Critical Capabilities For Mobile Device Management
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

Critical Capabilities For Mobile Device Management

on

  • 4,005 views

Zenprise MDM, Mobile Device Management, 2012

Zenprise MDM, Mobile Device Management, 2012

Statistics

Views

Total Views
4,005
Views on SlideShare
3,991
Embed Views
14

Actions

Likes
1
Downloads
169
Comments
0

1 Embed 14

http://solutions-review.com 14

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

Critical Capabilities For Mobile Device Management Document Transcript

  • 1. Critical Capabilities for Mobile Device Management 3/29/12 8:54 AM Critical Capabilities for Mobile Device Management 29 July 2011 Monica Basso, Phillip Redman Research Note G00213877 This research provides quantitative ratings for a selection of enterprise mobile device management offerings, evaluating them in typical use cases, across 10 critical capabilities. Overview Critical Capabilities Methodology This research provides quantitative ratings for a selection of enterprise mobile device management (MDM) "Critical capabilities" are attributes that offerings, evaluating them in typical use cases, across 10 critical capabilities. Enterprises should use these differentiate products in a class in critical capabilities, use cases and product ratings to identify the most suitable enterprise MDM products or terms of their quality and performance. services to meet their management and security requirements. Gartner recommends that users consider the set of critical capabilities as some of the most important criteria Key Findings for acquisition decisions. Not all MDM platforms provide device encryption if it is not supported natively on the device. This methodology requires analysts to Although containerized approaches offer some of the highest security, restrictions to the users experience identify the critical capabilities for a with mobile email may limit the users acceptability and viability on personal devices. class of products. Each capability is AirWatch, BoxTone, Fiberlink, MobileIron, Sybase and Zenprise use native Apple iOS 4 management APIs then weighted in terms of its relative to implement functions such as over-the-air (OTA) software upgrades and certificate-based authentication. importance overall, as well as for specific product use cases. Next, Good for Enterprise is a mobility suite centered on wireless email; many management and security products are rated in terms of how well capabilities are available within their email client only. they achieve each of the critical capabilities. A score that summarizes Recommendations how well they meet the critical Choose MDM offerings that support a lightweight management approach, with mobile agents and server- capabilities overall, and for each use side platforms, when your security and management requirements are limited and deep control is not case, is then calculated for each accepted by employees using personal devices. Examples include Zenprise, MobileIron, BoxTone, Fiberlink product. and AirWatch. Ratings and summary scores range Choose MDM offerings that support a heavyweight approach to deliver secure and manageable corporate from 1.0 to 5.0: email to consumer and personal devices when strict security and compliance requirements apply. Containers can enforce stronger separation among personal and corporate content. Examples include 1 = Poor: most or all defined Good Technology, Excitor and Sybase. requirements not achieved The iPhone 3GS and later hardware platforms ship with always-on hardware encryption. When iOS 4.2 was 2 = Fair: some requirements not introduced, it added a new data protection class that allows third-party applications to manage their own achieved encryption keys, reducing the risk of data leakage on a jailbroken device. The new data protection classes are activated upon the full installation of iOS 4 or later. 3 = Good: meets requirements 4 = Excellent: meets or exceeds some What You Need to Know requirements This document was revised on 24 August 2011. For more information, see the Corrections page on 5 = Outstanding: significantly exceeds gartner.com. requirements Before making any effort to select the most appropriate tool for MDM, organizations need to understand their Product viability is distinct from the requirements and define clear policies for deployment, including corporate data and application protection on critical capability scores for each the device and back-end servers; isolation from personal content, if needed; and cost containment. product. It is our assessment of the Organization should evaluate different MDM offerings, focusing on the critical capabilities identified in this vendors strategy and its ability to research. enhance and support a product over its expected life cycle; it is not an Return to Top evaluation of the vendor as a whole. Four major areas are considered: Analysis strategy, support, execution and investment. Strategy includes how a vendors strategy for a particular Introductionhttp://www.gartner.com/technology/reprints.do?id=1-16U0UOL&ct=110801&st=sg Page 1 of 24
  • 2. Critical Capabilities for Mobile Device Management 3/29/12 8:54 AM vendors strategy for a particular Introduction product fits in relation to its other The proliferation of consumer devices and a growing demand from employees are changing the ways in which product lines, its market direction and organizations deliver mobility solutions to the workforce. its business overall. Support includes IT organizations are forced to create mobility programs to support corporate email and other applications on the quality of technical and account consumer products, such as iPhone, iPad and Android devices. "Bring your own device" and employee-liable support as well as customer programs are common, and we expect that 80% of organizations will have tablets by 2013 (see "Gartners Top experiences for that product. Execution Predictions for IT Organizations and Users, 2011 and Beyond: ITs Growing Transparency"). considers a vendors structure and processes for sales, marketing, pricing These deployments bring a range of new challenges, from security, compliance and management, to cost and and deal management. Investment human capital management. Organizations address these challenges by defining policies that regulate the considers the vendors financial health usage of consumer and personal mobility for employees, and they need the appropriate tools to enforce and the likelihood of the individual policies, regulate behaviors, contain costs and manage risks, across multiple device platforms. business unit responsible for a product Multiple options are available — the enterprise MDM market has more than 60 players with a wide range of to continue investing in it. Each product products, services and capabilities. Gartner research (see "Magic Quadrant for Mobile Device Management is rated on a five-point scale from poor Software") identifies a subset of 23 vendors that qualify as viable for investments. These offerings are to outstanding for each of these four progressively adding similar features, driven by fierce competition, and the market is going through a areas, and it is then assigned an overall commoditization route. product viability rating. IT organizations struggle to identify the right options for investment. On one hand, the rapid evolution of The critical capabilities Gartner has mobile devices and business requirements makes it difficult to identify a clear set of MDM requirements. On the selected do not represent all other hand, the lack of differentiation confuses buyers and complicates investment decisions. capabilities for any product and, therefore, may not represent those One major area of differentiation among MDM offerings is the technical approach to management (see "How to most important for a specific use Support Corporate E-Mail and Other Applications on Personal Devices"): situation or business objective. Clients should use a critical capabilities Lightweight approach: Server-side product or service offerings may have a small mobile agent running analysis as one of several sources of on the device, and/or call native APIs provided by the mobile OS platform (e.g., iOS 4), but do not have a input about a product before making an complete mobile management client. They can enforce policies on the server side, but cannot control the acquisition decision. device and mobile user behavior in depth. They are used in combination with native mobile support in corporate email servers (e.g., Microsoft Exchange ActiveSync [EAS] in Microsoft Exchange Server or Notes Traveler in Lotus Notes/Domino) to enforce complementary policies to those provided by the server. Thus, they can preserve the native email client experience on iPhones and iPads, which are favorite choices for users. Relevant vendors with this approach include AirWatch, BoxTone Fiberlink, MobileIron and Zenprise. Heavyweight approach: Client-side management software is available for every relevant mobile OS platform (either stand-alone or blended with a proprietary email client). The management client can enforce strong IT control on the device (e.g., local data encryption, selective