When new devices are added to the enterprise, the existing persona is literally imprinted via MDM software before the device can gain access to corporate resources. MDM controls different levels of business permissions, including those derived from LDAP and Active Directory, so that rules and policies are granularly defined based on an employee's role, division or seniority. For example, a company implements different security policies for senior executives in finance than it does for entry-level sales staffers.
Lastly, with the growing use of open source apps and operating systems, mobile IT can easily deny access to the corporate network based on the security posture of the device, denying network access to compromised (jailbroken or rooted) devices, app permissions (including whitelist and blacklist) and policy sharing, so new mobile apps have enterprise permissions "pre-baked" before deployment.
In Phase 3 mobile IT is now responsible for managing mobile apps for business users. In this phase, mobile IT management must address a nearly infinite variety of apps, devices, personas and operating systems. MDM helps solve this complex set of issues, including the ability to deliver a private, company-specific enterprise app storefront. This corporate application library is discoverable and provides both the tightest security and best end-user experience for the distribution, inventory and delivery of mobile applications companywide.
Last, Phase 4 of the continuous MDM software life cycle has users limiting their costly mobile service plan overages with the help of MDM software application programming interfaces (APIs) designed to detect and reduce international plan overages. Of the millions of the Fortune 1000 enterprise users depending on MDM software, a majority of them experience international plan overages measured by $10,000 or more per month.
Of course, when the user leaves the company, the mobile IT group uses MDM to simply remove the enterprise, personal and all accompanying permissions to protect their intellectual property. MDM software accomplishes this task on employee devices (BYOD) by means of a selective wipe, ensuring that no pictures, music or other non-work files are removed. For corporate-liable devices, MDM software offers a complete wipe and device "retirement" before it can be re-enabled for a new user.
MDM software has clearly become an indispensable tool for mobile IT as all of these enterprise devices undergo rapid consumerization. In closing, the recent Forrester "Consumerization Drives Smartphone Proliferation" report validates three MDM trends: