Critical Capabilities For Mobile Device Management

Critical Capabilities for Mobile Device Management
Page 1 of 17

29 July 2011 Monica Basso, Phillip Redman Research Note G00213877 This research provides quantitative ratings for a selection of enterprise mobile device management offerings, evaluating them in typical use cases, across 10 critical capabilities.
Overview
This research provides quantitative ratings for a selection of enterprise mobile device management (MDM) offerings, evaluating them in typical use cases, across 10 critical capabilities. Enterprises should use these critical capabilities, use cases and product ratings to identify the most suitable enterprise MDM products or services to meet their management and security requirements.
Critical Capabilities Methodology

"Critical capabilities" are attributes that differentiate products in a class in terms of their quality and performance. Gartner recommends that users consider the set of critical capabilities as some of the most important criteria for acquisition decisions. This methodology requires analysts to identify the critical capabilities for a class of products. Each capability is then weighted in terms of its relative importance overall, as well as for specific product use cases. Next, products are rated in terms of how well they achieve each of the critical capabilities. A score that summarizes how well they meet the critical capabilities overall, and for each use case, is then calculated for each product. Ratings and summary scores range from 1.0 to 5.0: 1 = Poor: most or all defined requirements not achieved 2 = Fair: some requirements not achieved 3 = Good: meets requirements
Key Findings
Not all MDM platforms provide device encryption if it is not supported natively on the device. Although containerized approaches offer some of the highest security, restrictions to the user's experience with mobile email may limit the user's acceptability and viability on personal devices. AirWatch, Fiberlink, MobileIron, Sybase and Zenprise use native Apple iOS 4 management APIs to implement functions such as over-the-air (OTA) software upgrades and certificate-based authentication. Good for Enterprise is a mobility suite centered on wireless email; many management and security capabilities are available within their email client only.
Recommendations
Choose MDM offerings that support a lightweight management approach, with mobile agents and serverside platforms, when your security and management requirements are limited and deep control is not accepted by employees using personal devices. Examples include Zenprise, MobileIron, BoxTone, Fiberlink and AirWatch. Choose MDM offerings that support a heavyweight approach to deliver secure and manageable corporate email to consumer and personal devices when strict security and compliance requirements apply. Containers can enforce stronger separation among personal and corporate content. Examples include Good Technology, Excitor and Sybase. Users of iOS need to reset their devices for encryption the data protection mechanism in iOS 4 implements total device encryption, and can be triggered by setting a password to connect to Exchange Active Sync for email, calendar and contacts and then resynch the data.
What You Need to Know

Before making any effort to select the most appropriate tool for MDM, organizations need to understand their requirements and define clear policies for deployment, including corporate data and application protection on the device and back-end servers; isolation from personal content, if needed; and cost containment. Organization should evaluate different MDM offerings, focusing on the critical capabilities identified in this research. Return to Top
4 = Excellent: meets or exceeds some requirements 5 = Outstanding: significantly exceeds requirements Product viability is distinct from the critical capability scores for each product. It is our assessment of the vendor's strategy and its ability to enhance and support a product over its expected life cycle; it is not an evaluation of the vendor as a whole. Four major areas are considered: strategy, support, execution and investment. Strategy includes how a vendor's strategy for a particular product fits in relation to its other product lines, its market direction and its business overall. Support includes the quality of technical and account support as well as customer experiences for that product. Execution considers a vendor's structure and processes for sales, marketing, pricing and deal management. Investment considers the vendor's financial health and the likelihood of the individual business unit responsible for a product to continue investing in it. Each product is rated on a five-point scale from poor to outstanding for each of these four areas, and it is then
Analysis
Introduction
The proliferation of consumer devices and a growing demand from employees are changing the ways in which organizations deliver mobility solutions to the workforce. IT organizations are forced to create mobility programs to support corporate email and other applications on consumer products, such as iPhone, iPad and Android devices. "Bring your own device" and employee-liable programs are common, and we expect that 80% of organizations will have tablets by 2013 (see " Gartner's Top Predictions for IT Organizations and Users, 2011 and Beyond: IT's Growing Transparency"). These deployments bring a range of new challenges, from security, compliance and management, to cost and human capital management. Organizations address these challenges by defining policies that regulate the usage of consumer and personal mobility for employees, and they need the appropriate tools to enforce policies, regulate behaviors, contain costs and manage risks, across multiple device platforms. Multiple options are available the enterprise MDM market has more than 60 players with a wide range of products, services and capabilities. Gartner research (see "Magic Quadrant for Mobile Device Management Software") identifies a subset of 23 vendors that qualify as viable for investments. These offerings are progressively adding similar features, driven by fierce competition, and the market is going through a commoditization route. IT organizations struggle to identify the right options for investment. On one hand, the rapid evolution of mobile devices and business requirements makes it difficult to identify a clear set of MDM requirements. On the
http://www.gartner.com/technology/streamReprints.do?id=1-16U0UOL&ct=110801&s... 8/10/2011
Page 2 of 17
complete mobile management client. They can enforce policies on the server side, but cannot control the device and mobile user behavior in depth. They are used in combination with native mobile support in corporate email servers (e.g., Microsoft Exchange ActiveSync [EAS] in Microsoft Exchange Server or Notes Traveler in Lotus Notes/Domino) to enforce complementary policies to those provided by the server. Thus, they can preserve the native email client experience on iPhones and iPads, which are favorite choices for users. Relevant vendors with this approach include AirWatch, BoxTone Fiberlink, MobileIron and Zenprise. Heavyweight approach: Client-side management software is available for every relevant mobile OS platform (either stand-alone or blended with a proprietary email client). The management client can enforce strong IT control on the device (e.g., local data encryption, selective wipe and containerization). Vendors with this approach are Good Technology, Excitor and Sybase. Good's product does not integrate with the email server's native mobile support (e.g., EAS) actually, it replaces it, and it does not work with the device's native email client, but requires its own client, which can only connect to a corporate email server. Good Technology's approach prioritizes on IT control, limiting the user's choice and experience with the email client. Another important element of differentiation among these offerings is the delivery model: cloud services versus on-premises versus host. While most mature products (such as those from Good Technology, Sybase and MobileIron) are on-premises, a growing range of cloud services offerings (such as those from AirWatch, Fiberlink and Tangoe) are starting to appeal to users because they are more economical. In fact, there are no upfront costs, and an inexpensive price per user per month and more flexibility to scale up services with growing mobility adoption or needs. Before entering MDM product selection analysis, organizations need to identify the risks and benefits of introducing support for corporate applications on personal devices. They then need to identify the IT policies required to control deployments, manage risks and support users. Finally, they need to choose the appropriate management approach and the products and services that can help to enforce those policies in a cost-effective way. Return to Top
Product Class Definition