wipe and containerization). Vendors with this approach are Good Technology, Excitor and Sybase. Goods product does not integrate with the email servers native mobile support (e.g., EAS) — actually, it replaces it, and it does not work with the devices native email client, but requires its own client, which can only connect to a corporate email server. Good Technologys approach prioritizes on IT control, limiting the users choice and experience with the email client. Another important element of differentiation among these offerings is the delivery model: cloud services versus on-premises versus host. While most mature products (such as those from Good Technology, Sybase and MobileIron) are on-premises, a growing range of cloud services offerings (such as those from AirWatch, Fiberlink and Tangoe) are starting to appeal to users because they are more economical. In fact, there are no upfront costs, and an inexpensive price per user per month and more flexibility to scale up services with growing mobility adoption or needs. Before entering MDM product selection analysis, organizations need to identify the risks and benefits of introducing support for corporate applications on personal devices. They then need to identify the IT policies required to control deployments, manage risks and support users. Finally, they need to choose the appropriate management approach and the products and services that can help to enforce those policies in a cost-effective way. Return to Top Product Class Definition Gartner defines MDM as a range of products and services that enables organizations to deploy and support corporate applications to mobile devices, such as smartphones and tablets, possibly for personal use — enforcing policies and maintaining the desired level of IT control across multiple platforms. Areas of functionalities include security, provisioning, software and inventory management, and decommissioning. See "Magic Quadrant for Mobile Device Management Software" for a complete description of the market and vendors that deliver these products or services. In this research, we focus on the capabilities and viability of a subset of offerings (products or services) from this market, which get the most attention and inquiries for advice from our client base. Return to Top Critical Capabilities Definition MDM offerings address a range of requirements from IT organizations aiming to deliver mobility experiences to their workforces or customers, while maintaining control and minimizing risks. They tend to bring a fairly complex set of functionalities, with progressively little differentiation among the competition. This research examines 10 critical capabilities that differentiate competing MDM products. The critical capabilities considered for enterprise MDM products are:http://www.gartner.com/technology/reprints.do?id=1-16U0UOL&ct=110801&st=sg Page 2 of 24
  • 3. Critical Capabilities for Mobile Device Management 3/29/12 8:54 AM for enterprise MDM products are: Device Diversity Policy Enforcement Security and Compliance Containerization Inventory Management Software Distribution Administration and Reporting IT Service Management Network Service Management Delivery Model Detailed information about each critical capabilities follows: Device Diversity: the degree of diversity in mobile devices and mobile OS platforms that the considered MDM product can handle. This includes: Support one or more OS platforms, such as Android, iOS, etc. (Note that support for Research In Motion [RIM] OS and Windows Phone 7 is rated as a plus because fewer vendors have added them.) Support for media tablets Support for ruggedized devices Support for simpler phones Policy Enforcement: Enforce policies on eligible devices: Detect OS platforms and versions, installed applications, and manipulated data. Detect iOS jail-broken devices and rooted Android devices. Filter (restrict) access from noncompliant devices to corporate servers (e.g., email). Enforce application policies: Restrict downloadable applications through whitelists and blacklists. Monitor access to app stores and application downloads, and put prohibited applications on quarantine and/or send alerts to IT/managers/users about policy violations. Monitor access to Web services, social networks and app stores, and send alerts to IT/managers/users about policy violations and/or cut off access. Enforce mobile communications expense policies: Monitor roaming usage. Detect policy violations (e.g., international roaming) and, if needed, take action (e.g., disabling access to servers and/or send alerts to IT/managers/users about policy violations). Enforce separation of personal versus corporate content: Manage corporate apps on personal devices, and personal apps on corporate devices. Tag content as personal or corporate through flags. Detect violations of separation and, if needed, send alerts to IT/managers/users. If a container is in use, prohibit exporting data outside the container (e.g., when opening an email attachment), and regulate interaction between different enterprise containers. Restrict or prohibit access to corporate servers (e.g., to email server or email account) in case of policy violation. Security and Compliance: a set of mechanisms to protect corporate data on a device, corporate back- end systems and preserve compliance with regulations: Password enforcement (strong alphanumeric password) Device lock (after a given number of minutes of inactivity) Remote wipe, selective remote wipe (e.g., only corporate content); total remote wipe (hard wipe, data not recoverable after deletion) Local data encryption (phone memory, external memory cards) Certificate-based authentication (include device ID, OS version, phone number); certificate distribution Monitoring device and data manipulation on device Rogue app protection (e.g., application quarantine) Firewall Antivirus Mobile VPNhttp://www.gartner.com/technology/reprints.do?id=1-16U0UOL&ct=110801&st=sg Page 3 of 24
  • 4. Critical Capabilities for Mobile Device Management 3/29/12 8:54 AM Mobile VPN Message archiving (SMS, IM, email, etc.) and retrieval; record historical event for audit trail and reporting Containerization: a set of mechanisms to separate corporate from private content (data, applications) on a device and apply a range of actions to control the corporate footprint, such as: Local data encryption On-the-fly decryption Selective remote wipe No data export to other containers (data leakage prevention) Controlled communication among containers Application containerization (beyond email) Containerization based on virtualization technology (e.g., Open Kernal Labs [OK Labs] OKL4, VMware MVP, ARM TrustZone) Inventory Management: a set of mechanisms to provision, control and track devices connected to corporate applications and data: Asset management and inventory Device configuration and imaging Device activation and deactivation Provisioning (OTA): Distribution (push) Configuration (push): Device configuration iPhone profiles Lockdown hardware features (e.g., enable/disable hardware, camera, removable media card, infrared [IR] port, Bluetooth, Wi-Fi) Monitoring: Performance Battery Life Memory Lost-phone recovery Locate and map Restore and migrate Software Distribution: a set of mechanisms to distribute applications and software upgrades to mobile users OTA, avoiding tethering to a PC: Application discovery (e.g., through private app stores) Software updates, for applications or OSs Patches/fixes Backup/restore Background synchronization File distribution Administration and Reporting: capabilities for IT administrators to manage mobile deployments and users. This includes: Single console Web-based console OTA provisioning Role-based access Group-based actions Remote control (real-time or permission-based) Enterprise platform integration (e.g., Exchange Active Sync; LDAP; BlackBerry Enterprise Server [BES]; certificate authority; trouble ticketing and help desk, such as Remedy; and network management, such as IBM Tivoli) Business intelligence Reporting IT Service Management: capabilities to grant mobile service levels to mobile users, such as: Help desk User support with levelshttp://www.gartner.com/technology/reprints.do?id=1-16U0UOL&ct=110801&st=sg Page 4 of 24
