Mobile device management has become an essential part of
businesses. Even if it’s not yet been
implemented, one can’t help but to see the presence of MDM as a pillar of IT
that isn’t going away any time soon. But
MDM has always been limited, to the exposed functionality of the MDM API
provided by the manufacturer. In iOS, if
Apple doesn’t want to allow administrators to perform a specific action, MDM
providers are unable to provide it. Up
until recently, this was also the case with the public-facing app-store
applications. But as time goes on,
additional functionality is added, and over the past few months most major MDM
providers have added “App Wrapping.”
App wrapping involves taking publicly available app-store
applications and “wrapping” them in additional policies. This allows us (the administrators)
significantly more granularity in the application of mobile policies, opening
up a scope of options that was never before presented. The following list represents a few pieces of
functionality that might be presented, depending on the MDM solution enlisted
- Block access to the application if the device is jailbroken, not the entire
device
- Require a PIN to launch the application
- Disallow launching the application when the device is offline
- Require VPN to use the application
So with this new functionality, a new world of granular
policy is opened, allowing more functionality for modern-day workflows.
For instance, in a BYOD scenario, users may not necessarily
need to have their entire device password-protected if only a subset of the
applications installed is used for corporate purposes. Administrators can restrict copy and paste,
data encryption and memory space of company applications in order to protect
corporate data on non-company owned devices, without applying policies to the
entire device. In the case of a third-party mail client (as
opposed to the native mail app), these options become even more enticing.
As mentioned, the one downside is that this granularity
doesn’t apply to native apps (i.e. – E-mail), but does for third party
applications, including app-store apps and in-house developed applications.
These functions open a world of BYOD opportunity, with
policy maintained and audited within the MDM system. Using these techniques, companies are able to
overcome some of the legacy challenges of BYOD, through the true isolation of
corporate applications from personal apps in a controlled way.
It wouldn’t surprise me to see this functionality eclipse
current MDM functionality over the next months/years.
Labels: App Wrapping, MAM, MDM