Gartner defines MDM as a range of products and services that enables organizations to deploy and support corporate applications to mobile devices, such as smartphones and tablets, possibly for personal use enforcing policies and maintaining the desired level of IT control across multiple platforms. Areas of functionalities include security, provisioning, software and inventory management, and decommissioning. See "Magic Quadrant for Mobile Device Management Software" for a complete description of the market and vendors that deliver these products or services. In this research, we focus on the capabilities and viability of a subset of offerings (products or services) from this market, which get the most attention and inquiries for advice from our client base. Return to Top
Critical Capabilities Definition

MDM offerings address a range of requirements from IT organizations aiming to deliver mobility experiences to their workforces or customers, while maintaining control and minimizing risks. They tend to bring a fairly complex set of functionalities, with progressively little differentiation among the competition. This research examines 10 critical capabilities that differentiate competing MDM products. The critical capabilities considered for enterprise MDM products are: Device Diversity Policy Enforcement Security and Compliance Containerization Inventory Management Software Distribution Administration and Reporting IT Service Management Network Service Management Delivery Model Detailed information about each critical capabilities follows: Device Diversity: the degree of diversity in mobile devices and mobile OS platforms that the considered MDM product can handle. This includes: Support one or more OS platforms, such as Android, iOS, etc. (Note that support for Research In Motion [RIM] OS and Windows Phone 7 is rated as a plus because fewer vendors have added them.) Support for media tablets Support for ruggedized devices Support for simpler phones Policy Enforcement: Enforce policies on eligible devices: Detect OS platforms and versions, installed applications, and manipulated data. Detect iOS jail-broken devices and rooted Android devices. Filter (restrict) access from noncompliant devices to corporate servers (e.g., email). Enforce application policies: Restrict downloadable applications through whitelists and blacklists. Monitor access to app stores and application downloads, and put prohibited applications on assigned an overall product viability rating. The critical capabilities Gartner has selected do not represent all capabilities for any product and, therefore, may not represent those most important for a specific use
Page 3 of 17
quarantine and/or send alerts to IT/managers/users about policy violations. Monitor access to Web services, social networks and app stores, and send alerts to IT/managers/users about policy violations and/or cut off access. Enforce mobile communications expense policies: Monitor roaming usage. Detect policy violations (e.g., international roaming) and, if needed, take action (e.g., disabling access to servers and/or send alerts to IT/managers/users about policy violations). Enforce separation of personal versus corporate content: Manage corporate apps on personal devices, and personal apps on corporate devices. Tag content as personal or corporate through flags. Detect violations of separation and, if needed, send alerts to IT/managers/users. If a container is in use, prohibit exporting data outside the container (e.g., when opening an email attachment), and regulate interaction between different enterprise containers. Restrict or prohibit access to corporate servers (e.g., to email server or email account) in case of policy violation. Security and Compliance: a set of mechanisms to protect corporate data on a device, corporate backend systems and preserve compliance with regulations: Password enforcement (strong alphanumeric password) Device lock (after a given number of minutes of inactivity) Remote wipe, selective remote wipe (e.g., only corporate content); total remote wipe (hard wipe, data not recoverable after deletion) Local data encryption (phone memory, external memory cards) Certificate-based authentication (include device ID, OS version, phone number); certificate distribution Monitoring device and data manipulation on device Rogue app protection (e.g., application quarantine) Firewall Antivirus Mobile VPN Message archiving (SMS, IM, email, etc.) and retrieval; record historical event for audit trail and reporting Containerization: a set of mechanisms to separate corporate from private content (data, applications) on a device and apply a range of actions to control the corporate footprint, such as: Local data encryption On-the-fly decryption Selective remote wipe No data export to other containers (data leakage prevention) Controlled communication among containers Application containerization (beyond email) Containerization based on virtualization technology (e.g., Open Kernal Labs [OK Labs] OKL4, VMware MVP, ARM TrustZone) Inventory Management: a set of mechanisms to provision, control and track devices connected to corporate applications and data: Asset management and inventory Device configuration and imaging Device activation and deactivation Provisioning (OTA): Distribution (push) Configuration (push): Device configuration iPhone profiles Lockdown hardware features (e.g., enable/disable hardware, camera, removable media card, infrared [IR] port, Bluetooth, Wi-Fi) Monitoring: Performance Battery Life Memory Lost-phone recovery Locate and map Restore and migrate Software Distribution: a set of mechanisms to distribute applications and software upgrades to mobile users OTA, avoiding tethering to a PC: Application discovery (e.g., through private app stores) Software updates, for applications or OSs Patches/fixes Backup/restore Background synchronization File distribution
2011 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be reproduced or distributed in any form without Gartners prior written permission. The information contained in this publication has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in such information. This publication consists of the opinions of Gartners research organization and should not be construed as statements of fact. The opinions expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that have financial interests in entities covered in Gartner research. Gartners Board of Directors may include senior managers of these firms or funds. Gartner research is produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the independence and integrity of Gartner research, see Guiding Principles on Independence and Objectivity on its website,
Page 4 of 17
Administration and Reporting: capabilities for IT administrators to manage mobile deployments and users. This includes: Single console Web-based console OTA provisioning Role-based access Group-based actions Remote control (real-time or permission-based) Enterprise platform integration (e.g., Exchange Active Sync; LDAP; BlackBerry Enterprise Server [BES]; certificate authority; trouble ticketing and help desk, such as Remedy; and network management, such as IBM Tivoli) Business intelligence Reporting IT Service Management: capabilities to grant mobile service levels to mobile users, such as: Help desk User support with levels User self-service (administration, etc.) End-to-end real-time monitoring Troubleshooting Alerting Network Service Management: specific capabilities to monitor and optimize mobility costs, such as: Contract management Expense management Service usage management Delivery Model: ways to deliver MDM capabilities to customers (e.g., on-premises, hosted, cloud). Complete cloud offerings are rated higher, because they allow organizations to acquire MDM capabilities without upfront investments. Pricing policies per users (as opposed to per device) are rated higher. Return to Top
Use Cases
We have identified a number of use cases that come up fairly frequently in our client inquiries, and that help to highlight the best characteristics of selected MDM offerings under specific conditions: Case A1 Highly regulated organizations focusing on corporate email only: Organizations aiming to support consumer personally owned devices, such as iPhone, iPad and Android devices Organizations operating in sectors under severe regulatory constraints (e.g., financial, healthcare, military and defense) with strict security and compliance requirements, such as the Health Insurance Portability and Accountability Act (HIPAA; e.g., must enforce local data encryption on all devices connected to their email servers, required certifications, etc.) Organizations focusing on the short term, only regarding corporate email support Case A2 Highly regulated organizations going beyond email: Highly regulated organizations, as per Case A1, that want to deploy and support corporate applications beyond email, need to distribute software OTA, and need discovery mechanisms (such as for app stores, to block access, etc.) Case B Nonregulated organizations, mobility deployments: Organizations operating in nonregulated sectors (e.g., retail, delivery services) that can live with basic security and management support, and that must enforce limited mobile policies to mobile users Organizations with previous mobility experience and/or mobility skills Support for consumer devices, such as iPhone, iPad, Android, BlackBerry devices; corporate or personal devices Organizations focusing on email and/or other applications Case C Expense management focus: Organizations that want to optimize mobility deployment expenses and that are less focused on security Cost optimization Case D Service-level management: Organizations with critical mobile applications or users, and mobile service-level agreements All types of deployment sizes (most often midsize to large) Need to monitor and control end-to-end mobile deployments Troubleshooting Table 1 looks at the weightings of all the use cases in this research. Each use case weighs the capabilities individually based on the needs of that case, which impacts the score. Each vendor may have a different position based on its capability and the weighting for each one. The overall use case is the general scoring for the vendor's product, with all weights being equal.
http://www.gartner.com/technology/about/ombudsman/omb_guide2.jsp.
Page 5 of 17
Table 1. Weighting for Critical Capabilities in Use Cases

