Skip Links

Clear Choice Test

Mobile device management

Introduction | Test methodology
Scorecard | Test archive

How to protect smartphones and tablets

New tools tame Apple iOS, Android, Blackberry devices and more

By Tom Henderson and Brendan Allen, Network World
May 23, 2011 12:03 AM ET

Network World - Managing mobile devices entails a level of complexity unheard of in the traditional enterprise world of Windows desktops. MDM software needs to control devices from multiple manufacturers, running different versions of as many as five operating systems, tied to carrier networks with their own particular constraints.

This makes mobile device management a tough battle, but one that IT execs need to take on because mobile device users can lose important company data, potentially increase personal and organizational liability, and compromise systems security at levels that will frighten even the most jaded of IT administrators.

We set up a comprehensive test that included eight mobile devices, four operating systems, two service providers and five mobile management vendors (see How We Did It).

Fiberlink's MaaS360 is our Clear Choice Winner, based on its strong overall performance, particularly its ease of use. But the competition was tough. McAfee's Enterprise Mobility Manager delivered excellent security features. Tangoe's MDM displayed a strong methodology for managing fleets of devices. Sybase Afaria supported a huge list of devices, but was difficult to configure and use.

We tried WaveLink's MDM offering, but it was incomplete in most smartphone operating system coverage and still mostly in beta at deadline time (see sidebar).

We also invited MobileIron, Symantec, Novell and BoxTone, none of which could summon resources. Apple declined to "support the review,'' but we obtained our own Apple testing resources. We asked Verizon, T-Mobile and Research in Motion for assistance with the test, and RIM was the only vendor of the three that helped out.

MDM Basics

Mobile device management tools use agents to control end user devices in the classic client/server model. Agents can be specific to the operating system version (and vendor) or use Microsoft's ActiveSync or an API-compatible version, like NotifySync.

Since mobile devices can be cracked, via rooting (Android OS) or jailbreaking (Apple iOS), MDM tools should be able to detect whether that has occurred. In our testing, Fiberlink and McAfee were able to detect that a device had been cracked and then blocked the cracked device. Fiberlink's MaaS360 went one step further and tried to remediate the nature of the crack.

This is important since device administration is done by agent control, and with a cracked device the end user has gained control. You want to be able to thwart those efforts to change settings and policies.

Unlike the traditional desktop world, where agents are pushed to the end user from a management console, agent installation can take many forms. Some devices come with the agent already installed (example: a phone already has Microsoft's ActiveSync or equivalent); sometimes the end user has to go to an "app-store" and download the agent, and sometimes there's simply a link to an MDM management server URL.

Devices may also be connected via Wi-Fi, instead of a telecom carrier, and we tested both ways, where meaningful.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News