"We need all of that without having to have multiple agents installed on the phone," he says, because each agent adds complexity and uses up resources.
"Having agents on the phone means that it needs to be constantly on all the time for data gathering, but that means that it will consume phone resources," Chong says. Also, it's "software that now needs to be managed and updated on users' phones."
Today many businesses, if they have a BYOD program at all, either aren't using MDM or are using a very basic tool such as Microsoft's Exchange ActiveSync, which allows mobile access to the user's Exchange email and calendar. "The next phase is getting to MDM. Then [IT staffers] can look at application security and management," Redman says.
At West Virginia University, the cost of tools outweighs the risks -- at least for now. Yohn says the school uses only ActiveSync to support its 4,500 faculty and staff. He'd like to do more, but says licensing costs for the containerization tools he researched would have exceeded $100,000 annually. "We'll wait until prices fall, or something happens and we determine that we need to make this investment," he says.
At CareerBuilder, a jobs website and staffing firm, individuals who want to use their own phones can connect by way of ActiveSync, but downloaded data is not encrypted unless the user chooses to do so at the device level. Further, IT doesn't offer any support for users connecting with their own smartphones.
Users can also install, on their own, apps to access SaaS applications such as Concur and Salesforce.com. "We defaulted to that," says senior vice president of information technology Roger Fugett. But with nearly half of CareerBuilder's 2,600 employees now bringing their own devices, Fugett says he's taking a hard look at the potential risks and how to mitigate those. Containerization and general MDM tools are on his radar.
The coming consolidation
Containerization is rapidly becoming a necessity for supporting BYOD, and the technology is evolving rapidly, says Stephen Singh, director for infrastructure practice at professional services firm PwC. "It works relatively efficiently and meets the regulatory compliance needs for many of the customers we speak with."
In most shops, containerization is -- or should be -- one part of an overall MDM strategy. Going forward it should be possible, for example, to apply one set of policies to the entire device, another to a protected container where app stores deposit applications, and a third to specific corporate apps, with variations depending on the user's role or group.
Indeed, Symantec says its Odyssey MDM tool can be used to enforce a device-level password while Nukona applies application-specific controls.
Containerization is already starting to be absorbed into the major MDM platforms. Symantec plans to merge into its Nukona containerization and Odyssey MDM acquisitions into its Altiris offering for managing servers, desktops and laptops; and Mobile Iron now offers its own APIs for application integration. "In the next six months we'll see more application security and management integrated into MDM systems," says Redman.
Eventually, he says, MDM will broaden into a "systems management platform for the enterprise" that includes security, content management, application management and application development, and it will extend to laptops and desktops as well as tablets and smartphones.
That's high on the wish list at Union Bank, which relies on two different consoles to manage BlackBerry and other mobile devices. "I want a universal dashboard. There's no technology that does that today," Chong says.
BNY Mellon has already started down that road. "We chose MaaS360 because we can run it across our full mobility network, whether a laptop, phone or tablet," Perkins says. "I can provision access to all of those devices at once, knowing that each has a different graphical paradigm. That's the way we think people will be moving."
Singh sees an even broader convergence of management tools that provides ubiquitous access for any end user device over any medium, including desktops, laptops, desktop and application virtualization, remote access and unified communications as well as mobile devices. "We're not that far off from a universal console. We see convergence occurring in three to five years," he says.
That may seem like a ways off, but it's important to plan for that vision now so that containerization, MDM and other tools acquired today don't end up overlapping or becoming redundant over time. "Look at the big picture. Solving the problem for mobile device management isn't just about selecting a vendor," Singh says. "It's about applying a solution across multiple platforms and instances."
Read more about bring your own device (BYOD) in Computerworld's Bring Your Own Device (BYOD) Topic Center.
This story, "Best BYOD management: Containment is your friend" was originally published by Computerworld.