Regulated, Applications (A2) 1.0% 10.0% 10.0% 5.0% 5.0% 55.0% 2.0% 10.0% 1.0% 1.0% 100.0% Expense Optimization Objective (C) 1.0% 0.0% 0.0% 0.0% 20.0% 0.0% 20.0% 5.0% 53.0% 1.0% 100.0% Service-Level Management (D) 5.0% 5.0% 5.0% 0.0% 15.0% 10.0% 20.0% 40.0% 0.0% 0.0% 100.0%
Critical Product Capabilities Device Diversity Policy Enforcement Security and Compliance Containerization Inventory Management Software Distribution Administration and Reporting IT Service Management Network Service Management Delivery Model Total
Regulated, Overall Email (A1) 10.0% 10.0% 10.0% 10.0% 10.0% 10.0% 10.0% 10.0% 10.0% 10.0% 100.0% 5.0% 5.0% 5.0% 70.0% 5.0% 1.0% 1.0% 2.0% 5.0% 1.0% 100.0%
Nonregulated (B) 20.0% 5.0% 5.0% 0.0% 9.0% 15.0% 40.0% 4.0% 1.0% 1.0% 100.0%
Source: Gartner (July 2011)
Return to Top
Inclusion Criteria
Products covered in this research come from vendors included in "Magic Quadrant for Mobile Device Management Software"; refer to it for a complete description of the market and vendors. The following criteria were used to qualify vendors for inclusion in the Magic Quadrant for MDM: Support for enterprise-class (noncarrier), multiplatform support MDM: software or software as a service (SaaS), with an emphasis on mobility Specific MDM product focus and feature set, or a primary focus on MDM in another product set (messaging or security) Security management, with at least these features: Enforced password Device wipe Remote lock Audit trail/logging "Jailbreak" detection At least mobile OS 3 platforms supported Policy/compliance management Software distribution, with at least these capabilities supported: Application downloader Application verification Application update support Application patch support Inventory management, with at least these capabilities supported: External memory blocking Configuration change history Managing at least 25,000 mobile lines Five referenceable accounts At least $1 million in MDM-specific revenue Given the large number of players in this market and the complexity of the products, we have chosen to restrict this analysis to a subset of vendors whose offerings get the most interest and highest level of inquiries from Gartner's clients. This research focuses on products or services provided by AirWatch, BoxTone, Excitor, Fiberlink, FancyFon, Good Technology, Mobile Active Defense, McAfee, MobileIron,Sybase, Symantec, Tangoe and Zenprise. Vendors not included in this research are still valid options for consideration (see "Magic Quadrant for Mobile Device Management Software" for details), including: Capricode, Fixmo, IBELEM, Fromdistance, Motorola, Odyssey Software, Smith Micro Software, SOTI, The Institution and Ubitexx (acquired by RIM). While most vendors specialize in management for smartphones and tablets, a subset provides specific capabilities to manage fleets of ruggedized devices (on Windows CE or Windows Mobile), including SOTI, Odyssey Software and Motorola. We do not consider these vendors in a separate use case because specialized management tools for ruggedized devices generate limited Gartner client inquiries. Return to Top
Critical Capabilities Rating

Each of the products that meet our inclusion criteria has been evaluated on the critical capabilities, on a scale of 1.0 to 5.0. To determine an overall score for each product in the use cases, the ratings in Figure 1 are multiplied by the weightings in Table 1. These scores are shown in Figure 2. Figure 3 shows the product score in the various use cases, and also provides our assessment of the viability of each product.
Page 6 of 17
Figure 1. Product Rating on Critical Capabilities
Return to Top
Figure 2. Overall Score for Each Vendor's Product Based on the Nonweighted Score for Each Critical Capability
Return to Top
Figure 3. Product Score in Use Cases
Product viability is distinct from the critical capability scores for each product. It is our assessment of the vendor's strategy and the vendor's ability to enhance and support a product throughout its expected life cycle; it is not an evaluation of the vendor as a whole. Four major areas are considered: strategy, support, execution and investment. Strategy includes how a vendor's strategy for a particular product fits in relation to the vendor's other product lines, its market direction and its business overall. Support includes the quality of technical and account support, as well as customer experiences with that product. Execution considers a vendor's structure and processes for sales, marketing, pricing and deal management. Investment considers the vendor's financial health and the likelihood of the individual business unit responsible for a product to continue investing in it. Each product is rated on a five-point scale from poor to outstanding for each of these areas, and
Page 7 of 17
it is then assigned an overall product viability rating.

Return to Top Figure 4 represents the overall general use for MDM with all ratings equally weighed. This segments the vendors into three positions based on their product capabilities alone: Zenprise, Mobile Active Defense and MobileIron at the top; Good Technology, Symantec and McAfee at the bottom; and the bulk of the other vendors rated in the middle. Unlike the MDM Magic Quadrant, which rates companies in a broader context than by product alone, the MDM Critical Capabilities methodology solely assesses companies based on their products.
Figure 4. Overall Use Case
The weighted capabilities scores for all use cases are displayed as components of the overall score.
Return to Top Figure 5 shows the vendors' product scores for Use Case A1.
Figure 5. Vendors' Product Scores for Regulated Email (A1) Use Case
Return to Top Figure 6 shows the vendors' product scores for Use Case A2.
Page 8 of 17
Figure 6. Vendors' Product Scores for Regulated Application (A2) Use Case
Return to Top Figure 7 shows the vendors' product scores for Use Case B.
Figure 7. Vendors' Product Scores for Nonregulated Mobility Deployment (B) Use Case
Return to Top Figure 8 shows the vendors' product scores for Use Case C.
Figure 8. Vendors' Product Scores for Expense Optimization Objective (C) Use Case
Page 9 of 17
Return to Top Figure 9 shows the vendors' product scores for Use Case D.
Figure 9. Vendors' Product Scores for Service-Level Management (D) Use Case
Return to Top
Vendors
AirWatch
AirWatch's Enterprise MDM offering puts emphasis on device security, life cycle management, application distribution and help desk controls. It supports a broad range of device platforms and integrates with enterprise platforms, such as LDAP, Active Directory, Microsoft Exchange Server, IBM Lotus Notes/Domino and IMAP-based email servers. It integrates with cloud-based email services, such as Gmail, Microsoft BPOS and Office 365. AirWatch's origins come from the wireless network management services and ruggedized device market. The vendor has found equal success providing MDM through either a cloud-based or on-premises distribution model (see Table 2).
Page 10 of 17
Table 2. Critical Capabilities Rating for AirWatch's Enterprise MDM v.5.14