  • 5. Critical Capabilities for Mobile Device Management 3/29/12 8:54 AM User support with levels User self-service (administration, etc.) End-to-end real-time monitoring Troubleshooting Alerting Network Service Management: specific capabilities to monitor and optimize mobility costs, such as: Contract management Expense management Service usage management Delivery Model: ways to deliver MDM capabilities to customers (e.g., on-premises, hosted, cloud). Complete cloud offerings are rated higher, because they allow organizations to acquire MDM capabilities without upfront investments. Pricing policies per users (as opposed to per device) are rated higher. Return to Top Use Cases We have identified a number of use cases that come up fairly frequently in our client inquiries, and that help to highlight the best characteristics of selected MDM offerings under specific conditions: Case A1 — Highly regulated organizations focusing on corporate email only: Organizations aiming to support consumer personally owned devices, such as iPhone, iPad and Android devices Organizations operating in sectors under severe regulatory constraints (e.g., financial, healthcare, military and defense) with strict security and compliance requirements, such as the Health Insurance Portability and Accountability Act (HIPAA; e.g., must enforce local data encryption on all devices connected to their email servers, required certifications, etc.) Organizations focusing on the short term, only regarding corporate email support Case A2 — Highly regulated organizations going beyond email: Highly regulated organizations, as per Case A1, that want to deploy and support corporate applications beyond email, need to distribute software OTA, and need discovery mechanisms (such as for app stores, to block access, etc.) Case B — Nonregulated organizations, mobility deployments: Organizations operating in nonregulated sectors (e.g., retail, delivery services) that can live with basic security and management support, and that must enforce limited mobile policies to mobile users Organizations with previous mobility experience and/or mobility skills Support for consumer devices, such as iPhone, iPad, Android, BlackBerry devices; corporate or personal devices Organizations focusing on email and/or other applications Case C — Expense management focus: Organizations that want to optimize mobility deployment expenses and that are less focused on security Cost optimization Case D — Service-level management: Organizations with critical mobile applications or users, and mobile service-level agreements All types of deployment sizes (most often midsize to large) Need to monitor and control end-to-end mobile deployments Troubleshooting Table 1 looks at the weightings of all the use cases in this research. Each use case weighs the capabilities individually based on the needs of that case, which impacts the score. Each vendor may have a different position based on its capability and the weighting for each one. The overall use case is the general scoring for the vendors product, with all weights being equal.http://www.gartner.com/technology/reprints.do?id=1-16U0UOL&ct=110801&st=sg Page 5 of 24
  • 6. Critical Capabilities for Mobile Device Management 3/29/12 8:54 AM Table 1. Weighting for Critical Capabilities in Use Cases Regulated, Expense Service-Level Critical Product Regulated, Applications Nonregulated Optimization Management Capabilities Overall Email (A1) (A2) (B) Objective (C) (D) Device Diversity 10.0% 5.0% 1.0% 20.0% 1.0% 5.0% Policy Enforcement 10.0% 5.0% 10.0% 5.0% 0.0% 5.0% Security and Compliance 10.0% 5.0% 10.0% 5.0% 0.0% 5.0% Containerization 10.0% 70.0% 5.0% 0.0% 0.0% 0.0% Inventory Management 10.0% 5.0% 5.0% 9.0% 20.0% 15.0% Software Distribution 10.0% 1.0% 55.0% 15.0% 0.0% 10.0% Administration and Reporting 10.0% 1.0% 2.0% 40.0% 20.0% 20.0% IT Service Management 10.0% 2.0% 10.0% 4.0% 5.0% 40.0% Network Service Management 10.0% 5.0% 1.0% 1.0% 53.0% 0.0% Delivery Model 10.0% 1.0% 1.0% 1.0% 1.0% 0.0% Total 100.0% 100.0% 100.0% 100.0% 100.0% 100.0% Source: Gartner (July 2011) Return to Top Inclusion Criteria Products covered in this research come from vendors included in "Magic Quadrant for Mobile Device Management Software"; refer to it for a complete description of the market and vendors. The following criteria were used to qualify vendors for inclusion in the Magic Quadrant for MDM: Support for enterprise-class (noncarrier), multiplatform support MDM: software or software as a service (SaaS), with an emphasis on mobility Specific MDM product focus and feature set, or a primary focus on MDM in another product set (messaging or security) Security management, with at least these features: Enforced password Device wipe Remote lock Audit trail/logging "Jailbreak" detection At least mobile OS 3 platforms supported Policy/compliance management Software distribution, with at least these capabilities supported: Application downloader Application verification Application update support Application patch support Inventory management, with at least these capabilities supported: External memory blocking Configuration change history Managing at least 25,000 mobile lines Five referenceable accounts At least $1 million in MDM-specific revenuehttp://www.gartner.com/technology/reprints.do?id=1-16U0UOL&ct=110801&st=sg Page 6 of 24
  • 7. Critical Capabilities for Mobile Device Management 3/29/12 8:54 AM Given the large number of players in this market and the complexity of the products, we have chosen to restrict this analysis to a subset of vendors whose offerings get the most interest and highest level of inquiries from Gartners clients. This research focuses on products or services provided by AirWatch, BoxTone, Excitor, Fiberlink, FancyFon, Good Technology, Mobile Active Defense, McAfee, MobileIron,Sybase, Symantec, Tangoe and Zenprise. Vendors not included in this research are still valid options for consideration (see "Magic Quadrant for Mobile Device Management Software" for details), including: Capricode, Fixmo, IBELEM, Fromdistance, Motorola, Odyssey Software, Smith Micro Software, SOTI, The Institution and Ubitexx (acquired by RIM). While most vendors specialize in management for smartphones and tablets, a subset provides specific capabilities to manage fleets of ruggedized devices (on Windows CE or Windows Mobile), including SOTI, Odyssey Software and Motorola. We do not consider these vendors in a separate use case because specialized management tools for ruggedized devices generate limited Gartner client inquiries. Return to Top Critical Capabilities Rating Each of the products that meet our inclusion criteria has been evaluated on the critical capabilities, on a scale of 1.0 to 5.0. To determine an overall score for each product in the use cases, the ratings in Figure 1 are multiplied by the weightings in Table 1. These scores are shown in Figure 2. Figure 3 shows the product score in the various use cases, and also provides our assessment of the viability of each product. Figure 1. Product Rating on Critical Capabilities Source: Gartner (July 2011) Return to Top Figure 2. Overall Score for Each Vendors Product Based on the Nonweighted Score for Each Critical Capabilityhttp://www.gartner.com/technology/reprints.do?id=1-16U0UOL&ct=110801&st=sg Page 7 of 24
  • 8. Critical Capabilities for Mobile Device Management 3/29/12 8:54 AM Source: Gartner (July 2011) Return to Top Figure 3. Product Score in Use Caseshttp://www.gartner.com/technology/reprints.do?id=1-16U0UOL&ct=110801&st=sg Page 8 of 24
  • 9. Critical Capabilities for Mobile Device Management 3/29/12 8:54 AM Product viability is distinct from the critical capability scores for each product. It is our assessment of the vendors strategy and the vendors ability to enhance and support a product throughout its expected life cycle; it is not an evaluation of the vendor as a whole. Four major areas are considered: strategy, support, execution and investment. Strategy includes how a vendors strategy for a particular product fits in relation to the vendors other product lines, its market direction and its business overall. Support includes the quality of technical and account support, as well as customer experiences with that product. Execution considers a vendors structure and processes for sales, marketing, pricing and deal management. Investment considers the vendors financial health and the likelihood of the individual business unit responsible for a product to continue investing in it. Each product is rated on a five-point scale from poor to outstanding for each of these areas, and it is then assigned an overall product viability rating. Source: Gartner (July 2011) Return to Top Figure 4 represents the overall general use for MDM with all ratings equally weighed. This segments the vendors into three positions based on their product capabilities alone: Zenprise, Mobile Active Defense and MobileIron at the top; Good Technology, Symantec and McAfee at the bottom; and the bulk of the other vendors rated in the middle. Unlike the MDM Magic Quadrant, which rates companies in a broader context than by product alone, the MDM Critical Capabilities methodology solely assesses companies based on their products. Figure 4. Overall Use Casehttp://www.gartner.com/technology/reprints.do?id=1-16U0UOL&ct=110801&st=sg Page 9 of 24
  • 10. Critical Capabilities for Mobile Device Management 3/29/12 8:54 AM The weighted capabilities scores for all use cases are displayed as components of the overall score. Source: Gartner (July 2011) Return to Top Figure 5 shows the vendors product scores for Use Case A1. Figure 5. Vendors Product Scores for Regulated Email (A1) Use Case The weighted capabilities scores for all use cases are displayed as components of the overall score. Source: Gartner (July 2011) Return to Top Figure 6 shows the vendors product scores for Use Case A2. Figure 6. Vendors Product Scores for Regulated Application (A2) Use Casehttp://www.gartner.com/technology/reprints.do?id=1-16U0UOL&ct=110801&st=sg Page 10 of 24
