Miller views MDM as a stop-gap solution solving problems that they won't need to address once Lambeth moves to a paradigm of managing applications and information, rather than devices. "Our goal is to policy-wrap applications," he says.
As for information protection, Miller takes a measured approach. "We won't allow personal devices to connect to our VPN, but will instead work to securely provide access to appropriate information through cloud-based email and a corporate app store. This will be supported by policy, training and sensible risk management to keep sensitive data off personal devices."
Other CIOs view MDM as necessary for some time to come, but these same directors quickly point out areas where they'd like to see vendors make improvements. "MDM addresses the issue for trusted devices," says Bupa's Jetha. "It does not adequately address the issue of tolerated or unsupported devices."
Some see user-centric device management as limiting, since many users have more than one device, and like Miller, many prefer a policy of application management.
For this reason, many MDM platforms offer mobile application management (MAM) features as well, and analyst IDC sees the combined MDM-MAM approach as the way forward, coining the term mobile enterprise management (MEM) to designate platforms which serve both roles. IDC predicts global sales of MEM platforms to grow from the 2011 figure of $444.6m to $1.8bn by 2016.
Of all the features offered with MAM, IT directors rank most important those that allow staff to blacklist untrusted applications and 'whitelist' the trusted ones. While organisations like to let users find appropriate business tools on their own, IT needs to prevent misbehaving software from causing collateral damage.
Many directors also rank container policies high on their list of priorities, as it helps them support BYOD by setting up dual personas on a device. Certain data and applications belong to the private persona, while other data and applications belong to the business persona.
"The advantage with cloud-based solutions is utility-like transparent pricing but there are concerns with security, as well as potentially splitting identity management and device management," says Bupa's Jetha.
"Increasingly, cloud-based services are seen as the dominant approach for controlling and vetting access to systems when the main usage of our systems access is by customers as opposed to employees."
The London Borough of Brent carefully considers what can go on the cloud. "The challenge cloud computing presents organisations such as ours is that when you move information out of the datacentre, we don't see what happens to it," explains CIO Stephan Conaway.