Critical Capabilities Device Diversity Policy Enforcement Security and Compliance Product/Service Name and Brief Description Rating
RIM OS, iOS, Android, Windows Mobile 6.x, Windows Phone 7, Symbian, webOS are supported. Profiles, monitoring, access restrictions, automated compliance policies and alerts for corporate and personal devices (but mostly for iOS, Android and Windows Mobile 6.x). User and device authentication, password enforcement and device lock, remote wipe, and total wipe (but selective wipe only for iOS, Android, Windows Mobile 6.x). Local data encryption, application quarantine, whitelists/blacklists, Web filtering, auditing, mobile VPN, firewall support for selected platforms. No antivirus supported. Application containerization with data leakage prevention for iOS. Monitor and enforce compliance of OS-based encryption. No email container outside native OS capabilities. OTA provisioning, lockdown hardware, monitoring of battery life and other hardware resources, and inventory. Supports monitoring, diagnostics, remote control, performance, memory and battery status, and device location. Downloader, verification, whitelists/blacklists, version detection, updates. AirWatch's communication layer includes a complete infrastructure for API integration to third parties, as well as APIs, Web services, single sign-on and authentication protocols. Its platform also supports multiple protocols for information sharing, such as SSH and SNMP. Can authenticate device users through a basic authentication process or by integrating directly with enterprise directory services (LDAP). Integrated case management, user support levels, self-service portal, mobile service usage monitoring, alerting. Usage management to detect roaming and apply business rules, send alerts, and restrict data downloads. No contract or expense management. Available on-premises, as a software appliance or SaaS.
4.5 3.3 3.6
Containerization Inventory Management Software Distribution Administration and Reporting
2 4.4
3.5 3.7
IT Service Management Network Service Management Delivery Model
3.3 2 4.5
Return to Top
BoxTone
BoxTone's offering focuses on mobile service-level management and includes three modules: MDM, mobile support management and mobile operation management. It provides deep integration with enterprise mobility software platforms and many popular system management and monitoring platforms (e.g., BES, EAS and Good Technology). BoxTone supports BlackBerry, iOS, Android, Windows Mobile, webOS, and Windows Phone 7. Beyond MDM, BoxTone supports service desk management, incident management, problem management and application performance management (see Table 3).
Table 3. Critical Capabilities Rating for BoxTone v.6.1

RIM OS, iOS, Android, Windows Mobile 6.x., webOS. Symbian and MeeGo are not supported. Profiles, monitoring, access restriction. Automated policy management, compliance management, configuration management and application management are integrated into Active Directory for enterprise group IT policy management and enforcement. User and device authentication, password enforcement and device lock, remote wipe and total wipe, and selective wipe on iOS, BlackBerry and Android. Filter server access to noncompliant devices. Local data encryption for RIM OS, iOS and Android devices, and memory cards, including individual certificate-based encryption and control of Android applications. Application quarantine, whitelists/blacklists and mobile VPN for supported platforms. Web filtering for RIM OS and Android. Firewall supported for BlackBerry only. No antivirus supported. Enhanced compliance enforcement functions, such as record historical events for audit trail and reporting. Not available. OTA provisioning, lockdown hardware, device configuration, monitoring service quality, battery life and other hardware resources, and inventory. Change history tracking of each device, including timestamped details for audit or reproducing specific state and status at a given time for troubleshooting or other change management. Private app store, software upgrades, OS updates, background synchronization, patches, fixes, file distribution. Integration with enterprise mobility platforms, such as BES, Good Messaging and EAS. Integration (in a single console) with the most widely used system management platforms (through prebuilt connectors and software development kits [SDKs]/APIs), such as Microsoft SCOM, HP Operations Manager, BMC Software, CA Technologies and IBM-BigFix. BoxTone can also integrate with other management platforms via SNMP technology. Web console. Role-based access. Remote control only for BlackBerry and Windows Mobile 6.x. Analytics tools. Strong help desk, user support, service-level management. Real-time status transaction flow for most enterprise mobile servers, plus automated problem or fault detection. Integrated knowledgebase with alerting mechanisms, etc. Self-service and self-provisioning support for supported platforms. Not available. BoxTone partners with telecom expense management (TEM) vendors, such as ProfitLine and Rivermine, and integrates with their products (but not directly reselling or embedding). Mostly sold as on-premises, but managed and cloud services are also available.
4.2 4.2
3.9
Containerization Inventory Management
1 4.4
Software Distribution Administration and Reporting
4.2 3.7
IT Service Management
4.3
Network Service Management Delivery Model
Return to Top
Excitor
Excitor's DME Mobile Device Manager focuses on MDM and security. It does not rely on Exchange Active Sync
Page 11 of 17
policies to manage devices, but instead implements its own policies within their mobile management client. It supports standards such as OMA DM. Simple containerization is supported, but only in combination with Excitor's DME email product (see Table 4).
Table 4. Critical Capabilities Rating for Excitor's DME Mobile Device Manager v.3.5.x
RIM OS, iOS, Android, Symbian,Windows Mobile 6.x, Windows Phone 7, webOS and MeeGo are not supported. Profiles, monitoring, access restriction. Control access to app store. Control on enterprise applications for Symbian, iOS and Android. User and device authentication, password enforcement and device lock. Remote wipe, plus total wipe and selective wipe for selected platforms. Filter server access to noncompliant devices. Local data encryption supported for BlackBerry, Symbian, iOS, Android and Windows Mobile 6. Application quarantine on devices is supported for iOS and Android. Whitelists/blacklists, Web filtering and mobile VPN for selected platforms. No native antivirus or firewall capabilities are provided, but it can nicely integrate with other products, such as Symantec. Containerization of email, in combination with the DME email client. Supported on iOS and Symbian. BlackBerry, Android and Windows Phone 7 support will be added in the next releases. Containerization extended to other applications, downloaded from the DME-based private app store, in the DME enterprise container. Data leakage prevention for email attachments and email copy/paste, limited to iOS. OTA provisioning, inventory, lockdown hardware, monitoring of battery life and other hardware resources for selected platforms. Private app store for iOS, Android, BlackBerry, Symbian, Windows Mobile 6, Windows Phone 7. Software upgrades, OS updates, patches and fixes are limited to some platforms. No integration with BES, Good Messaging and EAS (i.e., DME email client connects to DME server only). Integration (in a single console) with system management platforms via Web services. Web console and role-based access. No remote control. Business intelligence, analytics and reporting tools are supported natively. Provides first-line and second-line support through help desk capability to customers through excitor.com. Check device status and configuration. Basic capabilities provided in the DME Cost Control module. Additional TEM capabilities through external TEM providers (such as Teleopti and Pridis). On-premises, managed and cloud services.
4.5 3.9 3.4
Containerization
3.3
Inventory Management Software Distribution Administration and Reporting
3.8 3.3 3
2.5 3 4.5
Return to Top
FancyFon
FancyFon's Mobility Center (FAMOC) is a centralized platform to manage the mobile device life cycle, from OTA provisioning to configuration, application updates, security and troubleshooting. It provides remote support for a range of mobile devices, either as a hosted or an on-site solution. FAMOC supports iPad, Android tablets and RIM Playbook through a dedicated media tablet application available in respective app stores. It also supports ruggedized devices and not typical mobile devices (e.g., GPSs) through Windows CE and Windows Mobile support, and Java-based feature phones with basic management, such as backup/restore, remote configuration and security (see Table 5).
Table 5. Critical Capabilities Rating for FancyFon's FAMOC v3.3

