MDM Policies Could Make You Feel Like a 5th Grader on iOS

Apple recently released its iOS 9.3 update which will add new features for enterprise mobility management (EMM) vendors to control the look and feel of Apple iOS devices with mobile device management (MDM) profiles. 

The primary purpose of these capabilities are for the education vertical where shared devices can focus students on classroom materials. That said, with Apple’s dominant role in the enterprise, these same capabilities can and will be applied to adults in the enterprise who use their smartphones to be more productive. 

Where these new policies are put in place by organizations using MDM, there will be significant pushback by employees. A large percentage of mobile workers own their devices (BYOD) and will refuse to allow IT to implement these policies. Even for the vast majority of corporate owned devices, these policies would be seen as too draconian. 

In a recent survey, 40 percent of IT security administrators said they don’t subject their own devices to the same policies that they push down with MDM.

- Enable / Disable Apps: Device admins can control the apps that are available on an iOS device. 

- Home Screen Layout Control: MDM can determine the layout of apps, folders, and bookmarks on the home screen. 

- Notification Settings: MDM can control which app notifications a user will and won’t see. MDM can mandate the use of banners, alerts, app badges (think: # of unread emails), and sounds.

We’re a society that’s addicted to our smartphones and our control over personalizing them – constantly waiting for that next notification. Notifications of events in both work and personal life. The speed of business has increased rapidly due to employees carrying ever more powerful computers with them everywhere. 

When was the last time you left home without your smartphone? The magic of mobility comes from users wanting to carry that device everywhere. Using the device as a primary tool to collaborate with colleagues and reacting quickly to customer needs – while at the same time remaining connected to our personal lives. 

There is a tradeoff users are willing to make: I’ll keep in touch with work as long as I’m not missing a message from loved ones. Upset that balance and the magic of mobile starts to disappear. Users will begin to check their phones less frequently, start leaving that device at work, or in the end not using the device at all. Lock down a device too much and it becomes an expensive, internet connected brick. 

While many organizations that want a high degree of control over mobile devices have stringent requirements for meeting industry or government regulations, there is another way to secure mobile beyond locking down devices. Security at the app layer can provide controls that can maintain the magic in mobile, keeping users interested in carrying that device with them everywhere. Lock down the apps without locking down the user.

For the broad audience of organizations, many of these capabilities that lock down the device won’t make it past the checkbox stage in RFPs. They will be security capabilities that are seen as necessary to evaluate a management tool, but will fail at the implementation stage. 

There is a precedent when it comes to locking down devices. BlackBerry’s strong uptake in the enterprise came from the high degree of security it offered with devices that were secure because of what they didn’t do, more than what they could do. But when it came to BlackBerry deployments, many of security capabilities were turned off or not mandated by IT because they negatively impacted user experience. 

The massive adoption of iPhone in the enterprise came from pent up demand from those wanting for a better mobile experience where users could customize their devices to help them be productive. An experience that is powered in large part by a broad set of personal and business focused applications. 

There will be some regulated environments that will leverage these capabilities, but for the broader market, these MDM polices go too far. In the end the broader audience of mobile users in the enterprise will see these controls driven by MDM as too restrictive, and will reduce their willingness to carry mobile devices and so rely less on these devices to be productive. 

For education - mobilizing classrooms with shared devices is a good thing. But for the enterprise – treating employees like a 5th grader is not a good approach to security. In some cases, security goals will be achieved, but in large part it comes from reducing a device’s use (fullness).