also keeping users happy. The answer to this

question, Smith believes, is dependent upon specific

customer constraints, such as whether a firm is in an

industry that restricts cameras, such as some health

care settings. For most companies, however, Smith

believes there will not be significant constraints,

allowing executives to focus on user experience.

AT&T’s Focus on Mobile

Security

To reduce the tension between

security risks and long-term business

potential in the mobile device

management market, officials at AT&T

are focusing on better anti-virus, anti-

malware and anti-spam capabilities.

AT&T also plans to focus on the

impact of connectivity on security,

such as blended SSL/VPN connectivity.

Over the long term, AT&T will

concentrate on identity and personas,

including ways to build better

capabilities for customers to manage

their BYOD environments, such as

segmenting and containerizing

personal and corporate data.

While security will continue to be a

focus for containerized solutions,

AT&T looks to provide future

enhancements and development

around containers for expense

management, ultimately putting a

separate voice and data plan

associated with a container on each

user’s device.


MOBILE DEVICE MANAGEMENT ROI

Discussions about ROI and TCO for mobile device management center around both hard and

soft savings as a result of more efficiently managing mobile devices. Many customers consider

the opportunity cost of not deploying an MDM solution – particularly if there is a malware

attack on Android devices – as the initial driver for deploying MDM solutions. With so much

information flowing out of organizations from different end-points, security concerns are real

and justified. When devising ROI proof points, companies typically deploy to smaller groups

initially, using this data to support their internal business case for larger deployments.

Vendors provide ample evidence to highlight the financial benefits their solutions provide. For

example:

AT&T, using MobileIron’s Virtual Smartphone Platform (VSP), advertises that customers

can save up to 20 percent on their wireless bills using Mobile Activity Intelligence, which

provides Finance, IT and end-users a detailed view of phone usage, cost drivers and

service quality.

BoxTone states that it can lower enterprise IT costs by 20-30 percent within

approximately three months. According to BoxTone’s calculations, in an enterprise

environment with 1,000 users, hard savings for mobility TCO translates to approximately

$220K - $340K during this time frame.

Fiberlink provides ROI and TCO calculations when requested by customers but notes

that these figures are typically unique to each environment – and often debatable.

Fiberlink believes that its cloud-based model provides better ROI than on-premise

solutions due to faster deployments coupled with lower infrastructure, management

and maintenance costs associated with SaaS solutions.

Good Technology describes the estimated $2 million annual cost savings Highmark Blue

Cross Blue Shield realized by allowing 2,000 nurses and doctors to use personal Apple

and Android devices while still meeting HIPAA requirements and addressing eDiscovery

issues. Soft dollar benefits included increased staff willingness to work off hours and

better staff morale as a result of increased control and flexibility over their schedules.

Mformation estimates that large businesses with at least 1,500 users will realize an ROI

of approximately 30 percent when they utilize cloud-based MDM, with factors such as

upfront software and hardware costs; labor/system administration costs; support and

maintenance costs; and connectivity costs the key factors that impact overall TCO.


“There's no selling of the idea that

companies need mobile device

management. Everybody gets that.”

Tim Williams, Director of Product

Management at Absolute Software

MobileIron includes a Cost Savings calculator on its web site that allows companies to

plug in different variables for potential cost savings. MobileIron auto-calculates

potential savings in areas such as Start-up and Termination, IT Actions and Operations,

User Actions and Incidents, Telecom Usage, and Bring Your Own Device, including

detailed break-outs for each category.

SAP provides one-on-one based ROI analysis for its customers through an in-house

calculator it has built to show ROI broken out by telecom expense management, help

desk savings, and BYOD program cost savings on a per device basis.

SOTI advertises that it can help its MobiControl customers reduce end-user support

costs by up to 70 percent.

Syclo customers who purchase Syclo’s MEAP platform receive MDM for free. As a

result, ROI is considered in terms of implementation and management costs. Syclo also

provides a “Value Calculator” on its web site that allows customers to estimate ROI.

Tangoe claims that it can lower help desk and support expenses by 40-to-60 percent

with its automated security policy implementation and support for compliance. Tangoe

adds that “Reducing costs is part of our DNA and MDM is a natural extension of our

broader cost management capabilities.”

Wavelink advertises that companies can save up to 60 percent annually with Avalanche

MDM by reducing wireless costs, improving productivity and ensuring strong security

across the network.

A key goal with any MDM solution is to minimize downtime. Customers consider ROI for MDM

solutions in terms of how well the systems can keep devices up and running in order to reduce

end-user downtime and lost productivity within the enterprise. Customers also want to

minimize the number of IT personnel needed to support the devices.

Many MDM vendors admit, however, that discussions about ROI and TCO with customers

generally never come up. Why not? MDM has

become an integral part of the IT landscape, a

necessary piece of the IT arsenal that is now simply

“accepted” as part of any organization’s IT

infrastructure. According to Tim Williams, Director of

Product Management at Absolute Software, “I have

never had a question about ROI. In talking to our sales

force, this question just never comes up. It used to,

but I think everybody understands the risks, and so to most organizations the ROI is reduction


of risk. There's no selling of the idea that companies

need mobile device management. Everybody gets

that.”

Officials at McAfee agree, noting that expensive and

smart IT personnel can be better utilized for long-

term, strategic issues, not handling password resets.

McAfee officials state that “Enterprises understand

the importance of MDM because they currently see

the challenges of supporting the existing devices

already in their environments.” Ahmed Datoo, CMO

at Zenprise, adds that the majority of customers

believe that MDM is a “must have” at this point in the

evolution of enterprise mobility. Notes Kevin Goulet,

Senior Director of Strategy and Product Management

at Motorola Solutions, “MDM is just a must have. It's

almost become complete table stakes.”

Even vendors that are still being asked for ROI analysis

have an easier time of persuading customers of

MDM’s effectiveness. According to Joe Granda, EVP of

Marketing at Syclo, “We’ve had more traction in the

past 18 months around MDM. It’s been easier to

convince customers to use MDM. Instead of asking

‘What is MDM?’ customers are now aware of its

usefulness.”

Some MDM vendors can claim credit for helping their

customers stay in business – perhaps the best ROI of

all. AutoRestore, for example, used SOTI’s

MobiControl to recoup enough lost revenue to stay in

business after technicians accidentally deleted

pictures of damaged vehicles.

SOTI’s MobiControl Saves

Auto Glass Business

UK-based AutoRestore replaces

vehicular glass. In its first year of

operation AutoRestore utilized

approximately 22 field technicians to

take pictures of vehicles with

consumer-grade smartphones, both

before and after damage was repaired.

The photos were essential to

AutoRestore’s business. Without

them, insurance companies would not

reimburse the company for its work.

Accidental deletion of photos by

technicians resulted in losses of over

£500,000 in six months, jeopardizing

the company’s long-term viability.

After purchasing SOTI MobiControl,

AutoRestore can automatically sync

the photos.

SOTI states that this is a typical

example of customers effectively

utilizing MDM solutions to improve

their business processes and remain

competitive.


MDM PARTNERSHIPS

Partnerships Essential to Meeting Customer

Needs

Partnerships in the MDM community are vital, and

MDM players are taking every opportunity to work

with best-of-breed vendors in a variety of

specialties. Partnerships include those with carriers,

system integrators, specialty software developers,

OEMs, cloud vendors, MEAPs, MAMs, Managed

Service Providers, Mobile Application Development

companies, global consulting firms, and even other

MDMs. In essence, vendors are pragmatic and

recognize that partnerships are essential to meeting

customer needs efficiently in an industry that has

ramped quickly and shows no sign of slowing.

For example, Good Technology SVP of Business

Strategy John Herrema acknowledges that Good

cannot possibly build everything customers may

want. As a result, Good is using its Good Dynamics

platform to develop a new set of horizontal

collaboration applications that can reach new

customers through third parties.

MDM Partner Ecosystems are Rich and Varied

Some MDM vendors have a rich ecosystem of

partners in many different categories. For example,

AT&T has structured partnerships with Good

Technology, McAfee and MobileIron. As part of this

arrangement, AT&T provides a single bill to its

customers that includes MDM charges. Customers

can elect to manage certain devices and

applications, as well as make a determination about

corporate-liable versus employee-liable devices.

AT&T is providing the MDM component on its billing

statements in a single, unified package for

customers. AT&T continues to evaluate other MDM

MDM Partnerships: Critical to Future Success

MDM vendors believe that partners are essential when extending their reach into new markets that MDM players do not typically target or to which they may not have access. SOTI uses SIs, VARs, and distributors to maximize supported countries and languages.

Partners provide local knowledge and support. For example, Syclo typically looks for local partners in countries such as Russia, where partners know the language and customs and Syclo can train them in the technology. This approach is common among MDMs, many of whom are small or medium-sized firms that want to extend their reach to international markets but may not have the financial resources to open brick and mortar offices.

In extending their reach to global markets, MDMs are increasingly partnering with global consulting firms and system integrators, including Accenture, CSC, Dell, IBM, HP, and Xerox/ACS. For example, in late 2011 BoxTone was part of a contract with HP Services for a large, outsourcing contract for a global multinational that spanned North &South America, Europe, Asia & the Middle East. BoxTone is utilizing MSPs as its “feet on the street” in the global marketplace.

Partners provide both horizontal and vertical expertise. For example, partners with knowledge in fast-growing mobile verticals, such as health care, are especially valuable. Partners who are considered best-in-class in mobile security are also highly sought after.


players for potential partnerships and strategic

alliances.

AT&T is also working with MEAP vendors Antenna

Software and Verivo to respond to customers who

want to deploy and manage their own private app

stores. AT&T officials see MEAP partnerships as a

solid opportunity, convinced that most MDM vendors

are not pursuing these opportunities quickly enough,

particularly given the overwhelming market interest in

applications to date, along with projected interest in

the future.

Good Technology has a partnership with enterprise

mobility solutions provider Verivo Software (formerly

Pyxis Mobile), in which the Good Dynamics container

is integrated into Verivo’s platform. This combination

provides military-grade encryption and centralized

device management within Verivo-built applications.

According to CTO Todd Christy, Verivo is in discussions

with other MDM vendors to offer further

application/management integration. Christy states

that Verivo would like to more seamlessly integrate

with MDM solutions, eventually allowing users to

simply push a button within the Verivo system to

make applications directly available, versioned,

managed, audited, tracked and, where appropriate,

disabled, in whichever MDM tool they are using.

Verivo is also in discussions with MAM vendors for

some of the more application-centric elements of

mobile management, including enterprise application

stores, application provisioning, and application policy

management.

Verivo’s Christy believes that customers are frustrated

with the multiple vendors with which they are forced

to work. Even if complementary vendors “play nice”

together, customers must suffer through multiple

consoles, audit information, training, and two “throats

Good Dynamics Promotes Secure Application Development through Partnerships

Good Technology announced a new class of partners in October 2011 that develop applications using the Good Dynamics platform. Partners include: Accellion, Aji, Box, GroupLogic, MeLLmo (Roambi), MicroStrategy, Quickoffice, Unisys and Verivo.

Good is developing these partnerships to leverage popular and proven applications from commercial app stores to enterprise environments, providing an additional layer of security and control through Good Dynamics.

Good’s strategy allows partners to continue selling mass consumer applications to highly regulated and security-conscious enterprises.

Good reports that customers provide recommendations for “match-making” between partners and popular consumer apps that can be containerized on Good Dynamics for use in enterprise environments.

Good Technology believes its Good Dynamics platform gives scale and leverage to existing applications and developers, helping them create and sell more secure and compliant versions of consumer applications for enterprise environments with strict security requirements.


“MEAPs and MDMs are like

chocolate and peanut butter – it’s

clear that these two players need to

come together.” Todd Christy, CTO of

Verivo

to choke.” As such, Christy believes some partnerships could eventually lead to more

permanent relationships, including mergers or acquisitions between MEAP and MDM players,

particularly if a larger background player fueled the

marriage behind the scenes. According to Christy,

“MEAPs and MDMs are like chocolate and peanut

butter – it’s clear that these two players need to

come together.”

MDM vendors have also reached out to global

consulting companies, who are offering MDM

capabilities as part of their broader solutions. Many

MDM players partner with global consultancies such as Cognizant, Infosys, Tata Consultancy

Services and others. SOTI, for example, is working with all of the major distributors in India, a

region for which SOTI foresees tremendous growth and in which it plans to increase

representation. According to Crystal Wong Kruger, Senior Business Development Manager at

SOTI, RFPs and RFIs typically request configurations for 100,000 units, a level SOTI’s

architecture is designed to support, according to Wong Kruger. SOTI is currently working with

Wipro on a large grocery account that has thousands of locations.

At the other end of the spectrum, MDM vendors are partnering with individual software

companies who are building MDM developer toolkits into their products directly. AirWatch, for

example, provides security SDKs for enterprise applications that allow customers to perform

geo-location tracking and fencing, application usage monitoring and security, jail break

detection, usage and data monitoring, and certificate exchange and single-sign on. According

to AirWatch Chairman Alan Dabbiere, “This information is ‘baked’ into the products of virtually

every mobility point-of-sale vendor,” including airline flight chart mapping companies and

business intelligence companies such as MicroStrategy. The information is then reported up

through the AirWatch console.

MDM Partnerships with OEMs

Mobile device management vendors are also working closely with OEMs. For example, SOTI

uses its close relationships with OEMs to develop additional advanced functionality, such as

enhanced Android support for Samsung and Panasonic, according to Wong Kruger. Psion and

Honeywell Scanning & Mobility both have white-labeled rebrandings of SOTI’s MobiControl.

Wong Kruger also notes that SOTI’s relationships with hardware manufacturers enable it to be

more competitive in the market by offering feature-rich products, and not just cater to the

“lowest common denominator.”


McAfee views partners as the cornerstone of its MDM strategy, both in terms of providing its

own MDM products and also in its work with Original Device Manufacturers to pre-load McAfee

products onto their devices. In the latter instance, customers can purchase mobile devices

bundled with McAfee products, highlighting McAfee products as “features.” McAfee dubs this

“McAfee Business Ready,” which means that the device a customer buys is not only marketable

as a consumer liable device but is also ready to be connected to a corporate infrastructure.

According to McAfee officials, “There is a very blurry line between consumer and enterprise in

these early days of mobility.”

MDM Partnerships with Carriers

MDM vendors frequently structure partnerships with carriers as a way of integrating their

platforms directly into carrier service offerings. Carriers are important to the MDM market, as

they expand MDM vendors’ reach into the carrier’s customer base, as well as scale down to

lower segments of the market that may not typically be targeted by MDM players. Examples of

MDM players partnering with carriers include:

Fiberlink and Vodafone UK have had a long-term partnership. In January 2012, Fiberlink

announced that O2 will use Fiberlink’s MaaS360 platform to provide MDM services for

O2’s “Joined Up People” initiative. MDM services provided by Fiberlink include device

discovery, email access control, remote lock and remote wipe.

MobileIron is working with AT&T, KDDI, SingTel, Softbank BB, Swisscom, Verizon, and

Vodafone, allowing carriers a choice of managing certain devices and specific

applications. MobileIron allows carriers to include MobileIron’s MDM offering directly

on the their billing statements.

SOTI works closely with Verizon and Sprint in the Education market and Telefonica UK

has been a SOTI MobiControl distributor for many years.

Zenprise is a member of O2’s Accelerator Programme, which provides sales, marketing

and technical support to partners, as well as access to thousands of O 2’s enterprise

customers as a low-cost route to market.

MDM Partnerships in Adjacent Industries

Absolute Software believes that partnerships are “vital” with firms in adjacent areas so that

vendors can more effectively offer robust MDM solutions. According to Tim Williams, Absolute

Software’s Director of Product Management, his company has “great partnerships with VARs

and OEMs” as part of the firm’s go-to-market and sales strategy. Williams adds, “We also have

solid partnerships with technology partners who can bring to the table certain technologies


that we don't want to develop because there are

companies that do it better than we do and we'd rather

integrate with them and be able to deliver that service

more effectively.”

Adjacent firms are also reaching out to partner with

MDM vendors. For example, Endeavour Software, a

software services company, integrates its applications

with MDM systems to ensure that new features and

functionality Endeavour creates can be fully utilized on

MDM platforms. Endeavour frequently works with

BoxTone, MobileIron, RIM and SAP/Sybase. For smaller

deployments, Endeavour will often design and build

MDM features directly into its solution for customers.

System Integrators (SIs) recommend MDM vendors to

both installed base and green field opportunities. SIs

have formed partnerships with MDMs as a way of

selling services on top of the MDM platform, such as

installation, education surrounding BYOD, and

professional services. Given SIs’ extensive experience

with application development from traditional

computing markets, such as mainframes and servers,

mobile application creation is a natural – and lucrative

– extension of their businesses.

BoxTone has structured partnerships with Managed

Service Providers (MSPs), including BT, CDW, CSC, Dell

Services, Fujitsu, HP Enterprise Services, and

Xerox/ACS, as well as key mobility and government

VARs. BoxTone also has a partnership with MAM

vendor Apperian in which BoxTone provides the core

MDM platform and offers Apperian’s enterprise SDK

and app catalog to customers who are focused on

building their own internal mobile apps. According to

BoxTone Chief Marketing Officer Brian Reed, “We'll

never build an SDK, we'll never be a development

environment. Apperian has a best-of-breed SDK, so we

brought Apperian into our partner ecosystem so that

Syclo’s Partner Structure

Syclo has organized its partner

structure, with systems vendors being

very important since they are the

systems that are extended to mobile

devices. IBM, SAP and TRIRIGA are

examples of these types of vendors.

The next tier are global and local

system integrators due to their close

ties to customers who need mobility

solutions, as well as their ability to

integrate with existing customer

infrastructure.

Hardware vendors, such as Motorola,

Intermec, Panasonic and Cisco, are at

the next level; these firms supply the

hardware and utilize Syclo for the

software component.

Carriers round out Syclo’s partner

ecosystem. Carriers offer extensive

market coverage.


our customers who are building enterprise apps can

leverage Apperian plugged into the BoxTone

environment. Every customer we've plugged in loves it

and has gotten a lot of value out of it.”

MDMs Provide Partner Training

MDM vendors are pro-actively training system

integrators on installation, technical aspects of their

products, and business process skills. MobileIron, for

example, introduced “MobileIron University” in

December 2011 to train its partners on MobileIron’s

various mobility management and mobility security

services so that SIs can offer MDM on top of their

existing services.

With over 2,000 Syclo developers developing on the

Agentry platform, Syclo trains partners such as

Accenture, CSC, IBM and Wipro on how to develop and

deploy Syclo systems. Syclo has training facilities for

these vendors at its Illinois headquarters, in London,

and at partner sites in India; Syclo also offers virtual

classes.

MDMs Seek Best-of-Breed Partners

Zenprise, which launched “Zenprise Partner Network”

or ZPN in August 2011, looks for best-of-breed vendors

when deciding on partnerships. In December 2011,

Zenprise added to its partner network Trace3, a VAR

focused on security-related issues with existing and

trusted relationships with IT security executives and

CIOs. In early 2012, Zenprise signed agreements with

Dell, Sprint, F5 Networks and Palo Alto Networks.

Zenprise is expected to announce additional

partnerships with security-related vendors in the

coming months. According to Ahmed Datoo, CMO at

Zenprise, “Our focus is on going after the right sets of

partners. We target the leaders in each space.”

Motorola Solutions: Plug-In Partner Model

Motorola Solutions views its partner program and partner community as a key differentiator for its MSP product, noting that it offers a “plug-in model” to which third parties can add features to MSP. Examples of plug-ins developed for MSP by partners include: emulation tools and the ability to retrieve application metrics as part of the broader MSP system.

Motorola Solutions’ channel partner base includes over 20,000 partners who write both line of business and custom applications for Motorola Solutions’ devices and software, including MSP, providing both value and customization to the marketplace.

Customers looking for specific mobile applications that have already been developed can work with Motorola Solutions’ Solution Center, which segments applications by vertical industry, LOB and type of application. The Solution Center also provides some interoperability testing of applications, and partners can leverage Motorola Solutions’

facilities, both on-site and remotely.


AirWatch uses the term “ecosystem” to describe its approach toward partnerships. AirWatch

designed its product to be cloud-based and multi-tenant, and to have the multi-tenancy

showcased as another vendor’s brand, if desired. According to AirWatch Chairman Alan

Dabbiere, “We’re not the whole product, we make other companies’ products better.”

AirWatch has partnerships with global carriers such as Vodafone, telecom expense

management providers such as Rivermine, MSPs such as Intermec, global consulting firms

Wipro and Infosys, and PC lifecycle firms such as Matrix 42. While these partner companies

may not have the economies of scale to build MDM solutions, according to Dabbiere, they want

to incorporate MDM into a single product offering – a single pane of glass – from the

customer’s perspective.

Additional Partnership Strategies

MDM players from different historical frameworks are also partnering with one another. For

example, BoxTone, which comes from a deep history of enterprise systems management and

performance monitoring, is partnering with Good Technology to manage, monitor and support

Good’s FIPS-certified secure messaging container. Explains BoxTone’s Brian Reed: “If

customers don’t want to manage the device and only want to manage the container, customers

can use Good. If they want to manage the device, they can use BoxTone. For customers who

really want multi-layer protection, they can use both.”

SAP plans to continue its partnerships with leading hosted solution providers for cloud-based

Afaria. As Russell Fry, Senior Director and Mobility Solution Executive at SAP, states “I think you

need to create relationships and partnerships with leading cloud providers that can help

architect the multi-tenancies, that can help architect the scalability and concurrencies, that can

help architect and ease some of the communications to the inevitable back-ends to which these

systems must connect.”


SAP is expected to be a growing player in the cloud-

based application market, both through partnerships

and acquisitions. In December 2011, for example, SAP

announced that it was acquiring SuccessFactors, a

cloud-based vendor focused on human

resources/human capital management applications.

The acquisition will provide SAP with cloud-based

applications for HR management, as well as the

leverage and differentiation it needs to stand apart

from other vendors in the MDM market.

Table 11 provides a summary of the technology

partnerships that have been structured by key mobile

device management vendors. We also include an

analysis of the significance of these partnerships to

each vendor.

BoxTone and 3LM Partner to

Provide Secure Android to

Security-Conscious

Customers

BoxTone and 3LM announced a

partnership in October 2011 to deliver

an embedded security and

management platform for Android

devices and applications.

Under licensing agreements with

major handset manufacturers,

including Motorola, Sony Ericsson,

HTC and LG, 3LM is re-embedding

security controls back into Android as

part of the Android OS. In essence, it

is adding a patch code that turns the

security features from Linux back on

at the kernel level.

The result is that BoxTone can

manipulate the device at the OS level

to gain full control, encryption, and

system manipulation of the device in

the same way it does with BlackBerry

devices.

3LM provides the on-device

technology that is remotely

manageable and configurable from

the BoxTone server.


Table 11: Mobile Device Management Technology Partnerships Vendor Key Partners Significance

Absolute Software

OEM partnerships: Acer, ASUS, Dell, Fujitsu, GammaTech, Gateway, GD Itronix, Getac, HP, Lenovo, MobileDemand, Motion, NEC, Panasonic, Samsung, Toshiba, and Xplore. Technology alliances: Intel, McAfee, Microsoft, Qualcomm, Sollos Technology Solutions , and Verizon.

Absolute Software regards partnerships as “vital” in delivering best-of-class solutions quickly and has solid partnerships with VARs, OEMs, ISVs, SIs, resellers, and electronics retailers/product distributors to deliver services in technology adjacent to MDM.

AirWatch AirWatch partners include 2GO Software, AccuCode, Apple, AT&T, Barcoding, DAP Technologies, dpi, EMS Technologies, Firehouse Wireless, HTC, Homecare Homebase, Intermec, LXE (Honeywell), Mobile Mentor, Motorola, Opticon, NitroDesk, RMS Omega, Samsung, Sollos Technology Solutions, Teamstudio, Voalté, Voxware, Vox Mobile.

AirWatch partners with carriers, OEMs, ISVs, resellers and SIs, providing technical training/certification, lead registration, joint marketing programs, and sales/technical support. AirWatch offers an MDM SDK for ISVs to integrate into custom business applications.

AT&T AT&T has partnered with Mformation since 2008 to provide device protection and control. Since then, AT&T has formed relationships and resale agreements with three key MDM vendors: Good Technology, McAfee, and MobileIron. AT&T is also working with Juniper Networks on VPN connectivity and, through its relationship with MobileIron, AT&T is working with Cisco. AT&T is partnering with Enterproid to utilize the Divide platform, with Verivo for MEAP capabilities and with Apperian for an internal storefront capabilities for enterprise apps.

AT&T has chosen to work with partners instead of developing MDM capabilities in-house due to the fast-moving nature of the mobility market. AT&T continues to evaluate MDM vendors and will expand its list of partners and strategic alliances if it finds a “good fit.” AT&T will also mix and match solutions between partners. For example, AT&T may leverage Apperian’s EASE platform on MobileIron or McAfee’s platforms.

BoxTone BoxTone has a variety of partner categories, including Technology partners: 3LM, Accellion, Apperian, Apple, Aruba, CISCO, Good Technology, Google, HP, IBM, Microsoft, Mocana, RIM, and LogMeIn. Carrier partners: AT&T, Sprint, Telefonica, Vodafone, and Verizon. MSPs/Hosters: BT, CSC, Dell Services, Fujitsu, HP Services, and Xerox/ACS. Resellers: CDW, Ingram Micro, and Vodafone.

BoxTone partners are geographically diverse and cross partner categories. BoxTone is working with best-of-breed partners to “bring it all together” behind a single pane of glass. BoxTone believes the only way firms can be successful in the MDM market is to partner because no single vendor can cover everything across enterprise mobility and IT.

Fiberlink Fiberlink partners include: Technology: Apple, Google, Microsoft, Samsung, NitroDesk, Qualcomm, Zscaler, Echoworx, Checkpoint, Cisco, IBM, Iron Mountain, Juniper Networks, OPSWAT, and RSA Security. Carriers: AT&T, O2, Verizon Wireless, and Vodafone Resellers: Extra IT, Mobility in Cloud, NetXactics, and WirelessWorx Distributors: CDW, Brightstar/TechData , and Wick Hill Managed Service Providers: ProfitLink, Vox Mobile, and Weidenhammer

Dubbed the “MaaSters” Partner Program, Fiberlink’s partner program has Referral, Reseller, and Service Provider components, in addition to a Technology Partner Program. Fiberlink believes that partners are essential in keeping pace with the rate of change. Partners also help Fiberlink extend its offerings to markets that may otherwise be out of reach.


Table 11: Mobile Device Management Technology Partnerships (continued) Vendor Key Partners Significance

Good Technology

Good is one of three vendors providing AT&T with an MDM platform to resell to AT&T customers. Good offers its Good Dynamics Developer Network (GDN) Program to ISVs and SIs, allowing partners to combine their mobility and application development expertise with Good Dynamics’ mobile application platform technology. Partners receive an SDK, access to Good’s network operations infrastructure and security, and online community support. Good Dynamics partners include Accellion, Aji, Box, GroupLogic, MeLLmo (Roambi), MicroStrategy, Quickoffice, Unisys, and Verivo.

In early 2012, Good opened its Good Dynamics Developer Network (GDN) Program to independent mobile application developers, discontinuing its invitation-only approach after successfully recruiting over 230 developers and 30 ISV partners. In addition to GDN, Good also partners with VARs, network carriers (AT&T, Orange, Sprint, T-Mobile, Verizon Wireless, and Vodafone), device manufacturers (Apple, HTC, iNQ, LG, Motorola, and Nokia) and other MDMs (BoxTone). Good views partners as essential in helping it reach new customers.

McAfee McAfee is one of three vendors providing AT&T with an MDM platform to resell to AT&T customers; AT&T offers full services for EMM, from deployment services to bundling. Other MDM partners include I.T. Security Experts, LG Electronics, and NTT DOCOMO. McAfee is working with partners on a cloud-based EMM offering.

McAfee believes that a partner ecosystem is important in expanding its offerings to as many geographic and customers markets as possible.

Mformation Mformation partners include Accenture, Acision, Amdocs, ASUSTek Computer, Bridgewater Systems, Echoworx, Elitecore Technologies Limited, F5 Networks, HP, HTC, Huawei, IBM, Intel, JBoss, LG Electronics, Microsoft, Motorola, Nokia, Oracle, RIM, Samsung, Seowon Intech, Sequans Communications, Sony Ericsson, Symbian, and ZTE. Additionally, Mformation is partnering with MEAP and MAM vendors to integrate its offerings and enable cross-selling and bundling of MDM solutions as part of its core value proposition. In December 2011, Mformation announced a partnership with Echoworx for email and data encryption on mobile devices.

Mformation describes partners as critical to enterprise mobility and its enterprise strategy, which is to support critical MDM functionality on the Mformation Enterprise Manager platform. Enterprise Manager is architected to easily integrate with other best-of-breed mobility solutions, providing MSPs and end-user organizations deep functional coverage across all key mobility solution areas (MDM, expense management, MEAP, encryption).

MobileIron MobileIron states that it increased global distribution through partnerships with 13 of the largest mobile operators during 2011, as well as over 150 Mobile IT VARs worldwide. MobileIron is one of three vendors providing AT&T with an MDM platform to resell to AT&T customers. MobileIron partners with different categories of partners, including Carriers: AT&T, KDDI, SingTel, Softbank BB, Swisscom, Verizon and Vodafone. AppConnect Partners: Accellion, Box, GoodReader, GroupLogic, NitroDesk, Quickoffice, Roambi, Wyse PocketCloud, and Xora. System Integrators: Anderson Consulting, KPMG, Tata Consultancy Services, Wipro. Technology Partners: Cisco, LG Electronics, Samsung. Other Partners: Aptus, dpi, EDB ErgoGroup SYSteam Lesswire, Gijima, I.T. Security Experts, ManageNET, Mission Critical Wireless, Mobilise IT, Sapphire, Set Solutions, and Vox Mobile.

MobileIron has an active partner program and is fostering ongoing relationships with application vendors, carriers, system integrators, VARs and technology partners. MobileIron’s AppConnect Policy, introduced in September 2011, includes partnerships with nine firms that provide enterprises with a tool to secure application ‘data at rest’ and ‘data in motion’ across the application lifecycle. “MobileIron University” trains partners on MobileIron’s offerings so partners can offer these solutions with their own offerings. MobileIron University also serves as a certification center.



Motorola Solutions

Motorola Solutions partners with ISVs, Premier ISVs, Solution Partners, Premier Solution Partners, Business Partners, Premier Business Partners, VARs and resellers, including 42Gears, Enforce Global, Field ID, Lowry Computer Products, Salamander Technologies, Simat Technologies, Supply Insight, and Voxware. Motorola Solutions also has Alliance Partners, including Datamax-O’Neil, IBM, Infosys, Microsoft, Oracle, SAP, and Zebra.

Motorola Solutions has a strong and large community of ISPs that write line of business and custom applications for Motorola Solutions’ devices and software, including MSP. Motorola’s Solutions Center allows partners to test key apps prior to launch to ensure products and apps are fully integrated and functional.

SAP In 2010 SAP structured partnerships with Accenture, Orange Business Services, VeliQ and Verizon to offer Afaria MDM as a hosted solution. These partners have built a user interface portal on top of SAP’s on-premise Afaria offering; it has the same look and feel and same implementation but partners package and sell it according to their specific target markets. SAP also partners with global firms worldwide and “continues to invest heavily” in its partner community.

SAP has an active application development partner community. SAP partners have created over 200 applications for the Afaria platform that are available directly from partners or SAP. This provides partners with a “large ecosystem” that gives them confidence in their mobile environments.

SOTI SOTI partners include Acteos, AML, Apple, Aruba Networks, Astea, AT&T, Avanti, Barcoding, Bell, Blackbay, CipherLab, Datalogic, Data Ltd. Inc., Daxium, DENSO, HighJump Software, Honeywell, HTC, Intermec, Janam Technologies, LG, LXE (Honeywell), Microsoft, Motorola, Naurtech, NitroDesk, O2, Palm, Panasonic, Pidion, Psion, RedPrairie, RIM, Rogers, Samsung, Sprint, Strategic Telecom Solutions, Symbol, TABLETmedia, TEklogix, Telefonica UK, Telus, Telstra, Unitech, Verizon and ZTE.

SOTI has over 400 VARs and distributors worldwide and reports that it is seeing increased uptake in partner activity in Latin America, EMEA and APAC.

Syclo Syclo MDM partners include Global Alliances with Accenture, CIBER, CSC, IBM Global Services; Solution Implementers including ASCOM, Barcode Gulf, ENERGY4U, EDI, EIS, Gemba, General Dynamics IT, Interprocom, Logistics International, Path AS, Peacock Engineering, Serco, Smiths Consulting, Strategic Maintenance Solutions, Triad Technology Partners, Vesta, Vetasi; Solution Providers including AssetPoint, COINS, CUES, IBM Maximo, Mainstream Software, SAP, Systems & Software, TRIRIGA, Ventureforth; and Technology Partners including AT&T, ESRI, Intermec, Microsoft, Motorola, Panasonic, RIM, and ServicePower. Syclo also partners with Infosys, Tata Consultancy Services, West Interactive and Wipro; these firms offer Syclo Agentry MDM as a cloud-based solution. Additionally, Syclo works with Oracle, Ventyx, and Datastream, as well as over 2,000 developers to provide new applications for the Agentry platform.

Syclo uses a model-driven platform approach in which it provides training to partners who develop and deploy Agentry on Syclo’s behalf. Syclo believes that partners are essential, recognizing that “this enables us scale to deliver a large number of deployments worldwide.”



Tangoe Tangoe provides TEM and MDM solutions to many system integrators, outsourcing firms, and consulting firms, including Advocate Networks, Dell, Gibson Quai – AAS Consulting, IBM, Insight Networking (formerly Calence), Intersel, ISI Telemanagement Solutions, Mobilit, Pivotél, Secure Path Networks, and Webb. Tangoe also partners with technology vendors who combine Tangoe’s solution capabilities with their offerings. These include Altova, Visual Mining, RIM and Microsoft.

Tangoe believes that partnerships and alliances are very important to its customers’ success.

Wavelink Wavelink’s Partner Program includes Platinum, Gold, and Silver tiers, as well as a sales referral program. Certified partner training is provided to Platinum and Gold partners. Partners include AirMagnet, Aruba Networks, BCI, DecisionPoint, Cisco, DENSO, Ericsson, ExtenData Solutions, Funk, Handheld Products, HP, Intel, Intermec, iPad Enclosures, InfoLogix, Ipswitch, LXE (Honeywell), Millennium Technologies, NitroDesk, Nuance, Peak Technologies, PSC, Psion-Teklogix, Retek, SYSTIMAX, and Zebra.

Wavelink seeks out best-of-breed partners, including value added resellers, device manufacturers, system integrators and distributors. Partners provide support for Wavelink’s MDM offering: “Our partners are well trained and with our large installed base, we couldn’t do it all ourselves.”

Zenprise The Zenprise Partner Network includes relationships with VARs, system integrators, MSPs and technology alliance partners. Zenprise offers two levels of partnership: Authorized and Premier; the latter provides rebates and lead sharing. Partners include dpi, Ferrata Solutions, igxglobal, LINEAS Informationstechnik, Microsoft, RADPOINT, RIM, Trace3 and Vox Mobile.

Zenprise states that its partner strategy is highly focused and that the company only has plans to team with partners that are a good fit for its business. Zenprise looks for “best-of-breed” vendors, such as Trace3, a VAR focused on security with existing trusted relationships.


MOBILE DEVICE MANAGEMENT GEOGRAPHIC COVERAGE Most of the mobile device management vendors profiled in this report are based in the United

States or North America. As MDM players expand to reach new markets, they are opening

offices in global locations. For example, Zenprise opened a European headquarters in Paris,

France during 2011, as well as sales offices in Germany, the Netherlands and the United

Kingdom. Zenprise officials note that they plan to hire a general manager for Asia Pacific and

open an office in this region. During 2011 MobileIron expanded its global installed based with

customers in over 30 countries.

While large companies typically have offices worldwide, smaller players must often rely on their

strong ecosystem of partners – including distributors, VARs and system integrators – to

represent them in some geographic regions, particularly Latin America. None of the smaller

MDM players highlighted plans to open Latin American offices in the near term, indicating that

they have been able to effectively rely on partners to provide coverage to this market.

Additionally, MDM vendors who sell to multi-national corporations often interact with the

headquarters locations for procurement and deployment discussions. As the markets in under-

represented regions present greater opportunities for MDM players in the coming years, we

expect key players to establish a physical presence in these locations.

Table 12 highlights the geographic coverage provided by top-tier MDM players, including their

headquarters locations and regional offices.


Table 12: Mobile Device Management Vendor Geographic Coverage

Vendor HQS

Location North

America Latin America EMEA Asia Pacific

Absolute Software

Vancouver, Canada

Austin, TX NA Newberry, UK NA

AirWatch Atlanta, GA Atlanta, GA and Washington, DC

Supported from Atlanta, GA

Milton-Keynes, UK

Melbourne, Australia; Bangalore, India

AT&T Dallas, TX Offices throughout US &

Canada

Offices throughout Latin America

Offices throughout

EMEA

Offices throughout APAC

BoxTone Columbia, MD

NA Sell through partners, including

CSC, HP, IBM or supported directly

Sell through partners,

including, CSC, HP, IBM or supported

directly

Supported through partners, including CSC, HP, IBM or supported

directly

Fiberlink Blue Bell, PA

San Mateo, CA; Chicago, IL; Atlanta, GA; Dallas, TX;

Washington, DC

Supported primarily by HQS Inside Sales team

Munich, Germany;

London, UK

Bangalore, India; Tokyo, Japan

Good Technology

Sunnyvale, CA

San Diego, CA; Red Bank, NJ;

NY, NY; Farmers Branch, TX; Seattle, WA

Supported via international VARs

& SIs

Paris, France; Frankfurt, Germany;

Milan, Italy; Madrid, Spain;

London, UK

Sydney, Australia; Beijing & Tianjin, China;

Seoul, Korea

McAfee Santa Clara, CA

Santa Clara, CA and Markham,

Ontario, Canada


Offices throughout

EMEA


Mformation Edison, NJ NA NA Belfast, Ireland; Windsor, UK

Bangalore, India; Tokyo, Japan; Beijing, China;

Kuala Lumpur, Malaysia; Melbourne,

Australia MobileIron Mountain

View, CA Mountain View,

CA Uses partners to address market

Hilversum, Netherlands

Tokyo, Japan; Hyderabad, India

Motorola Solutions

Schaum-burg, IL

Schaumburg, IL and Markham,

Ontario, Canada


Offices throughout

EMEA


SAP Walldorf, Germany

Offices throughout US &

Canada


Offices throughout

EMEA


SOTI Missis-sauga,

Ontario

Salt Lake City, UT; Atlanta, GA

Supported from headquarters

Birmingham, England

Melbourne, Australia

Syclo Hoffman Estates, IL

Chicago, IL Miami, FL Surrey, UK; Stuttgart, Germany



Table 12: Mobile Device Management Vendor Geographic Coverage (continued)

Vendor HQS

Location North

America Latin America EMEA Asia Pacific

Tangoe Orange, CT Alpharetta, GA; Austin, TX;

Columbus, OH; Greenwood Village, CO;

Parsippany, NJ; Pueblo, CO; San

Diego, CA; Waltham, MA;

Montreal, Canada


Amsterdam, Netherlands

Kunshan, China

Wavelink South Jordan, UT

Atlanta, GA; Chicago, IL; Phoenix, AZ; Seattle, WA;


London, UK; Milan, Italy;

Germany

Singapore; Sydney, Australia

Zenprise Redwood City, CA

FL, GA, IL, NJ, NY, TX, WA

Uses partners to address the LA

market.

Paris, France HQS, Germany,

Netherlands, UK

Uses partners to address the APAC

market; plans to hire GM, open office.


MOBILE DEVICE MANAGEMENT SUPPORT

Support for mobile device management customers includes installation, configuration,

monitoring and professional services/support. Many of the offerings provided by key MDM

vendors are typical of the software and services model used by other information technology

firms. For example, global support is provided on a tiered basis, with premium support

customers privy to enhanced levels of service. Knowledge bases, online user groups, and

upgrades and patches are provided by MDM vendor support teams, as well as partners in some

instances.

Installation services are migrating towards “self-service” in keeping with the increased desire of

customers to install their systems directly and at a more rapid rate than the step-by-step

approach taken by vendors in the past. Instead of an installation process taking days, typical

MDM installations can now be completed in several hours, or even minutes.

Configuration services include user authentication, group-based policy configurations, and Wi-

Fi and VPN settings. Vendors can provide different configuration profiles based on whether a

device is a personal or corporate device.

Monitoring services generally include dashboards and reports. MDM vendors are increasingly

adding robust analytics to their offerings, including both standard and custom reports. A

centralized console is assumed, and real-time telecom expense management is increasingly

being offered to customers as a way of controlling spending costs and making profile

adjustments 'on-the-fly.'

Professional services teams provide design, implementation, integration, training, and

certification programs to customers. Professional services can be provided in a variety of ways,

including application development assistance directly to customers, training partners to

develop and deploy applications, or training customer IT departments to develop and deploy

the applications themselves.

Table 13 provides greater detail about the support offerings offered by the mobile device

management vendors highlighted in this study.


Table 13: Mobile Device Management Vendor Support Offerings Vendor Installation Configuration Monitoring PS/Support

Absolute Software

Absolute Software provides assistance with questions about pre-configuration, master image creation, and SSH keys.

Configuration assistance includes ports used, pre-configuration prior to deployment, and patch management behind a proxy server.

Includes answers to questions about volume software licenses, application deployment without user interaction, OS patches, and silent updates.

Support provides answers to functional questions, OS re-imaging, fixes, upgrades, and defects. Includes online customer and user forums, Knowledge Base, and self-service for IT administrators. Customers can contact global support through email/ phone. International support provided by partners.

AirWatch AirWatch offers on-premise, appliance or SaaS models and provides a multi-tenant environment with users, device groups and profiles for enrollment. For SaaS and Appliance installations, there is no software to install by the client; an appliance comes pre-installed and simply needs to be connected to the network and configured before use. For on-premise deployments, AirWatch installs its application on Windows 2008 servers utilizing an install shield wizard process.

AirWatch can configure and update corporate policies, settings and restrictions; integrate with existing systems to provision access to email, VPN and Wi-Fi; integrate with certificates and cloud-based PKI; automate configuration by user role, device type, or group; and reconfigure devices based on user, location or shift.

AirWatch monitors devices for policy violations, exceptions, and threats in real time; provides notifications with exceptions via email, SMS or dashboard messages; provides automated business rules for policy violations, exceptions and threats; and offers over 100 customizable reports with automated distribution. In addition, AirWatch offers a full Data Mart.

AirWatch professional services include on-site training, mobility best practices, integration services and technical solutions to improve business processes and reduce operational costs. The company is experienced in building, implementing and scaling enterprise software solutions. Additionally, AirWatch provides technical support for customers from its corporate headquarters in Atlanta, GA as well as from global offices. Support services include an online support portal; standard, extended and 24x7x365 support; dedicated support contacts; and online, remote and on-site upgrade support.


Table 13: Mobile Device Management Vendor Support Offerings (continued) Vendor Installation Configuration Monitoring PS/Support

AT&T AT&T provides a pre-installation checklist and calls to review data. Installs MDM software on server; configures software and registers up to 10 devices; tests registered devices for compliance.

Dependent upon which MDM vendor is chosen (Good Technology, McAfee, or MobileIron). Generally, solutions provide device configuration and multi-OS device management, as well as application provisioning, configuration and troubleshooting.

Dependent upon which MDM vendor is chosen (Good Technology, McAfee, or MobileIron). Generally, solutions provide visibility & reporting, activity analysis, service quality monitoring, and usage visibility.

AT&T provides PS for installation and administrator training, readiness workshops, and consulting services to assess risk. Custom PS are available for multi-server installations. The MDMs with whom AT&T partners provide their own system support for on-premise solutions. AT&T will support hosted customers.

BoxTone Users are authorized and configured OTA based on Active Directory group policy. Employees who depart are automatically removed/blocked in Active Directory and removed from access OTA. Installation includes training and assistance from on-site consultants. BlackBerry customers do not require software installed on their BES.

BoxTone automatically configures devices during provisioning and its configuration management tool automatically adjusts device configurations OTA based on changes to mobile and enterprise policies.

Security Management Dashboard monitors customers’ security and compliance status; includes trend data and identifies security gaps and non-compliance. Compliance Management monitors security status of all devices, apps, services; detects, remediates, and logs violations. Incident & Performance monitors real-time health, availability & performance of all users, devices and apps, providing dashboards & alerts of outages & repair recommendations. Infrastructure monitoring tools include Microsoft’s SCOM and HP’s Operations Manager.

BoxTone’s centralized help desk includes 4 severity levels: Critical, Severe, Medium, Low. BoxTone monitors all users, devices and apps, providing service desk with console to look up real-time status, auto-diagnose issues and repair them remotely using embedded expert knowledgebase. MSPs use BoxTone’s tools to deliver support services directly to customers.



Fiberlink MaaS360 can be “installed” in less than five minutes. A typical full-system configuration takes 30-60 minutes. If necessary, remote assistance is provided. Typical follow-up calls concentrate on platform navigation and best practices for device management. Additional assistance is available directly from masters.maas360.com. There are over 80 recorded technical and training webinars at the customer’s disposal.

Fiberlink uses polices to govern devices, including Wi-Fi and VPN settings. MaaS360 automatically pushes profiles to the appropriate devices without manual intervention from IT. IT administrators can set up policies to enforce passcode use, enforce encryption and restrict specific features and applications.

MaaS360 creates policies in the Policy Management module and can be set up to monitor devices globally in real-time to enforce passcode settings, automatically lock the device if it has been idle for a specified time, and erase all data on the device if an incorrect passcode has been entered for a specified number of times. Monitoring also includes many additional policy settings such as jailbrake/root detection, app compliance, and MaaS360 enforcement among others. Customers can monitor a Watch List to determine the number of devices that are out of compliance. Drill-down menus provide additional information on specific devices, reasons for non-compliance, and security-related information.

Fiberlink offers assistance with: Requirements Definition & Scope; Solution Definition & Cost Estimate; Project Planning & Management; and Solution Delivery & Acceptance. All support is provided 24x7x365 via phone/email for no charge. Partners provide the first tier of support for partner and direct customers. Partners escalate calls to Fiberlink’s Global help desk if necessary. Fiberlink also offers an online portal for user self-help and system administrator training.

Good Technology

Good servers are deployed behind the firewall with a secure outbound connection using standard port 443. Over-the-air transmissions, enterprise data-at-rest and on the device are secured with AES-192 encryption.

Good for Enterprise includes a secure browser that enables employees to access corporate resources behind the firewall without enabling VPN.

Remote monitoring allows IT administrators to access a dashboard via a Web browser to see all mobile devices on the network. IT administrators can provision new devices, enforce passwords, distribute custom or third-party enterprise applications, and establish role-based policies.

Good offers Basic, Extended, Extended Plus and Premium support plans. Good Training & Professional Services includes consultation, implementation, training and certification programs. Training includes two options for remote training and one option for on-site training.



McAfee A pre-install helper ensures software and firewall ports are open and creates MDM certificate request for Apple. Sets up console to use Active Directory or Domino LDAP credentials. PKI users set up Enrollment Agents and Certificate Authorities. Create groups, policies and assign policies to groups. Define connections/services users can access (VPN, Wi-Fi, apps, etc).

McAfee provides group-based policy configuration (tied to Microsoft Active Directory or Lotus Domino LDAP) and automates the configuration and connectivity of VPN, Wi-Fi, PKI, and native email sync. Can personalize device configuration to enable user access to IT services.

Provides centralized reporting, policy management, and role-based access control for administrative and help desk personnel. Includes monitoring of users trying to connect to network, automatic policy enforcement, and the requirement that devices are registered, current on policies, and have refused connections to jailbroken devices.

McAfee users self-deploy, allowing very low IT support overhead. Users access and download EMM through the enterprise app store and authenticate using email credentials. McAfee provides support to system administrators.

Mformation Software Manager allows intelligent OTA management of device software and firmware. Apps can be distributed, updated and managed on devices that support standardized and pre-standardized versions of software components (SCOMO), as well as devices using Mformation’s extension to the SCOMO specification.

Configuration Manager allows MSPs to configure settings of new data services and add them dynamically. MSPs can automate the configuration process with Automation Manager modules. Can be integrated with call centers to allow representatives to troubleshoot mobile device issues.

Enterprise Manager can monitor performance and device usage, request a list of installed applications, change and enforce password policies, and monitor real-time device information such as current location, memory, password, and battery status.

Customers can manage private apps through Mformation Enterprise Manager or develop apps through one of Mformation’s MEAP partners. Mformation offers follow-the-sun support, with support centers and staff worldwide. Mformation generally provides 3rd level support since MSPs handle 1

st & 2

nd level

support issues.

MobileIron MobileIron and partners provide guided assistance for customers who are installing VSP, including training and deployment services.

MobileIron’s self-service support portal provides support for US customers and MobileIron’s worldwide partner network. EMEA and APJ customers receive support through suppliers and partners.

MobileIron provides real-time event and application monitoring. VSP will warn IT administrators of non-compliant users. MobileIron Intelligence provides near-real-time activity monitoring for international roaming and voice/SMS/data usage. Provides real-time TEM monitoring.

Users are referred to a self-service portal where they can log new cases, view case status and gain access to the Support Knowledgebase. MobileIron VARs provide Tier 1 and Tier 2 support to IT administrators.



Motorola Solutions

Customers are provided with a MSP Client Software Guide which outlines MSP client software; device reboots, shutdowns, and persistence; network adapters; settings classes; condition classes; and control modules.

BYOD devices are self-enrolled; IT configures all corporate information to ensure security and manageability. IT configuration includes installation of report applications, device inventory, VPN access, Exchange settings.

Monitoring includes remote OTA provisioning and analysis, including application distribution and updates, remote troubleshooting, and data collection (such as cellular metrics, battery, app usage).

Motorola Solutions provides IT with “touchless” staging and registering of smartphones and tablets. Customers may access online and phone product support. Some partners provide support.

SAP Depending on customer preference, SAP will send out a consultant to provide implementation assistance or customers can self-install Afaria using a virtual machine appliance “in about 1 hour.”

Consultants set up the configuration process and walk customers through step-by-step if on-site configuration assistance is required. Otherwise, customers step through configuration set-up through self-installation.

IT managers can view entire device fleet from centralized console. Real-time telecom expense management and monitoring provides IT and users current details on spending patterns and allows IT to make profile adjustments.

Through its Mobile Enterprise Technical Support website, SAP provides customers with a Knowledgebase, the ability to download software updates, and product documentation. Users can log issues online, via email or phone. SAP SaaS partners also provide support.



SOTI MobiControl uses a database to store configuration information. Customers can install the database on the same computer as other MobiControl components, or on a separate computer. MobiControl supports Microsoft SQL Server 2005 (Express, Standard, Workgroup, Developer, Enterprise) and 2008 (Express, Standard, Workgroup, Web, Developer, Enterprise) databases.

Device configuration varies depending on device type. Android: Can sync files with managed devices, deploy encrypted configurations OTA to customize device settings and enforce corporate security policies. Can customize personal and corporate devices, configure corporate Wi-Fi connections and enforce strong password policies. iOS: Can deploy encrypted configuration profiles; customize personal and corporate devices and push custom web clips to devices; configure MS Exchange for secure sync of email, calendar, & contacts; customize Wi-Fi, VPN, APN and password settings; and restrict Safari, YouTube, camera, and apps.

Includes real-time remote control, dashboard with details on security breaches, connection status, platform distribution, device activity, data roaming, installed applications, corporate email access, whether or not encryption is enabled, and system health.

Free first year maintenance; additional years are 25% of paid license cost (includes all product upgrades). MobiControl support is provided via phone, email, portal. SOTI provides consulting/mentoring services with best practices, as well as packaged service offerings (assessment and migration services) and short-term assistance. Depending on the issue, partners or SOTI will provide Tier 1 support ; SOTI also provides Tier 2 support. Professional Services includes SOTI Solution Architects and training.

Syclo Industry-specific teams develop business analysis and needs assessment, then build and execute system design, development, integration, training and ongoing technical support.