RIM OS, iOS, Android, Symbian, webOS and Windows Mobile 6.x and Java are supported. Limited support for Windows Phone 7, MeeGo and bada. Profiles, monitoring, access restriction, acceptable use for selected platforms. Limited control on personal and corporate apps (FAMOC configuration management). User, media and device authentication; password enforcement and device lock; and remote, full and selective wipe for iOS and Android. Auditing, filters access to inappropriate devices, Web filtering on selected platforms. Whitelists/blacklists supported for RIM OS, iOS, Symbian and Windows Mobile 6.x. Antivirus, firewall and mobile VPN are supported. Not available. Rich OTA provisioning, inventory, lockdown hardware. Check memory space, diagnostics and monitory battery life for selected platforms (FAMOC configuration management). Downloader, verification, version detection, software upgrades, OS updates, patches, fixes and updates (FAMOC Application Management). OMA DM (Nokia, Sony Ericsson, Windows Mobile devices), OMA CP, OpenSCEP (Apple), Apple MDM API, BES, SyncML, EAS support. FAMOC is compatible and makes use of BES, Microsoft Exchange Server, Lotus Domino, Microsoft Active Directory, LDAP and Funambol. Support for role-based and group-based access. Single console, business intelligence, analytics and reporting tools available. Help desk and user support. Rich self-service. Device monitoring, file management and remote access control are supported. Limited invoice management, limited contract information. Usage monitoring and alerting (FAMOC Asset Management). On-premises-based; others (managed, SaaS) provided by partners.
4.5 3.7 4.1
Containerization Inventory Management Software Distribution Administration and Reporting
1 4.4 4.5 2.8
3 2 4.3
Return to Top
Fiberlink
Fiberlink's MaaS360 Platform is a pure MDM cloud services offering, for organizations aiming to support both corporate and personal devices. It's a multitenant platform (see Table 6). Existing embedded platforms (BES,
Page 12 of 17
EAS and IBM Lotus Notes Traveler) are included in MaaS360 management via a single "cloud extender" agent that is deployed in the LAN. If device-side APIs are available, then device support beyond BES and EAS is done via API (e.g., Apple MDM protocol). If no device-side MDM API is present, then there is a native agent for that platform (e.g., Android).
Table 6. Critical Capabilities Rating for Fiberlink's MaaS360 Platform (internal v.10.6; service available as of 21 June 2011)
Critical Capabilities Device Diversity Policy Enforcement Product/Service Name and Brief Description Rating
Complete support for BlackBerry, iOS, Android, Symbian, webOS, Windows Mobile 6.x. Limited support for Windows Phone 7. No support for MeeGo. Profiles, monitoring, access restriction. Control access to app store, and control on enterprise applications. Acceptable use policies. Additional policy enforcement for iOS APIs include dynamically changing policy (e.g., restrict VPN) or taking a remediation action (e.g., wipe device), based on device context (e.g., location) or a recent event (e.g., removed SIM); automatic provisioning of policies to devices discovered on corporate email servers. User and device authentication, password enforcement and device lock; remote and total wipe (plus selective wipe for iOS and Android). Local data encryption (only core, no media). Can filter access to inappropriate devices for Symbian only. Whitelists/blacklists supported for iOS and Android. No support for rogue application protection (e.g., application quarantine) or Web filtering. No antivirus or firewall supported. MaaS360 provides mobile VPN as a managed service, and adds MDM profile lockdown for iOS and Android (prohibits users from removing management software). Document distribution and database updates through Apple enterprise application distribution; it provides data leakage prevention within encrypted applications and reporting for audit. Same capabilities provided on Android. OTA provisioning, inventory, lockdown hardware. Check memory space. Diagnostics and monitoring of battery life for iOS and Android. Cross-platform application catalog, software distribution and updates. Integration with BES, EAS and Lotus, with certificate authority. For desktop management, integration with management consoles from IBM, Check Point, Iron Mountain, Lumension Security and others. Other MDM platforms (e.g., MobileIron) can be integrated and controlled from inside MaaS360 to include PC management in the same console. Rich Web console and role-based access. Business intelligence, analytics and reporting tools available. Fiberlink offers a remote control service as part of its 24/7 global help desk at no additional cost. Technicians can take control of a problematic device via SMS and perform user context actions on BlackBerry, Windows Mobile, Symbian and Android. Rich help desk and user support. Self-service support. Device monitoring is supported, but not end-to-end monitoring (extended to BES, Exchange, etc.). Limited troubleshooting support. Roaming detection, automated restrict policy (Wi-Fi, VPN and email). Completely cloud-based model, with pricing per device or per user, and free service up to 25 users. User-based bundled pricing is available for an unlimited number of devices per user at a flat monthly fee.
4.5 3.7
Security and Compliance
2.8
Containerization
4.2 3.5 4.2
2 4
Return to Top
Good Technology
Good for Enterprise is a mobility suite that supports mobile collaboration with strong support for security and management (see Table 7). The main components of the suite include: Good Mobile Control, for MDM; Good Mobile Access, for secure access to corporate data; Good Mobile Messaging, for secure wireless email (see "Critical Capabilities for Enterprise Wireless E-Mail Software"; this document has been archived, and some of its content may not reflect current conditions). Good Technology's MDM and security capabilities are sold as part of the entire mobility suite (i.e., not sold as individual products) and require the adoption of Good Mobile Messaging product for wireless email, including Good's email client. It replaces the email server's native mobile support. Through its native email client, it enforces separation between corporate and personal data; however, many MDM capabilities are available in the email client only. Good Technology provides the strongest implementation of containerization for the email client, on iOS, Android and Symbian devices. It also supports data leakage prevention (e.g., prohibiting the saving of email attachments outside the container).
Page 13 of 17
Table 7. Critical Capabilities Rating for Good Technology's Good for Enterprise v.6.3.1.x
Critical Capabilities Device Diversity Product/Service Name and Brief Description Rating
Support though proprietary email, calendar and contact client, with security and management capabilities (at both the application and device levels) for iOS, Android, Symbian and Windows Mobile 6.x. No support for RIM OS and MeeGo. Mobile OS version detection, profiles, monitoring, access restriction for iOS, Android, Symbian, Windows Mobile 6.x. Detect jailbroken/rooted devices. Filter access to corporate systems to noncompliant devices. Control on personal and corporate apps for supported platforms. Support for acceptable use and audit trail. Does not rely on a local EAS agent on the device for policy implementation, but provides its own policy implementation. Using "whole device" management APIs on iOS, Android, Symbian and Windows Mobile 6.x. Reporting for installed applications, provisioning profiles installed and certificates installed through iOS MDM API will be released later in 2011. Multiple security and compliance features, but these are made available for selected platforms only. User and device authentication, password enforcement, device lock, remote and total wipe, and selective wipe for all supported platforms. Authentication between device and network operations center [NOC], then between NOC and corporate back end. Core encryption for all supported platforms. Media encryption supported for Symbian, Windows Mobile, Palm OS and Android (Dell Streak). Data encryption at rest and in transport (container only). Filter access to inappropriate devices for all supported platforms. Web filtering for all supported platforms. Whitelists for all supported platforms. Blacklists for Symbian and Windows Mobile. No support for rogue application protection (e.g., application quarantine), antivirus, firewall and mobile VPN. Only supports VPN over Wi-Fi on iOS platforms. Other features include device monitoring with coverage history and last message sent/received, NOC-based architecture, and secure browser for intranet access. Clean separation of personal and corporate data, including email, calendar, contacts and attachments. Based on mobile OS sandbox mechanism. Best implementation, with data leakage prevention. Only email and browser client application so far. Main features include: enable/disable download of attachments and block by attachment size/type; disable sync of contacts and/or limit sync of specific fields only; disable cut/copy/paste between personal and corporate data; detect last time connected to corporate data and wipe if exceeds policy; control intranet sites that users have access to via secure browser. OTA provisioning and basic inventory capabilities for all supported platforms. Lockdown hardware, check memory space, diagnostics and monitoring of battery life for selected platforms (Symbian, iOS, Windows Mobile 6.x) Downloader, application verification, updates and patches for all supported platforms. Private app store supported for iOS, Android and Windows Mobile. No integration with EAS, and no support for OMA DM. Integration through Active Directory with third-party management systems and portals. Partnerships with monitoring vendors (e.g., BoxTone). Help desk and user support through portal. Good Technology has monitoring capabilities for the device, but no end-to-end monitoring (extended to BES, Exchange, etc.) and troubleshooting. No BlackBerry support. Not available. On-premises and managed.
3.5
Policy Enforcement
3.5
3.4
Containerization
4.2
Inventory Management Software Distribution Administration and Reporting IT Service Management Network Service Management Delivery Model
3.3
3.3 2.8
1 3.5
Return to Top
McAfee
McAfee is a prominent global security player with strong positions in desktop and laptop antivirus, encryption, and comprehensive endpoint management. McAfee has entered MDM through the 2010 acquisition of Trust Digital. It combines its Enterprise Mobility Management (EMM) platform with security support, and its virus/malware protection software (via the McAfee ePolicy Orchestrator [ePO] console) with other McAfee products (see Table 8).
Table 8. Critical Capabilities Rating for McAfee's EMM

