What should an MDM actually do?
When it is time to create an RFP or to evaluate these technologies, keep these questions in mind. Consider the specific security trade-offs that any MDM solution will require.
Is all traffic encrypted between mobile devices and your corporate network? Some apps use SSL connections, and some provide their own encryption. Some MDMs don't encrypt any data that is sent over the Internet at all. Most Android devices don't have device-level encryption, for example.
Can you map and manage a device to a particular user in your directory services so that your IT department doesn't need any additional workflow, setup, or policies? Solutions that are tightly coupled with Active Directory or LDAP mean that you can save deployment time and use your existing security policy frameworks. You also might or might not want to lock a particular user to a particular device, depending on your circumstances.
Speaking of policies, can you set device- and application-level policies that are centrally managed? Some MDMs can only set policies for a particular device, or for particular users. Do you really need to manage every device in your network? Maybe not: while you certainly want control over all of your company-owned devices, you may want more flexibility for user-owned devices.
Are files that are viewed on the mobile device actually stored on the device itself? With some products, once a remote session ends, all traces of the document are removed from the tablet's memory and storage. With others, there can be some residue, or the file itself could be accessed by an app that you have already downloaded to your device.
Does a document remain under the control of the app, or can you prevent a document from being exported outside the app? The stricter the control you have, the more secure your files will be.
Can you remotely wipe all traces of the document or history from the device, or disable it entirely if lost or stolen? With some apps, a panic call into IT can terminate any subsequent access of a device.
Do you need a separate hardware-based management appliance for your MDM? Some products make use of cloud-based management software, while others require specific hardware to be placed on your network. For example, Meraki used to require that you use their hardware platform, but now offers a completely cloud-based service (and it is free, too). The Aerohive/JAMF Software solution employs Aerohive wireless access points to manage mobile devices. ionGrid's Nexus has a Java-based server that you need to run on a Windows or Linux machine on your local network.
How does the MDM work when you need to share documents with external users outside your corporate domain? Some set up a secure tunnel to your file shares, others have publish-and-subscribe models to make these documents easily available on a mobile device. Some also support a variety of intranet-type servers such as SharePoint. An example of the latter is Rover's Retriever, which has a set of programming interfaces for a variety of mobile devices so that you can access corporate data securely with a native mobile app. It comes in two pieces: a server-side Gateway that installs on a Windows computer ,and client software that runs on iOS and Android devices. The Gateway comes with a variety of connectors to SQL Server, Excel spreadsheets, and SharePoint services. The screenshot to the right shows what the client piece looks like on iOS.
What is this going to cost?
In addition to the wide range of functionality we've described, MDM products have a wide cost range. Meraki's service is free, and IBM's Worklight requires a five-figure server investment. In between are the others, with some offering perpetual licenses per device while others charge annual subscriptions. There are also volume discounts and 30-day free trials available too.
As you can see, the MDM world is still pretty wild and wooly. Hopefully, this has given you a good starting point to start evaluating some of these solutions for your particular circumstances.