Four (4) Key Considerations When Acquiring a Mobile Data Management Solution

One of the most pressing needs in many organizations today is the need to effectively manage their growing throng of mobile devices – be they iPads, iPhones, tablets or whatever new mobile device may be coming out next. In that vein, DCIG is preparing to release its inaugural DCIG 2014 Mobile Data Management (MDM) Buyer’s Guide in just a few weeks to help companies better understand what solutions are available to best manage these devices. In today’s blog entry, I share four (4) key items to consider when acquiring an MDM solution.


Companies both large and small are seeing an ever increasing migration from corporate issued to personally owned devices. Due to this impetus, companies have become more open and willing to move to cloud provided MDM services. As a result of this increasing adoption of cloud-based MDM, DCIG has included cloud-based device management in the 2014 DCIG Mobile Data Management Buyer’s Guide.

The benefits of cloud-based mobile data management are many, including rapid deployment and low infrastructure investment. But cloud storage also has its limitations. The key restriction is the device management feature sets. These are often more robust with on-premise installations, but scaling the number of devices needing to be managed from a cloud installation perspective can be challenging. Larger enterprises, with a significant number of managed devices along with a more mature IT environment, may be less inclined to move into a hosted MDM model. Thus, on-premise and hybrid infrastructures for deployment are better options for these enterprises.

At-rest and In-transit Encryption

Many companies face compliance mandates such as HIPAA, HITECH, SOX. Other companies need to protect day-to-day business information. These issues have become difficult due to the dynamic environment of policies in the professional-realm. This has led to personally identifiable information being increasingly reliant on encryption. Data encryption is often the only “safe harbor” from sanctions in the face of a data breach. At-rest and in-transit encryption play significant roles in MDM from data stored resident on devices as well as data being transmitted wirelessly.

At-rest applies to encryption once the data has arrived at the target device. At-rest is fundamentally different than in-transit encryption.  In-transit encryption takes place through a software algorithm as the sending device encrypts the data while it is being transferred to the receiving target.

Organizations can use both at-rest and in-transit encryption to ensure maximum data protection is employed. If both encryption methods are used together, the data is encrypted from beginning to end, thus  protecting the entire data process path from unauthorized access.


Mobile data management automation is an area of emphasis for many organizations. The employment of automation promises to facilitate efficient management of an organization’s MDM solution, and thus enable a more agile response from IT to changes its business requirements. Ultimately, automation means more staff time can be spent addressing business specifications rather than managing routine tasks around MDM.

For example, support for automated device provisioning, security policy restriction, policy deployment, and enforcement can:

  • Simplify management
  • Reduce complexity
  • Reclaim IT staff time
  • Reduce inefficiency

Security Policy Enforcement

Device policy enforcement is a primary tenant to MDM. Organizations invest in MDM for many reasons, two of which are: 1) to reduce business risks and 2) to maintain the ability to create policies to match the organization’s risk appetite. Both are benefits to device policy enforcements and serve as keys to the successful integration of a MDM solution for any organization.

Though policies can often be difficult to work with, they help ensure compliance with the organization’s security requirements to reduce the possibility of a breach in corporate data. However, when a device is jailbroken and rooted, the built-in security features on the most popular mobile device platforms are bypassed and the device can then be exploited for unauthorized access to hardware and software. DCIG focused on the MDM provider’s ability to safeguard data through robust policy management. Without the ability to safeguard data in a flexible way to meet the organization’s goals, MDM would not be effective in providing the data protection needed.

Click Here to Signup for the DCIG Newsletter!


DCIG Newsletter Signup

Thank you for your interest in DCIG research and analysis.

Please sign up for the free DCIG Newsletter to have new analysis delivered to your inbox each week.