Most Agentry-based solutions are deployed directly on users' devices. Configuration includes office Wi-Fi or cellular connectivity. Transmitted data is encrypted.

Agentry MDM provides centralized control over all mobile devices. Agentry Analytics includes systems performance analysis and business process analysis.

Professional Services: presales consulting, design, development, implementation, post-sales technical support and training. Support and Maintenance Program provides email, phone, & web support. Provides integrated support with IBM and SAP.



Tangoe Tangoe assigns users to mobile servers based on pre-configured rules that manage the relationship between the server infrastructure and mailbox servers.

Includes user authentication against corporate LDAP/AD and user lookups for MDM rules framework and security roles.

Includes mobile server user capacity and warning limits, the ability to manage/monitor enterprise applications, and centralized web-based management.

Support includes Tier 1 End User Support, Tier II Help Desk Escalations and Tier III Engineer-to-Engineer Support.

Wavelink Installation varies depending on Mobility Center or Site Edition licenses. Customers obtain the installation file for Avalanche MC or SE, install the software, specify a password, and select the type of installation desired for MC (custom or enterprise). Avalanche is installed to a default installation folder.

Avalanche Enabler automatically finds the Avalanche system. Scan-to-Configure allows configuration parameters to be set using scanned, secure barcodes. Profile-based management defines network and configuration settings and applies to groups of devices.

Two-way messaging allows console operators to send a text message to one or more devices, view acknow-ledgements and message history, and resend messages where appropriate. Device users can “chat” with a console operator. Alerts and notifications send information about critical events. Predefined and custom reports are available.

Supports customers from Utah headquarters 7 am – 7 pm MT. Planning to add staff and increase coverage to 24x7. Remote support allows IT to control a device as if they were physically holding it. Wavelink partners also provide support.

Zenprise Zenprise offers a Quick Start program in which MobileManager is fully installed, initial test devices are enrolled, and technical personnel receive basic hands-on training. Zenprise’s Mobile Policy Implementation service includes Policy Definitions, Best-Practices Guide, and a Questionnaire to assist customers with mobile device management.

Zenprise can establish different configurations and policies for IL & CL devices. Can configure enterprise (Wi-Fi, VPN, APN, AD or LDAP, PKI, & 2-factor authentic-cation) and security resources (encryption of data-at-rest and mobile app tunnels). Can also configure corporate email and 3rd party email containers. Allows white/black listing of apps, management of mobile apps via enterprise app store, and setting of dynamic/context-aware policies.

MobileManager includes the ability to detect user, device, system and service issues; maintain application inventory; maintain hardware inventory; report on device statistics; and report on service details (roaming, location, user inactivity, and expenses).

Zenprise offers custom professional consulting services, including architectural best practice implementations, package deployments, server hardening and server OS or database configuration. Support plans include Gold (24x7x365 for P1 issues and local business hour support for P2-4 issues) and Silver (local business hours M-F and 24x7x365 online access).


KEY CONSIDERATIONS WHEN EVALUATING AND CHOOSING A MDM

VENDOR

POLICIES AND PROCEDURES

MDM TRENDS ON THE HORIZON

CONCLUSIONS & MDM INDUSTRY SWOT ANALYSIS


KEY CONSIDERATIONS WHEN EVALUATING AND CHOOSING A MDM VENDOR

There are many vendors in the mobile device management market today – over 60 companies

that claim to offer some sort of mobility management solution. Moreover, MDM vendors will

readily admit that MDM functionality is all “pretty much the same” with limitations, particularly

by Apple, on what MDM players can do with the mobile operating systems beyond nuances

related to user interface and customer experience. MDM is quickly moving into a commodity

market.

If this is true, how are MDM players differentiating themselves in this crowded market?

Vendors take different approaches, emphasizing partnerships, integrations, financial stability,

“fit” with existing corporate infrastructure, and variety of delivery mechanisms. Other

differentiators include vertical expertise, customer references, and professional services and

support. In essence, it’s what vendors wrap around MDM that provides the most value to

customers.

Given the widespread implications of enterprise mobility growth, what are the critical issues

enterprise IT managers should be considering when evaluating MDM solutions, both internally

within their own organizations and when they are considering MDM vendor selection? What

considerations do customers need to discuss internally before engaging with an MDM vendor?

And what questions should customers ask to ensure their chosen vendor will provide the best

solution to meet their needs?

We offer the following suggestions, based on extensive interviews not only with senior

executives at mobility vendors, but also with customers who recently deployed MDM solutions,

as well as partners who are intimately familiar with these solutions in customer environments.

The recommendations are both strategic and tactical in nature and provide a starting point for

discussions with MDM providers.

Consider MDM as a Long-Term Strategy: Customers should ensure that they are taking

a long-term view of their mobility deployments by preparing for different market

scenarios, including multiple devices and platforms that may be introduced, or that may

disappear. Mobility must be considered in the larger context of not only corporate IT

planning, but overall business strategy. How will mobility help the business gain a

competitive advantage, increase productivity, and realize greater efficiencies? What

areas are ripe for mobility infrastructure, and what areas need more planning before

mobility can be introduced? As Kelly Ungs, Senior Director of Channel Sales at Wavelink

states, “Make sure that what you decide to purchase covers your needs today, but also

make sure you don't make any self-limiting moves and buy something that's going to

force you into a particular configuration tomorrow. Give yourself room to grow.”


Determine Vendor Support for Heterogeneous

Environments: In considering MDM

alternatives, it is important to determine the

depth and breadth of vendors’ abilities to

support many types of devices and mobile

operating systems, particularly if you are

operating in a heterogeneous environment.

While most top-tier MDM providers support a

range of mobile operating systems, device

fragmentation necessitates that customers

inquire about specific MOS levels supported

across the various platforms. Not only are each

of the mobile operating systems different, but

specific devices using a specific MOS are

typically different from each other as well. In a

heterogeneous environment, can all devices be

supported using a single pane of glass? Can the

solution bulk provision across multiple MOS

platforms? Can customers see how user

profiles have evolved over time? Additionally,

while there are very few homogeneous mobile

environments today, some continue to exist,

such as in government offices that mandate

that employees use certain types of phones. If

you are operating in a homogeneous

environment, will the vendor support this?

Ask Questions about Scalability: It is important

to ask vendors the size of their largest

deployments. A solution for a small company

with 200 employees may be vastly different

from that of an organization with 20,000 or

even 200,000 employees in terms of duration,

timing and complexity of deployment; reporting

needs; and scalability. Customers that require

vendors to scale to support large numbers of

users must insist on customer references to

ensure solutions actually scale to promised

AirWatch Scales with Global Customers

AirWatch has helped MNCs deploy thousands of mobile devices:

Coca-Cola deployed 25,000 iOS and Windows Mobile devices and will eventually scale to over 110,000 devices, supporting delivery trucks and CL/IL devices in a global roll-out.

DynCorp has deployed 11,000 iOS devices for Army logistics throughout the Middle East. Critical capabilities include multi-tenancy, high availability, scalability & functionality.

GE has a mixed environment of iOS, Android, Windows Mobile and Symbian devices. GE deployed 15,000 devices in Q12011 and plans to increase this level significantly across all platforms and business units. Emphasis is on tight integration with GE’s current internal infrastructure.

Home Depot deployed over 50,000 Windows Mobile Motorola devices for its retail stores and logistics operations, including the integration of Data Mart reporting with MicroStrategy mobile business intelligence.

Medtronic rolled out over 11,000 iOS and Android devices in 2011 after an

extensive pilot program.


levels.

Determine if you will Allow BYOD in your Organization: If you do allow employees to

bring their own devices to work, determine how broadly you will implement this policy.

Will you only allow certain devices onto the corporate network? If so, which ones? Can

the solution support segmented work populations with both individual liable and

corporate liable devices? How does the solution isolate corporate and personal data?

As John Herrema, SVP of Corporate Strategy at Good Technology points out, “If

companies aren't defining their BYOD policy, their users are going to do it for them and

IT may regret that outcome. Be pro-active. Figure out what you're going to do with

BYOD now.” Herrema adds that “Solutions that work for BYOD will also work for

environments in which companies supply their own devices, but the reverse is not

always true.”

Ease of Use: How easy is it to get up-and-running on the MDM platform? Will it take

minutes, hours, days or weeks to set up the system? Is the MDM platform integrated

into the LDAP system? What is the process for adding new users or deleting departed

users? Can a single user be mapped into multiple groups? Can changes be deployed

without user involvement? How easy is it to use the platform on a daily basis?

Determine your Goals. Ask: “What am I hoping to accomplish with my mobility

strategy?” IT managers need to determine if their goal is device management or data

management. Are you trying to lock down devices or control information and access to

the information? The answers to these questions may guide IT managers’ final decision

of whether to utilize a vendor that offers a platform approach or a container approach,

for example.

Put Corporate Policies and Business Needs Ahead of IT Tools: Policies and strategies

need to come before devices and MDM software so that the MDM solution is aligning to

the customer organization, and not vice versa. Customers must ensure that any

solution they choose fits well with their existing environment, including the servers,

networks and overall organization. What infrastructure does your organization already

have in place for policy control and data? Will the company infrastructure need to be

changed to accommodate the MDM solution, or is the MDM solution flexible enough to

adapt to the organization, including role-based management, the grouping of devices,

and the system’s overall technology? What business problems are you trying to solve

and how can you map technology to meet those needs? How can you equip employees

to make them more productive?

Evaluate your Current Infrastructure: Really understanding your own environment and

the problems you are trying to solve in that environment are basic but critical in the


“Approximately 75 percent of the

companies we work with don't have

adequate security for their current

laptop mobile infrastructure, which

means that mobile is just going to

extend the problem and make it

worse.” Alan Arenas-Grube, Mobility

Practice Manager at Paragon

Development Systems

MDM evaluation process. For example, is your organization a series of silos where

mobile device management will be a separate infrastructure from laptops or desktops?

MDM solutions are often more cost effective and secure when customers integrate

infrastructure silos. Understanding which groups within your organization have

responsibility for mobility is also key. Is it a group within IT that is responsible for the

email messaging infrastructure? Or do smartphones and tablets reside in a different

organization? Stopping vendor discussions to understand who has internal authority

and control over infrastructure can slow down negotiations.

Understand the Needs of Business Units: Organizations need to understand not only

the requirements of the IT department, but the critical business needs and processes

that individuals use with mobility and mobile applications. How is work flow organized?

What impediments stand in the way? What efficiencies can be gained? By

understanding these key components, mobility can be used to propel organizations to

higher levels of efficiency, productivity and competitiveness. Tying mobility projects

back to business improvements within the organization will also provide added

credibility to IT managers and help fund future projects.

Evaluate Mobile Security in Light of Other IT Policies: Mobility is one piece of an

organization’s overall infrastructure. The way in which companies manage security for

their non-mobile devices is often indicative of

the types of security policies they will put in

place for mobility. Consider how well you are

securely managing your non-mobile IT assets,

such as desktops and laptops, and determine if

this level of security is adequate. Companies

that do not secure documents at existing end-

points will not effectively secure documents

on mobile devices, and vice versa. According

to Alan Arenas-Grube, Mobility Practice

Manager at Paragon Development Systems,

“Approximately 75 percent of the companies

we work with don't have adequate security for their current laptop mobile

infrastructure, which means that mobile is just going to extend the problem and make it

worse.”

Drill Down on Security: Given the significant security implications that mobile devices

can have on enterprises environments, it is critical that IT managers fully understand the

security ramifications of the MDM solutions they are considering. This is particularly

important for organizations planning to support Android devices due to lingering


concerns about security on Android platforms, as well as those contemplating a cloud-

based solution. How are certificates authenticated when users are enrolling their

devices onto the corporate network? Is the vendor using device-level VPN or

application tunnels to ensure secure access to applications? How does the solution

enforce security policies that prevent data security breaches? How does the vendor

control what data each user has access to? How do vendors ensure that sensitive data

is removed when a device is lost or re-purposed? Can vendors guarantee that

unsynchronized data will not be lost? Does the vendor utilize a multi-tenancy

architecture? If so, how well is the data secured and what tests have been conducted?

Request assurances and proof that private enterprise information will not be accessible

via the public Internet.

Determine the Features and Functionality you Need and Question Potential Vendors

about their Capabilities: Certain features and functionality are more important to some

firms than others. Can the vendors you are evaluating provide the capabilities you really

need and, if so, to what depth? For example, how many and what types of security

standards are supported by prospective MDMs? While many MDM vendors provide

support for devices at an OS level, they may not support specific features inside the

devices. Choosing a more generic capability may be less expensive, but it may also

result in less functionality at the device level, particularly with ruggedized devices.

Organizations may also want to determine what mobile operating systems they plan to

support in the future. Knowing this is important because MDM vendors can typically

mandate that users’ devices be at a specific OS level in order to access the corporate

network.

Another important consideration related to functionality is form factor: What form

factors does your organization support – smartphones only or other devices too? How

will this evolve over time? Additionally, prospective customers should ask MDM

vendors what features are supported with each delivery model (on-premise, cloud,

appliance). Customers may also want to know if vendors can schedule 2-phase

deployments to gradually download files and install on a given schedule, or if the

solution has pro-active memory management. Experimenting with solutions “hands on”

will also help to clarify which solution best meets your needs.

Go Slow: Organizations new to MDM are advised to start with the basics and not try to

“boil the ocean.” Greater research of MDM technology and vendors upfront will

actually speed eventual deployment in the end. While it is recommended that a

mobility strategy and vision are in place, companies can start with basic tools before

embarking on an overly aggressive implementation. Once organizations are


“We’re in the middle of the ‘hype

cycle’ of MDM. If PowerPoint

presentations worked and if press

releases were always true, we’d be in

nirvana. But we all know that in

technology, that’s not always the

case.” Alan Dabbiere, Chairman of

AirWatch

“There are a ton of organizations

that have sprung up within the last

couple of years. A lot of them are

just one-trick ponies in the MDM

space. Are they still going to be

around in two years? Five years?”

Tim Williams, Director of Product

Management, Absolute Software

comfortable managing the basics, they can leverage best practices and more

sophisticated tasks, such as analytics or integration with back-end applications.

Trust but Verify: Customers must do their due diligence in verifying vendor claims,

particularly around issues such as scalability,

usability, and security. Customer references

can be used to press on “hot button” issues,

but IT managers must go beyond supplied

references, seeking out non-reference

customers from industry contacts and other

knowledgeable sources. Asking specific

questions will also help to determine if a

solution will meet specific needs. Avoid being

drawn in by vendor graphics and fancy GUIs.

Bill DeWeese, IT Manager for Enterprise

Mobility at DynCorp International, provides a good example: “I started interviewing

MDM providers. I didn't know what I didn't know. I got a lesson on what I should be

doing, based on the vendors' marketing spiels. From there, I did my research, asked

more questions, and kept researching.”

Understand Vendor Structure: How will your vendor provide its solution, as one that is

developed and built in-house, or as something it provides through partnerships? While

neither approach is inherently good or bad, the structure of an MDM’s business may

impact how solutions are architected, implemented and integrated within a customer’s

existing infrastructure. In the case of partnerships, it may also impact the purchase

process – buying from multiple vendors instead of one. Additionally, customers will

want to determine if development is done in-house or through third parties, how new

features are provided, how often customers can expect updated functionality, and how

they can get access to those new features.

Understand Vendor Financial Stability

and Corporate Background: Given the

rapid entry of new firms into the mobile

device management market, customers

need to fully understand the financial and

operational strengths of the MDM vendor

they choose. Other considerations include

the length of time the company has been

in business; whether the firm is public,

private or venture capital funded; the


firm’s long-term prospects for success (particularly if the company is a start-up); vendor

profitability; and the vendor’s overall strategic plan and vision. Additionally, customers

should consider related technologies their suitors may be offering, the firm’s depth and

breadth of partnerships, the ratio of technical personnel to sales and marketing

personnel, and the company’s historical frame of reference.

Decide on a Point Solution or MDM as Part of a Larger Offering: Some MDM players

sell MDM solutions as their primary offering, while others provide MDM as part of a

larger offering, selling additional technology that includes client life cycle management,

terminal emulation, voice technology, and communications products and services, for

example. Customers need to decide if they are more comfortable with a “best of breed”

approach or with an integrated approach. Stewart Hubbard, VP of Technology

Operations at Coldwater Creek, believes that an integrated approach is important for

organizations needing to manage a large number of devices. Regardless of which

approach is selected,, MDM integration with existing products and third party solutions

is critical. Avoid vendors that are “islands” unto themselves.

Determine how much Support IT Administrators and Users Need: Vendors typically

provide direct or partner support for IT administrators, sometimes as tiered support

depending on the contract value, but this support is not always 24 x 7. If continuous

support is important to your firm, make sure your MDM vendor offers this as an option.

If direct support is important, make sure the vendor does not outsource support to

partners or other third parties. Ask about the amount of training needed to fully

understand the system’s capabilities, as well as professional service offerings. Inquire

about the vendor’s global support footprint. Determine if vendors offer the ability to

“talk” with other customers in on-line forums about best practices or common

challenges and concerns.

User support is generally provided in the form of an end-user portal. Can users self-

deploy their own devices, allowing for lower IT overhead? Do users need a specific

account for device enrollment (such as a Google email account if they are enrolling an

Android device)? If users call their IT administrators for assistance, can IT provide

remote support? Can IT see the same information on the user’s device that the user can

see? Is there local language support?


“For every customer who is glad to

have Apperian as a cloud-based

provider, there’s another customer

who says they’re not ready to accept

a cloud-based solution. There’s a lot

of money to be made in the mass

confusion and hysteria of mobility

and the cloud.” Alan Murray, VP of

Product, Apperian

Decide on a Delivery Model: Are you most comfortable with an on-premise solution, a

hosted solution, an appliance, or some

combination thereof? If you choose one

option today but want to switch to a different

delivery model in the future, will your vendor

support that? At what cost? Are public,

private and hybrid options available for cloud-

based solutions with the vendors you’re

considering? While some MDM vendors

provide both on-premise and cloud-based

solutions, not all do both equally well.

Moreover, if a vendor’s MDM solution was

architected for one model but not the other,

transition may be difficult, if not painful.

Ask hard questions to potential vendors and make reasoned and deliberate choices

when deciding on a delivery model. Although Apperian offers only a hosted option, Alan

Murray, SVP of Product at Apperian notes that, “For every customer who is glad to have

Apperian as a cloud-based provider, there’s another customer who says they’re not

ready to accept a cloud-based solution.” Murray adds that, “There’s a lot of money to

be made in the mass confusion and hysteria of mobility and the cloud.”

Determine if Telecom Expense Management is Important: Telecom Expense

Management, or TEM, seeks to understand and control costs associated with telecom

equipment and services, including mobile devices and services plans. TEM uses

software to inventory telecom assets, enforce business processes, and manage access to

telecom infrastructure information. As network bandwidth explodes, TEM is expected

to play an increasingly critical role in mobile expense control, with real-time reporting of

user overages a key differentiator for some firms to get in front of the cost curve before

employees overspend their monthly allowances. Some MDM vendors, such as Tangoe

and Wavelink, offer robust TEM plans and come from deep TEM origins, while others

de-emphasize TEM or outsource this element to third parties.

Additional Considerations for Selecting a Mobile Device Management Vendor

Organizations that are implementing mobile device management or enterprise mobility

management infrastructure are strongly encouraged to take a holistic and strategic approach

toward implementation. This extends to the individuals who are part of the decision making


process. Individuals from the following organizational departments should be invited to

participate in device management decisions:

Information Technology, including:

o Security

o Networking

o Enterprise Mobility

o Developers

o Business Intelligence

o Global Consignment

o Technology Strategy

o Operations

o Software Development/Engineering

o Information Architects

o Engineering Client Services

o Business Information Systems

o Help Desk/Support Personnel

o Application Teams

Telecom

Business Group Users, including Sales, Marketing, Strategy and Logistics

Strategic Planning

Human Resources

Finance/Accounting

Executive Team

Furthermore, organizations should consider the creation of an ongoing working group

comprised of individuals from the groups mentioned above whose mission is to understand the

needs of the organization as they relate to mobility management. Questions that should be

answered include:

What is the organization’s policy on employee-owned versus corporate-owned devices?

How will the devices be used within the organization?

How can mobility improve customer satisfaction through greater efficiencies?

How can mobility improve employee morale while not wasting corporate time?

Where are areas that mobility could improve ROI by lowering or eliminating costs and

unnecessary procedures?

Who will pay for the devices and service contracts?

What happens if a device is lost?

What policies need to be in place when an employee leaves the company?


How will applications be downloaded (company store or market store)?

How will market apps be paid for (corporate volume purchase program)?

How much “roaming” do employees typically do and what roaming policies will be put in

place? What happens if there are overages?

POLICIES AND PROCEDURES Despite – and perhaps because of – the increased momentum of the BYOD movement, many

organizations continue to struggle with policies and procedures surrounding their employees'

use of mobile devices within the work environment. Should the IT department support the

personal devices employees bring to work and, if so, which ones? Or should IT managers force

employees to use devices the organization provides to the workforce to gain better control

over devices and applications, thereby lowering security risks? Who pays? How much? With

what frequency?

Table 14 provides suggestions for key criteria organizations should consider including in their

policies and procedures. It should be noted that mobile device policies and procedures are

highly individualistic, based on the needs of each organization. However, there are some

common threads that can be considered across companies and, in some cases, across

industries.


Table 14: Considerations for Implementing Mobility Policies and Procedures

Topic Considerations

Purpose Explains the purpose of the document and the purpose of mobile device usage within the organization, including likely benefits, such as productivity gains and access to

information and individuals on a 24/7 basis. Policy Statement Provides the organization’s policies toward mobile device usage for business-related

purposes. This section may include high-level statements about the organization’s general policies toward employees using mobile devices, such as “If the organization requires an employee to carry a wireless communication device in order to perform his/her duties, the employee, with approval from his/her immediate supervisor and

appropriate senior administration officer or designee, will obtain a personally owned wireless communication device and access/service plan.”

Definitions These are typically listed at the beginning of the policy but could also be placed at the end. Common definitions include “departmental cell phones,” “wireless

communication devices,” “mobile communication devices,” and “wireless communications stipend.”

Eligibility This section defines who within the organization is eligible to be covered under the organization’s mobility policy. It answers questions such as: Will the organization

only provide support and/or reimbursement to senior officials, such as those employees at the director level and above, or will support be provided more broadly?

How will employees who only occasionally need support or reimbursement be handled, such as those who infrequently travel?

Tax Considerations If an organization provides a stipend to workers, policies and procedures should include a statement about reimbursements being subject to taxes, such as FICA,

Federal and State taxes.

Wireless Communications Contracts

Includes language around whether or not employees are responsible for choosing a service provider and negotiating and managing their personal contracts, procedures for payment if monthly minutes exceed allowed minutes, and policies surrounding

employee termination with the organization, vis-à-vis the mobile device. Employee Responsibilities

Includes requirements surrounding employee usage of the device, including personal versus business usage, usage and availability during business hours, renewal

guidelines, adherence to security standards, notification of telephone number changes, reporting lost or stolen devices, device contract termination, employment

termination vis-à-vis the device, and any requirements for justification of the device.

Departmental Responsibilities

Includes requirements for determining budgeting impacts for employee devices; mobile device needs of departmental employees; communication with payroll

regarding approvals, cancellations, or changes to departmental policies; and annual review of employees’ business-related mobile device usage.

Corporate Responsibilities

Includes verbiage surrounding the organization’s responsibility to inform departments, managers, and/or employees of any changes or updates to mobile

device usage policies. Reimbursement Policy

This section usually includes some type of matrix and lays out different levels or tiers of reimbursement for employee devices.


Table 15 provides a sample reimbursement policy for different tiers of users, depending upon their mobility usage. This is an example for illustrative purposes. Organizations should take their own individual circumstances into account before finalizing any mobil ity reimbursement policy.

Table 15: Sample Reimbursement Policy Matrix

Tier Monthly Stipend Description

Tier 1 – Light Users $40 Light usage of mobile devices (450 minutes/month)

Tier 2 – Medium Users

$60 Medium usage of mobile devices (up to 900 minutes/month)

Tier 3 – Heavy Users $90 Heavy usage of mobile devices (over 900 minutes/month)

Tier 4 – Corporate users

$60 Users who require a mobile device for corporate email, calendar, and Internet access. May be provided as a

standalone option or in combination with Tier 1, 2, or 3.


MOBILE DEVICE MANAGEMENT TRENDS ON THE HORIZON During the time we spent intensely researching the mobile device management market, we

kept a watchful eye on trends developing on the mobility landscape. We also asked senior

mobile device management executives, along with mobility vendors in adjacent markets and

MDM customers and partners, to share their insights on current and future trends. In the

following section, we highlight and discuss this collection of insights.

Mobility on Corporate Intranets: Many IT executives are looking toward mobility to

harness and distribute the wealth of corporate information that currently resides on

their company intranets. Nearly all companies have made significant investments in

terms of the information and content they put on their corporate intranets. Corporate

directories, marketing collaterals, and human resource information are examples of

typical content that workers could gain quick and easy access to anytime, anywhere if

made available to them on their mobile devices. The application store paradigm is often

cited as a model for distribution. Numerous MDM executives interviewed for this study

cited enterprise CIOs who plan to support intranet access, including opening up

SharePoint to mobile devices.

Analytics Will Play a Greater Role in MDM: Analytics is expected to play a growing role

in mobility in the coming months, as organizations increasingly identify and improve

processes on the back-end, improving relationships with key internal and external

customers. Areas where analytics can prove useful include:

o User Adoption and Productivity: User performance analysis.

o Infrastructure Reliability: Support cost analysis, service improvements, battery

analysis.

o Help Desk Operations: Help Desk analysis by group, Help Desk analysis by Help

Desk operators.

o Asset Utilization: Device utilization count by day, devices out of contact, unused

device count by group, unused device count by device type.

o Mobile Business Process: Key process analysis by group, key process analysis by

device type, key process analysis by user.

Blended analytics combines information from many different devices and can be used to

perform even greater analysis. For example, an organization could overlay operational

analytics (information gathered about specific technology and processes) on top of


application analytics to understand the impact from one area to another, such as usage

patterns and help desk usage when new features, device drivers, or applications are

added.