  • 11. Critical Capabilities for Mobile Device Management 3/29/12 8:54 AM The weighted capabilities scores for all use cases are displayed as components of the overall score. Source: Gartner (July 2011) Return to Top Figure 7 shows the vendors product scores for Use Case B. Figure 7. Vendors Product Scores for Nonregulated Mobility Deployment (B) Use Casehttp://www.gartner.com/technology/reprints.do?id=1-16U0UOL&ct=110801&st=sg Page 11 of 24
  • 12. Critical Capabilities for Mobile Device Management 3/29/12 8:54 AM The weighted capabilities scores for all use cases are displayed as components of the overall score. Source: Gartner (July 2011) Return to Top Figure 8 shows the vendors product scores for Use Case C. Figure 8. Vendors Product Scores for Expense Optimization Objective (C) Use Case The weighted capabilities scores for all use cases are displayed as components of the overall score. Source: Gartner (July 2011)http://www.gartner.com/technology/reprints.do?id=1-16U0UOL&ct=110801&st=sg Page 12 of 24
  • 13. Critical Capabilities for Mobile Device Management 3/29/12 8:54 AM Return to Top Figure 9 shows the vendors product scores for Use Case D. Figure 9. Vendors Product Scores for Service-Level Management (D) Use Case The weighted capabilities scores for all use cases are displayed as components of the overall score. Source: Gartner (July 2011) Return to Top Vendors AirWatch AirWatchs Enterprise MDM offering puts emphasis on device security, life cycle management, application distribution and help desk controls. It supports a broad range of device platforms and integrates with enterprise platforms, such as LDAP, Active Directory, Microsoft Exchange Server, IBM Lotus Notes/Domino and IMAP- based email servers. It integrates with cloud-based email services, such as Gmail, Microsoft BPOS and Office 365. AirWatchs origins come from the wireless network management services and ruggedized device market. The vendor has found equal success providing MDM through either a cloud-based or on-premises distribution model (see Table 2).http://www.gartner.com/technology/reprints.do?id=1-16U0UOL&ct=110801&st=sg Page 13 of 24
  • 14. Critical Capabilities for Mobile Device Management 3/29/12 8:54 AM Table 2. Critical Capabilities Rating for AirWatchs Enterprise MDM v.5.14 Critical Product/Service Name and Brief Description Rating Capabilities Device Diversity RIM OS, iOS, Android, Windows Mobile 6.x, Windows Phone 7, Symbian, webOS are 4.5 supported. Policy Profiles, monitoring, access restrictions, automated compliance policies and alerts for 3.3 Enforcement corporate and personal devices (but mostly for iOS, Android and Windows Mobile 6.x). Security and User and device authentication, password enforcement and device lock, remote wipe, and 3.6 Compliance total wipe (but selective wipe only for iOS, Android, Windows Mobile 6.x). Local data encryption, application quarantine, whitelists/blacklists, Web filtering, auditing, mobile VPN, firewall support for selected platforms. No antivirus supported. Containerization Application containerization with data leakage prevention for iOS. Monitor and enforce 2 compliance of OS-based encryption. No email container outside native OS capabilities. Inventory OTA provisioning, lockdown hardware, monitoring of battery life and other hardware 4.4 Management resources, and inventory. Supports monitoring, diagnostics, remote control, performance, memory and battery status, and device location. Software Downloader, verification, whitelists/blacklists, version detection, updates. 3.5 Distribution Administration AirWatchs communication layer includes a complete infrastructure for API integration to 3.7 and Reporting third parties, as well as APIs, Web services, single sign-on and authentication protocols. Its platform also supports multiple protocols for information sharing, such as SSH and SNMP. Can authenticate device users through a basic authentication process or by integrating directly with enterprise directory services (LDAP). IT Service Integrated case management, user support levels, self-service portal, mobile service 3.3 Management usage monitoring, alerting. Network Usage management to detect roaming and apply business rules, send alerts, and restrict 2 Service data downloads. No contract or expense management. Management Delivery Model Available on-premises, as a software appliance or SaaS. 4.5 Source: Gartner (July 2011) Return to Top BoxTone BoxTones offering focuses on mobile service-level management and includes three modules: MDM, mobile support management and mobile operation management. It provides deep integration with enterprise mobility software platforms and many popular system management and monitoring platforms (e.g., BES, EAS and Good Technology). BoxTone supports BlackBerry, iOS, Android, Windows Mobile, webOS, and Windows Phone 7. Beyond MDM, BoxTone supports service desk management, incident management, problem management and application performance management (see Table 3). Table 3. Critical Capabilities Rating for BoxTone v.6.1 Critical Product/Service Name and Brief Description Rating Capabilities Device Diversity RIM OS, iOS, Android, Windows Mobile 6.x., webOS. Symbian and MeeGo are not 4.2 supported. Policy Profiles, monitoring, access restriction. Automated policy management, compliance 4.2 Enforcement management, configuration management and application management are integrated into Active Directory for enterprise group IT policy management and enforcement. Security and User and device authentication, password enforcement and device lock, remote wipe and 3.9 Compliance total wipe, and selective wipe on iOS, BlackBerry and Android. Filter server access to noncompliant devices. Local data encryption for RIM OS, iOS and Android devices, and memory cards, including individual certificate-based encryption and control of Android applications. Application quarantine, whitelists/blacklists and mobile VPN for supported platforms. Web filtering for RIM OS and Android. Firewall supported for BlackBerry only. No antivirus supported. Enhanced compliance enforcement functions, such as record historical events for audit trail and reporting. Containerization Not available. 1http://www.gartner.com/technology/reprints.do?id=1-16U0UOL&ct=110801&st=sg Page 14 of 24
  • 15. Critical Capabilities for Mobile Device Management 3/29/12 8:54 AM Inventory OTA provisioning, lockdown hardware, device configuration, monitoring service quality, 4.4 Management battery life and other hardware resources, and inventory. Change history tracking of each device, including timestamped details for audit or reproducing specific state and status at a given time for troubleshooting or other change management. Software Private app store, software upgrades, OS updates, background synchronization, patches, 4.2 Distribution fixes, file distribution. Administration Integration with enterprise mobility platforms, such as BES, Good Messaging and EAS. 3.7 and Reporting Integration (in a single console) with the most widely used system management platforms (through prebuilt connectors and software development kits [SDKs]/APIs), such as Microsoft SCOM, HP Operations Manager, BMC Software, CA Technologies and IBM-BigFix. BoxTone can also integrate with other management platforms via SNMP technology. Web console. Role-based access. Remote control only for BlackBerry and Windows Mobile 6.x. Analytics tools. IT Service Strong help desk, user support, service-level management. Real-time status transaction 4.3 Management flow for most enterprise mobile servers, plus automated problem or fault detection. Integrated knowledgebase with alerting mechanisms, etc. Self-service and self- provisioning support for supported platforms. Network Not available. BoxTone partners with telecom expense management (TEM) vendors, such 1 Service as ProfitLine and Rivermine, and integrates with their products (but not directly reselling Management or embedding). Delivery Model Mostly sold as on-premises, but managed and cloud services are also available. 