Android, Apple iOS, Nokia S60, webOS, Windows Mobile 5 and 6.x, and Windows Phone 7 are supported. Sets password policies, restricts device features and applications, and requires strong authentication. The combined products of Mobile Security for Enterprise, ePO Integration and compliance sets are needed to enforce and report on compliance, based on device configuration, OS levels, security and jailbroken status. Full and selective wipe. Anti-malware integration with EMM and whitelist/blacklist for Android to be added in future releases. Not available. Provisioning, distribution and configuration OTA and lockdown hardware. Limited feature management: It collects key information about the device, including user, phone number, device ID, device status, device carrier, and application list. No monitoring (e.g., of battery life). Policy-based app distribution, downloader, verification, whitelists/blacklists, version detection, updates. Same centralized visibility and control over the mobile devices on your network as with desktops and laptops. Can configure ePO dashboard for a customized view of devices by platform, domain, and group. Supports LDAP and SQL Server integration. Help desk support. Simple end-user provisioning. Basic self-service portal. Not available yet. Signed TEM partnership agreement. ePO integration planned for 3Q11. On-premises-based software only.
3 3 2.8
Containerization Inventory Management
1 3.4
Software Distribution Administration and Reporting IT Service Management Network Service Management Delivery Model
3 2.8
2.5 1 3
Page 14 of 17
Return to Top
Mobile Active Defense