Document Management and Distribution through Mobile Device Management: MDM

vendors are increasingly offering document management through their solutions. In

this scenario, documents – such as Word, PowerPoint and Excel files – are pushed out to

user’s devices via corporate networks, obviating the need for an Internet connection

and lowering security risks at the same time. In cases of highly sensitive information,

users can only “view” the documents and not edit or copy them. In other cases, the

documents are only available during a certain window of time, during a scheduled

meeting, for example, and are then wiped from the device. Typical use cases for

document control include high-level Board of Director meetings and discussions

between government intelligence officials about classified information.

Cloud and Mobility are Increasingly Linked: Mobility and the cloud are increasingly

converging as organizations consider alternatives to on-premise installations.

Increasingly, back-end systems that mobile devices are “talking to” are tied to the cloud.

This is particularly true for companies that do not store highly confidential or personally

identifiable information in the cloud. While there remain security concerns about cloud-

based MDM, vendors are working hard to advertise their multi-tenant architectures,

along with separate databases for separate clients.

Technology is becoming highly complex and customers do not have now, and are

unlikely to have in the future, enough IT resources internally to dedicate to mobility

management. Officials at AT&T who are responsible for MDM solutions believe that

customers expect vendors to do more to help with their mobility needs, including

providing dashboard reporting and more detailed billing that includes MDM solutions.

The following testimony from one customer aptly describes the frustration felt by many

IT customers with regard to infrastructure management, and their resulting decision to

move mobility to the cloud:


Transition from Device Control to Data Control: As the mobility market evolves, there

will be an increased emphasis on data control and less of a focus on device control. This

is the next logical step for companies who want to deliver and secure data and

applications, particularly as mobile devices increasingly leave the “walled garden” of the

corporate network.

Greater Emphasis on Authentication and Verification: Because users may have

multiple devices and data can be accessed from different places across devices and from

the cloud, identity management and single sign-on will be increasingly important in the

mobility market.

Mobility and Social Media: Along with the trends of BYOD and consumerization of IT,

social media is creeping into the enterprise. CIOs are wrestling with issues such as how

to handle Facebook accounts within a containerized environment supporting BYOD

users. Social media is also driving questions about which enterprise groups are driving

internal requirements. While the IT department has historically been responsible for

internal requirements, increasingly this is now falling to individuals from line of business

roles, including finance and marketing.

Some vendors report that IT managers are sometimes being by-passed, particularly

when mobile application vendors are involved. For example, Apperian describes

scenarios in which line of business managers in charge of increasing corporate revenue

“I'm tired of downtime. I'm tired of maintenance weekends. I'm tired of the DBA team having to take down my database for a weekend so they can do their patching and their upgrades. I need 24 x 7 support. If this department were my own business, I would expect a certain level of service from the infrastructure team, the server team, the database team, the web server team … and if I didn't get it, I would be able to fire that group and hire someone who can provide that service.

I don't have that in a corporate IT environment. I can't just fire the server team. But I could fire a vendor if that vendor wasn't performing, and I could go and find another suitable vendor.

I need uptime, I need reliability. And that's why I want to go to the cloud. The cloud vendor has more skin in the game to protect their data than I do. They don't want to be embarrassed and they're going to focus on that more than a full -time employee on my staff would.”

Bill DeWeese, IT Manager for Enterprise Mobility at DynCorp International


through applications build and roll-out the applications within their business groups,

only bringing IT in at the end to assuage any concerns about security or demonstrate

product functionality. Typically, the final decisions have already been made and IT

becomes an “Oh, by the way…” group.

Virtualization on Android Devices: A new development that has received increased

attention in recent months is the addition of virtualization on mobile devices. Why is

virtualization an increasingly vibrant topic in the MDM community? Virtualization is an

attempt by vendors to separate the personal and business components of the device,

particularly as BYOD surges in popularity. Most MDM vendors support the idea of

segregating a corporate sandbox environment on a device that allows it to be selectively

wiped if the device is lost or stolen, or if a person leaves the organization and takes the

device with them. At the same time, many MDM vendors prefer to remain agnostic in

terms of how they react to virtualization efforts by device manufacturers and other

firms. In addition, many MDM players have developed their own strategies for

sandboxing and segregating corporate and personal data, stating that virtualization is

not always relevant on their platforms. Even so, MDM players will continue to keep a

close eye on this technology in the coming months.

Several vendors have been developing mobile virtualization solutions to help enterprise

customers manage mobile devices in an increasingly BYOD world. Examples of

companies developing solutions in this area include Citrix, Red Bend Software and

VMware:

o Citrix is working with device manufacturers to integrate its virtualization capabilities

into the device hardware directly, offering a Type-I, or bare metal, hypervisor.

Citrix’s product, XenClient, divides the physical resources of the device, allowing

multiple operating systems to run side-by-side securely in complete isolation.

Corporate data is protected with disk encryption. XenClient is based on the same

technology as XenServer and integrates with Intel vPro hardware virtualization

technologies. Citrix offers three versions of XenClient:

XenClient: Targeted at enterprise customers for use with XenDesktop.

Delivery options include local, streamed, personal, shared and on-

demand apps.

XenClient XT: Targeted at organizations with very high security

requirements, including public sector customers. A thin Type-I client

hypervisor with hardened components and network isolation service VMs

allows multiple security domains and multiple networks on the same

system.


XenClient Express: Provides free bare metal local virtual desktops for

standalone use by IT professionals and software developers/testers.

Citrix XenClient partners include Dell, HP, Intel, Lenovo and Microsoft.

o Red Bend Software is promoting its mobile virtualization vision through its vLogix

Mobile solution. vLogix Mobile allows multiple guest operating systems to run

simultaneously on the same single- or multi-core processor. vLogix Mobile uses a

bare-metal architecture with a thin abstraction layer that sits directly on the device

processor and manages system resources to isolate the operating systems from the

underlying hardware. Resources that are common to more than one guest OS, such

as the CPU and real-time clock, are virtualized so that they can be shared between

various guest OSes that need to access such a resource.

o VMware has been working with Samsung and LG to build its hypervisor onto their

Android devices through Horizon Mobile, an effort to allow mobile devices to run a

second instance of the mobile OS, similar to the way in which virtualization works on

servers and desktops. Users can essentially see two phones running on a single

device and can switch from personal to business usage by touching an icon.

VMware’s offering – Horizon Application Manager – is based on its Mobile

Virtualization Platform, a Type II hypervisor that runs as a layer on top of an existing

operating system and provides access to Windows, SaaS and enterprise web

applications across different devices. Horizon Application Manager allows IT

managers to extend users’ on-premise identities in systems such as Microsoft’s

Active Directory to the public cloud, providing a single enterprise identity for each

user. Users can access a variety of applications with a single sign-on and IT

managers can track user activity through usage reports.

In this new twist on “sandboxing” – separating corporate from personal data – vendors

are offering partitions, using virtualization to sandbox the entire mobile operating

system. The result? Users can run two different operating systems on the same mobile

device, one for personal use and one for business use. As a result, users and IT both

retain control over their respective areas of data.

Because deep virtualization is currently limited to non-Apple devices, many MDM

executives are skeptical that it will see widespread acceptance. Additionally, MDM

vendors have been developing their own solutions for segmenting corporate and

personal data. As a result, while most MDM vendors are continuing to watch the

virtualization market as it relates to mobility management, virtualization on the device is

considered a “no-go” by several key players at the present time:


o Absolute Software, while convinced of the virtues of sandboxing, does not

necessarily see virtualization as the path to get there. Tim Williams, Director of

Product Management, notes that iOS is already sandboxed and that Absolute

Software leverages this in the way it manages iOS. Moreover, AbsoluteSafe is

Absolute Software’s homegrown solution for segregating and managing

documents and media files.

o Good Technology believes that there is a class of applications that, by the nature

of how they are being used, must be deployed as apps that run on the device

itself in order to deliver the best possible user experience, enable work to

continue even when connectivity is not available or is of variable quality, and to

take advantage of integrated device capabilities, such as telephony, location and

camera integration.

o McAfee believes that virtualized desktops are not a viable mobile solution yet

due to inherent problems of dealing with a smaller device, along with bandwidth

issues. This may improve and the industry is moving in the right direction but it

is not “nirvana” yet.

o Mformation believes that mobile devices increasingly have several

“personalities,” particularly given recent BYOD trends. Mformation is evaluating

virtualization technologies from VMware, Enterproid and other vendors who

provide virtualized MDM.

o Officials at SAP, while noting that they are actively working on virtualization

offerings and have already virtualized Afaria on the back-end, believe that the

market is not yet ripe for device virtualization, primarily due to issues with

carriers, who are unaccustomed to virtualized copies of phones, as well as

consumer advocacy groups, who may be opposed to pricing that moves toward

per mega-byte plans.

o Tangoe believes most customers do not fully understand mobility virtualization

or even care if a device is virtualized, as long as they can effectively segregate

personal and corporate data on employees’ mobile devices.

o Zenprise believes that, until virtualization works on iOS devices, it will be

challenging to adopt this technology for mobility because of the desire to

manage all devices on a single platform. In the meantime, Zenprise is moving

forward with its container approach (selective wipes of corporate email,

calendar and contacts, as well as selective wipes of documents), which it believes

achieves the same objective of protecting enterprise data.


Mobile Phone Manufacturers Increasing Processing Power: In the coming months,

mobile phone manufacturers are expected to increase the processor power for mobile

devices. To work effectively, virtualized mobile phones need a dual-core device, which

is the case for most new Android devices.


CONCLUSIONS AND MOBILE DEVICE MANAGEMENT INDUSTRY SWOT ANALYSIS

With the speed, dynamics and ongoing changes within the mobility market, where does this

leave IT managers who are considering the deployment of a mobile device management

solution? The ensuing SWOT analysis, followed by additional commentary, provides a

summary of the MDM market, highlighting areas of both promise and caution for vendors and

customers.

STRENGTHS

MDM is a fast-growing market due to BYOD and consumerization of IT trends.

The MDM client base is highly motivated to select and implement MDM due to security concerns.

The expected continuation of device and OS fragmentation will further drive the need for MDM.

Many MDM vendors have received strong backing from venture capital firms, signaling confidence in this market.

Vendors will continue targeting enterprise customers not yet using MDM solutions.

The SMB market is largely untapped. International markets, particularly in

EMEA and APAC, represent real opportunities for MDM expansion.

Partnerships will continue to drive growth, resulting in mutual benefit for vendors and customers.

MDM players will continue to expand their offerings, including apps, security and TEM.

WEAKNESSES

The MDM market is very crowded, with over 60 players currently jockeying for position.

MDM vendors admit they have a hard time differentiating their offerings.

Customer concerns about security persist for cloud-based offerings.

Historic MDM ties to IT managers may preclude discussions with business groups, giving other category segments, such as MAMs and MEAPs, a competitive inroad.

Key competitive threats include MAMs and MEAPs, who offer a greater focus on end-user experience and are adding to their MDM capabilities.

Price erosion will continue as the MDM market becomes more commoditized, driving down margins.

Mergers & acquisitions have begun (SAP/Sybase, McAfee/Trust Digital) and are expected to accelerate in the coming months.


Based on this SWOT analysis, we offer the following conclusions for consideration:

Mobile Device Management is now Mainstream: While MDM solutions were

considered novel only a few years ago, they are now a common part of most IT

infrastructures. Given the choice of delivery models, the range of players in the market,

and the manageable pricing – particularly for SaaS-based offerings – MDM solutions

offer a good value for organizations who want assurances that their corporate data will

not be compromised, particularly in an increasingly BYOD environment.

Additional Consolidation in the MDM Industry is Likely: While the MDM market is large

and growing, there are too many players to comfortably sustain this growth over the

long term. When evaluating MDM solutions, consider the possibility, indeed the

likelihood, that your chosen vendor may merge with, acquire or be acquired by another

player. Mergers and acquisitions are also a strong possibility between MDM and MEAP,

MAM and/or TEM players as companies seek to offer comprehensive solutions with a

broad portfolio of offerings in adjacent markets.

SMB and International Customers Will Increasingly be Targeted: While selling to

enterprise customers, particularly those in North America, has traditionally been the

preferred target market for most MDM players, attention is now shifting to new

markets, including small and medium businesses and international customers.

Strategies for attracting customers in these segments, including features and pricing

specific to these groups, is being developed and rolled out.

Data is King, Devices are Secondary: While device management had traditionally been

the focus of MDM vendors, data management is now key. The ways in which personal

data is kept separate from business data will be an ongoing debate in terms of vendors

offering a platform approach versus those who offer a container approach. Device

virtualization will also be a technology to watch.

User Experience and Security will Come Together: While MDM has traditionally

focused on security while MAM has stressed user experience, vendors recognize that

both are important. As such, there will be a gradual but steady movement toward the

center for these two paradigms, along with a corresponding shift in the offerings,

partnerships and collaboration efforts between firms in both spaces.

Finally, research and investigation of MDM portfolios will be critical to find the best

solution to meet individual organizational needs. MDM vendors, while similar on the

surface, are different in terms of a number of key factors, including the type of delivery

models they use, their partnership ecosystems, the ways in which they provide

administrator and end-user support, and their approach to security. In our discussions


with MDM executives, we were repeatedly told that “the devil is in the details,” “trust

but verify,” and “look beyond the hype.” Speaking with reference customers, non-

reference customers and partners is essential in gauging satisfaction and the best “fit”

between organizational needs and MDM solution offerings.


APPENDIX: VENDOR PROFILES

Mobile Device Management Vendors

Absolute Software www.absolute.com Mobile Platform Support

Apple iOS 4 and later

Android 2.2 and later

Windows WP 7 (future)

Absolute Software describes itself as a leading provider of firmware-embedded endpoint

security and management for computers and mobile devices, providing organizations with

visibility and control over all of their endpoints. As such, Absolute Software has traditionally

viewed mobile device management as a larger component of the IT ecosystem, and client

lifecycle management as a part of its end-point management and end-point security model.

Tim Williams, Absolute Software’s Director of Product Management, states that the ability to

provide truly unified management tools for client lifecycle management and mobile device

management is relatively unique within the industry and a critical differentiator for Absolute

Software.

Absolute Software believes that its approach to mobility fits well with the trends that are taking

place in the market today – the convergence of security and management, along with a device-

agnostic approach to management. Absolute Software has solid relationships with desktop

support groups that are already managing computers and software and believes the same

individuals who perform software license work are also managing applications for mobile

devices.

When addressing customer concerns about consolidation in the mobile device management

market, Absolute Software stresses its longevity as a provider of end-point security systems –

18 years – adding that it “did not just emerge to chase a trend.” Instead, Absolute Software

believes that MDM is integral to what it has been doing throughout its history.

Absolute Software believes that mobile device management infrastructure must integrate with

customers’ existing environments. Tim Williams states that while end-point devices may

change frequently, a customer’s Windows data center will not. Similarly, most Active Directory

or Open Directory network infrastructure will remain relatively constant. Williams emphasizes

Absolute Software’s ability to leverage and integrate existing corporate resources. For


example, Absolute Manage Server, Absolute Software’s MDM solution, can be installed on

either a Windows or Macintosh system.

Absolute Manage MDM is Absolute Software’s fastest growing business and the company is

cross-selling its MDM offering with other products, using its existing relationships with

customers to promote MDM. At the same time, Absolute Manage has “opened doors” with

MDM customers to promote Absolute Software’s other offerings, such as endpoint security

solutions.

In mid-2011, Absolute Software released AbsoluteSafe, an application that provides granular

control over corporate data stored on iOS devices. AbsoluteSafe functions as an application on

a device but is managed through policies on the Absolute Manage console. Absolute Manage

can set policies that allow a device or group of devices access to certain documents based on

different criteria, such as Active Directory, a group, the company, or a department. Once a user

is assigned by policy, the documents are available on the device. Additionally, Absolute

Software can add restrictions to the documents, such as disallowing the document from being

copied outside of AbsoluteSafe. Similar restrictions apply to emailing, printing, or saving

outside of AbsoluteSafe, providing a secure alternative to services such as Dropbox.

AbsoluteSafe also provides an avenue to delete company documents if iOS users remove the

management profile on the device and opt out of device management; in this scenario the rest

of the device would not need to be wiped.

Absolute Manage can distribute in-house and market applications and can host in-house

applications. Absolute Apps is an on-device, self-service portal that allows users to get

applications that are assigned to them by policy, whether they are third party or in-house

applications. Absolute Apps allows users to tap and install from a single user interface, thereby

avoiding a trip to Apple iTunes or Android Market. Absolute Manage is still going to these sites

“under the covers” but it allows users a more seamless experience by presenting the

applications in a single location.

Absolute Manage also integrates with Apple’s Volume Purchase Program, attaching and

embedding VPP codes and centrally reporting the codes when they have been redeemed.

Absolute Software does not provide any of its own application development, preferring instead

to allow large enterprises to continue with their work in this area as a continuation of the

application development they have done in the past on desktops and mobile devices.

While Absolute Manage has no inherent limits to scaling, the largest current customer

installation is approximately 50,000 end-points. While it can see when users are roaming and

report on that activity, Absolute Software does not provide telecom expense management

services currently, noting that this functionality is “well outside” of the purview of IT today.


Absolute Software’s Tim Williams notes that the company is exploring partnerships with TEM

vendors because it “makes sense as an adjacent space.”

AirWatch www.air-watch.com Mobile Platform Support



BlackBerry V4.0 and later

Symbian 3 and later, S60

Windows Windows Mobile 5+, WP7 and later, Windows CE

In business since 2003, AirWatch has seen its growth surge in the past year as more companies

realize the benefits of mobile device management solutions. Highlights of AirWatch’s success

include:

Five of the top 10 US retailers are AirWatch customers. AirWatch is in pilot

deployments with three of the remaining top retailers and in discussions with the final

two.

A Customer base of over 1,500 customers.

Single MDM deployments exceeding 50,000 devices, growing to 100,000+.

Employee growth from 450 employees in February 2012 to an anticipated 800+ by the

end of 2012.

o Approximately one-half of AirWatch employees are focused on R&D.

The addition of 100,000 square feet of office space to support its growing operations.

AirWatch added security functionality to its MDM product in 2011, including a Secure File

Locker that allows AirWatch to secure files and email attachments so that users may view the

information but may not cut, paste, forward or view the information offline. For highly

sensitive information, AirWatch can retain the data on AirWatch servers and not push it down

to individual devices, effectively removing any ability to view a document when the application

is closed. AirWatch offers basic, LDAP and proxy user authentication and distributes content

based on a user’s role, device group or ownership. Content is fully organized and allows users

to search, filter by favorites and view by most recent documents.


AirWatch also added a Secure Browser to its MDM offering, restricting where users can go on a

corporate-liable device. For example, luxury retailer LVMH will use the AirWatch platform in all

63 of its global companies to help customers in the buying process, using iPads as kiosks. The

iPads will be locked on “Sephora TV,” for example, to help in the sales process.

AirWatch’s SDK library provides a set of security functionality for iOS enterprise applications.

Key functionality includes jailbreak detection, single sign-on, certificate integration, application

usage monitoring, data usage reporting, data encryption for data stored within an enterprise

application, remote wipe, and geo-location tracking and fencing. According to AirWatch

Chairman Alan Dabbiere, “Virtually every mobile Point of Sale vendor has ‘baked’ this

functionality into their product.”

AirWatch offers three models of its mobile device management offering, including on-premise,

SaaS and an appliance, allowing customers extensive flexibility in choosing an option that best

meets their needs. Dabbiere believes it is very difficult to pivot from a single-tenant on-

premise architecture to a multi-tenant SaaS offering and cautions prospective MDM clients to

verify multi-tenant architectural claims made by MDM vendors.

AirWatch sees partners as critical to its success and believes the AirWatch network of partners

is a key differentiator for the company. AirWatch believes that customers want to purchase

from vendors that utilize a rich ecosystem with seamless integrations between all the players

and moving parts. Dabbiere emphasizes the importance of remaining relevant to key partners

such as Apple, Samsung and HTC so that these vendors will continue to provide APIs for deep

integration. AirWatch’s Chairman also notes that, because some partners utilize AirWatch

MDM but re-brand the solution as their own, AirWatch has a larger global footprint than may

be readily apparent.

Dabbiere cautions prospective MDM customers to be concerned about vendors without a rich

partner community. Dabbiere also urges prospective customers to consider the long-term

viability of MDM vendors, evaluating the likelihood that vendors will still be viable players in

five years, along with vendors’ global footprint. A rich partner community can help in both

respects.

AirWatch typically encounters three categories of customers:

Customers who have no doubt that they will utilize an on-premise solution. These

clients are typically large enterprises who utilize mobile devices primarily within a

corporate establishment or via Wi-Fi. Customers in this category are generally not

interested in a cloud-based model.


Smaller companies that do not have the infrastructure to manage an on-premise

solution. Clients in this category typically have less than 100 devices to support and do

not have the technical competence to manage mobility. These customers typically only

evaluate SaaS solutions.

Companies in between who are interested in both on-premise and SaaS but are unsure

about the direction in which they will go. Customers in this category may let

functionality or vendor persuasion determine their ultimate choice.

AirWatch customers who sign up for one model but later decide to change to another model

can do so easily, according to Dabbiere.

Alan Dabbiere believes that MDM is a necessity for IT departments today, noting that “IT

managers are not making decisions on whether or not to implement MDM. Instead they’re

making qualitative decisions on who is the best MDM to install. That’s why most of our focus is

on developing and honing our marketing to demonstrate that we’re the best value at the least

cost.” AirWatch believes it offers the greatest functionality at the lowest cost in the crowded

MDM market.

AirWatch supports customers in over 15 vertical markets, with a strong focus on government,

healthcare, retail, manufacturing, and technology. Sixty percent of AirWatch revenues come

from North America, with 25 percent from EMEA and the remainder from Asia Pacific.

Approximately 70 percent of AirWatch revenues are derived from SaaS deployments, 20

percent from on-premise and 10 percent from the AirWatch appliance.

AT&T www.corp.att.com/enterprise/manage-protect-mobile-assets Mobile Platform Support

Apple iOS 4 and later (McAfee); iOS 3 and later (MobileIron)


BlackBerry v5.0 and later (Mobile Iron); Basic Support (McAfee)*

Symbian Basic Support (McAfee)*

Windows Mobile v5.1 (MobileIron)

Windows Phone WP7, No EMM agent required (McAfee); WP7 (MobileIron) * Basic support includes the ability to perform remote wipe (restore factory settings) and require use of a password or PIN to unlock.

AT&T believes that mobility is a key technology driver impacting organizations worldwide.

Within AT&T itself, mobility has become a major focus at all levels of the organization. Due to

the speed at which the mobile device management market is moving, AT&T chose to partner


with best-of-breed vendors instead of building its own MDM platform. These vendors include

Good Technology, McAfee, and MobileIron. AT&T officials believe that AT&T’s ability to

compete in what is has become a “land grab” market will center on its ability to adopt a nimble

approach and continue investment in an expanded partner portfolio. AT&T will add value by

integrating with other offers and capabilities as customer needs change over time.

AT&T, which also partners with several MEAP vendors, believes that there will be greater

integration of MEAP and MDM capabilities in the future, particularly as customer requirements

become more sophisticated in terms of custom applications they can use to differentiate

themselves. AT&T believes most MDM vendors should move more quickly and aggressively in

order to exploit these opportunities. AT&T states that it will continue to invest in MDM/MEAP

integration, a category it refers to as Governance and Administration.

In working with partners, AT&T is focusing on APIs to ensure deep integrations and the ability

to leverage the full functionality of available platforms. AT&T is also pushing to expand its

partner ecosystem whenever possible, taking advantage of opportunities to partner with its

partners’ partners when there is mutual benefit. Through its partnership with MobileIron, for

example, AT&T was introduced to work that MobileIron has been doing with Cisco in Europe.

Other areas where AT&T plans to focus in the near term include enhanced application

management and integration with TEM governance and administration, as well as security,

including anti-virus, anti-malware, and anti-spam capability. Additionally, AT&T will focus on

the impact of connectivity on security (such as blended SSL/VPN connectivity). Longer term,

AT&T plans to focus on identity and personas, including ways to build better capabilities for

customers in order to manage their BYOD environments, such as segmenting and containerizing

personal and corporate data. While security will continue to be a focus for containerized

solutions, AT&T looks to provide future enhancements and development around containers for

expense management. Ultimately, AT&T envisions putting a separate voice and data plan

associated with a container on each user’s device, adding that customers have been very

enthusiastic about such an approach due to the accounting efficiencies it would provide.

Delivery models are an additional area of interest to AT&T, including not just on-premise and

cloud, but hybrid combinations as well. Helping customers decide which approach is best and

how to manage their preferred infrastructures is of critical importance to AT&T, particularly as

customers shift their preferences for different delivery models. AT&T notes, for example, that

at least 50 percent of the demand it is currently seeing for MDM is coming from customers

interested in a hosted environment.

AT&T has analyzed its maintenance and support offerings within the context of MDM in trying

to determine the best cost structure to use to effectively operationalize support. AT&T will


likely continue to target enterprise and SMB organizations, with less of a focus on deployments

of 50 users and below. As more organizations move to a cloud-based MDM model, support

becomes more comprehensive for providers in terms of taking responsibility for tasks such as

moves, adds, changes and deletions, as well as full back-end administration.

BoxTone www.boxtone.com Mobile Platform Support



BlackBerry 4.x and later

Palm/HP WebOS

Windows Mobile Windows Mobile 5.x and later, WP7 and later

BoxTone is unique in the mobile device management market due to its history as a provider of

enterprise systems management and performance monitoring management solutions.

BoxTone targets F2500 customers and a large percentage of federal government agencies. Key

BoxTone verticals include finance, government, insurance, healthcare, and retail. The company

also targets distribution and transportation companies (because they behave like regulated

industries), as well as professional services and legal firms (because they support regulated

industries). Additionally, BoxTone has benefited from a spillover effect: many customers

approach BoxTone with the knowledge that it supports vendors such as CitiGroup, Kaiser

Permanente, BT, or the US Department of Defense and has been vetted by these organizations’

rigorous standards.

BoxTone states it has over 1.2 million devices under management by its customers directly or

via managed service providers, including:

Four of the five largest US banks

Eight of the top 10 MSPs (include large MSPs such as BT, CSC, Dell, Fujitsu, HP, IBM, and

Xerox/ACS)

Four of the five largest US federal government agencies

BoxTone also partners with handset manufacturers and mobile operating system vendors.