4 Source: Gartner (July 2011) Return to Top Excitor Excitors DME Mobile Device Manager focuses on MDM and security. It does not rely on Exchange Active Sync policies to manage devices, but instead implements its own policies within their mobile management client. It supports standards such as OMA DM. Simple containerization is supported, but only in combination with Excitors DME email product (see Table 4). Table 4. Critical Capabilities Rating for Excitors DME Mobile Device Manager v.3.5.x Critical Product/Service Name and Brief Description Rating Capabilities Device Diversity RIM OS, iOS, Android, Symbian,Windows Mobile 6.x, Windows Phone 7, webOS and 4.5 MeeGo are not supported. Policy Profiles, monitoring, access restriction. Control access to app store. Control on enterprise 3.9 Enforcement applications for Symbian, iOS and Android. Security and User and device authentication, password enforcement and device lock. Remote wipe, plus 3.4 Compliance total wipe and selective wipe for selected platforms. Filter server access to noncompliant devices. Local data encryption supported for BlackBerry, Symbian, iOS, Android and Windows Mobile 6. Application quarantine on devices is supported for iOS and Android. Whitelists/blacklists, Web filtering and mobile VPN for selected platforms. No native antivirus or firewall capabilities are provided, but it can nicely integrate with other products, such as Symantec. Containerization Containerization of email, in combination with the DME email client. Supported on iOS and 3.3 Symbian. BlackBerry, Android and Windows Phone 7 support will be added in the next releases. Containerization extended to other applications, downloaded from the DME- based private app store, in the DME enterprise container. Data leakage prevention for email attachments and email copy/paste, limited to iOS. Inventory OTA provisioning, inventory, lockdown hardware, monitoring of battery life and other 3.8 Management hardware resources for selected platforms. Software Private app store for iOS, Android, BlackBerry, Symbian, Windows Mobile 6, Windows 3.3 Distribution Phone 7. Software upgrades, OS updates, patches and fixes are limited to some platforms. Administration No integration with BES, Good Messaging and EAS (i.e., DME email client connects to DME 3 and Reporting server only). Integration (in a single console) with system management platforms via Web services. Web console and role-based access. No remote control. Business intelligence, analytics and reporting tools are supported natively. IT Service Provides first-line and second-line support through help desk capability to customers 2.5 Management through excitor.com. Check device status and configuration. Network Basic capabilities provided in the DME Cost Control module. Additional TEM capabilities 3 Service through external TEM providers (such as Teleopti and Pridis). Management Delivery Model On-premises, managed and cloud services. 4.5 Source: Gartner (July 2011) Return to Tophttp://www.gartner.com/technology/reprints.do?id=1-16U0UOL&ct=110801&st=sg Page 15 of 24
  • 16. Critical Capabilities for Mobile Device Management 3/29/12 8:54 AM FancyFon FancyFons Mobility Center (FAMOC) is a centralized platform to manage the mobile device life cycle, from OTA provisioning to configuration, application updates, security and troubleshooting. It provides remote support for a range of mobile devices, either as a hosted or an on-site solution. FAMOC supports iPad, Android tablets and RIM Playbook through a dedicated media tablet application available in respective app stores. It also supports ruggedized devices and not typical mobile devices (e.g., GPSs) through Windows CE and Windows Mobile support, and Java-based feature phones with basic management, such as backup/restore, remote configuration and security (see Table 5). Table 5. Critical Capabilities Rating for FancyFons FAMOC v3.3 Critical Product/Service Name and Brief Description Rating Capabilities Device Diversity RIM OS, iOS, Android, Symbian, webOS and Windows Mobile 6.x and Java are supported. 4.5 Limited support for Windows Phone 7, MeeGo and bada. Policy Profiles, monitoring, access restriction, acceptable use for selected platforms. Limited 3.7 Enforcement control on personal and corporate apps (FAMOC configuration management). Security and User, media and device authentication; password enforcement and device lock; and 4.1 Compliance remote, full and selective wipe for iOS and Android. Auditing, filters access to inappropriate devices, Web filtering on selected platforms. Whitelists/blacklists supported for RIM OS, iOS, Symbian and Windows Mobile 6.x. Antivirus, firewall and mobile VPN are supported. Containerization Not available. 1 Inventory Rich OTA provisioning, inventory, lockdown hardware. Check memory space, diagnostics 4.4 Management and monitory battery life for selected platforms (FAMOC configuration management). Software Downloader, verification, version detection, software upgrades, OS updates, patches, fixes 4.5 Distribution and updates (FAMOC Application Management). Administration OMA DM (Nokia, Sony Ericsson, Windows Mobile devices), OMA CP, OpenSCEP (Apple), 2.8 and Reporting Apple MDM API, BES, SyncML, EAS support. FAMOC is compatible and makes use of BES, Microsoft Exchange Server, Lotus Domino, Microsoft Active Directory, LDAP and Funambol. Support for role-based and group-based access. Single console, business intelligence, analytics and reporting tools available. IT Service Help desk and user support. Rich self-service. Device monitoring, file management and 3 Management remote access control are supported. Network Limited invoice management, limited contract information. Usage monitoring and alerting 2 Service (FAMOC Asset Management). Management Delivery Model On-premises-based; others (managed, SaaS) provided by partners. 4.3 Source: Gartner (July 2011) Return to Top Fiberlink Fiberlinks MaaS360 Platform is a pure MDM cloud services offering, for organizations aiming to support both corporate and personal devices. Its a multitenant platform (see Table 6). Existing embedded platforms (BES, EAS and IBM Lotus Notes Traveler) are included in MaaS360 management via a single "cloud extender" agent that is deployed in the LAN. If device-side APIs are available, then device support beyond BES and EAS is done via API (e.g., Apple MDM protocol). If no device-side MDM API is present, then there is a native agent for that platform (e.g., Android). Table 6. Critical Capabilities Rating for Fiberlinks MaaS360 Platform (internal v.10.6; service available as of 21 June 2011) Critical Product/Service Name and Brief Description Rating Capabilities Device Diversity Complete support for BlackBerry, iOS, Android, Symbian, webOS, Windows Mobile 6.x. 4.5http://www.gartner.com/technology/reprints.do?id=1-16U0UOL&ct=110801&st=sg Page 16 of 24
  • 17. Critical Capabilities for Mobile Device Management 3/29/12 8:54 AM Device Diversity Complete support for BlackBerry, iOS, Android, Symbian, webOS, Windows Mobile 6.x. 4.5 Limited support for Windows Phone 7. No support for MeeGo. Policy Profiles, monitoring, access restriction. Control access to app store, and control on 3.7 Enforcement enterprise applications. Acceptable use policies. Additional policy enforcement for iOS APIs include dynamically changing policy (e.g., restrict VPN) or taking a remediation action (e.g., wipe device), based on device context (e.g., location) or a recent event (e.g., removed SIM); automatic provisioning of policies to devices discovered on corporate email servers. Security and User and device authentication, password enforcement and device lock; remote and total 2.8 Compliance wipe (plus selective wipe for iOS and Android). Local data encryption (only core, no media). Can filter access to inappropriate devices for Symbian only. Whitelists/blacklists supported for iOS and Android. No support for rogue application protection (e.g., application quarantine) or Web filtering. No antivirus or firewall supported. MaaS360 provides mobile VPN as a managed service, and adds MDM profile lockdown for iOS and Android (prohibits users from removing management software). Containerization Document distribution and database updates through Apple enterprise application 2 distribution; it provides data leakage prevention within encrypted applications and reporting for audit. Same capabilities provided on Android. Inventory OTA provisioning, inventory, lockdown hardware. Check memory space. Diagnostics and 4.2 Management monitoring of battery life for iOS and Android. Software Cross-platform application catalog, software distribution and updates. 3.5 Distribution Administration Integration with BES, EAS and Lotus, with certificate authority. For desktop management, 4.2 and Reporting integration with management consoles from IBM, Check Point, Iron Mountain, Lumension Security and others. Other MDM platforms (e.g., MobileIron) can be integrated and controlled from inside MaaS360 to include PC management in the same console. Rich Web console and role-based access. Business intelligence, analytics and reporting tools available. Fiberlink offers a remote control service as part of its 24/7 global help desk at no additional cost. Technicians can take control of a problematic device via SMS and perform user context actions on BlackBerry, Windows Mobile, Symbian and Android. IT Service Rich help desk and user support. Self-service support. Device monitoring is supported, but 4 Management not end-to-end monitoring (extended to BES, Exchange, etc.). Limited troubleshooting support. Network Roaming detection, automated restrict policy (Wi-Fi, VPN and email). 2 Service Management Delivery Model Completely cloud-based model, with pricing per device or per user, and free service up to 4 25 users. User-based bundled pricing is available for an unlimited number of devices per user at a flat monthly fee. Source: Gartner (July 2011) Return to Top Good Technology Good for Enterprise is a mobility suite that supports mobile collaboration with strong support for security and management (see Table 7). The main components of the suite include: Good Mobile Control, for MDM; Good Mobile Access, for secure access to corporate data; Good Mobile Messaging, for secure wireless email (see "Critical Capabilities for Enterprise Wireless E-Mail Software"; this document has been archived, and some of its content may not reflect current conditions). Good Technologys MDM and security capabilities are sold as part of the entire mobility suite (i.e., not sold as individual products) and require the adoption of Good Mobile Messaging product for wireless email, including Goods email client. It replaces the email servers native mobile support. Through its native email client, it enforces separation between corporate and personal data; however, many MDM capabilities are available in the email client only. Good Technology provides the strongest implementation of containerization for the email client, on iOS, Android and Symbian devices. It also supports data leakage prevention (e.g., prohibiting the saving of email attachments outside the container).http://www.gartner.com/technology/reprints.do?id=1-16U0UOL&ct=110801&st=sg Page 17 of 24
