back to the AppSense blog
Posted by on November 13, 2013 | Data, General, Mobile Management | 2 comments

Folks, if you landed here directly then please start from the opening blog that sets the stage and then c’mon back. In this episode of iOS 7 in enterprises: Just Add Enterprise Mobility Management Solution, I am going to discuss the “Managed Open In” or “Open in Management” feature of iOS 7.

mobile application management, mdm, byod

Now, here’s how Apple has defined the “Open in Management” feature – “Protect corporate data by controlling which apps and accounts are used to open documents and attachments. Managed open in gives IT the ability to configure the list of apps available in the sharing panel. This keeps work documents in corporate apps and also prevents personal documents from being opened in managed apps.”

This is a very good start in isolating business from personal. However, keeping with the reality that “there’s more than meets the eye”, here’s the whole scoop. This feature, without any support from any Enterprise Mobility Management (EMM) solution, is not going to get what you think it would. Why do I say that?

Something > Nothing

The Good: If you absolutely did not have  any way to limit data loss, this feature comes as a breath of fresh air. It clearly puts more power into your hands, Mr. IT, by enabling you to limit where work documents could be opened.

The Bad: However, notice that I used the word “limit” and not “prevent” for data loss. While Open In Management restricts the number of apps in which an attachment or a document can be opened, it can not restrict the sharing of data through copy/paste functions, AirDrop and peer to peer sharing from within trusted apps into any unmanaged app. Furthermore, once data is shared with a managed application, Open in Management cannot restrict further sharing of data via social media sharing capabilities embedded within those managed applications.

Get your Mobile Application Management (MAM) for nothing with the baggage of Mobile Device Management (MDM)

The Good: You got a MAMish feature for free from Apple. Can’t beat that!

The Bad: Open In Management policy is set via an MDM server. Thus, in order to limit data loss, an enterprise would need an MDM server to enforce this restriction. Suddenly, it feels as if you are walking backwards. Isn’t it? You should not have to install an MDM server for setting and enforcing a MAM policy.


The Good: Files shared among managed applications are secured with device level encryption provided by iOS 7.

The Bad: Funny, the same sentence could scream “problem” for some. Files shared among managed applications are secured with device level encryption provided by iOS 7. We all know it – there are better ways (aka per app, AES256) to encrypt business data on a mobile device. Let’s just keep it at that.

Big Hat, No Cattle

The Good: All those MDM vendors have acquired rights to market themselves as MAM players. In fact, they are acting a little cockier these days.

The Bad: This has created a big confusion in the minds of enterprise IT buyers. Suddenly, there are more vendors claiming to be focused on app and data security! When put in PoC, they fail to deliver.


As I had mentioned earlier, my blog would not be complete if I did not bring to light MobileNow’s approach.  The bottom-line is – MobileNow’s MAM policies deliver higher levels of security and control than what is offered by the Open In Management feature of iOS 7. Specifically,

  • Data loss prevention:  Note that I am using the word prevent and not limit. MobileNow offers one of the most granular data sharing policies at individual app level. With MobileNow, IT administrator can set per-app MAM policy to control.
    • Data copy out from a MobileNow-wrapped application
    • Data copy into a MobileNow-wrapped application
    • File sharing out from a MobileNow-wrapped application
    • File sharing into a MobileNow-wrapped application
  • No Reliance on an MDM server:  MobileNow does not rely on an MDM server for data loss prevention at the app level. These are MAM policies set by IT on per-app basis.
  • Data encryption:  MobileNow does not rely on device level encryption. All business data is fully encrypted with military-grade AES256 encryption at all times and at user and application level.

Convinced? Not yet? In either case, I would like you to put us to test. Sign up for your free trial today and ping me if you have any queries.

In addition, for all you EMM and BYOD enthusiasts, here is a TechTarget authored whitepaper that discusses things to look for in an Enterprise Mobility Management solution.

Stay tuned for another equally juicy topic coming up next week.

About Mittal Parekh

Mittal Parekh is the Director of Product Marketing for Enterprise Mobility at AppSense. Mittal brings more than 15 years of experience in Product Marketing, Product Management and Engineering. Mittal has received a Bachelor of Science in Computer Science from VJTI, India, a Masters In Computer Science from Ball State University and an MBA from The Johnson School at Cornell University.


  • Merrick Keenworth December 11th, 2013

    Thanks for the post. I liked how you hit the good and bad for each point. The one thing I know about MAM for sure is that it is a moving target. It is going to be interesting to see how it all evolves over the next few years.

  • Sridhar Suram March 6th, 2014

    HI Ryan Fass, I have few question could you please clarify me?

    How we can treat the apps as “Managed APPS”? Does it mean all the pushed apps from our server should be sign by our profiles? If i am pushing an app from a different profiles then those will be treated as Managed apps or not?

    Per App VPN will be applicable for Managed APPS only?

    Let say I Pushed Applications A and B as a Managed Open app from my server. And from another server some one pushed 2 application C and D as a Managed Open app. In this case, A can interact with C& D?

Post a Comment

Your email address will not be published.