Mobile Active Defense's Mobile Enterprise Compliance and Security (MECS) provides mobile security and compliance cloud-based services for organizations to support corporate email and other applications on consumer and personal devices, enforcing security and compliance policies. It can integrate with e-mail servers and/or cloud services (including personal accounts). MECS is a clientless, zero-footprint product available onpremises, or as hosted or cloud services. E-mail is delivered through the device's native e-mail client through a secure VPN connection with encrypted data transmission. The mobile security server supports anti-spam and content filtering, controlling any messages that are being synchronized on the devices. It enforces security policies on a personal device connecting to corporate email, preserving regulatory compliance (e.g., with ISO 27001 or HIPAA). Mobile Active Defense extends controls beyond email by forcing all traffic over the VPN from applications to the browser including content filtering, geolocation-based firewall rules, application inspection and remediation, and jailbreak remediation. It is also used in combination with hosted virtual desktop infrastructure (e.g., Citrix Receiver) to provide a secure VPN connection from iPads into the corporate application servers (see Table 9).
Table 9. Critical Capabilities Rating for Mobile Active Defense's MECS Server v.1.1
Complete support for RIM OS, iOS, Android, Symbian and Windows Mobile 6.x. No support for Windows Phone 7, webOS and MeeGo. Mobile OS version detection, profiles, monitoring, access restriction, control on personal and corporate apps, acceptable use, and audit trail. Location-based policy enforcement. User and device authentication, password enforcement and device lock; remote, selective and total wipe. Core and media encryption (except for Windows Phone 7; that is under development), and auditing. Filter access to inappropriate devices and Web filtering, whitelists/blacklists on selected platforms, application quarantine. Antivirus, firewall and mobile VPN supported. Location-based firewall enforcement. Automatic remediation options, including jail break detection, hostile malware behavior and evolving mobile threats. Policy-driven reactions include notification, remote wipe and network disconnect. Not implemented, but personal and corporate content is tagged, and a selective wipe can be applied to corporate content only. OTA provisioning, lockdown hardware, check memory space, diagnostics and monitoring of battery life and inventory for RIM OS, iOS, Android, Symbian and Windows Mobile 6.x. Application downloader, application verification, updates and patches, app store management, private app store support. MECS has an EAS installed on it, and supports OMA DM. It can integrate with third-party management systems. It can generate aggregated access reports with Syslog. Help desk and user support, remote control, and self-service. Device monitoring. Invoice management, contract information. Mobile usage monitoring and alerting. On-premises, managed and cloud services.
4 4 4.6
Containerization Inventory Management Software Distribution Administration and Reporting IT Service Management Network Service Management Delivery Model
2 4.2 4 2.8 3.3 3 4.5
Return to Top
MobileIron
MobileIron launched its product in September 2009, and has seen very quick growth in sales, mind share and market share, outselling most MDM platforms in the past year. Built from the ground up, it is solely focused on mobility management, incorporating the Virtual Smartphone Platform (VSP) architecture to support security, data visibility, application management and access control. It does not provide encryption or VPN capabilities outside of what is provided on the device. MobileIron was one of the first vendors to combine MDM with network service management (see Table 10).
Page 15 of 17
Table 10. Critical Capabilities Rating for MobileIron's VSP

Android, Apple iOS, RIM OS, Nokia S60, webOS, Windows Mobile 6.x and Windows Phone 7 are supported. Detects OS platforms and versions, installed applications, manipulated data, and jailbroken devices. Profiles, monitoring, access restriction to email server. Identifies whitelist/blacklist violations and takes quarantine or other actions. Control on personal and corporate applications. Real-time roaming detection. Automatic group creation: Autogenerates groups based on ownership so IT can easily apply differentiated policies. Password enforcement and device lock, total and selective remote wipe. On iOS devices, selective wipe includes email, Wi-Fi settings, VPN settings and in-house apps. On other platforms, like the BlackBerry, it provides a selective wipe of files (through visibility into the phone's file system, as dictated by the MobileIron privacy policy applied to that phone). Certificate-based authentication, filter server access to noncompliant devices, rogue application protection (e.g., application quarantine) and whitelists/blacklists of apps. Local data encryption not supported if not natively provided by the device. VPN client not provided, but VPN can be remotely configured and secured through certificates. Web filtering, firewall and antivirus not supported. MobileIron Mobility API allows external systems to trigger MobileIron MDM actions through a Web services request. Privacy policy gives granular control over what device data (files, usage, SMS, apps, location, etc.) is monitored by MobileIron. Policies can be set by device or groups of users/devices. OTA provisioning, lockdown hardware, check memory space, diagnostics and monitoring of battery life, and inventory. Ownership designation: Tags each device managed by MobileIron as either employee- or company-owned. Full mobile software management and support. Software and OS updates, patches, and fixes. Private app store. Firmware updates not supported. Prepackaged integration with EAS, LDAP, BES, certificate authorities and email archive systems. Enable integration to multiple systems through the MobileIron API. Provides a list view of all devices under management and all devices accessing enterprise email, and reporting. No prepackaged adaptor for other management consoles/systems, but the platform is designed to integrate with external systems. Integration with IT provisioning and management systems, as well as business intelligence databases, is possible through MobileIron APIs. Help desk, user roles, end-user self-service, monitoring of mobile infrastructure, and troubleshooting/alerting for the mobile device and connections. Wireless Expense Management with Mobile Activity Intelligence gives IT, finance and the end-user a detailed, real-time view of phone usage (voice, SMS and data activity), cost drivers and service quality (e.g., to catch high-cost items, like international roaming and excess usage, as they happen, to control costs). Traditional TEM services, such as contract management and bill analysis, not supported. On-premises and hosted (by partners) in production. SaaS service (MobileIron Connected Cloud).
4.5 4
3.4
Containerization
4.1
3.5 4.2
IT Service Management Network Service Management
3.3 3.1
Delivery Model
Return to Top
Sybase
Afaria is Sybase's MDM and security product, also delivered as cloud services within Sybase Managed Mobility (or as hosted services through partners such as Verizon and Orange). Sybase does not require a proprietary email client, but instead offers integrated secure control over a third-party email solution (for Android, via partner NitroDesk). Afaria provides rich support for software distribution, policy enforcement, inventory management and security. It is one of the oldest MDM products (see Table 11).
Table 11. Critical Capabilities Rating for Sybase's Afaria v.6.6