BoxTone believes it has three key advantages in the highly regulated industries it targets:


Customer Comfort with a Known Entity: Having an ITSM service management

background means that BoxTone is familiar to regulated F2500 companies. As Brian

Reed, BoxTone’s Chief Marketing Officer, explains, “We look, smell, act and behave the

way they run their IT departments. We speak the language. Metrics, compliance, data

accuracy, real-time statistics, and integration with infrastructure to leverage existing

systems really does matter.” Vendors that have already made a decision around BMC,

CA, HP or IBM already have processes and best practices to which they operate wrapped

around ITIL and ITSM.

Speed of a Ferrari with the Strength of a Sherman Tank: BoxTone has been providing

MDM solutions for six years and prides itself on its high performance, bullet-proof

platform and a “do no harm” mantra. Additionally BoxTone differentiates itself from

competitors by highlighting its rugged, high-availability, high-reliability, and industrial

strength capabilities that F2500 and highly regulated companies gravitate toward.

Modular Architecture: BoxTone states that, while its product can address the entire

lifecycle of enterprise mobility management, the offering is divided into modular

components so that customers can buy the platform and start with individual modules.

According to Reed, “The modular approach – buy the platform and the modules you

need – is like a razor and razor-blade model that makes it easy for customers to start

and grow. We’re a ‘low-friction’ choice.” BoxTone can run multi-tenant architectures

for customers who require this for separation of data reasons.

BoxTone provides three solution suites comprised of six modules. The BoxTone Mobile Security

Solution provides traditional MDM capabilities, focusing on security and compliance

management for deployment of devices/apps, change management and mobile data

protection, plus asset and expense management for tracking assets and utilization. Extending

from MDM, the BoxTone Mobile Support Solution includes service desk management and user

self-service for remote trouble shooting and quick repair. When mobile users have an issue

with their device or applications, the support team or users themselves can quickly look up the

status, see what the problem is through automated diagnostics, and see how to fix it with the

embedded knowledgebase of repair recommendations. Extending from MDM, BoxTone

Operations Management Solution delivers incident management and performance

management, including back-end IT operations monitoring of all the mobile services between

the data center and the devices to make sure the applications are running, the services are

reliable, VPN is functioning, Wi-Fi is working, and application response times are adequate. If

not, alerts are sent to IT when there are failures that must be diagnosed and fixed. BoxTone

believes that quality of service and security are both critical for mobility and both should be

given equal weighting.


BoxTone offers an on-premise MDM solution and a private cloud version of MDM, believing

that highly regulated and government customers who want a cloud model are more

comfortable with private clouds due to data protection issues and organizational policies.

Notes BoxTone’s Reed, “We're not trying to boil the ocean and own the whole market. We

deliver solutions to match what customers need with a focus on the complex requirements of

the F2500 and regulated industries.”

Similarly, BoxTone does not compete on price, acknowledging that it is a premium solution for

the hardened platforms it provides. BoxTone states that its platform was built as a J2EE

application and is componentized and runs on a J2EE backbone, allowing it to scale horizontally

and vertically. For example, the average BoxTone customer deployment is 2,500 devices;

BoxTone’s largest customer has over 85,000 devices on a single instance of software. A

BoxTone MSP customer has a cloud service running hundreds of thousands of devices off a

single instance in their cloud.

BoxTone provides application management, including application deployment, monitoring,

updating change management, remote wipe, and audit inventory for compliance. The company

offers an Enterprise App Catalog for customers who want internal application management and

control. For customers who want to build their own applications or are using third parties to

build applications and want a broader level of functionality, BoxTone partners with Apperian.

According to Reed, “BoxTone will never go into the app development world because it’s not

core to what we do. We’re the device and application management backbone. Apperian

provides expertise in application development and SDK development with its EASE platform.”

In BoxTone’s portfolio of modules, Apperian is one of the application development and

management partners. Points of integration with Apperian include security, configuration and

change management, all of which plug into BoxTone’s engine. As BoxTone users get

provisioned, they are also provisioned for either the BoxTone enterprise app catalog or the

Apperian EASE application catalog, with BoxTone pushing down appropriate enterprise

applications for each user. Apperian plugs in and becomes a piece of the BoxTone

infrastructure that is already servicing the users that do security compliance, asset

management, service desk automation, user self-service, and incident and performance

management. Apperian becomes another node to help BoxTone deliver application

functionality.

BoxTone’s Reed states that the company has a “really interesting constellation of partners”

with whom it integrates, providing IT managers with an abundance of choice. In addition to

BoxTone’s partnership with Apperian, the company also has a partnership agreement with

Good Technology where BoxTone provides real-time service desk, incident and performance

management for the Good FIPS-certified secure messaging container. In addition, according to


Reed, enterprise IT managers can choose Good’s MDM technology, BoxTone’s MSM

technology, or both. Concludes Reed, “It’s better to partner with another company and

leverage their innovations and hard work, especially if they have the IT, installed base and

established expertise. Then you can just bring their technology into the fold.” BoxTone plans

additional partnership announcements in 2012 with both small and large best-of-breed

vendors.

BoxTone’s Reed notes that much of the integration built into BoxTone’s platform is a function

of the software already in the data center, adding that BoxTone uses high performance and

secure connections to interact with other systems. For example, a customer may have HP's

event monitor running in the data center and then request BoxTone in their private cloud.

BoxTone will send events through the customer's encrypted VPN tunnel to HP's event console,

which is already running in the customer's on-premise data center.

The founding members of BoxTone included individuals with systems management and

application performance management experience. In 2005, BlackBerry’s rapid penetration of

the enterprise drove BoxTone toward the emerging enterprise mobility market. A private

company, BoxTone does not divulge annual revenues. It notes, however, that it is growing and

doubling its revenues annually.

Fiberlink www.maas360.com Mobile Platform Support

Apple iOS 3, 4 and 5 (directly or through ActiveSync)

Android 2.2 and later (directly or through ActiveSync)

BlackBerry v5.0 and later (directly or through ActiveSync)

Kindle Fire (directly or through ActiveSync)

Palm/HP WebOS (through ActiveSync)

Symbian S60 and Symbian ^3 (directly or through ActiveSync)

Windows Windows Mobile 6.x, WP7 (directly or through ActiveSync)

Fiberlink is one of the few MDM vendors to offer a cloud-only solution – its MaaS360 offering.

MaaS360 was initially introduced in 2007 as a tool to manage laptops and desktops; in 2010,

Fiberlink added support for smartphones and tablets. Fiberlink supports mobile devices directly

from its MDM platform, as well as through Exchange ActiveSync and Lotus Notes Traveler.

Fiberlink believes that a key differentiator of MaaS360 is that it can seamlessly integrate with

customers’ existing infrastructure, such as Microsoft Exchange or Lotus Notes, sitting alongside


that infrastructure, and not in the same mission critical path. As a result, MaaS360 will never

cause a mail outage and will continue to operate even when other systems may not.

Fiberlink positions itself as an enterprise mobility management vendor, what the company

believes is a higher-level category than mobile device management. Fiberlink believes that

mobile device management, application management, document management, expense

management and security management are all just different components of EMM.

Financial services constitutes the largest industry vertical for Fiberlink, with between one-

quarter and one-third of all Fiberlink customers in this category. Financial services customers

include those in banking, securities investments, and insurance firms. Health care, another

highly regulated industry, is Fiberlink's second largest vertical and includes providers, payers

and life sciences companies. Professional services represent its third largest vertical, followed

closely by the high-tech industry.

In addition, Fiberlink notes that it is doing “quite well” with sales to the federal government,

including recent wins based on Fiberlink's cloud-based approach. In early 2011, for example,

the US General Services Administration chose Fiberlink for its cloud-based device management

solution. Fiberlink is managing GSA's smartphones and tablets, as well as desktops, laptops,

and some servers. Fiberlink also provides workstation power management services to GSA.

Fiberlink provides support for Apple, Android and Windows Phone 7 market applications, as

well as private application catalogs, including recommending applications to enterprise

customers from public application stores. The company is considering providing a service that

would highlight popular applications to customers based on data gathered from their service.

All application development at Fiberlink for MaaS360 has been done internally.

Fiberlink strives to foster a sense of community among its customers, primarily through its

“MaaStersCenter,” an online community that includes an expert’s forum, past and future

webinars, weekly tips, and a Q&A forum. Fiberlink states that it is the largest online community

solely dedicated to MDM. Fiberlink also has links to social networking sites, such as Facebook,

Twitter, and LinkedIn. Additionally, users can “Suggest a Feature” for upcoming releases.

Fiberlink’s blog has articles on cloud computing, mobility management, endpoint management,

policy management, managed services, and other topics of interest to the MaaS360

community. In the future, Fiberlink plans to leverage its cloud-based platform to help specific

customers. For examples, customers could post questions such as “What is the average pass

code length for organizations in the health care industry?” or “What is the most common

application that is blacklisted in financial services firms?” Fiberlink would like to foster peer-to-

peer interaction to share best practices.


Fiberlink believes that its ability to rapidly push out new software releases is a key differentiator

in the crowded MDM market. According to Neil Florio, Fiberlink's VP of Marketing, “Our

approach is to do a release every three weeks, sometimes sooner. These are typically releases

with new features and functionality added, and we make this available instantly to all of our

customers with no action required on their part.” Jonathan Dale, Product Marketing Manager,

adds that, because of MaaS360’s one-to-many relationship, all Fiberlink users are on the latest

software release at the same time while also maintaining the ability to configure their own

systems to meet their individual needs, such as leveraging specific features and editing

customized reporting.

Fiberlink uses its own infrastructure for cloud hosting, built since 2007 using in-house

technology. Hosting is done at a data center located at Fiberlink’s headquarters in Blue Bell,

PA, as well as additional data centers that are geographically located for redundancy and fail

over. Dale notes that, with its history of over three billion mission critical authentications

worldwide across its network, Fiberlink felt that it had sufficient expertise to build its own in-

house solution.

When service providers approached Fiberlink about running the MaaS360 software, Fiberlink

agreed to let carrier partners offer their own services that are powered by MaaS360. Examples

include Vodafone UK, a long-time Fiberlink partner, and more recently O2. In essence, Fiberlink

will allow any partner, including carriers, VARs or resellers, to brand an instance within

MaaS360 and offer it as their own. On-boarding partners is a simple process since the partner

does not have to set up any infrastructure.

Another partner category with which Fiberlink is finding success is that of telecom expense

management (TEM) vendors. Standalone TEM vendors may have a customer base without

mobile device management service. With Fiberlink’s MaaS360 platform, both parties enjoy

mutual benefits. While Fiberlink does provide some expense management services, most of its

focus is on data services, not voice services.

Fiberlink highlights its focus on end-user experience, stating that it seeks to ensure that device

enrollment is straightforward and efficient. Once enrolled, Fiberlink tries to anticipate the type

of interactions users will need. For IT administrators, Fiberlink strives to make system set up,

management and support a streamlined and straightforward process. For example, when a

customer signs up for MaaS360 service on Fiberlink's web site, Fiberlink creates a billing

account for the customer, ties it into Salesforce and Fiberlink's own internal billing and finance

systems, and assigns the customer rights and responsibilities, all in the background. According

to Dale, “The process takes only two minutes. The customer instantly gets access to the

platform to manage the devices and can begin to instantly enroll those devices under

management.”


The MaaS360 platform currently manages over 1 million endpoint devices.

When addressing customers’ security concerns surrounding cloud-based architectures, Fiberlink

points to its list of certifications, including SAS-70 Type II, FISMA, FIPS 140-2, and HIPAA. Neil

Florio notes that, “In any good multi-tenant platform such as Fiberlink’s, strong security walls

are set so that customer information is never crossed.”

Fiberlink increasingly sees managers from outside IT organizations as drivers of mobile

solutions, particularly for applications. Key mobile constituents include sales and marketing

executives who may want to distribute documents to their staff, for example. Accordingly,

Fiberlink has modified its sales messages to meet the needs of these groups.

When responding to customer concerns about consolidation in the mobile device management

industry, Fiberlink states that it has been in operation for 20 years with consistent investors and

mature processes. Fiberlink officials note that the company has been profitable and cash flow

positive for the past several years. Fiberlink representatives insist the company will remain

focused on growth and customer service.

Good Technology www.good.com Mobile Platform Support



Symbian S60

Windows Windows Mobile 5.x and later, WP7.5

Good Technology is best known for its container approach to mobile security and device

management. Good believes that in order for IT managers to truly prevent corporate data loss

and comply with regulations, greater emphasis should be placed on “data” management versus

“device” management, since managing the device alone is generally neither sufficient nor

necessary to prevent data loss and meet corporate security and compliance requirements,

which is the ultimate goal of most IT managers. Good focuses on ensuring security, data loss

prevention, and compliance as its primary objectives, with device management a secondary

objective.


“Good solves the real problem: if IT

managers can have control of the

data and control how the data is

used in the context of the business

applications, then they don't have to

worry about data leakage because

they are deciding where the data is

being shared, not the end-user.” John

Herrema, SVP, Corporate Strategy, Good

Technology

In managing mobile data and applications, Good’s approach is to allow IT to more explicitly

control the mobile applications that actually use and store sensitive corporate information.

Through its Good Mobile Control management console, and its Good Mobile Messaging and

Good Mobile Access applications, Good has built

policy and data-loss controls into the key

applications that are most frequently used by

knowledge workers daily. This approach gives IT

managers the ability to apply policy to these apps

specifically, without impacting the user’s overall

personal experience. This includes the definition of

application password policies; policies to allow or

disallow cut, copy and paste into or out of these

applications; and policies to determine which

applications should be allowed to open or share

corporate email attachments or other corporate

documents.

In addition, IT administrators can decide if they want to allow corporate address book data to

be synchronized with the device’s native address book and, if so, which fields should be synced.

For example, corporate Address Book entries have a ‘notes’ field, which frequently contain

entire internal email threads. Good’s customers will frequently block the sync of this particular

Address Book field because they do not want third party apps using “open” native Address

Book APIs to extract and replicate this potentially sensitive data. Because the Good

applications themselves have these policy controls built into them, IT managers can decide how

much or how little data they want moving from the business environment to other applications

and vice versa. In essence, Good is using its containerization approach to not only apply

encryption, selective wipe, password controls and similar settings, but to build policy controls

that actually govern the behavior of “business” applications and how they share data with one

another.

Recognizing that it cannot build every application its customers might want, Good has taken the

same underlying “plumbing” and security framework that it uses in its own applications and has

made this available to developers as a set of libraries through its Good Dynamics mobile

applications platform. If a customer wants to build an internal application for employee use,

they can use the same security model, management framework, and compliance framework

that Good has built into its own applications, providing IT managers with the ability to manage

policy collectively across those applications. Applications are able to share data and inter-

operate with one another while limiting exposure to other parts of the device, particularly on

the personal side. As a result, Good believes customers achieve the degree of openness they


want without unnecessarily exposing corporate data to loss and leakage. This framework is

also available to third party ISVs and Good has already partnered with leading business and

productivity app providers such as QuickOffice, iAnnotate, Box.net, Roambi, and many others.

Good sees its approach to data and application security and control as the primary difference

between how it approaches the market vis-à-vis competitors, noting that MDM solutions are

limited to what the underlying platform’s MDM framework and/or APIs support. While Good

also supports these frameworks and APIs, it does not believe this model, on its own, is secure

enough to prevent data loss and leakage, especially in the current BYOD environment where

disabling app stores and services like iCloud, or “blacklisting” apps such as Dropbox, are not

realistic options. Good notes that most of its customers are security-conscious or in highly

regulated industries, such as financial services, health care, life sciences, and government.

Other verticals Good routinely supports include management and professional services, legal,

and “high technology” customers such as those in software, aerospace, semi-conductors, or

pharmaceuticals who have strict requirements to maintain the confidentiality of their

intellectual property.

Good also believes its approach toward data management helps to avoid inherent problems

with application blacklisting. For example, employees using a personal mobile device may use

services such as Dropbox in their personal lives that otherwise present security and compliance

risks in a corporate setting. Without sufficient control built into “business” applications, IT

managers may be unable to prevent employees from using Dropbox or syncing their data to

iCloud. Alternatively, they may be forced to disable or “blacklist” such apps, which leads to

unnecessary friction and impact on the user’s personal experience. While services such as

Dropbox are not malware, using them in a business setting exposes the enterprise to potential

data leakage and loss scenarios.

Good believes that a fundamental consideration enterprises need to make is whether or not

they are introducing or expanding a BYOD policy. If so, there may be implications from a

security standpoint. Explains Good Technology’s John Herrema, “At the end of the day in a

BYOD environment, IT cannot lock down the user's device because users will not accept this.

Companies will have a dilemma: If they are trying to set a password on a device because they

need to secure the device, there will be pressure from users who are annoyed they have to log

in and enter a password whenever they access their device. IT will face pressure to ‘dumb-

down’ its policies and allow a 4-digit numeric PIN, which undermines the value of encryption.”

Good believes that when companies take this approach, they are opening themselves up to

brute-force attack, even by a very mediocre attacker.

Good believes that any MDM solution – whether on-premise or hosted – must control the flow

of data and prevent data from being lost into other applications and services. Good believes


that, because the data is starting from behind a firewall, applying encryption and other security

controls in the “cloud” after the data has already moved from behind the firewall necessarily

creates man-in-the-middle security issues. As a result, Good’s approach with its own

applications and with Good Dynamics applications ensures that any piece of data is always

encrypted and compressed before it leaves the firewall and traverses any public network. Still,

many observers believe that offering both an on-premise and cloud-based approach is

important for mobile device management and Good may eventually redeploy its solution in the

cloud if it can address security concerns.

Good states that it does not utilize virtualization. Why? Good customers are using their

applications in mobile environments where connectivity is not always available, not always low

latency, or free. Because customers want off-line access to data and an optimized user

experience that takes advantage of native capabilities, Good does not believe that extending

virtualization down to smartphones is appropriate to deliver many applications, with Good

Mobile Messaging being a good example of the type of app that simply works better and allows

for greater productivity and resiliency because it is implemented as a native application, not a

virtualized application. Good believes that for many classes of applications, customers and

their end users want their data to integrate with the behavior of the device and that certain

classes of applications, due to the nature of how they are being used, where they are used or

how frequently they are used, must be on the device. One example is insurance claims

adjusters who take pictures of accidents, secure the data, attach it to a form and relay the

information back to a relevant application server. Good also recognizes that Apple does not

allow virtualization on its platform, and given the popularity of Apple devices today, believes

this is a major hurdle to virtualization.

Good provides support for customers who want to provide private and public applications to

their employees, as well as integration of these applications with back-end systems. Good

notes that it has been “doing this for years” on Windows Mobile and Treo devices. Good’s IT

customers can designate which applications they want their users to have by policy group and

Good will enable the distribution. Good notes that it has the “ultimate carrot and stick” –

because users are dependent on the messaging and intranet access to applications, Good can

take away access to user’s messaging and browsing if they do not deploy mandatory

applications IT managers have specified.

Good is unconcerned about potential industry consolidation within the MDM market, noting it

has been in business for over 10 years and is “self-sustaining.” Good points to its longevity and

willingness to “be there” for its customers, some of whom have been with Good since its

inception. Good states that growth in the enterprise segment of its business has been over 100

percent annually for the past two years and expects strong growth to continue.


Headquartered in Sunnyvale, CA, Good is primarily focused on markets in the United States,

United Kingdom, Europe and Asia Pacific. Good does not have direct sales offices in Latin

America, preferring instead to rely on partners for this region. Good notes that it frequently

reaches markets such as Latin America, Eastern Europe, and Japan by selling to a multi-national

company’s headquarters and helping the enterprise deploy globally.

Good’s customer base consists of four of the Fortune five, seven of the Fortune 10 and 50 of

the Fortune 100. Good also counts eight of the top 10 largest global banks as its customers,

along with five of the 10 largest healthcare companies. In the government sector, Good is

working with the US Department of Defense and the Department of Homeland Security.

McAfee www.mcafee.com/us/products/enterprise-mobility-management.aspx Mobile Platform Support

Apple iOS 4, 4.x, 5

Android 2.2, 3.0

BlackBerry Basic support*

Symbian Basic support*

Windows Windows Mobile v5.x and later; WP7 (No EMM agent required)

* Basic support includes the ability to perform remote wipe (restore factory settings) and require use of a password or PIN to unlock.

McAfee, owned by Intel, acquired MDM vendor Trust Digital in 2010 and offers Enterprise

Mobility Management (EMM) as its MDM product. McAfee believes that coupling mobile

device management with effective security protection provides it with a unique opportunity to

help customers benefit from reduced threats and greater control over their mobile devices and

applications. Because malware can undermine the work of MDM solutions and exposes

customers to unnecessary risk, McAfee believes that MDM can only truly be successful when it

is bundled with effective malware protection.

Officials at McAfee believe there are three key components to a robust mobile security

solution:

Device Protection: Includes device management, including OTA provisioning, real-time

device access, and reporting along with EMM device agents, including password, PKI and

two-factor authentication and remote wipe; native device encryption; and support for


Wi-Fi and VPN configuration and management. Device protection also includes

VirusScan Mobile (described below).

Data Protection: Provides policy-based security functionality, including backup, wipe

and lock if the device is lost or stolen, along with monitoring and prevention of

unauthorized mobile devices from accessing the corporate network. Additionally

McAfee states that data is protected even if devices are jailbroken or rooted.

Application Protection: McAfee offers app-scanning technologies for application stores

that help vendors provide customers with a safe application experience. McAfee also

provides App Alert software that provides users with insight on how applications are

accessing their personal data. Additionally McAfee has expanded its Global Threat

Intelligence offering to include mobile application reputation services; these services

identify applications that are malicious or put customers’ privacy at risk.

As a security vendor, McAfee understands the benefits of a secure container and preventing

outside applications from piercing the container to see or access corporate data. At the same

time, McAfee recognizes the unique aspects of a container approach. According to McAfee

officials, “By definition, the user experience is different than it would be without a container

because the user is using applications that are different than the native applications on the

device. Instead of using a native client, the MDM vendor would be building specific

applications for the secure container.”

EMM integrates with McAfee’s ePolicy Orchestrator (ePO) management deployment console,

with EMM software installed as an extension of ePO. EMM customers can use the same ePO

management infrastructure – a single pane of glass – to run all of their reports and have

visibility into the entire fleet of devices within their organization. The ePO dashboard can be

configured to provide a customized view of devices by platform, domain, and group. IT

managers can also see which devices are out of compliance, which are rogue, and which are

accessing corporate applications.

McAfee strives to provide customers with choice and offers EMM not only through its own

sales and partner channels, but also through AT&T. According to McAfee officials, AT&T is

offering everything from deployment services to bundling. Additionally, McAfee plans to offer

customers the choice of delivery model for EMM. Currently available as an on-premise

solution, EMM will be launched as a cloud service in 2012, both through McAfee’s partners and

as an organic offering from McAfee. In providing an EMM SaaS offering, corporate officials

note that McAfee is familiar with hosted solutions, having introduced a SaaS-based email

protection and Web protection offering in June 2010, along with the release of the next

generation of these solutions in October 2011.


McAfee offers customers an enterprise Application Store, which allows customers to identify

applications – either those they have written in-house themselves or those they have identified

in Apple's Application Store or Google's Application Market – and recommend those

applications to their employees. Customers can distribute their own enterprise applications

through McAfee’s EMM application store, where the applications appear as a tab on the

McAfee EMM device agent. According to McAfee officials, “Through EMM, McAfee provides a

vehicle through which it is easy for employees to get to applications.”

McAfee plans to introduce additional security, policy and compliance features for EMM 10.0

during the first half of 2012. On January 30, 2012, for example, McAfee announced Mobile

Security 2.0 that includes online device management, such as allowing users to remotely wipe

data on their devices and removable SD cards, as well as the ability to remotely back up the

information before the data is permanently deleted. The new version of Mobile Security also

allows users to track their phones remotely through built-in GPS and remotely lock access to

device data.

In September 2011, McAfee began offering all of its EMM customers a license of its VirusScan

Mobile (VSM) for Android smartphones and tablets at no cost. VSM provides protection against

malware, viruses, worms, dialers and spyware Trojan horses that originate via inbound and

outbound email, email attachments, instant messaging and Internet downloads. VSM scans

and cleans malicious code from files, memory cards, applications, Internet downloads, text

messages, and attachments.

McAfee officials state that they are seeing increased interest in mobility virtualization. Through

partners, McAfee offers virtualization as a value-added SaaS service. McAfee partners offer to

host a virtualized solution in their data center, providing customers with a virtualized instance

and management of that service.


Mformation www.mformation.com Mobile Platform Support

Apple iOS 5


BlackBerry 7.0

Symbian 3.0

Windows Windows Mobile v6.x and later; WP7.5 and later

Mformation is unique among the profiled list of vendors as being the only company to sell

exclusively to Managed Service Providers (MSPs) and Communications Service Providers (CSPs),

and not directly to enterprise customers. Mformation acknowledges that most of the MDM

market is currently being served by on-premise, behind-the-firewall solutions. Nevertheless,

Mformation believes cloud-based solutions through MSPs will grow quickly as the market

expands and matures.

Mformation offers a hosted solution with a multi-tenant architecture. Mformation cites its

scalability as a key differentiator: the vendor has a live customer deployment that is designed

to support one hundred million devices on a single instance. Mformation adds that it also has

deployments where multiple instances support more than one hundred million devices per

customer. Mformation’s product strategy is to ensure that it supports core mobile device

management functionality and to partner with other providers to support other mobility

capabilities, such as TEM, MEAP, and end-point security. Additionally, Mformation states that

its relationship with device OEMs and carriers ensures that new enterprise devices and

functionality are always supported and available to corporate customers who prefer a managed

service delivery model.

Mformation recognizes customer concerns about cloud security and, to mitigate this, protects

data in transit using SSL. While native data at rest is OS dependent, Mformation has fully

integrated partners that handle both individual application wrapping (fine-grained container)

and containers (course-grained container) that protect data at rest. For access authentication

and authorization, Mformation’s security service is implemented on the concept of Access

Control Lists (roles) after user name and password credentials are successfully met.

In its work with carriers, Mformation has worked hard to ensure that it is providing a core MDM

engine in the carrier network that can cull different network elements. According to Rob

Dalgety, Mformation’s Marketing Director, “This is an architecture we’ve used across a number


of carriers that has translated well as Mformation looks at some of the MSP requirements and

deployment approaches they want to run as they integrate into an ITSM framework.”

