Mobile Application Management (MAM) is a set of software solutions that enables administrators to securely deploy and manage mobile applications on corporate and personal smartphones and tablets.
Unlike Mobile Device Management (MDM), MAM solutions focus on distributing and managing apps to authorized users, such as employees, business partners and even customers in a simple, self-service manner.
Mobile Application Management allows you to distribute and manage apps without having to manage the entire device.
Key points to understand MAM
With Mobile Application Management, IT administrators can apply management and policy control functionality to individual apps that are then delivered through enterprise app stores and managed locally on devices via an Enterprise Mobility Management (EMM) provider console.
A centralized dashboard allows administrators to manage corporate app life-cycles:
- Enterprise app store: typically offered as a web portal or native app, an app store facilitates self-service deployments. It helps monitor and control the entire application life cycle -- including app delivery, usage tracking, removing outdated apps and controlling which versions workers use. IT can also secure apps and oversee issues related to compliance, data governance, bulk purchasing and licensing. The store can be branded to support communications with customers and partners, and also provides a forum for user feedback and quality control.
- Application security: IT can remotely implement and modify security policies that enforce compliance and data loss prevention on any device, including:
- Deployment and update of custom and public app store apps.
- Management of associated app licenses, including support of volume business licenses, such as Apple’s Volume Purchase Program (VPP).
- Ability to identify or tag “managed” enterprise apps (vs. personal apps in BYOD use cases).
- Selective wipe of apps and sensitive data from mobile devices.
- Enforcement of management and security policies: MAM offers granular controls to limit the sharing of corporate data among apps:
- Conditional launch or access – i.e. device in approved state, no jailbreak or rooting detected, no upgrade available, access rights check.
- Initiation of per-app VPN connections on app launches.
- Encryption of app data at rest, in use, or in motion.
- Restrictions on “open in” and similar app data exchange to managed (enterprise) apps only.
- Cut/copy/paste restrictions.
MAM and MDM
Delivering and maintaining corporate mobile apps clearly appears as a key topics for companies as of today.
A number of best practices have emerged to answer needs from both companies and user expectations.
There are several cases when standalone Mobile Application Management prevails over Mobile Device Management, such as:
- Enterprise BYOD: Different device and OS makers provide different levels of MDM access, making implementation complex for administrators and BYOD end-users. What’s more, users typically don’t update their devices regularly, which can cause OS fragmentation with multiple versions. Managing those devices across the enterprise can be time- consuming, and tax the resources of today’s overworked IT departments.
- Rapid app deployments: the need to quickly deliver mobile apps with a short time span and a high rate of change accelerates development cycles. These cycles, however, can require time-consuming prototyping and beta testing on large numbers or types of devices at the programming, testing and operations phases. A MDM also adds several admin layers which delay app deployments and updates to end-users.
- Privacy concerns can reduce adoption rates to as low as 25%. Typically, workers may worry that their company will have inappropriate access to their financial and health data, as well as personal photographs, videos, contacts, and other information. When an IT administrator erases corporate data from a device using MDM controls, an employee may also lose his or her personal contacts, apps, and preference settings.
- Deployments to partners: While it is understandable that corporate-owned assets need to be managed, it is very unlikely that devices owned by partners or contractors allow the use of MDM controls. Also, there may be technical limitations as only a single MDM profile can be installed on a device and managed by the direct employer.