Support for iOS, Android, Symbian, Windows Mobile 6.x, Windows CE and OMA DM. Partial support for RIM OS. No support for Windows Phone 7, webOS and MeeGo. Afaria Advanced Enterprise Security (AES) for Android adds more than 80 device management policies for Samsung Android devices. Password enforcement and device lock; remote, selective and total wipe for RIM OS, Symbian, iOS, Android and Windows Mobile 6.x. Core and media encryption for Symbian, iOS and Windows Mobile 6.x. User and device authentication, filters access to inappropriate devices, Web filtering, whitelists/blacklists, and application quarantine for limited platforms. Mobile VPN support. Limited support for antivirus and firewall. Support on iOS and Android application portal for enterprise application management. Granular control over files, application configurations and management tasks on devices, so that administrators can only affect corporate data. In iOS and Android, this separation is built on the sandbox; in Windows Mobile, the separation is built on OS hooks. There is no data leakage prevention. OTA provisioning, lockdown hardware, check memory space, diagnostics, monitoring of battery life, and inventory for RIM OS, iOS, Android, Symbian and Windows Mobile 6.x. Application downloader, application verification, updates and patches, app store management. Limited private app store support. Comprehensive set of system APIs that allow database access to collected information from other management products. No integration for BES, Good Technology and EAS. Help desk and user support, remote control, self-service, and device monitoring for RIM OS, Symbian, iOS and Android. Invoice management, and contract information for RIM OS, Symbian, iOS, Android, Windows Mobile 6.x, Windows Phone 7 and OMA DM. Mobile usage monitoring and alerting are under development. On-premises, managed and cloud services.
3.5 4 3.3
Containerization
2.5
Inventory Management Software Distribution Administration and Reporting IT Service Management Network Service Management Delivery Model
3.7 4 3.1 3.3 3.1
4.5
Page 16 of 17
Return to Top
Symantec
Symantec is a prominent global security player with strong positions in desktop and laptop antivirus, encryption, and comprehensive endpoint management. Symantec has offered MDM support in Altiris since 2004. Although Symantec has offered MDM for years, Gartner analysts have not seen evidence of competitive public visibility until recently, and cannot verify a significant presence through our client references. Symantec has successfully obtained all the pieces for a strong MDM platform, but its strong focus on security causes a diminution in understanding of the business and operational requirements for mobile device life cycle management. Symantec integrates its Mobile Endpoint 6.0 solution for security (anti-malware) with its Mobile Management 7.0 offering, which focuses on software, inventory and application management (see Table 12).
Table 12. Critical Capabilities Rating for Symantec Mobile Management 7.0
Android, BlackBerry, Apple iOS, Windows Mobile 6.x are supported. No support for Windows Phone 7 and MeeGo. Symantec Endpoint Protection Mobile Edition 6.x detects OS and versions for supported platforms. Detects installed applications, manipulated data and jail-broken devices, Filters or restricts access to corporate servers for noncompliant devices. Restricts application download. Enforces expense policies. No Web filtering. Password enforcement, device lock, remote wipe, selective remote wipe (e.g., only corporate content), total remote wipe and local data encryption. Certificate-based authentication, Monitoring device and data manipulation on device. Rogue app protection (e.g., application quarantine), firewall, antivirus and mobile VPN. Not currently supported. Moderate number of features supported; varies by platform. Application delivery capabilities with application self-healing, and on-demand or scheduled updating of running applications. Private app store to enable distribution of applications, files, links and media. Software updates, fixes and patches for supported platforms. Integrate Mobile Management with Altiris Client Management Suite to extend Symantec system management capabilities to manage mobile devices. Web console, OTA provisioning, and role- and group-based access. Help desk, user support levels and alerting. Symantec's solution provides these capabilities holistically across all endpoints (mobile, laptop, desktop and server): Mobile management is integrated with endpoint management and security solutions through the Symantec Management Platform. No troubleshooting, but integration with other products is supported. Not available. On-premises-based software.
3.8 3.5
4.1
Containerization Inventory Management Software Distribution Administration and Reporting IT Service Management
1 4.3 3.5
2.2
Network Service Management Delivery Model
1 3
Return to Top
Tangoe
Tangoe is a fast-growing communications life cycle management company with TEM and MDM capabilities. Although the primary revenue source is through TEM, the vendor also has seen the adoption of its MDM platform (acquired from InterNoded) grow during the past 18 months. Tangoe has done a good job of integrating TEM and MDM, and offering MDM as a service, although its offering has not yet matured. The Tangoe Mobile Device Management platform focuses more on security compliance and policy management, versus adding encryption for the content or authentication for the device. Tangoe's MDM solution is typically sold in a bundle with TEM services, and is delivered in multiple ways: as SaaS or behind the firewall, hosted or as a managed service (see Table 13).
Table 13. Critical Capabilities Rating for Tangoe's Mobile Device Manager v.5.2.11.1
Critical Capabilities Device Diversity Policy Enforcement Security and Compliance Containerization Inventory Management Software Distribution Administration and Reporting IT Service Management Network Service Management Delivery Model Product/Service Name and Brief Description Android, BlackBerry, Apple iOS, webOS, Windows Mobile 6.x., Symbian, Windows Phone 7 and Gobi 2000 are supported. Supports applying any EAS policy. The limitations are based on the device's OS and manufacturer. Role-based policy management. Provides a granular role-based security model that can restrict all components and actions within MDM. Not available. Mobile Device Manager supports the full features of inventory management. Deploys or removes corporate applications, and provides a private app store. Support for updates, patches and fixes. A central management console delivers real-time statistics across devices, platforms and domains, managing all stages of deployment. Integrates with BES, Good Mobile Messaging and EAS. Help desk and user support. Support for a self-service portal and device monitoring of applications, SMS, and voice and data activity against carrier plans. Specialized capabilities on TEM (e.g., ordering, provisioning and expense management for simpler phones). On-premises-based software and managed services. Rating 4.4 4 3.1 1 4.5 2.7 3.6
2.7 4.2 4
Return to Top
Page 17 of 17
Zenprise
Zenprise's Mobile Manager is one of the more innovative platforms available, combining a strong mobile VPN solution with the use of location-based technologies. It has a clear interface and solid reporting capability. It is a small company focused on MDM. It recently acquired Sparus Software, a small, French security and MDM company, to better support mobile security and encryption (see Table 14).
Table 14. Critical Capabilities Rating for Zenprise's Mobile Manager

Android, BlackBerry, Apple iOS, webOS, Windows Mobile 6.x. and Windows Phone 7 are supported. Zenprise Security Manage provides a smartphone audit feature to enforce compliance with corporate policies. Ensures that all smartphones are running only the latest software patches and firmware. Policy and password enforcement, and content encryption. Zenprise Security manager tracks policies applied to the device, and identifies missing or removed policies. Provides detailed reports of potential security problems. Zenprise Mobile Manager includes four layers of security operating at device, application and network tiers, providing end-to-end security: Dynamic Defense (device security), AppTunnel (application security), Secure Mobile Gateway (controls access to corporate networks, application quarantine) and Mobile Network Intelligence (enterprise wireless network traffic). IFIPS compliance certification process is ongoing. Not available. Zenprise Device Manager provides visibility and control of end users' smartphones. Offers remote control capabilities to troubleshoot smartphone problems. Private app store for users' application discovery, and for IT administrators to silently configure and provision enterprise applications on smartphones and tablets. Software updates, patches and fixes for selected platforms; backup/restore, background synchronization and file distributions. Dashboard displays version, configuration and memory use information for mobile applications across all connected devices. Unified Web console, and role-based and group-based access. Remote control (real time or permission-based) for BlackBerry, Windows Mobile and Android, including the ability to initiate chat and voice over Internet Protocol between the administrator and user, or to remotely view and kill processes running on the devices. Offers more than 50 performance reports to aid in your infrastructure planning. Offers profiles of real-time and historical performance of BES, Exchange, EAS, Active Directory and SQL servers. Integrates with Remedy, Microsoft Systems Center, IBM Tivoli, HP OpenView and BMC Patrol Zenprise Expense Manager offers smartphone security audits that help avoid costly litigation or compliance lapses. Zenprise offers network service management consistent with the described criteria features. Primarily on-premises-based software.
4.7 4
4.4
Containerization Inventory Management Software Distribution
1 4.4 3.7
Administration and Reporting
3.8
4.3 3 4
Return to Top

Critical Capabilities For Mobile Device Management

Transféré par

Informations du document

Description originale:

Titre original

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

Critical Capabilities For Mobile Device Management

Transféré par

Droits d'auteur :

Formats disponibles

Critical Capabilities for Mobile Device Management