  • 18. Critical Capabilities for Mobile Device Management 3/29/12 8:54 AM Table 7. Critical Capabilities Rating for Good Technologys Good for Enterprise v.6.3.1.x Critical Product/Service Name and Brief Description Rating Capabilities Device Diversity Support though proprietary email, calendar and contact client, with security and 3.5 management capabilities (at both the application and device levels) for iOS, Android, Symbian and Windows Mobile 6.x. No support for RIM OS and MeeGo. Policy Mobile OS version detection, profiles, monitoring, access restriction for iOS, Android, 3.5 Enforcement Symbian, Windows Mobile 6.x. Detect jailbroken/rooted devices. Filter access to corporate systems to noncompliant devices. Control on personal and corporate apps for supported platforms. Support for acceptable use and audit trail. Does not rely on a local EAS agent on the device for policy implementation, but provides its own policy implementation. Using "whole device" management APIs on iOS, Android, Symbian and Windows Mobile 6.x. Reporting for installed applications, provisioning profiles installed and certificates installed through iOS MDM API will be released later in 2011. Security and Multiple security and compliance features, but these are made available for selected 3.4 Compliance platforms only. User and device authentication, password enforcement, device lock, remote and total wipe, and selective wipe for all supported platforms. Authentication between device and network operations center [NOC], then between NOC and corporate back end. Core encryption for all supported platforms. Media encryption supported for Symbian, Windows Mobile, Palm OS and Android (Dell Streak). Data encryption at rest and in transport (container only). Filter access to inappropriate devices for all supported platforms. Web filtering for all supported platforms. Whitelists for all supported platforms. Blacklists for Symbian and Windows Mobile. No support for rogue application protection (e.g., application quarantine), antivirus, firewall and mobile VPN. Only supports VPN over Wi-Fi on iOS platforms. Other features include device monitoring with coverage history and last message sent/received, NOC-based architecture, and secure browser for intranet access. Containerization Clean separation of personal and corporate data, including email, calendar, contacts and 4.2 attachments. Based on mobile OS sandbox mechanism. Best implementation, with data leakage prevention. Only email and browser client application so far. Main features include: enable/disable download of attachments and block by attachment size/type; disable sync of contacts and/or limit sync of specific fields only; disable cut/copy/paste between personal and corporate data; detect last time connected to corporate data and wipe if exceeds policy; control intranet sites that users have access to via secure browser. Inventory OTA provisioning and basic inventory capabilities for all supported platforms. Lockdown 3.3 Management hardware, check memory space, diagnostics and monitoring of battery life for selected platforms (Symbian, iOS, Windows Mobile 6.x) Software Downloader, application verification, updates and patches for all supported platforms. 3.3 Distribution Private app store supported for iOS, Android and Windows Mobile. Administration No integration with EAS, and no support for OMA DM. Integration through Active Directory 2.8 and Reporting with third-party management systems and portals. Partnerships with monitoring vendors (e.g., BoxTone). IT Service Help desk and user support through portal. Good Technology has monitoring capabilities 3 Management for the device, but no end-to-end monitoring (extended to BES, Exchange, etc.) and troubleshooting. No BlackBerry support. Network Not available. 1 Service Managementhttp://www.gartner.com/technology/reprints.do?id=1-16U0UOL&ct=110801&st=sg Page 18 of 24
  • 19. Critical Capabilities for Mobile Device Management 3/29/12 8:54 AM Delivery Model On-premises and managed. 3.5 Source: Gartner (July 2011) Return to Top McAfee McAfee is a prominent global security player with strong positions in desktop and laptop antivirus, encryption, and comprehensive endpoint management. McAfee has entered MDM through the 2010 acquisition of Trust Digital. It combines its Enterprise Mobility Management (EMM) platform with security support, and its virus/malware protection software (via the McAfee ePolicy Orchestrator [ePO] console) with other McAfee products (see Table 8). Table 8. Critical Capabilities Rating for McAfees EMM Critical Product/Service Name and Brief Description Rating Capabilities Device Diversity Android, Apple iOS, Nokia S60, webOS, Windows Mobile 5 and 6.x, and Windows Phone 7 3 are supported. Policy Sets password policies, restricts device features and applications, and requires strong 3 Enforcement authentication. Security and The combined products of Mobile Security for Enterprise, ePO Integration and compliance 2.8 Compliance sets are needed to enforce and report on compliance, based on device configuration, OS levels, security and jailbroken status. Full and selective wipe. Anti-malware integration with EMM and whitelist/blacklist for Android to be added in future releases. Containerization Not available. 1 Inventory Provisioning, distribution and configuration OTA and lockdown hardware. Limited feature 3.4 Management management: It collects key information about the device, including user, phone number, device ID, device status, device carrier, and application list. No monitoring (e.g., of battery life). Software Policy-based app distribution, downloader, verification, whitelists/blacklists, version 3 Distribution detection, updates. Administration Same centralized visibility and control over the mobile devices on your network as with 2.8 and Reporting desktops and laptops. Can configure ePO dashboard for a customized view of devices by platform, domain, and group. Supports LDAP and SQL Server integration. IT Service Help desk support. Simple end-user provisioning. Basic self-service portal. 2.5 Management Network Not available yet. Signed TEM partnership agreement. ePO integration planned for 3Q11. 1 Service Management Delivery Model On-premises-based software only. 3 Source: Gartner (July 2011) Return to Top Mobile Active Defense Mobile Active Defenses Mobile Enterprise Compliance and Security (MECS) provides mobile security and compliance cloud-based services for organizations to support corporate email and other applications on consumer and personal devices, enforcing security and compliance policies. It can integrate with e-mail servers and/or cloud services (including personal accounts). MECS is a clientless, zero-footprint product available on- premises, or as hosted or cloud services. E-mail is delivered through the devices native e-mail client through a secure VPN connection with encrypted data transmission. The mobile security server supports anti-spam and content filtering, controlling any messages that are being synchronized on the devices. It enforces security policies on a personal device connecting to corporate email, preserving regulatory compliance (e.g., with ISO 27001 or HIPAA). Mobile Active Defense extends controls beyond email by forcing all traffic over the VPN from applications to the browser — including content filtering, geolocation-based firewall rules, application inspection and remediation, and jailbreak remediation. It is also used in combination with hosted virtual desktop infrastructure (e.g., Citrix Receiver) to provide a secure VPN connection from iPads into the corporate application servers (see Table 9). Table 9. Critical Capabilities Rating for Mobile Active Defenses MECS Server v.1.1 Critical Product/Service Name and Brief Description Rating Capabilities Device Diversity Complete support for RIM OS, iOS, Android, Symbian and Windows Mobile 6.x. No support 4 for Windows Phone 7, webOS and MeeGo. Policy Mobile OS version detection, profiles, monitoring, access restriction, control on personal 4http://www.gartner.com/technology/reprints.do?id=1-16U0UOL&ct=110801&st=sg Page 19 of 24