In addition to carriers, Mformation has partnerships with mobile handset and mobile device

manufacturers, solution partners, system integrators and platform vendors:

Mobile Handset and Device Partners: Apple, ASUSTek Computer, HTC, Huawei, Intel,

LG Electronics, Microsoft, Nokia, RIM, Samsung, Seowon Intech, Sequans

Communications, Sony Ericsson, Symbian, and ZTE

Solution Partners: Amdocs, Bridgewater Systems, Elitecore Technologies, and Intel

System Integrator Partners: Acision, HP, and IBM

Platform Partners: F5, HP, IBM, JBoss, and Oracle (including BEA and Sun)

In December 2011, Mformation signed a reseller partnership agreement with Echoworx in

which Mformation will include the Echoworx mobileEncrypt ENDPOINT product in its MDM

offerings. Echoworx mobileEncrypt ENDPOINT is an on-the-device email encryption solution

that allows mobile users to send and receive encrypted messages directly on their smartphones

or tablets. Because provisioning and managing is done OTA through existing mail

infrastructure, IT managers do not have to upgrade or displace existing mail solutions.

Enterprise Application Stores are provided inherently within the Mformation platform and

customers are taking advantage of this capability, reports Dalgety. In terms of customer

approaches, for example, Mformation customer ISEC7 has a large fleet of BlackBerry devices

under management and a number of BES servers supporting different enterprises. With

Mformation, ISEC7 has been able to expand beyond support for BlackBerry devices and can

now also support iOS, Android and other enterprise devices that are relevant in the North

American market.

Similarly, Mformation customer LG Electronics has been able to provide MDM support for email

and core security functionality, such as lock and wipe, across different countries and network

technologies throughout Asia Pacific. For customers that require advanced functionality,

Mformation has fully integrated partners that specialize in this area.


MobileIron www.mobileiron.com Mobile Platform Support



BlackBerry v4.2.1 and later

Palm/HP WebOS

Windows Windows Mobile v6.5, WP7 and later

In business for five years, MobileIron is generally regarded as a leading player in the MDM

market and has aggressively pursued market growth since its founding in 2007. It offers both

an on-premise solution – Virtual Smartphone Platform (VSP) – as well as a cloud-based solution

– Connected Cloud. MobileIron has pursued partnerships with leading global companies to

extend its market and geographic reach beyond North America.

MobileIron strongly supports allowing users to view applications natively, stating that this is the

reason mobility has become widespread and BYOD is so popular. MobileIron deploys VSP with

an eye toward preserving the native user experience, noting that employees have a strong

preference to use native applications for core functionality, including email, calendar, contacts,

and communications.

MobileIron critiques the container approach as “fracturing” the user experience and limiting

sustainability. MobileIron believes that a container approach focuses too heavily on security,

leading to lower user satisfaction, limited incremental risk management, a limited ability of IT

managers to support mobile applications, and a high cost of ownership due to upgrade, scale,

and maintenance overhead.

For corporate IT managers worried about security, MobileIron states that it can wipe corporate

email in the native email application without disturbing personal email in the same

applications, allowing users to retain their personal email experience while providing IT with

data separation. MobileIron also states that its granular privacy policies allow IT managers the

ability to selectively monitor applications, allowing IT administrators to track corporate device

locations but not personal devices. Further, MobileIron notes that it can prevent corporate

email from being forwarded to personal email accounts; for iOS devices, this functionality is

available starting with iOS 5.

To counter security concerns from IT executives about storing email attachments on the device,

MobileIron states that it can monitor applications that might access attachments and


automatically block email flow if there is a high risk of this happening. MobileIron believes that

erroneous copy/paste mis-deeds on the part of end-users are primarily acts by malicious users

and can be identified from the desktop or Web.

When asked to comment on concerns about the cost and complexity of native applications,

MobileIron responds by saying that it is “relatively easy” to develop in a smartphone and tablet

environment as opposed to traditional mid-range or terminal PCs environments from the past.

According to Adam Stein, MobileIron’s Director of Marketing, “Android and iOS development

can be done in hours or days.”

In November 2011, MobileIron released version 4.5 of its VSP platform, which provides

additional security for Android devices. Key functionality offered in this release includes

encryption enforcement for data at rest, Secure SSL VPN connectivity for data in motion,

Exchange account configuration with certificates, a single MobileIron client for all Android

devices, notification upon removal of Android administrative privileges, and hardware

lockdown for camera, Wi-Fi, and Bluetooth functionality. MobileIron’s 4.5 release also includes

support for Android 4.0 security.

MobileIron launched “MobileIron University” in December 2011. Classes are available globally,

both in real-time and on-demand. On-demand courses are online virtual classrooms, with

participants taking a test at the completion of their course work to earn their certifications. The

center provides training and certification for mobile IT professionals, including MobileIron

customers and partners, and includes programs centered around:

Application delivery

Authentication

Authorization

Certificate delivery

Enterprise controls

Security

In January 2012, MobileIron announced “explosive” corporate growth statistics from the past

12 months, including the following:

Company bookings grew over 400 percent

Experienced 600 percent year-over-year growth in its customer base, including the

addition of 435 new enterprise customers in Q4 2011

Won more than 100 of the Fortune 500 and Global 250 companies as customers


Expanded global installed base with customers in more than 30 countries

Increased global distribution through partnerships with 13 of the largest mobile

operators, including AT&T, SingTel, SoftBank BB and Swisscom, and over 150 Mobile IT

VARs worldwide

Motorola Solutions www.motorola.com/mspsoftware Mobile Platform Support



Windows Windows Mobile v6.5.x, Windows CE

Motorola Solutions typically approaches mobility management from a holistic perspective, tying

in other aspects of its vast product and service arsenal whenever possible. Motorola Solutions

can also claim a long history in the mobility market, supporting ruggedized mobile devices long

before smartphones and tablets were popularized by consumer devices.

Motorola Solutions introduced its latest version of its MDM offering, Mobility Services Platform,

or MSP, in January 2012. Motorola Solutions believes that MSP 4.0 provides it with several key

differentiators in the crowded mobile device management market:

Scalability: Motorola Solutions publishes that its MSP 4.0 Stage Edition scales up to

250,000 licenses, and Motorola Solutions states that it has tested close to 1 million

devices. According to Mike Hulthen, VP of Development at Motorola Solutions, “Most

companies think about scale in the 20,000 user range. We think of scalability in much

higher magnitudes.”

Security: Motorola Solutions believes that it has a broad area of focus in terms of

security and the risks associated with an unsecured environment. For example,

Motorola Solutions notes that it offers the industry’s leading wireless LAN management

and security product – Motorola AirDefense – which can assist enterprises in

preventing and determining what happens when a customer’s network or device

population is compromised or breached.

Broad and Deep Functionality: Motorola Solutions believes that it goes much broader

and deeper than other players in terms of device management. In addition to deep

management and security functionality on Motorola Solutions’ own enterprise devices


and tablets, MSP 4.0 now supports consumer BYOD smartphones and tablets.

Motorola Solutions’ Mike Hulthen also notes that the company can manage non-

conventional mobile devices, such as scanners, scales, media devices and wireless

printers. Additionally, Motorola Solutions offers IT administrators the ability to utilize

rich data analytics and metrics available in MSP 4.0 to assist in troubleshooting,

ensuring devices are running current software and applications and are in compliance

with security policies.

Horizontal Product: While Motorola Solutions as a company targets specific vertical

markets, MSP 4.0 is designed to work in any industry. According to Kevin Goulet, Senior

Director of Strategy and Product Management, “We're in just about every vertical

market there is, but we're a little deeper in certain verticals due to the company's

focus.”

Single Pane of Glass: MSP 4.0 allows customers to manage their current devices,

including both corporate devices and personal/BYOD devices, all through a single pane

of glass.

Accessible: Motorola Solutions states that it built MSP to be very accessible, allowing

partners and third parties to add to it through the company’s “plug-in model.” These

partners can add features to MSP. Examples of plug-ins that have been added in the

past include features such as terminal emulation.

IT “Touchless” Approach: Motorola Solutions’ customers who are managing devices in

BYOD environments can enroll and provision users with minimal or no assistance from

their IT departments. End-users enroll via a self-service portal on the Web, a process

Motorola Solutions believes is a particularly strong selling point with customers that

have large, global deployments. Motorola Solutions authenticates to the customer’s

Active Directory (or similar database), assigns users to groups, and authenticates

certificates for their mobile devices based on users’ geographic locations.

Test Environment: Motorola Solutions, because it is a large, F500 company, typically

tests its products on its own employees before launching them into the general market.

For its MSP 4.0 product, Motorola Solutions took the recommendations of its IT

managers into account, particularly with regard to its “light” enrollment process.

MSP 4.0 is available in two versions:

Control Edition: Provides customers with control over CL and IL devices and includes

management capabilities for “hardened” Android devices (including OS improvements),

device metrics, Wi-Fi/cellular metrics, battery performance metrics, enhanced device

security, tunnel service, Active Directory/LDAP integration, asset management, real-


time remote device control for Motorola mobile devices, policy-based management,

dynamic deployment, device scripting, missing device support, background updates,

expedited updates, integrated add-on kits, and automated 802.11x certificate

deployment and renewal.

Stage Edition: Allows customers to automatically stage up to hundreds of thousands of

Motorola and non-Motorola enterprise mobile devices. Features include remote, web-

based staging; configuration via bar code scanning, cradle, SMS or a pre-defined staging

network; on-demand staging; single point of control for staging activities; standardized

platform, scalable up to 250,000 mobile units and 10 remote sites; life cycle support;

and support for plug-ins. Additionally, Stage Edition allows IT managers to create

customized messages to quickly guide users through required procedures.

Motorola Solutions describes its current installed base of on-premise customers who have

mobile devices under management as “healthy,” noting that, while there is a strong ramp in

customers interested in its cloud-based solution, there is equally strong interest from on-

premise customers who directly own and operate their systems.

Motorola Solutions frequently provides virtualized server mobile device management, primarily

because customers’ servers are virtualized and they are requesting a similar infrastructure for

their mobility platforms. Mike Hulthen states that the majority of MSP systems today are

virtualized, with customers purchasing a large piece of hardware and “running thousands of

applications on it.” MSP is typically one of the applications that is run on a large server in its

own virtual slice, so there is no interaction with other corporate data. Kevin Goulet notes that

many of Motorola Solutions’ hosted environments are run on virtualized servers as well.

Motorola Solutions supports document management through mobile device management,

including the ability to push a document out and later pull it back in.

When addressing the likely consolidation in the mobile device management market in the

coming years, Motorola Solutions states that its longevity is one of its strongest selling points,

stressing that customers must feel confident that their prospective vendor will be in business

for the short- and long-term. Motorola Solutions believes that its consistency and stability are

key selling points for IT managers.


RIM/Ubitexx www.rim.com Mobile Platform Support

Apple iOS 4 and later via Mobile Fusion (GA: March 2012)

Android Android 2.1, 2.2, 2.3 via Mobile Fusion (GA: March 2012)

BlackBerry All

BlackBerry Mobile Fusion is the result of RIM’s acquisition of German MDM vendor Ubitexx in

May 2011. Closed beta for Mobile Fusion began in January 2012 and general availability is

scheduled for late March 2012. RIM customers must upgrade their BES to the 5.0.3 release,

and BlackBerry Mobile Fusion will only support Apple’s iOS4 or later OS and Android 2.1, 2.2 or

2.3 releases. (BlackBerry Mobile Fusion is not expected to support Android 3.0 or 4.0 at this

time).

Key features in RIM’s BlackBerry Mobile Fusion include:

Asset management

Configuration management

Security management

Single, centralized console to manage all devices

Device software management

Application management

Scalability

Alan Panezic, RIM’s VP of Enterprise Product Management and Marketing, described how

BlackBerry Mobile Fusion will scale five times higher than BES, with support for up to 10,000

devices per Mobile Fusion server. IT administrators will be able to manage corporate- and

employee-owned devices from a single, web-based console. Additionally, Panezic stated that

BlackBerry Mobile Fusion will separate personal and corporate data using a 256-bit encrypted

container for corporate data. The container is automatically created and requires no special

provisioning from the IT department, other than provisioning PlayBook and BlackBerry

smartphones against BlackBerry Mobile Fusion. ISVs are also not required to take special steps,

since applications that contain corporate data go to the corporate container directly. End-users

only need to log in when they access corporate data.


BlackBerry Mobile Fusion is expected to support virtualization with no additional requirements

for hardware purchases. Future QNX devices will reportedly work with BlackBerry Mobile

Fusion and RIM will offer support for mobile operating systems beyond Android and iOS “if

there is demand,” according to Panezic. Pricing has not yet been announced although RIM has

stated that Mobile Fusion will be competitive with similar offerings.

SAP www.sap.com/solutions/mobility/afaria www.sybase.com/products/mobileenterprise/afaria Mobile Platform Support

Apple iOS 3.2.2 and later


BlackBerry J2ME versions 5, 6, 7

Java Java Virtual Machine 1.4, 1.5, 1.6

Palm/HP Palm OS 5.2, 5.4

Symbian 9 and later (up to but not including Symbian Anna)

Windows Windows Mobile 4.1, 4.2, 5.0, 6.5, Windows CE, OMA DM

Since SAP’s acquisition of Sybase in August 2010, the combined company has been working to

integrate its mobility offerings, pre-selling and cross-selling solutions that will benefit the

combined entity, as well as integrating mobility into SAP’s back-end systems. SAP is one of the

few MDM vendors who offers both an MDM platform (Afaria) and a MEAP platform (Sybase

Unwired Platform, or SUP). Combined, these systems offer mobility features and applications

to enterprises seeking to advance their mobility initiatives and transform their businesses.

According to Russell Fry, Senior Director and Mobility Solution Executive at SAP, “We see our

customers being able to differentiate themselves from their competitors and also get

productivity and efficiency gains through the use of mobile applications.”

SAP’s MDM and MEAP capabilities can be tied into companies’ back-end systems, enabling

greater productivity and information sharing on mobile devices. SAP considers itself a leader in

back-end data management with HANA, its in-memory computing software, along with its

BusinessObjects analytics tools. SAP believes it is unique within the mobility industry in

general, and the MDM market in particular, with regard to its ability to leverage

BusinessObjects. With this business intelligence dashboard, according to Russell Fry, SAP has

the ability to handle large amounts of data from customers’ mobile infrastructures and create


actionable insights from this big data. SAP believes it is only natural for organizations to want

to utilize this information on their mobile devices, accessing and acting on data in real time.

SAP’s latest release of software for Afaria, version 7.0, addresses many of the trends overtaking

enterprise mobility, including:

BYOD: SAP states that its self-service portal allows employees to enroll, configure, lock,

locate and wipe their mobile devices without help desk assistance, significantly reducing

IT costs and giving users a more efficient and enjoyable experience.

Fragmentation of Operating Systems & Device Types: SAP supports different mobile

operating systems and device form factors. SAP also works closely with device

manufacturers to ensure continued access to current APIs for deep integrations.

Explosion of Mobile Applications: SAP automates the application enrollment processes

for application distribution and management.

Extend Security to Mobile Data: SAP plans to continue its work of providing granular

control around security features and functionality.

Usage Analytics & Telecom Expense Management: SAP highlights its real-time

analytics capabilities that allow organizations to reduce telecom costs and provide

insights into security risks. Through its BusinessObjects BI suite (BOBJ), Afaria can

leverage BusinessObjects to analyze telecom usage, mobile applications and mobile

device compliance.

The company states that its mobility solutions are simple and straightforward, even when

additional layers are added. SAP notes that it not only has standard MDM features but also the

ability to enable and manage applications, including the ability for customers to build their own

applications or purchase pre-built applications that SAP has produced. SAP makes its

applications available through Apple’s store. Partner applications, which currently number over

200, are available through SAP’s partners. Additionally, SAP has created application libraries

that allow users to go to a portal and drag and drop new applications for usage into their

mobile devices. This simplistic, streamlined approach allows end-users to install and use new

applications within minutes, according to Alison Welch George, Senior Business Development

Manager at SAP.

Afaria creates a single pane of glass for public and private applications, and IT managers can

view all user applications in a single place. SAP notes that Afaria also allows IT professionals to

separate professional versus personal applications, a distinction SAP believes is critical should a

device be lost or stolen and need to be wiped. Mandatory applications are automatically

pushed down and installed on users’ devices.


SAP states that its customers have leveraged mobile applications to successfully differentiate

themselves from their competitors, as well as realize significant productivity and efficiency

gains. In order to help its customers continue along this path without creating significant TCO

or eroding ROI, SAP has been careful to ensure that application deployment, security and end

user experience are addressed. For example, Afaria allows application enablement and on-

boarding, providing the means to automatically ensure that an application is signed, delivered

and maintained for SAP's custom application approach. SAP expects to fully integrate its off-

the-shelf applications into this process in the future. Additionally, SAP plans to significantly

integrate its SUP platform with Afaria moving forward, allowing it to push out the right

applications to the right individuals based on user credentials within each organization.

SAP believes that one of its key differentiators is its ability to provide real-time analytics for

telecom expense management. Customers can use the BusinessObjects analytics embedded in

Afaria to check roaming charges in real time. IT managers can then change user profiles ‘on the

fly’ for those users who are approaching their roaming limits, thereby reducing any telecom

costs that may have been accrued if real-time information were not available. SAP can also

send messages to individual users or to their managers to take corrective action, if necessary.

Specific rules can be created based on roaming activity.

As more device manufacturers open up their APIs, SAP anticipates providing more intelligence

about the location and behavior of mobile devices – where they are and whether or not they

should be roaming. SAP can put this information into its BOBJ engine, creating a display for

telecom commodity managers to identify potential real-time cost overruns and act upon them.

In this way, “peaks and valleys” are smoothed out, particularly for international roaming.

In its reporting analytics, SAP offers different dashboards that IT administrators can utilize. SAP

also offers telecom reports in the following categories:

Devices: Includes number of devices by OS, carrier, and manufacturer, as well as the

number of new devices added each month by OS and whether the device is CL or IL.

Activity: Includes roaming activity of devices (including international roaming) in real-

time; number of devices that exceed the defined activity threshold; and data, voice and

messaging usage by carrier.

Applications: Includes the number of enterprise applications installed by month, top 10

enterprise applications by OS and installation status, volume licensing status for

enterprise applications, and the number of enterprise applications out of version.

Compliance: Includes iOS and Android devices that are compromised, number of

devices that have not connected in time, number of iOS devices without a password


policy, number of devices that are out of compliance by platform, and number of

devices that have access violations by platform.

SAP positions mobility as part of a larger ecosystem and pro-actively engages with partners,

forums, industry events and customers to ensure it is aware of new trends in the MDM market.

SAP promises to add new features and functionality to Afaria to support these trends if it makes

sense for Afaria’s long-term road map. Officials note that SAP’s roadmap is very OS-specific.

SAP plans to continue its strong development efforts for iOS and Android and will continue

developing for Windows as well. SAP also has solid relationships with Samsung and LG.

SAP is unconcerned about the possibility of industry consolidation, noting it is “110 percent

committed to mobility.” Indeed, SAP deployed 14,000 iPads to its own employees by the end

of 2011 and continues to deploy 1,000 devices internally each month. SAP’s corporate roll-out

utilized Afaria software and was done without hiring additional staff.

SAP’s largest customer to date is the US Census, who used Afaria for the 2010 census to

support 140,000 concurrent devices. SAP officials note that they are in pilots currently with

organizations that will support 160,000-to-180,000 devices. SAP states that it also has a

deployment underway with a large US cable provider.

When responding to competitors’ criticisms that Afaria is “antiquated,” SAP officials

acknowledge that their product has been around for 16 years, with the code written 18 years

ago. SAP insists however that it continuously updates Afaria’s code base, adding new features

and functionality as warranted, making Afaria “more powerful and robust” than competitor

offerings.

SAP also admits that Afaria’s user interface is “a little outdated” and the company updated the

Afaria user interface with its 7.0 release, announced in late February 2012. Additional updates

in the Afaria 7.0 release include a new Web services API layer for integration with enterprise

systems to allow automation between MDM and corporate systems; integration with SAP’s

BusinessObjects portfolio; simple, streamlined workflows for common tasks; administration on-

the-go through access to the administration console from Web browsers Internet Explorer,

Chrome, Safari and Firefox; and improved TEM capabilities.


SOTI www.soti.net Mobile Platform Support



BlackBerry 4.6 and later (supported through BES currently; plans to support through MobiControl in Q2 2012)

Windows Windows Mobile: All including Win CE and Pocket PC 2002/2003 Windows XP and above (laptops and kiosks)

SOTI offers MobiControl as its MDM offering for the enterprise market. A Canadian company,

SOTI has historically worked with many international customers and does not focus on any

specific geography. While it has traditionally recognized approximately half of its revenues

from the US market, SOTI is seeing “enormous” growth from customers in Europe, Asia and

Latin America. According to Crystal Wong Kruger, SOTI’s Senior Manager for Business

Development, “It is not unusual for SOTI to have a customer with 10,000 existing licenses who

wants to expand, not just with ruggedized devices but with consumer smartphones and tablets.

These customers want to add another 10,000-to-20,000 licenses, allowing SOTI to ‘level out’ its

focus on the US market.” Wong Kruger states that SOTI has experience supporting large groups

of users, adding that SOTI’s architecture was designed to support hundreds of thousands of

licenses. Other than localization for languages and technical adjustments to improve certain

capabilities, such as network connectivity, SOTI does not have to modify its products for

international customers.

SOTI offers both on-premise and cloud-based MDM offerings, utilizing a multi-tenant

architecture for both. For on-premise solutions, Managed Service Providers (MSPs) can take

advantage of MobiControl’s advanced device and policy grouping capabilities and combine this

with SOTI’s granular permissions control to create unique views per “tenant” with limits on

which administrators or technicians can access these tenants’ devices. In such a scenario, a

technician for one tenant would only see and be able to manage that customer’s devices after

logging in. At the same time, the MSP administrator could login, view, and manage all

customers’ groups and devices.

In addition to the group-based policies in its on-premise architecture, the SOTI cloud offering

further allows the creation of entirely separate instances (each with their own unique servers).

In both instances, MobiControl allows administrators to restrict not just access to device

groups, but also to which MobiControl features are manageable by each person.


According to SOTI officials, MobiControl is stored in a central database. SOTI notes that the

architectural differences between its on-premise and cloud-based solutions are minimal: with

the MobiControl cloud solution, the on-premise server is simply hosted in the cloud, allowing

an easy transition from on-premise to SaaS.

SOTI highlights the following features as key competitive differentiators in the mobile device

management market:

Comprehensive yet Simple: SOTI states that it offers a comprehensive MDM solution

that is also very simple to use and set up – often in less than one hour – allowing

customers to quickly use and exploit its technology benefits. MobiControl trial

customers often install the server on a desktop or laptop computer for quick evaluation.

SOTI officials note that ease of use has been a key factor in many customer purchases

and is an advantage over systems that are cumbersome to use, lengthy to deploy and

require extensive technical resources to administer.

Mature Product Offering: SOTI has been offering its MobiControl MDM solution since

2003, stemming from the original product Pocket Controller Pro. MobiControl is backed

up by a “world class support team.”

Technical Teams: SOTI states that its employees have a deep technical understanding

of the company’s offerings. According to Wong Kruger, “Even our sales and business

development teams are extremely technical, which enable us to more quickly

understand and address our customers’ and partners’ unique requirements.” For

example, Wong Kruger notes that SOTI can address tight turnaround requests, such as

custom “wipe” requests and special statistical abstractions of data from MobiControl

devices from OEMs and hardware partners due to the collaborative nature and technical

backgrounds of its employees.

In highlighting mobile device trends in the market today, SOTI officials highlight two distinct

customer segments. The first includes customers with large deployments who are issuing

corporate-owned devices and introducing line-of-business applications. These are significant in

size, often ramping up to the tens of thousands of devices per enterprise. The second scenario

centers around BYOD environments in which corporate concerns are mainly focused on email

configuration and basic security, such as the ability to selectively wipe email and corporate

data. In the latter scenario there are generally few if any “extreme” control policies such as

application blacklisting and complete lockdown; as a result, the overall requirements list is

much smaller for these deployments. While BYOD deployments continue to gain traction and

SOTI is increasingly being asked to respond to large BYOD RFPs, the majority of SOTI’s

customers continue to invest in the first scenario – corporate-liable devices with LOB

applications.


SOTI’s device-side agents are available through Apple's iTunes store and through the Android

Market. SOTI applications are also available in Samsung's application store on Samsung

devices. Additionally, SOTI offers an app catalog which allows any enterprise to recommend

public or private apps through SOTI's user interface. SOTI’s application catalog is divided into

categories: Enterprise Applications and App Store Applications. SOTI developed its user

interface in-house, putting a GUI around what it was already doing in terms of deploying

applications and providing back-end reporting. For example, customers can see an enterprise

financial reporting application that will be pushed down to users. With SOTI's console, IT

administrators can see what percentage of users who need a specific application have not yet

installed it and generate reports and alerts for individuals who are not complying. Additionally,

SOTI can change the name “SOTI MobileControl App Catalog” to the organization's name, giving

it a custom look and feel. The application catalog can also support custom links to web sites or

pdf files, such as a sales brochure, for example.

For iOS applications, SOTI offers remote control, as well as an iOS SDK that allows enterprises to

support those applications. Because iOS applications reside within their own sandbox and

cannot interact with other applications (due to the way in which Apple designed its interface

and operating system), SOTI opened up its SDK for enterprise applications, allowing

organizations to use MobiControl’s MDM functionality, such as two-way chat, remote control

or two-way file explorer, within customers’ own enterprise applications. According to Richard

De Souza, a Business Analyst at SOTI, “SOTI has gotten a lot of attention for this because it's

one-of-a-kind. There's no such thing as a remote controlled solution for iOS. SOTI has broken

the mold for this capability.”

Another feature that has received positive endorsements from users is MobiControl’s ability to

implement a lock-down kiosk mode policy, which entails the creation of an interface showing

only those applications users may access at work. With this feature, IT administrators can

provide users with access to the Internet, such as web applications, without allowing users to

enter web sites that are unapproved or unauthorized. SOTI reports that this feature, along with

remote control, are “huge” for customers running line of business applications.

Due to its longevity and reputation in the industry, SOTI reports that new partners approach

the company on a weekly basis from different parts of the world. Wong Kruger states that SOTI

has an aggressive channel growth strategy and will leverage partners wherever possible. As a

result, SOTI has witnessed significant new partner opportunities during the past 12 months in

Latin America, EMEA and Asia Pacific. Distributors, system integrators and VARs have enabled

SOTI to maximize the number of countries and languages it can support; customers benefit

because they can work with a vendor they already know and with whom they share a common

cultural understanding and language.


SOTI takes pride in and receives positive customer feedback for its ability to provide a seamless

user experience for IT administrators in its Web console. Regardless of whether the IT manager

is in the Apple, Android, Windows Desktop or Windows Mobile tab, the appearance and

functionality on the console are the same. SOTI notes that operations are being done very

differently on the back end, but the experience to the user is seamless.

SOTI has also focused on ensuring a seamless licensing and billing experience for customers. As

such, partners that sell MobiControl bill customers directly and purchase from SOTI or a

distributor. Large accounts generally prefer to buy from SOTI directly.

SOTI offers product support and maintenance services for MobiControl, including:

SOTI Technical Support Service

SOTI Skin Catalogue Service

SOTI Location Based Service

SOTI Messaging Service

SOTI Enrollment Service

SOTI Agent Builder Service

Free software upgrades (major and minor releases)

Additional service options, such as 24 x 7 support, are available for an additional fee. SOTI

partners can sell and/or provide support directly. Depending on the account and issue, SOTI or

the partner may provide Tier 1 support. SOTI is also available for Tier 2 support.

SOTI’s professional services team includes solution architects who assist customers with

implementing, administering and configuring MobiControl. SOTI also offers three training

courses that are catered to customers’ specific needs. Training includes User, Administrator,

and Boot Camp classes that range from several hours to several days.

SOTI is a private company and is entirely funded through product and service revenues. SOTI

has never had external sources of funding from venture capitalists or other investing sources.


Syclo www.syclo.com Mobile Platform Support

Apple iOS 4.2 and later


BlackBerry v6.0 and later

Windows Mobile v7.0 and later

Syclo is one of only two MDM vendors to offer mobile device management and mobile

enterprise application platform (MEAP) capabilities. Agentry is Syclo’s MDM offering and is

provided free of charge to Syclo customers who purchase Syclo MEAP solutions. Syclo has

historically recognized most of its success from MEAP sales and developed Agentry to complete

its MEAP platform.

Despite Syclo’s willingness to include Agentry at no additional cost with Syclo’s SMART Mobile

Suite, not all Syclo MEAP customers take advantage of this offer. Why? Customers must spend

resources to install the equipment, understand how to manage it, and monitor it on a regular

basis. Additionally, Syclo’s apps already come with app and data management tools specifically

designed for Syclo’s solutions. As a key SAP partner, Syclo also integrates seamlessly with

Sybase’s MDM offering – Afaria. Nevertheless, Joe Granda, Syclo’s EVP of Marketing, notes that

Syclo has seen significantly more interest in Agentry MDM during the past 18 months as more

companies express interest in monitoring their complete mobile environments. Instead of

asking, “What is MDM?”, customers now respond by saying, “Of course we’ll use it.”

Syclo typically sells to large customers with thousands of users who have a strong need to

control the many devices flooding into their environments. Key verticals that take advantage of

Agentry include utilities, oil and gas, health care, life sciences, and pharmaceutical firms. These

firms, due to the nature of their work, need to both track and audit mobile devices.

Syclo offers Agentry MDM as both an on-premise and cloud-based offering, although its SaaS

offering is typically provided through Syclo’s partners. Syclo states that it has not been difficult

to develop both on-premise and SaaS delivery models, noting that integrations are the most

challenging aspect of this transition. Syclo’s Granda states that Syclo is adept at integrations,

with web services and other methodologies used to best fit Syclo’s customer needs.

Syclo’s cloud-based partners white label Syclo’s Agentry SaaS offering, as well as promote it as a

Syclo product. One Syclo partner – West Interactive – is doing both, labeling SaaS Agentry as its

own solution while advertising that the solution is powered by Syclo. West Interactive has

server farms that host Syclo’s mobile solutions, along with IVR systems and SMS servers from


“We have a twisted view of the

market vis-à-vis other MDM players,

because we don’t just offer MDM.”

Joe Granda, EVP of Marketing, Syclo

other vendors. West Interactive integrates all of these services together into a single, cloud-

based solution.

Syclo believes that applications are at the heart of any mobility offering and starts sales

conversations by highlighting the benefits of mobile applications, including increased

productivity, efficiency and competitiveness. Syclo believes that mobility ROI comes primarily

from applications, not device management. Syclo’s Granda jokes that “We have a twisted view

of the market vis-à-vis other MDM players, because we don’t just offer MDM.”

Syclo’s Agentry Editor provides assistance to customers who are developing applications.

Graphical mapping of application components allows developers to better analyze the business

logic of a particular application by accessing visual maps of relationships, sequences of actions

and component properties. Syclo currently has over 2,000 developers working on the Agentry

platform.

Syclo’s professional services team, based in the United States and abroad, can provide

application development assistance directly to customers, train partners to develop and deploy

applications, or train customer IT departments to

develop and deploy the applications themselves.

What Syclo typically finds most successful is having

mentors from the Syclo professional services team

work with customers’ professional services teams to

make sure the solution is architected correctly. With

this approach, customers are in control of what

happens with mobility in their own environments. According to Syclo’s Granda, “We're able to

train people to use our system because it's easy to use, easy to train, and well recognized.”

Syclo has a well-developed partner program and is using its partners to expand globally. For

example, through Accenture, CSC, IBM and Wipro, Syclo has ramped up its centers of

excellence around the world and expanded to multiple continents. Syclo trains these global

partners on its products who, in turn, deploy Syclo bundled with their offerings. Additional

large, global partners include AT&T, IBM, Motorola Solutions and SAP. In other scenarios, Syclo

looks for local partners who speak the local language and know local customs; in such cases

Syclo trains the local partner on its offerings.

Syclo has organized its partner structure, with systems vendors being very important since they

are the systems that are extended to mobile devices. IBM, SAP and TRIRIGA are examples of

these types of vendors. The next tier are global and local system integrators due to their close

ties to customers looking for mobility solutions, as well as their ability to integrate with existing

customer infrastructure. Hardware vendors, such as Motorola, Intermec, Panasonic and Cisco,


are at the next level; these firms supply the hardware and utilize Syclo for the software

component. Carriers round out Syclo’s partner ecosystem. Carriers have extensive market

coverage.

Syclo highlights its robust security features, noting that many of its customers include

organizations from the federal government and highly regulated industries. Syclo utilizes

strong authentication at the database, application, network and transaction levels. Agentry is

fully compatible with security services like LDAP and CA eTrust and can offer single sign-on

capabilities for composite applications. Agentry also provides role-based access to data and

application modules, along with remote device wipe, data encryption OTA and on the device,

and centralized management of policies, profiles and security patches.

Syclo’s support infrastructure is integrated with that of both SAP and IBM, allowing combined

support efforts when necessary. For example, issues relating to an SAP customer using Agentry

would be populated to Syclo’s help desk databases even if the customer called SAP as the initial

point of contact. In this example, Syclo would work closely with SAP to solve the issue, either at

that level of support or by escalating it to a higher level of support.

Syclo does not include telecom expense management as part of its MDM offering, noting that

this is not a core competency at this time. According to Syclo’s Joe Granda, Syclo has not

structured any formal partnerships with specific TEM vendors because Syclo sees TEM as a low

value service with few differentiators between TEM vendors.

Tangoe www.tangoe.com Mobile Platform Support

Apple iOS 4.0 and later


BlackBerry V4.3 and later

Palm/HP WebOS

Symbian S60, 5th Edition

Windows Windows Mobile v6.x, WP7 and later

Tangoe is perhaps best well known for its deep history in Telecom Expense Management (TEM),

starting out with a focus on managing complex relationships with carriers and optimizing billing

charges. In 2008, Tangoe acquired InterNoded, a Massachusetts-based MDM vendor. Today,

Tangoe offers TEM services such as invoice management, centralized inventory, streamlined


provisioning and rate optimization, integrated with mobile device management for

smartphones and tablets.

Troy Fulton, Tangoe’s Director of MDM Product Marketing, believes that TEM and MDM will

increasingly work together in a symbiotic relationship and must be evaluated integrally to

provide stakeholders access to “big data” as a way of increasing business value. Because TEM

allows for pre-determined, predictable costs based on location, group, people, and devices, IT

managers can ensure that the right devices and people are in the correct plan and, if not, move

them in real time to a different plan that is pre-negotiated with carriers. The result, according

to Fulton, is greater enterprise end-to-end control over provisioning, policy management,

security, network access, applications, cost control and end-of-life device de-provisioning.

Tangoe believes it has several competitive differentiators over other MDM vendors. For

example, Tangoe states that it can comprehensively meet the mobility needs of large services

organizations, from help desk support to carrier relationship management. Additionally,

Tangoe points to its patented secure and intelligent device provisioning, authorizing and

configuration of wireless devices to the correct wireless host services, and self-service portal

and real-time cost management TEM services. Tangoe also highlights that it is the only MDM

vendor that can support application deployment throttling based on wireless host server

statistics.

Tangoe offers both an on-premise and cloud-based MDM solution and has received strong

interest from its on-premise customers about moving to a managed offering, a pattern Tangoe

expects to continue throughout 2012. In describing Tangoe’s approach to cloud-based security,

Custie Crampton, VP of Product Management, describes a light-weight agent Tangoe developed

as an alternative to VPN tunneling that allows Tangoe to talk with infrastructure that is installed

at a customer’s location without having to incur the entire cost of all the databases and OS

software licenses that Tangoe’s software would typically require. The light-weight agent allows

companies that are currently managing the solution internally on-premise to move it to a

hosted environment while still maintaining the same degree of control afforded by on-premise

environments.

Tangoe provides support for private enterprise application stores and market applications

based on profile configuration. Profiles can be configured based on OS information, device

statistics or user identity and only allow users to see applications that are relevant to them.

Tangoe can specify applications that are optional or required and provide links to a consumer

application store or internal corporate applications. Tangoe has not partnered with outside

mobile application management vendors but instead has developed its own internal application

catalog management tool. Additionally, Tangoe does not develop custom applications itself.

For customers who deploy Tangoe’s managed services offerings on top of MDM, Tangoe’s


professional services team can assist with application deployment. Tangoe provides IT

managers with a single administrative console to see both market and private applications

holistically.

Tangoe has used a portion of the capital raised in July 2011 as part of its Initial Public Offering,

as well as cash on hand, to acquire several firms that it believes will be strategic to its long-term

success:

Anomalous Networks: In January 2012, Tangoe announced that it had acquired

Anomalous Networks, a privately held provider of real-time TEM software solutions for

smartphones, tablets, personal computers and modem-enabled equipment. Anomalous

Networks’ solutions are expected to provide predictive cost intelligence, user alert

acknowledgement tracking, usage anomaly detection, and enhanced policy

enforcement.

ProfitLine: In December 2011, Tangoe announced its intention to acquire ProfitLine, a

provider of telecom expense and mobility management services, for $23.5 million.

Telwares TEM: In March 2011, Tangoe announced the acquisition of Telwares’ TEM

business in which Tangoe agreed to assume ownership of Telwares’ invoice

management, call accounting, and mobile device management operations, including the

related customers, support services, and staff located in Pueblo and Greenwood Village,

CO, and Parsippany, NJ.

HCL TEM: Tangoe announced in January 2011 that it had structured an agreement with

HCL Technologies to formalize a strategic alliance and acquire all existing HCL TEM

customer agreements and operations.

In Tangoe’s quarterly SEC filing for the quarter ended September 30, 2011, Tangoe highlighted

financial risks associated with its business during the recent economic slowdown. In

conversations for this report, however, Tangoe officials stated that company performance has

tracked well to plan, adding that Tangoe’s recurring revenue model has contributed

significantly to the company’s stability and financial strength. According to Custie Crampton,

“Approximately 90 percent of our revenue is recurring, coming from multi-year contracts. From

a stability perspective, we don't usually experience revenue peaks and valleys like firms selling

perpetual licenses.” Tangoe’s goal in the MDM market, according to Crampton, is to continue

to deliver value to businesses of all sizes as they face the challenge of better managing their

expanding mobile infrastructure.

Tangoe will continue to look for ways to differentiate itself, offering additional services around

MDM to provide customers with the best possible value. To that end, Tangoe released new

MDM software in December 2011 that has many iOS 5 capabilities built into it, including


support for Apple’s Volume Purchasing Program. Additional capabilities include an updated

version of Tangoe’s SaaS connector and a self-service portal. Although most of Tangoe’s

customers have moved to Exchange 2010, Tangoe continues to support customers on earlier

versions of Exchange, and by the end of March 2012, Tangoe will introduce a proxy server

solution that will be available for customers who are still using Exchange 2003 and 2007.

Wavelink www.wavelink.com Mobile Platform Support



BlackBerry 5.0 and later

Palm/HP WebOS

Windows Mobile Windows Mobile, Windows CE, DOS

As a long-time provider of terminal emulation and industrial browsers, Wavelink sees

application platforms and device management as a natural fit for its capabilities. Wavelink has

offered MDM solutions since 1998 and has built up a strong base of Wavelink Avalanche MDM

customers: over 8,000 companies are using Avalanche software to manage more than 5 million

mobile devices, including logistics and transportation companies and nine of the 10 leading

global retailers. Some Wavelink customers are managing 130,000 devices, while others manage

over 5,000 wireless LAN access points. Wavelink believes the large implementations it has

supported for nearly 15 years, particularly when Avalanche is tied into broader enterprise

infrastructure, provides it with a unique position in the market.

Wavelink provides real-time expense management tools through Avalanche Telicost. Roaming

end users – through a pop-up – are sent an alert to warn them if they are about to spend a

higher fee per minute than they would normally spend when not roaming. Additionally,

Avalanche Telicost sends an alert to IT administrators to allow them to decide if roaming should

be disallowed or permitted. In addition to notifying users of high roaming fees, Avalanche can

also notify users when they have spent a certain percentage of their monthly minutes, or when

users stray outside of their designated work areas, commonly known as geo-fencing. Wavelink

stresses the pro-active, real-time aspect of Telicost, noting that it avoids bill shock at the end of

each month.

Because of the markets Wavelink serves, it does not have its own application store. Most of

Wavelink’s customers prefer to deploy and manage specific applications, such as applications


related to ERP or field service management that integrate with back-end systems. As a result,

Wavelink customers generally obtain their own applications, create the specific configurations

they want their employees to run on mobile devices, and conduct a managed deployment.

According to Kelly Ungs, Wavelink’s Senior Director of Channel Sales, “It is a very closely

controlled process to ensure the applications are secure and workers are using the devices as

they were intended.”

Even though Wavelink customers operate in a more controlled environment with regard to

application configuration and deployment, Wavelink can still custom configure applications

based on configuration files that can be applied to various device groups or user groups,

depending on their permissions as set up in the Avalanche system. Wavelink can also utilize

Avalanche to control which users get access to which versions of which applications, and also

control who has what level of access.

Wavelink offers on-premise, cloud-based, and managed service delivery models. To provide

optimal security in the cloud, Wavelink utilizes a variety of measures around encryption and

authentication to protect data at rest in Wavelink’s databases, data in the hosting environment,

and data that is being transmitted over the Internet. In addition, Wavelink offers a standalone

data protection client on the mobile device that does not require that users are connected to

the Internet in order to encrypt and delete critical data on the device. IT administrators can

also configure the settings with timers on the device. When a device detects that it’s

vulnerable, it can take a number of actions to protect the data, including selective encryption

and deletion of critical data. Additionally, Wavelink ensures that the IT administrator or help

desk user is logging in and connecting to the appropriate tenant in Wavelink’s multi-tenant

architecture. Wavelink also has measures in place to ensure that when a device connects, it

can only be associated with a specific company. Wavelink assures customers that, even in its

multi-tenant architecture, there is no chance of any cross-over or of any customer seeing

another customer’s data.

When asked about consolidation in the mobile device management market, Wavelink describes

many of the new firms that have entered recently as having knowledge that is only “skin deep.”

Wavelink officials maintain that they will be around for the long term, pointing out that their

company has multiple revenue streams, including terminal emulation and agreements that

allow them to OEM Avalanche to major vendors. According to Kelly Ungs, “Any of our

management product areas could survive as a standalone business, but when we put them all

together, they work really well together and provide good stability for Wavelink and our

customers.” Jay Cichosz, Wavelink’s VP of Marketing, adds that the company still manages

devices that were made by companies that are no longer in business, noting “It's not that


Wavelink will just support a device for six months while it's a popular in the market. Wavelink

supports enterprise devices and applications for the long haul.”

Peter Cannon, Senior Product Manager at Wavelink, states that Wavelink is committed to

overall mobility management, including application management, security management, and

configuration management. In evaluating MDM solutions, customers should focus on solutions

that provide them with a bridge to the future, recommends Cannon, including support for a

transition from a homogeneous mobile device environment to a multi-OS environment, support

for the implementation of back-end databases, and support for multiple delivery models,

including on-premise, cloud, and managed services.

Zenprise www.zenprise.com Mobile Platform Support



BlackBerry v4 and later

Symbian ^1 and later

Windows Windows Mobile v5 and later, WP7 and later

A player in the mobile device management market since 2003, Zenprise reported “tremendous”

growth during 2011, including:

Quadrupling its customer base worldwide

o Customers include two of the top three computer software, computer hardware,

telecommunications, aerospace/defense, and petroleum refining companies

Growing bookings by 400 percent

Tripling employee headcount to over 200

Expanding headquarters with a 24,000 square-foot facility in Redwood City, CA

Opening new sales offices throughout the United States, EMEA and India

Launching a Partner Network Program

Zenprise emphasizes that its mobility management solutions are “powerful yet simple”—

powerful due to the feature set its offerings include and simple for both administrators and

end-users. Zenprise highlights its ability to create multiple groups of users, including adding the


same person to different groups instead of just a single group. According to Ahmed Datoo,

Zenprise’s CMO, the company’s MobileManager solution can automatically assign policies from

each group, avoiding the laborious practice of manually creating exceptions. For end-users,

Datoo contrasts Zenprise’s solution with competitors, noting for example that Zenprise

customers are not required to have a Google account when they enroll an Android device, nor

are they asked to allow their iOS device to track their location.

Datoo highlights Zenprise customers who describe Zenprise MDM as “set it and forget it.” After

setting up MobileManager, they “never had to touch it again,” even when new employees

joined the company or existing employees departed. Datoo emphasizes that this is done

through MobileManager’s integration into customers’ LDAP architectures.

In September 2011, Zenprise introduced a new version of its MobileManager MDM solution

that includes secure file sharing for iPhones and iPads. The new application allows users to

access Microsoft SharePoint files and transfer them from their desktop to their mobile device

without uploading any documents. Additionally, Zenprise offers the ability to tag the security

of those documents. This Data Loss Prevention (DLP) offering extends existing SharePoint

controls to iOS devices, allowing users to view the files but not copy them or transfer them to

other iOS applications. Zenprise developed its secure file sharing technology in-house and

integrated it into MobileManager.

In November 2011, Zenprise announced a BYOD Tool Kit designed to help organizations with

BYOD planning and deployment. The Zenprise Tool Kit includes:

Rogue Device Assessment: Identifies potentially unmanaged BYOD devices on

corporate networks and includes detailed reporting on the frequency of device

connections to the corporate network.

Enterprise Mobility Executive Checklist: Provides organizational leaders with a set of

best practices to guide them in their BYOD roll-out.

Mobile Security Framework and Whitepaper: Provides a security blueprint for

organizations that want enterprise-grade mobile device management and security,

including a structure to assess monitoring, controlling, and protecting mobile devices,

applications, networks and data.

Zenprise offers the ability to distribute both private enterprise applications, as well as public

applications. Zenprise highlights its application distribution capabilities not just for iOS and

Android, but for BlackBerry, Windows Mobile and Symbian devices as well. Zenprise built this

functionality in-house and is not currently working with any outside application development

vendors or mobile application management vendors to provide this capability. IT


administrators have a single pane of glass to view public and private applications and can

associate the applications with the security policies and configurations they are deploying to

the devices.

Zenprise uses a container approach for users’ mobile devices that allows IT managers to specify,

on a document-by-document basis, whether specific files can be downloaded into the Zenprise

container. Zenprise can perform a selective wipe so that if a user had viewed the document on

a personal device and later leaves the company, all of the corporate documents are removed.

Zenprise also offers the ability to time-expire highly sensitive documents, such as confidential

financial information, R&D plans, or board of director packets.

Zenprise released Zencloud, its cloud-based offering, in July 2011. After Zenprise client

software is loaded onto an organization’s devices, IT administrators can view all of the devices

under their control, as well as overall software and hardware inventory information,

provisioning details, and applications. Some high-end security features will require customers

to purchase Zenprise’s Secure Mobility Gateway, which communicates with the Zenprise client

and monitors the device, including whether or not devices are infected with malware. If so,

devices are not allowed to connect to the corporate network. IT managers can also use the

Secure Mobile Gateway to administer white and black lists and block unauthorized personal

devices from the organization’s network.

Zenprise prides itself on its “powerful” security infrastructure around mobile device

management, particularly in the cloud, and believes it has the strongest security protection for

enterprises available today. Zenprise states that cloud-related databases with sensitive

information are put behind the DMZ so that sensitive information is not accessed via the public

Internet. LDAP information is also kept out of the DMZ in Zenprise configurations, and Zenprise

does not sync LDAP data to the cloud. Zenprise describes its security as end-to-end – providing

device, network, application and data security.

Zenprise states that its approach to mobile device management in the cloud is different from

that of its competitors, noting that it designed MobileManager with multi-tenancy in mind.

Ahmed Datoo states that Zenprise customer data is logically separated with no customer

information existing on the same database. Any issues with corruption would therefore only

impact a single customer’s data, not the entire customer population. Zenprise also contrasts its

Zencloud offering with that of competitors who simply put appliances in the cloud and

manually configure the systems.

Zenprise uses a combination of public, private and hybrid clouds. Datoo notes that Zenprise

typically uses a public cloud for small-to-mid-sized companies and private or hybrid clouds for

larger, enterprise customers. Zenprise sold a 40,000 seat hybrid, cloud-based contract in Q4


2011 in which the customer wanted to integrate existing on-premise resources, such as its

LDAP and VPN infrastructure, as well as certificates, into a cloud.

Zenprise views itself as an integrated solution provider, noting that, in putting its end-to-end

security policies in place, it considers data leakage on devices, network-based security,

application security and device security all topics of interest to mobile administrators. In

contrast, Zenprise believes that large companies selling solutions bundled together with

products unrelated to mobility are really just selling point solutions, adding that all of the

“other stuff” is not relevant to the mobile buyer.

Zenprise responds to competitor criticisms that it lacks large-scale deployments by highlighting

numerous large-scale deployments it is currently managing, including 35,000 devices for a

technology company, 30,000 devices for a telecom customer and 20,000 devices for an

aerospace enterprise.

Zenprise is often referenced by other MDM vendors as a likely candidate for acquisition as

industry consolidation is anticipated in the coming months. While Zenprise recognizes that the

market is crowded and foresees consolidation, Zenprise officials state that they are focused on

building a strong business. Zenprise’s Datoo adds that the company’s backing by multiple, blue-

chip venture capital firms is an implicit vote of confidence for Zenprise’s forward momentum.


ADDITIONAL STRATEGIC MOBILITY MARKET PLAYERS

Apperian www.apperian.com Mobile Application Management vendor Apperian ensures that applications are delivered

securely, that customers have control over both applications and data, and that application

reporting and cross-platform support is available for mobile applications. Apperian’s cloud-

based, SaaS EASE (Enterprise App Services Environment) solution allows enterprise application

developers to create secure applications that can be distributed, updated, managed, and

provisioned across their network. EASE provides a framework to extend Apple’s SDK with

enterprise functionality, including authorization, authentication, version checking, and push

notification. EASE also includes high-performance hosted services and content delivery

networks for application downloads as part of a “complete solution” for enterprise customers.

In December 2011, Apperian announced support for HTML5 with its EASE platform, allowing

enterprises to more quickly and easily pilot and roll out new mobile applications because there

are no requirements for application signing or configuration. While Apperian believes its native

catalogs are very high quality, it also recognizes that some organizations prefer HTML5 as a

quick start to application development.

Apperian also offers an SDK – a software library that customers can add to their iOS

applications that provides enterprise features to their applications. Apperian’s “Core SDK”

includes modules that enable key features of the EASE platform. Other modules can be used

with EASE or independently.

Apperian views applications as part of a container model, with each application having its own

“world” in which it will be used. This granular approach has security implications – with this

framework, Apperian can disable or delete applications if mobile devices with sensitive

applications are lost or stolen.

Cimarron Buser, Apperian’s VP of Business Development, does not believe MDM and MAM

vendors should be viewed as ‘either/or’ options, noting that while some Apperian customers,

such as Proctor & Gamble, Cisco, and NetApp, use core device management functionality

associated with Microsoft Exchange, they are not necessarily ready to adopt a process whereby

individuals and their devices are enrolled in a system in which a kind of “master God” takes

over.

Nevertheless, Buser does make some distinctions between MDM and MAM – most notably

with regard to the basic application catalog provided by most MDM vendors and the

application lifecycle development and management provided by MAM vendors. Many MDM


vendors are just using recommended applications and pointing to a public application catalog,

according to Buser, which is the equivalent of a web site and “not very powerful.” Other MDM

vendors just leave it up to customers to “figure it out” on their own.

In contrast, Buser notes that Apperian and other MAM vendors can not only link to a business

application, but provide screen shots, a description of the application, and a ratings/comments

section. In the future, Apperian plans to offer crowd sourcing, which will allow users to have

virtual conversations about which applications are important and the problems they are trying

to solve.

Apperian’s lifecycle services include beta testing, piloting, application roll-out, continuous

updates and eventual retirement. In Apperian’s vision, MAM is the lifecycle experience for

deploying and managing applications, not for the entire spectrum of mobility management.

