Folks, if you landed here directly then please start from the opening blog that sets the stage and then c’mon back. In this episode of iOS 7 in enterprises: Just Add Enterprise Mobility Management Solution, I am going to discuss the “Managed Open In” or “Open in Management” feature of iOS 7.
Now, here’s how Apple has defined the “Open in Management” feature – “Protect corporate data by controlling which apps and accounts are used to open documents and attachments. Managed open in gives IT the ability to configure the list of apps available in the sharing panel. This keeps work documents in corporate apps and also prevents personal documents from being opened in managed apps.”
This is a very good start in isolating business from personal. However, keeping with the reality that “there’s more than meets the eye”, here’s the whole scoop. This feature, without any support from any Enterprise Mobility Management (EMM) solution, is not going to get what you think it would. Why do I say that?
Something > Nothing
The Good: If you absolutely did not have any way to limit data loss, this feature comes as a breath of fresh air. It clearly puts more power into your hands, Mr. IT, by enabling you to limit where work documents could be opened.
The Bad: However, notice that I used the word “limit” and not “prevent” for data loss. While Open In Management restricts the number of apps in which an attachment or a document can be opened, it can not restrict the sharing of data through copy/paste functions, AirDrop and peer to peer sharing from within trusted apps into any unmanaged app. Furthermore, once data is shared with a managed application, Open in Management cannot restrict further sharing of data via social media sharing capabilities embedded within those managed applications.
Get your Mobile Application Management (MAM) for nothing with the baggage of Mobile Device Management (MDM)
The Good: You got a MAMish feature for free from Apple. Can’t beat that!
The Bad: Open In Management policy is set via an MDM server. Thus, in order to limit data loss, an enterprise would need an MDM server to enforce this restriction. Suddenly, it feels as if you are walking backwards. Isn’t it? You should not have to install an MDM server for setting and enforcing a MAM policy.
The Good: Files shared among managed applications are secured with device level encryption provided by iOS 7.
The Bad: Funny, the same sentence could scream “problem” for some. Files shared among managed applications are secured with device level encryption provided by iOS 7. We all know it – there are better ways (aka per app, AES256) to encrypt business data on a mobile device. Let’s just keep it at that.
Big Hat, No Cattle
The Good: All those MDM vendors have acquired rights to market themselves as MAM players. In fact, they are acting a little cockier these days.
The Bad: This has created a big confusion in the minds of enterprise IT buyers. Suddenly, there are more vendors claiming to be focused on app and data security! When put in PoC, they fail to deliver.
As I had mentioned earlier, my blog would not be complete if I did not bring to light MobileNow’s approach. The bottom-line is – MobileNow’s MAM policies deliver higher levels of security and control than what is offered by the Open In Management feature of iOS 7. Specifically,
- Data loss prevention: Note that I am using the word prevent and not limit. MobileNow offers one of the most granular data sharing policies at individual app level. With MobileNow, IT administrator can set per-app MAM policy to control.
- Data copy out from a MobileNow-wrapped application
- Data copy into a MobileNow-wrapped application
- File sharing out from a MobileNow-wrapped application
- File sharing into a MobileNow-wrapped application
- No Reliance on an MDM server: MobileNow does not rely on an MDM server for data loss prevention at the app level. These are MAM policies set by IT on per-app basis.
- Data encryption: MobileNow does not rely on device level encryption. All business data is fully encrypted with military-grade AES256 encryption at all times and at user and application level.
Convinced? Not yet? In either case, I would like you to put us to test. Sign up for your free trial today and ping me if you have any queries.
In addition, for all you EMM and BYOD enthusiasts, here is a TechTarget authored whitepaper that discusses things to look for in an Enterprise Mobility Management solution.
Stay tuned for another equally juicy topic coming up next week.