  • 20. Critical Capabilities for Mobile Device Management 3/29/12 8:54 AM Policy Mobile OS version detection, profiles, monitoring, access restriction, control on personal 4 Enforcement and corporate apps, acceptable use, and audit trail. Location-based policy enforcement. Security and User and device authentication, password enforcement and device lock; remote, selective 4.6 Compliance and total wipe. Core and media encryption (except for Windows Phone 7; that is under development), and auditing. Filter access to inappropriate devices and Web filtering, whitelists/blacklists on selected platforms, application quarantine. Antivirus, firewall and mobile VPN supported. Location-based firewall enforcement. Automatic remediation options, including jail break detection, hostile malware behavior and evolving mobile threats. Policy-driven reactions include notification, remote wipe and network disconnect. Containerization Not implemented, but personal and corporate content is tagged, and a selective wipe can 2 be applied to corporate content only. Inventory OTA provisioning, lockdown hardware, check memory space, diagnostics and monitoring 4.2 Management of battery life and inventory for RIM OS, iOS, Android, Symbian and Windows Mobile 6.x. Software Application downloader, application verification, updates and patches, app store 4 Distribution management, private app store support. Administration MECS has an EAS installed on it, and supports OMA DM. It can integrate with third-party 2.8 and Reporting management systems. It can generate aggregated access reports with Syslog. IT Service Help desk and user support, remote control, and self-service. Device monitoring. 3.3 Management Network Invoice management, contract information. Mobile usage monitoring and alerting. 3 Service Management Delivery Model On-premises, managed and cloud services. 4.5 Source: Gartner (July 2011) Return to Top MobileIron MobileIron launched its product in September 2009, and has seen very quick growth in sales, mind share and market share, outselling most MDM platforms in the past year. Built from the ground up, it is solely focused on mobility management, incorporating the Virtual Smartphone Platform (VSP) architecture to support security, data visibility, application management and access control. It does not provide encryption or VPN capabilities outside of what is provided on the device. MobileIron was one of the first vendors to combine MDM with network service management (see Table 10). Table 10. Critical Capabilities Rating for MobileIrons VSP Critical Product/Service Name and Brief Description Rating Capabilities Device Diversity Android, Apple iOS, RIM OS, Nokia S60, webOS, Windows Mobile 6.x and Windows Phone 4.5 7 are supported. Policy Detects OS platforms and versions, installed applications, manipulated data, and jail- 4 Enforcement broken devices. Profiles, monitoring, access restriction to email server. Identifies whitelist/blacklist violations and takes quarantine or other actions. Control on personal and corporate applications. Real-time roaming detection. Automatic group creation: Autogenerates groups based on ownership so IT can easily apply differentiated policies. Security and Password enforcement and device lock, total and selective remote wipe. On iOS devices, 3.4 Compliance selective wipe includes email, Wi-Fi settings, VPN settings and in-house apps. On other platforms, like the BlackBerry, it provides a selective wipe of files (through visibility into the phones file system, as dictated by the MobileIron privacy policy applied to that phone). Certificate-based authentication, filter server access to noncompliant devices, rogue application protection (e.g., application quarantine) and whitelists/blacklists of apps. Local data encryption not supported if not natively provided by the device. VPN client not provided, but VPN can be remotely configured and secured through certificates. Web filtering, firewall and antivirus not supported. MobileIron Mobility API allows external systems to trigger MobileIron MDM actions through a Web services request. Containerization Privacy policy gives granular control over what device data (files, usage, SMS, apps, 2 location, etc.) is monitored by MobileIron. Policies can be set by device or groups of users/devices. Inventory OTA provisioning, lockdown hardware, check memory space, diagnostics and monitoring 4.1 Management of battery life, and inventory. Ownership designation: Tags each device managed by MobileIron as either employee- or company-owned. Software Full mobile software management and support. Software and OS updates, patches, and 3.5 Distribution fixes. Private app store. Firmware updates not supported. Administration Prepackaged integration with EAS, LDAP, BES, certificate authorities and email archive 4.2 and Reporting systems. Enable integration to multiple systems through the MobileIron API. Provides a list view of all devices under management and all devices accessing enterprise email, and reporting. No prepackaged adaptor for other management consoles/systems, but the platform is designed to integrate with external systems. Integration with IT provisioning and management systems, as well as business intelligence databases, is possible through MobileIron APIs.http://www.gartner.com/technology/reprints.do?id=1-16U0UOL&ct=110801&st=sg Page 20 of 24
  • 21. Critical Capabilities for Mobile Device Management 3/29/12 8:54 AM MobileIron APIs. IT Service Help desk, user roles, end-user self-service, monitoring of mobile infrastructure, and 3.3 Management troubleshooting/alerting for the mobile device and connections. Network Wireless Expense Management with Mobile Activity Intelligence gives IT, finance and the 3.1 Service end-user a detailed, real-time view of phone usage (voice, SMS and data activity), cost Management drivers and service quality (e.g., to catch high-cost items, like international roaming and excess usage, as they happen, to control costs). Traditional TEM services, such as contract management and bill analysis, not supported. Delivery Model On-premises and hosted (by partners) in production. SaaS service (MobileIron Connected 4 Cloud). Source: Gartner (July 2011) Return to Top Sybase Afaria is Sybases MDM and security product, also delivered as cloud services within Sybase Managed Mobility (or as hosted services through partners such as Verizon and Orange). Sybase does not require a proprietary email client, but instead offers integrated secure control over a third-party email solution (for Android, via partner NitroDesk). Afaria provides rich support for software distribution, policy enforcement, inventory management and security. It is one of the oldest MDM products (see Table 11). Table 11. Critical Capabilities Rating for Sybases Afaria v.6.6 Critical Product/Service Name and Brief Description Rating Capabilities Device Diversity Support for iOS, Android, Symbian, Windows Mobile 6.x, Windows CE and OMA DM. Partial 3.5 support for RIM OS. No support for Windows Phone 7, webOS and MeeGo. Policy Afaria Advanced Enterprise Security (AES) for Android adds more than 80 device 4 Enforcement management policies for Samsung Android devices. Security and Password enforcement and device lock; remote, selective and total wipe for RIM OS, 3.3 Compliance Symbian, iOS, Android and Windows Mobile 6.x. Core and media encryption for Symbian, iOS and Windows Mobile 6.x. User and device authentication, filters access to inappropriate devices, Web filtering, whitelists/blacklists, and application quarantine for limited platforms. Mobile VPN support. Limited support for antivirus and firewall. Support on iOS and Android application portal for enterprise application management. Containerization Granular control over files, application configurations and management tasks on devices, 2.5 so that administrators can only affect corporate data. In iOS and Android, this separation is built on the sandbox; in Windows Mobile, the separation is built on OS hooks. There is no data leakage prevention. Inventory OTA provisioning, lockdown hardware, check memory space, diagnostics, monitoring of 3.7 Management battery life, and inventory for RIM OS, iOS, Android, Symbian and Windows Mobile 6.x. Software Application downloader, application verification, updates and patches, app store 4 Distribution management. Limited private app store support. Administration Comprehensive set of system APIs that allow database access to collected information 3.1 and Reporting from other management products. No integration for BES, Good Technology and EAS. IT Service Help desk and user support, remote control, self-service, and device monitoring for RIM 3.3 Management OS, Symbian, iOS and Android. Network Invoice management, and contract information for RIM OS, Symbian, iOS, Android, 3.1 Service Windows Mobile 6.x, Windows Phone 7 and OMA DM. Mobile usage monitoring and alerting Management are under development. Delivery Model On-premises, managed and cloud services. 4.5 Source: Gartner (July 2011) Return to Top Symantec Symantec is a prominent global security player with strong positions in desktop and laptop antivirus, encryption, and comprehensive endpoint management. Symantec has offered MDM support in Altiris since 2004. Although Symantec has offered MDM for years, Gartner analysts have not seen evidence of competitive public visibility until recently, and cannot verify a significant presence through our client references. Symantec has successfully obtained all the pieces for a strong MDM platform, but its strong focus on security causes a diminution in understanding of the business and operational requirements for mobile device life cycle management. Symantec integrates its Mobile Endpoint 6.0 solution for security (anti-malware) with its Mobile Management 7.0 offering, which focuses on software, inventory and application management (see Table 12). Table 12. Critical Capabilities Rating for Symantec Mobile Management 7.0http://www.gartner.com/technology/reprints.do?id=1-16U0UOL&ct=110801&st=sg Page 21 of 24