The focus is on presentation, discoverability, and provisioning applications to end-users. Notes

Alan Murray, Apperian’s SVP of Product, “It’s really about how the end-users are interacting

with the application resources that are being provided on a mobile platform.”

In describing the Apperian “experience,” Buser highlights the importance of users’ backgrounds

in terms of how they view MDM and MAM. At one end of the spectrum are individuals who

approach mobility from the perspective that devices must have asset tags. Primarily from IT

backgrounds, these individuals are typically driven to MDM out of concerns about data leakage,

theft, control and regulation. At the other end of the spectrum are people who see mobile

devices in terms of what they can do, whether it’s a camera, a gaming platform or a two-way

communications device. This group is focused on utilizing mobility to gain competitive

advantage and will typically gravitate toward a MAM solution. Eventually, according to Buser,

both groups meet in the middle out of a recognition that security and data are both critical.

Apperian aims to provide customers with solid ROI for the applications they build. While

estimates vary with the scope of each project, in-house enterprise applications typically cost

several hundred thousand dollars each to build, the success of which is measured by the

number of people who download the applications. Apperian helps to facilitate this process and

cites the example of Talecris, a biotechnology company: after utilizing Apperian’s EASE

platform, the number of employees who downloaded Talecris’ applications spiked from 10

percent to 100 percent.

Apperian does not integrate with MDM solutions per se, but it does play alongside MDM

software. In its partnership with BoxTone, for example, Apperian has a “very light touch”

integration, according to Apperian’s Alan Murray, and provides interested BoxTone customers

more advanced application management solutions through EASE. Given BoxTone’s history in

building infrastructure, along with Apperian’s core competency around user experience, “it’s a


good marriage,” according to Murray. Brian Reed, Chief Marketing Officer at BoxTone, echoes

these remarks: “Apperian has a really robust enterprise app development and deployment

capability, allowing customers to build rich applications and quickly have the enterprise

equivalent experience of public app stores, plus a lot more. Apperian has a really good

enterprise SDK that makes it easy to build enterprise-grade apps faster.”

Cimarron Buser states that Apperian is open to additional MDM partnerships, along with MEAP

partnerships that are beneficial to both parties. Other Apperian partnerships include

integrators and MSPs, including Vox Mobile, as well as developers. Apperian describes its

developers as its most interesting partner category and states that it currently has over 30

developer partnerships for enterprise mobility applications, with new developers being added

on a regular basis. Many Apperian developer partners are small businesses providing

specialized iOS and Android development services, and they include Big Nerd Ranch and

BigTinCan. Apperian provides its developer community with infrastructure, including

distribution and the management of security and tracking. In turn, Apperian developers

provide valuable feedback on Apperian’s SDK.

Apperian would like to grow as fast as possible but with the caveat that any growth must

include quality partners who are “solid, have really good technology, and are the types of

companies we would want to refer to our customers.” Developer growth will also depend upon

customer demand in terms of the types of applications customers are using across industries

and verticals.

Apperian currently supports iOS, Android and BlackBerry devices. Apperian is well connected

to the iOS developer community given the previous experience of Apperian executives who

worked at Apple. Apperian also has connections to the Android developer community and

released EASE for Android in November 2011. Apperian expects to support Windows Mobile in

the near future, both natively and through the HTML5 capabilities it added in December 2011.

Other mobile operating system support will be based on customer demand.

Apperian employs approximately 50 people, most of whom work in engineering, quality

assurance and customer-oriented positions. All of Apperian’s development work is done in the

United States.

Bitzer Mobile www.bitzermobile.com Founded in 2010, Bitzer Mobile offers a solution that allows IT managers to mobilize existing

corporate applications rapidly by consolidating enterprise data in a secure container. Through


its Bitzer Enterprise Application Mobility (BEAM) solution, Bitzer Mobile consolidates all

enterprise data inside a secure container that is deployed on mobile devices as a native

application and is under the control of IT managers through an Administrative Control Panel.

Once IT organizations mobilize an application, users can interact with it from their personal iOS,

Android or BlackBerry device, and IT managers do not have to support multiple platforms or

create custom mobile applications.

In early 2011 Bitzer Mobile introduced a new solution for enhanced security on employee

mobile devices that extends Kerberos authentication trust directly to users’ devices by utilizing

a virtual smart card and an AppTunnel instead of a device-level VPN. With Bitzer’s virtual smart

card technology performing PKINIT, the trust is associated directly with the client and all keys

are stored in a secure container, avoiding potential security issues associated with a

constrained delegation approach. Bitzer believes this is a key differentiator in the market

today.

Bitzer’s new solution also obviates the need to configure and maintain lists of internal servers

to enable gateway trust; instead, IT administrators can continue authorizing users and servers

directly through Active Directory. Additionally, Bitzer’s secure AppTunnel ensures that the

connection from mobile devices to the enterprise intranet is only between the secure container

on users’ devices and enterprise servers via Bitzer’s gateway. To ensure a positive user

experience, Bitzer enforces PIN protection only when users are accessing corporate resources,

and not their consumer mobile applications, by holding the PKI certificate inside a secure

container application. Remote Mobile Container Management (MCM) allows IT administrators

to enforce policy and remotely lock/wipe the Bitzer container on employees’ mobile devices.

While not a mobile device management vendor (Bitzer categorizes itself as a Mobile App

Container supplier), Bitzer Mobile solves some of the same problems that MDM vendors solve.

For example, Bitzer Mobile can enforce authentication and security policies, as well as provide

data leak protection and security policies on the Bitzer container, but not on the device.

According to Andy Smith, VP of Product Management, “Bitzer crosses all categories – we do a

little bit of MAM, a little bit of MEAP, and a little bit of MDM.”

Bitzer Mobile believes that MDM vendors provide their services at the expense of user

experience, forgetting that mobile devices are popular because they are powerful consumer

devices. Bitzer is beginning to see enterprises, especially as they move from corporate-liable

devices to BYOD policies, showing a preference for mobile application management by

deploying a container approach, such as the one Bitzer offers. Bitzer’s value proposition is to

give corporations the security and isolation they need for enterprise IT purposes while still

allowing the mobile device to be a personal, consumer device.


Bitzer is similar to a MEAP, in that it has developed mobile virtualization technology. Unlike

some MEAPs, however, particularly those that let customers develop an application, run it in a

cloud environment, and stream the application down in a virtual view, Bitzer Mobile creates

and deploys a simple web application that gets deployed in the enterprise’s DMZ. If a customer

is running JD Edwards inside their enterprise, for example, and wants to give their sales force

access to their accounts and their contacts, Bitzer deploys a mobile virtualization layer (MVL)

that is a simple web application. To do this, Bitzer has a MVL studio that helps customers

design the application; JD Edwards has a SOAP or REST interface for other applications from

which to pull data. Developers write to that SOAP or REST interface and request access. When

a user logs in and requests certain information, such as a name, telephone number, and

address for a certain account, the user is asked to define which pieces of data s/he wants to

mobilize. The application applies tags and meta-tags to those fields and then feeds the data

down to pre-built templates on the mobile device. Customers can mobilize once by creating a

simple mobile virtualization layer.

Bitzer’s container is written in Objective C for iOS, with a different version for iPhone and iPad.

Bitzer also has a container written in Java for Android, as well as containers written for

BlackBerry and Windows Phone 7. Customers can mobilize applications within a day because

they are not re-writing any of the business logic. Instead, all the business logic stays on the

server, with just the presentation layer rendered on the device.

HTML5 applications can run inside Bitzer’s container through a secure browser. If the

application is a Bitzer virtual application, it can run inside the container as a native application.

Bitzer also supports native enterprise applications but customers must recompile the

application using Bitzer's APIs, similar to what developers must do with Good Dynamics. While

the application can still be run with the Bitzer platform – by containerizing it – it requires

additional work by customers.

Bitzer Mobile highlights its three levels of security:

Authentication: To access anything inside the container, a user needs to first

authenticate. There may be time-out periods and many other authentication policies

put on the system, either through Bitzer Mobile's control panel or through Active

Directory and synched to Bitzer's control panel. Authentication is done against the

customer's domain back-end. Bitzer states that it is not the authoritative source when

customers log in; instead, the log goes directly back to the customer's enterprise from

the container. The trust is therefore established from the device to the enterprise.

Bitzer believes authentication enforcement is a capability for which it has especially

strong capabilities.


Policy Management and Apportionment: Once the user is authenticated, Bitzer assigns

policies to the container so that it knows what device is accessing the container and

who the user is. Based on this information, Bitzer applies policy to that container,

including which applications a user is allowed to run inside the container (what Bitzer

calls virtual apps) and which applications users can run online or offline. Bitzer has the

ability to restrict access to the container based on the user’s geography (geo-fencing) so

that a user may only be allowed to access the container within the confines of a

hospital, for example, or only during certain time periods. If a user tries to access the

container outside of those parameters, Bitzer's solution will lock or wipe the container.

In other words, the container will take action based on the policy events or violations.

App Tunnel (Transport Layer): Bitzer has an application-level tunnel from the container

to the back end through a mutually-authenticated access tunnel that the company

states is more secure than device-level APN. According to Bitzer’s Andy Smith, “Unlike

traditional methods, which allow anything that backs up to a secure tunnel to connect

to the corporate back-end, customers using Bitzer’s app-level tunnel do not need to be

concerned with any other applications that might be running on the device because only

the ones that are inside the container are utilizing the tunnel that goes to the corporate

back-end.” Bitzer believes that its ability to provide a secure application tunnel as

opposed to a device-level VPN is a security benefit. Smith notes that Bitzer’s customers,

particularly those in highly regulated industries, have welcomed secure application

tunnels as they anticipate rogue applications, especially on Android devices.

Bitzer can provide these three levels of security whether the user is accessing a web resource

(such as a Web site), a SharePoint site or an intranet site. Bitzer has a browser inside its

container and web resources can therefore be accessed directly from the browser. If there are

HTML5 applications that have been built, these will also run inside the container. Customers

can also mobilize back-end applications through this mobile virtualization layer.

To expand its reach in the mobility market, Bitzer has formed a partnership with Mformation.

According to Andy Smith, the Mformation partnership was initiated after Mformation

customers requested a containerized solution in addition to device management. Additionally,

Bitzer Mobile is integrating with another MDM player through a mutual customer who wanted

to give end-users access to SharePoint via both corporate- and individual-liable devices in a

BYOD environment. Because the customer has a policy of smartcard-based authentication and

uses PKI certificates for its authentication process, this customer needed a company to secure

the certificates. Bitzer maintains the certificates inside the container and protects them with a

PIN, creating trust all the way through the device and then to the back-end server. The MDM

software is provisioning the certificates, and the integration is used to get the certificates into

Bitzer’s container.


Because of partnerships such as these, Andy Smith believes that there will be further

consolidation – including mergers and acquisitions – between MAM and MDM vendors.

According to Smith, “The fact that Bitzer is doing the virtualization piece, as well as mobilized

applications, makes us more valuable because this is a piece many MDM vendors don't really

understand. I definitely see a consolidation in terms of MDM and what is currently being

classified as MAM. I see those spaces as almost indistinguishable from each other.”

Bitzer Mobile is headquartered in Sunnyvale, CA. In November 2011 it received $4.75 million in

venture capital funding from Acero Capital and Chevron Technology Ventures.

Endeavour Software Technologies, Inc. www.techendeavour.com Founded in 2002, software services company Endeavour Software Technologies, the Mobility

Company, is a company focused on enterprise mobility through its mobility consulting and

development services. One of several key decisions that Endeavour helps organizations

determine for their mobility initiatives involves mobile device management. Endeavour is

certified on most mobile platforms and has expanded its focus on mobile technology from the

first generation to the current fourth generation of smartphones, tablets and other mobile

devices.

Jayaraman Raghuraman (“Raghu”), VP for Americas at Endeavour, states that mobile device

management is just one aspect that enterprises must consider when developing their mobile

strategies. For example, in addition to recommending an appropriate MDM vendor for a

leading Fortune 100 consumer products company, Endeavour also helped build its mobility

roadmap, vision, and strategy. In other instances, Endeavour has designed and built device

management features into mobile applications when customers have resisted purchasing an

MDM platform. Endeavour has also provided mobility services centered around a hospital sales

and marketing solution for a health care company, a mobile software solution for an insurance

company, mobile commerce applications, and mobile banking applications.

Endeavour believes that mobile device management is evolving, both in terms of what MDM

vendors are actually providing, as well as how MDM functionality blends into other aspects of

the mobility ecosystem, including MEAP and MAM capabilities. This is particularly true as the

focus shifts from device protection to data protection.

To ensure mobile security, Endeavour believes that specific categories must be considered,

including:


Data Security: When a user accesses data from a mobile device, strategies need to be

in place to ensure the data does not get lost and that it is encrypted and secure. This is

particularly true in highly regulated industries, such as healthcare and banking.

Device Security: Lost or stolen devices need to be secured such that applications cannot

be launched by an unknown user. Strategies around authentication are critical.

Authentication and Separation of Personal and Business Data: Includes built-in

security measures and regulations to ensure corporations are protected from actions by

users.

Network Security: Organizations must ensure that information being sent through the

network is not compromised.

Looking to the future, Endeavour believes that the coming six-to-12 months will witness larger

vendors entering the mobility market more aggressively. Players such as HP, Oracle, and SAP

will continue acquiring mobile capabilities and integrating them into larger IT solutions as a way

of managing mobility within the entire enterprise infrastructure. These players are also

expected to expand their mobility partnerships as they pour more resources, investment and

effort into their mobility initiatives.

Endeavour Software utilizes 240 mobile specialists. It partners with companies such as HP,

Intel, Microsoft, Motorola, RIM, Samsung and Sony Ericsson. Endeavour provides mobile

solution development across numerous platforms, including iOS, Android, BlackBerry, Symbian,

Palm Pre, Windows Mobile, micro Linux, Bada, Brew, Palm and J2ME.

Endeavour operates in healthcare, manufacturing, supply chain, consumer solutions, and

media/news verticals. Key clients include American General, Austin American-Statesman,

Boston Scientific, CA, Calypso, Chicago Tribune, Dell, e-MDs, Forbes, Hoovers, HP, Kimberly-

Clark, Morgan Stanley, RIM, Tesco, United Nations Foundation, and WellDoc.

Enterproid™ www.divide.com In operation since early 2011, Enterproid has had a significant impact on the mobility market

with its Divide™ platform. The basic premise of Divide is that users can switch back and forth

between their personal and professional profiles on a single mobile device by touching a button

on the device. No data crosses from the personal side of the device to the professional side,

and vice versa, ensuring that there is a complete “divide” between both worlds.


Similar to Good Technology, Enterproid uses a secure “container” to segment and secure

sensitive corporate data. Enterproid states that it designed Divide to ensure that users have

the best user experience possible. According to Dan Dearing, VP of Marketing, “We're not

looking at trying to take an existing product and extend it. Instead, we built Divide from the

ground up with the user philosophy in mind.”

Divide™ Manager is the element of Divide that provides a cloud-based device management

platform, allowing enterprises to manage things like policies across the mobile workforce.

MyDivide™ – also cloud-based – allows individuals to manage, locate, lock and wipe their

mobile phones and tablets. Divide Manager includes security controls, access control, and a set

of enterprise-grade versions of applications, such as email, contacts, calendar, a web browser,

phone dialer, and SMS.

Divide currently supports Android phones and tablets running version 2.2 or greater. In the

future, Enterproid plans to extend Divide to other mobile platforms, such as iOS and Windows

Phone 7. Enterproid also plans to release an API that will allow customers and third-parties to

develop secure applications for the Divide platform.

Enterproid’s Divide platform allows users to view documents from their work container. IT

administrators can structure an application to ensure that copy or extraction from the

container to the personal side of the device is disallowed. Enterproid does not currently have

the ability to provide time or date control for viewing documents.

Enterproid provides two portals:

Divide Manager: Similar to an MDM console, Divide Manager allows IT administrators

to see the entire universe of devices that are connecting to the enterprise environment.

This view is limited to data that is in the secure container. Divide Manager also provides

IT administrators with facilities to manage policies and applications via groups with

distribution over the air to the secure container.

MyDivide: The user portal gives employees complete control over their device,

providing them with a tool in which they can wipe their device if it’s lost or stolen, or

activate a beacon if it is simply misplaced. Employees can just wipe the personal side of

the device, or they can wipe the entire device, including the container. If they choose

the latter option, the employee would be opting out of management and would no

longer have access to the organization’s email services or any of the other applications

that would be provided in the container.

The Divide platform is deployed entirely from the cloud and installed as an application, allowing

users to set up the solution within minutes, according to company officials. Customers do not


have to install any hardware or software behind their firewall or on-premise. Data is encrypted

and stored on a completely separate database. Because of the container, Enterproid states

that viruses cannot access corporate information if they are downloaded onto the user's side of

the device. Enterproid currently charges $20 per year for a single user installation and

$60/user/year for enterprise installations.

Enterproid provides two levels of integration with its Divide platform:

White Listed Capability: Customers can take an app binary, upload it to Enterproid's

cloud server, and as part of the upload process, Enterproid will put a wrapper around it.

The wrapper secures it from a data protection standpoint so that the data is encrypted

and that the container or application is able to be wiped remotely by IT. Enterproid also

ensures that it can only launch from the work persona and that users do not see it on

the personal side of their device. This “white list” functionality allows users to select

any third party application, which can then be assigned to users by policies. Different

users can have different applications and the environment can be tailored to the user

and his/her role in the company.

SDK: Enterproid’s SDK allows for deeper integration and goes beyond data security and

protection, providing customers with the ability to affect the user experience, according

to Enterproid. For example, third party unified communications solutions such as

BroadSoft’s BroadWorks platform can be accessed via the dialer Enterproid supplies to

provide a richer, unified communications experience. Customers can also replace some

of the basic applications Enterproid provides with third party applications that have

access to the OS environment that Enterproid creates within its work persona. Within

the next six months, Enterproid plans to partner with application providers and

integrate different types of cloud-based services into the work persona using the SDKs

and APIs that come with the solution.

Enterproid believes that CIOs are anxious to leverage personal mobile devices that consumers

already own and use. At the same time, Enterproid believes it is critical in a BYOD strategy to

give employees confidence that they can trust the organization’s IT department when they give

IT managers some dominion over their personal devices. What does that trust entail? The

assurance that employee privacy is protected. Instead of traditional methods of device

management, in which IT administrators see the entire device, including all of the applications

and web services being used, Enterproid separates the device into two personas, carving out a

portion of the device that is containerized and separate from the employee environment.

Additionally, Enterproid makes a distinction in terms of what IT can wipe and what employees

can wipe off the device. With Divide, IT can only wipe the company persona. It’s left to the


employee to wipe the entire device if there is a loss or theft. As such, both parties retain

control – IT knows that even if the device is lost or stolen, the data is secure. Users know that

personal information will not be wiped without their consent.

According to Dan Dearing, Enterproid's primary focus is Android for large enterprises in a BYOD

environment. Dearing adds that IT managers who want to shift the cost of mobilizing their

entire company to more of a shared model using BYOD cannot be prescriptive in terms of the

types of devices their users choose. By providing IT managers with an enterprise-grade

approach to Android, similar to what these managers have currently for iOS an BlackBerry

devices, Enterproid helps organizations cope with the fragmentation of Android and the

difficulty of managing different models of software and hardware across different carriers. In

essence, Enterproid allows customers to normalize the OS variations and achieve a specific and

predictable security model.

Enterproid views mobile telecom expense management differently than traditional MDM

vendors. In Enterproid’s vision, expense management is a shared responsibility between

individuals and the enterprise and Enterproid provides both entities with insight in terms of

how the device is being used. For example, Enterproid can provide statistics on data usage,

voice usage and texting that is split by business use versus personal use.

Enterproid has several strategies for reaching customers with its Divide solution. Initially, it

plans to work with channels such as AT&T to roll out its offering to a wider audience. According

to Dearing, “The mobile network operator is our primary way to reach the enterprise and

provide our service.” Through the Toggle platform announced in October 2011, AT&T is

Enterproid’s first carrier partner. Dearing notes that Enterproid officials are in discussions with

other carriers in various geographies who are interested in replicating the AT&T model for their

own markets.

Additionally, Enterproid is interested in pursuing new markets that traditional MDM vendors

have typically ignored, including the SMB segment. Enterproid believes that SMB customers

would like to leverage mobile technology more fully but do not currently have a good way to

manage the process. SMB customers also have a different perspective on security, generally

one that is more relaxed. To reach the SMB market, Enterproid will work with resellers who are

selling to mid-tier enterprises and SMB companies. Reseller partners will offer Divide as a

value-added service to their existing offerings.

Enterproid envisions Divide as a complimentary solution to MDM vendors that do not currently

offer cloud-based mobile device management, providing them with an alternative delivery

model to their on-premise solutions. Driven by Enterproid channel partners who represent


MDM vendors within their mobility portfolios, Enterproid is currently in discussions with several

MDM vendors about possible collaboration.

Looking to late 2012 or 2013, Enterproid plans to work with mobile application management

vendors. Once the Enterproid framework to solve the BYOD challenge for IT managers is firmly

in place, Enterproid will work with MAM vendors to provide containerized productivity tools.

Enterproid’s vision is that MAMs will layer additional applications on top of Enterproid’s work

persona.

On February 15, 2012, Enterproid announced the integration of its the Divide platform with

BroadSoft’s communications platform. The integration will allow employees to use and

manage business communications services, such as text messaging from a business number,

business directory integration, call settings management, and extension dialing from their

mobile device. This will allow employees to access their work calls from their personal devices

without compromising their privacy.

Partnerpedia www.partnerpedia.com Mobile application management firm Partnerpedia provides MAM multi-tenant, cloud-based

services directly to IT customers, as well as to OEMs and vendors under private label.

Enterprise AppZone is Partnerpedia’s solution that allows IT managers to control the publishing,

distribution and management of approved applications to end-user devices. Enterprise

AppZone also includes administration functions, such as virus check and monitoring, mobile

content publishing, policy management, and user access control. Private labeling offers

technology vendors and OEMs the ability to further deploy a customer-facing mobile

application store.

Partnerpedia also offers native mobile application development for iOS, Android, Windows

Phone and BlackBerry devices. Additionally, customers can choose HTML5 for multi-platform

development. Partnerpedia’s expertise includes user interface and design, porting and

conversion, custom development, system integration, mobile content intranet, and business

and consumer applications.

According to Sam Liu, Partnerpedia’s VP of Marketing, approximately one-half of the customer

accounts that Partnerpedia interacts with do not have any MDM capabilities within their

environments. These customers are hopeful that Partnerpedia’s solution will be adequate to

service all of their mobility management needs. Partnerpedia customers that do have MDM

systems installed, according to Liu, typically report that their MDM platform is less suited for


BYOD environments due to more complex implementations or concerns around user privacy

and corporate liability.

Partnerpedia is in discussions with several MDM vendors about potential partnerships and

points of integration. According to Sam Liu, “There's not an obvious point of integration right

now because all companies have their own proprietary APIs.” Partnerpedia is still formulating

its approach toward MDM and MEAP vendors.

Partnerpedia was founded in 1996 and partners with leading customers, such as Alcatel-Lucent,

Citrix, InterSystems, Microsoft, RIM, Sophos, and Zebra.


ABOUT GALVIN CONSULTING, LLC

Galvin Consulting publishes syndicated research on mobile technology, including Smartphones

in the US Enterprise and Transforming Healthcare through mHealth Solutions. Additionally,

Galvin Consulting has supported direct clients and mid-tier research firms on custom market

intelligence and primary research projects. Analyst expertise extends from mature hardware

and software technology to emerging markets.

Through in-depth analysis and ongoing conversations, Galvin Consulting has developed

relationships with global subject matter experts and industry influencers. Deep connections

with technology professionals put Galvin Consulting analysts in close proximity to the tactical

and strategic information end-clients seek. Galvin Consulting researchers have a highly tuned

perspective on the integration of technology within corporate enterprises. They also

understand the vertical application of technology within a given industry, by virtue of

interviewing key technology consumers.

Galvin Consulting research includes market trends, drivers, segmentation, industry dynamics,

market direction, pricing/cost analysis and SWOT analysis. Additionally, Galvin Consulting

frequently includes competitive analysis, feature/functionality analysis, financial health, and

gap analysis. Customer satisfaction research is an additional core competency, including

win/loss analysis and customer satisfaction research.

LICENSE

Copyright © Galvin Consulting. Some rights reserved. Licensed under a Creative Commons

Attribution 3.0 License. Any reuse or remixing of the work must be attributed to Galvin

Consulting.

NO UNAUTHORIZED DISTRIBUTION

Any unauthorized distribution outside of the license agreement shall constitute breach of

license terms. Galvin Consulting may be eligible for legal and compensatory remedy in such

instances.


DISCLAIMER

Galvin Consulting believes the information contained in this report is reliable but, due to the

dynamic nature of the mobile industry and the market research process, we cannot guarantee

that it is accurate or complete and it should not be relied upon as such. Opinions expressed are

current as of the date of this publication. The information, including the opinions contained

within the report, is subject to change without notice.

Use of this report by third parties does not absolve these third parties from using due diligence

in verifying the report’s contents. Galvin Consulting shall have no liability for any direct,

incidental, special, or consequential damages or lost profits, if any, suffered by any third party

as a result of decisions made, or not made, or actions taken, or not taken, based on this report.

CONTACT INFORMATION

Galvin Consulting, LLC Seattle, WA Ph: 206.347.7552 Email: [email protected] Web: www.galvinconsulting.net

© 2012 Galvin Consulting and/or its affiliates. All rights reserved. This publication may not be reproduced or

distributed in any form without Galvin Consulting’s prior written permission. The information contained in this

publication has been obtained from sources believed to be reliable. Galvin Consulting assumes no liability for the

accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or

inadequacies in such information. This publication consists of the opinions of Galvin Consulting and should not be

construed as statements of fact. The opinions expressed herein are subject to change without notice. Although

Galvin Consulting research may include a discussion of related legal issues, Galvin Consulting does not provide legal

advice or services and its research should not be construed or used as such.

mailto:[email protected]

http://www.galvinconsulting.net/

Date post:	23-Jan-2018
Category:	Documents
Upload:	carolyn-galvin
View:	110 times
Download:	0 times

Key Considerations in Evaluating & Selecting a MDM Solution

Documents