Why It’s Time to Short the MDM Market

Featured Article by Adam Ely, Co-founder and COO of Bluebox

Mobile device management (MDM) pre-IPO market evaluations hit an all-time high in February 2013 however, in recent weeks, we’ve seen two other companies get acquired at fire sale prices, could it be MDM isn’t the complete answer? Is it indicative of a need that’s not yet being met by the mobile security solutions on the market? The answer to all questions is: yes.

The problem with the MDM landscape is that it’s a market that relies on old technology. Vendors in the space have built their products on commodity foundations – features that call on APIs anyone and everyone can access in Apple’s iOS and Google’s Android. There’s no barrier to entry and anyone can build it. Companies are starting to do the same thing and rely on the capabilities from Apple or Google to let them do it. There’s no overwhelming benefit from entering into the MDM market because. It’s simple.

Commodity foundations that don’t help enterprises secure the flood of corporate data hitting personal devices is problematic given that 28% of the data is being accessed through mobile solutions². In fact, MDM solutions can only secure and track data for a few dozen apps in a world. For perspective, there are already over 50,000 business apps in Apple’s App Store. Juniper research estimates that the number of employee owned smartphones and tablets used in the enterprise will more than double by 2014, reaching 350 million – up from 150 million last year. However, at the rate they’re evolving, MDM solutions just aren’t prepared to handle this wave. What are the barriers that are keeping them from comprehensively providing mobile data security to do so?

The biggest problem enterprises are currently facing is protecting corporate data and MDM’s don’t do that. In essence, the applications don’t addressactual, real-world problems the enterprise is facing  – put simply, they protect the device, not the corporate data on the device. With MDMs, although the company doesn’t own the device, it controls it. This raises several issues. The most pressing of which are huge concerns over user privacy. Before enrolling their device, users must consider whether or not they want their employer to have access to their personal e-mail, data, photos, apps, snapchats etc. because with MDM, it’s total control, or nothing.

MDM is a very monolithic, iron-fist, kind of way of look at managing mobile devices. It does not protect the most important corporate asset:  data. This is why MDM is dead. It’s not smart to invest in a MDM program because the program won’t solve the most fundamental security issue the enterprise faces.

That said, MDM does have a place for fleet management devices such as tablets that are used as point of sales systems in retail, which is a single use, non-personal device. That’s where they are useful, because those devices are owned by the enterprise.  I recommend investing in other solutions that will solve your company’s security problems.

We’re actually at a pivotal point where CIOs are beginning to pay attention to the conversations occurring across the cloud and devices. CIOs are starting to step out of their comfort zones and think of new ways to protect employee privacy and information, not just the devices themselves.

Most organizations are now investing in user and data aware mobile security solutions and dumping or limiting the scope of MDM usage rather than continuing to throw good money after bad.

The bottom line is that CIOs need to start, and in many cases have already begun, considering the users. To continue with the business as usual approach would be a mistake. And though 2013 saw a lot of capital funneled into MDM, there is still a need for mobile security solution that addresses the needs and wants of the enterprise and its users to be successful in a BYOD world.

About the Author: Adam Ely is the Co-founder and COO of Bluebox. Prior to this role, Adam was the CISO of the Heroku business unit at Salesforce where he was responsible for application security, security operations, compliance, and external security relations. Adam was named one of the top 25 security influencers to follow in 2012 for his industry contributions.  Follow Bluebox @BlueboxSec on Twitter.