"You have to think about MDM in terms of legality. For example, a lot of MDMs provide the ability for operations teams and IT employees to track the coordinates of the phone. In some countries there are privacy laws that forbid that. The corporation may not be allowed to track you. You have to look at whether that needs to be turned on or turned off by default, and how you're handling that to make sure that you don't break privacy laws there," Katz says.
[Also see Mobile phone security dos and don'ts]
To handle those privacy concerns, and so they can focus more closely on corporate-owned applications and data, more enterprises are turning to mobile app management (MAM), which enables organizations to manage specific applications and data without having to worry about the entire device or an employee's personal data. "This approach makes it much easier to manage BYOD in an organization because you have the same features in MAM that you have in MDM, but you're approaching it on an app-by-app basis," says Katz.
That ability makes it more straightforward to wipe only enterprise-owned and -managed data and set password requirements that affect only the enterprise apps. That's why he thinks the industry will move away from MDM and toward MAM, "which will help move the security focus from the device to the data and the applications--where it belongs," says Katz.