  • 22. Critical Capabilities for Mobile Device Management 3/29/12 8:54 AM Critical Product/Service Name and Brief Description Rating Capabilities Device Diversity Android, BlackBerry, Apple iOS, Windows Mobile 6.x are supported. No support for 3.8 Windows Phone 7 and MeeGo. Policy Symantec Endpoint Protection Mobile Edition 6.x detects OS and versions for supported 3.5 Enforcement platforms. Detects installed applications, manipulated data and jail-broken devices, Filters or restricts access to corporate servers for noncompliant devices. Restricts application download. Enforces expense policies. No Web filtering. Security and Password enforcement, device lock, remote wipe, selective remote wipe (e.g., only 4.1 Compliance corporate content), total remote wipe and local data encryption. Certificate-based authentication, Monitoring device and data manipulation on device. Rogue app protection (e.g., application quarantine), firewall, antivirus and mobile VPN. Containerization Not currently supported. 1 Inventory Moderate number of features supported; varies by platform. 4.3 Management Software Application delivery capabilities with application self-healing, and on-demand or scheduled 3.5 Distribution updating of running applications. Private app store to enable distribution of applications, files, links and media. Software updates, fixes and patches for supported platforms. Administration Integrate Mobile Management with Altiris Client Management Suite to extend Symantec 3 and Reporting system management capabilities to manage mobile devices. Web console, OTA provisioning, and role- and group-based access. IT Service Help desk, user support levels and alerting. Symantecs solution provides these 2.2 Management capabilities holistically across all endpoints (mobile, laptop, desktop and server): Mobile management is integrated with endpoint management and security solutions through the Symantec Management Platform. No troubleshooting, but integration with other products is supported. Network Not available. 1 Service Management Delivery Model On-premises-based software. 3 Source: Gartner (July 2011) Return to Top Tangoe Tangoe is a fast-growing communications life cycle management company with TEM and MDM capabilities. Although the primary revenue source is through TEM, the vendor also has seen the adoption of its MDM platform (acquired from InterNoded) grow during the past 18 months. Tangoe has done a good job of integrating TEM and MDM, and offering MDM as a service, although its offering has not yet matured. The Tangoe Mobile Device Management platform focuses more on security compliance and policy management, versus adding encryption for the content or authentication for the device. Tangoes MDM solution is typically sold in a bundle with TEM services, and is delivered in multiple ways: as SaaS or behind the firewall, hosted or as a managed service (see Table 13). Table 13. Critical Capabilities Rating for Tangoes Mobile Device Manager v.5.2.11.1 Critical Product/Service Name and Brief Description Rating Capabilities Device Diversity Android, BlackBerry, Apple iOS, webOS, Windows Mobile 6.x., Symbian, Windows Phone 7 4.4 and Gobi 2000 are supported. Policy Supports applying any EAS policy. The limitations are based on the devices OS and 4 Enforcement manufacturer. Role-based policy management. Security and Provides a granular role-based security model that can restrict all components and actions 3.1 Compliance within MDM. Containerization Not available. 1 Inventory Mobile Device Manager supports the full features of inventory management. 4.5 Management Software Deploys or removes corporate applications, and provides a private app store. Support for 2.7 Distribution updates, patches and fixes. Administration A central management console delivers real-time statistics across devices, platforms and 3.6 and Reporting domains, managing all stages of deployment. Integrates with BES, Good Mobile Messaging and EAS. IT Service Help desk and user support. Support for a self-service portal and device monitoring of 2.7 Management applications, SMS, and voice and data activity against carrier plans.http://www.gartner.com/technology/reprints.do?id=1-16U0UOL&ct=110801&st=sg Page 22 of 24
  • 23. Critical Capabilities for Mobile Device Management 3/29/12 8:54 AM Management applications, SMS, and voice and data activity against carrier plans. Network Specialized capabilities on TEM (e.g., ordering, provisioning and expense management for 4.2 Service simpler phones). Management Delivery Model On-premises-based software and managed services. 4 Source: Gartner (July 2011) Return to Top Zenprise Zenprises Mobile Manager is one of the more innovative platforms available, combining a strong mobile VPN solution with the use of location-based technologies. It has a clear interface and solid reporting capability. It is a small company focused on MDM. It recently acquired Sparus Software, a small, French security and MDM company, to better support mobile security and encryption (see Table 14). Table 14. Critical Capabilities Rating for Zenprises Mobile Manager Critical Product/Service Name and Brief Description Rating Capabilities Device Diversity Android, BlackBerry, Apple iOS, webOS, Windows Mobile 6.x. and Windows Phone 7 are 4.7 supported. Policy Zenprise Security Manage provides a smartphone audit feature to enforce compliance with 4 Enforcement corporate policies. Ensures that all smartphones are running only the latest software patches and firmware. Policy and password enforcement, and content encryption. Security and Zenprise Security manager tracks policies applied to the device, and identifies missing or 4.4 Compliance removed policies. Provides detailed reports of potential security problems. Zenprise Mobile Manager includes four layers of security operating at device, application and network tiers, providing end-to-end security: Dynamic Defense (device security), AppTunnel (application security), Secure Mobile Gateway (controls access to corporate networks, application quarantine) and Mobile Network Intelligence (enterprise wireless network traffic). IFIPS compliance certification process is ongoing. Containerization Not available. 1 Inventory Zenprise Device Manager provides visibility and control of end users smartphones. Offers 4.4 Management remote control capabilities to troubleshoot smartphone problems. Software Private app store for users application discovery, and for IT administrators to silently 3.7 Distribution configure and provision enterprise applications on smartphones and tablets. Software updates, patches and fixes for selected platforms; backup/restore, background synchronization and file distributions. Dashboard displays version, configuration and memory use information for mobile applications across all connected devices. Administration Unified Web console, and role-based and group-based access. Remote control (real time 3.8 and Reporting or permission-based) for BlackBerry, Windows Mobile and Android, including the ability to initiate chat and voice over Internet Protocol between the administrator and user, or to remotely view and kill processes running on the devices. Offers more than 50 performance reports to aid in your infrastructure planning. Offers profiles of real-time and historical performance of BES, Exchange, EAS, Active Directory and SQL servers. Integrates with Remedy, Microsoft Systems Center, IBM Tivoli, HP OpenView and BMC Patrol IT Service Zenprise Expense Manager offers smartphone security audits that help avoid costly 4.3 Management litigation or compliance lapses. Network Zenprise offers network service management consistent with the described criteria 3 Service features. Management Delivery Model Primarily on-premises-based software. 4 Source: Gartner (July 2011) Return to Tophttp://www.gartner.com/technology/reprints.do?id=1-16U0UOL&ct=110801&st=sg Page 23 of 24
  • 24. Critical Capabilities for Mobile Device Management 3/29/12 8:54 AM © 2011 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form without Gartner’s prior written permission. The information contained in this publication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. This publication consists of the opinions of Gartner’s research organization and should not be construed as statements of fact. The opinions expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartner’s Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see “Guiding Principles on Independence and Objectivity” on its website, http://www.gartner.com/technology/about/ombudsman/omb_guide2.jsp.http://www.gartner.com/technology/reprints.do?id=1-16U0UOL&ct=110801&st=sg Page 24 of 24