In the past, typically mobile devices were thought of as cell phones (or pagers) that had the ability for two-way communication. Securing simple communication devices was simple and was provided by the company that provided the technology, such as a cellular communication company. The company provided the technology and could control and secure the use of the device. With the expansion of corporate communications to include heavier reliance on electronic messaging to communicate internally and externally within the corporate environment, the expansion of evolution of technology such as Microsoft's ActiveSync technology and RIM's Blackberry Devices and Communication protocol made leveraging smartphone technology viable in a corporate setting.
The management and control of the devices were effective and efficient; the corporation typically owned the device, service, and delivery mechanism. Corporate IT security policies were typically built upon the level of security that could be provided through the mobile technology (or variances were granted) to ensure the ability to leverage the expanding technology within the environment. As the elements of the corporate communication devices expanded into the consumer market, vendors such as Microsoft and Google began developing and deploying solutions that mimicked the corporate solutions with consumer focus.
Consumer-focused devices such as the iPhone and Android-based smartphones were introduced into the corporate environment. There is great debate concerning the number of mobile devices currently being used globally, but it is clear that the growth of the use in this type of technology is far outpacing personal computers and eventually will exceed all other types of technology purchased and used.
These devices are being used for not only personal communications, but also for corporate communications as well. IT departments began purchasing devices and communication solutions to meet the demand of the end user community. Eventually, this led to many companies adopting a new strategy for mobile devices, Bring Your Own Device (BYOD). The BYOD strategy allows end users to procure and manage the technology that they choose to leverage for communication, and the corporation and IT department does not have to manage to a consumer-driven focus. Ultimately, the concept of BYOD has expanded for many companies to include tablets, personal computers, smart car communication systems, and eventually televisions.
The shift to BYOD has been popular with end users and some elements of the corporate structure, but it does bring more complications such as management of devices, information contained on the devices, and ultimately, the method of communicating with the device. The use of MDM within the environment allows for the management across devices and platforms to effectively secure corporate information. The protection and management of the end users' personal data may ultimately be assisted with the use of an MDM solution, but should not be the focus.
Mobile communications devices are leveraged for a wide variety of reasons, namely corporate and personal. As a result, it is easy to have different functions merge or connect through the use of end users. The following diagram outlines the different types of users for mobile devices:
This information is typically corporate in nature and is contained within the corporate communication tools. All information is synchronized with the device through a secondary source like an IBM Domino or Microsoft Exchange Server through a tool such as IBM Traveler or a proprietary service like Good Technology or Blackberry Enterprise Server. The security and information protection is handled by the tool managing the information in the environment.
As mobile technology has evolved in the corporate infrastructure, tools and resources have evolved to allow for the corporate environment to extend to mobile devices. Tools such as File repositories and Instant Messaging can be extended to allow mobile users to communicate and leverage the corporate collaborative environment. This data is typically managed by the tool that is delivering the resources to the device or through tools that exist on the device; the management of these tools can effectively be accomplished through the use of an MDM solution.
Consumer-based applications that provide corporate type functionality are available through consumer sites such as the Google and Apple App stores. These popular applications, such as Dropbox, are tools that allow for the storage and synchronization of files across many platforms. Some corporate environments want to limit the use of external applications to minimize the federation spread of corporate information outside the controlled corporate environment. Typical consumer-focused applications are provided by the vendor and do not meet the standards typically found in corporate security policies to protect data from leaving the corporate environment and being housed outside in an uncontrolled environment. The corporation may purchase a service and provide it to the end users to meet requirements; these solutions will have more corporate controls in place. The management and "lock down" of this type of utility will likely require an MDM solution.