mobile device management - buyer's guide

8/13/2019 Mobile Device Management - Buyer's Guide

1/40

November 20 11 $ 99

Report ID: R3311111

Next

reports

Mobile Device

ManagementBuyers GuideAs a greater variety of smartphones and tablets tap into corporate

resources, IT must have a strategy for security, access control and

management. Our buyers guide helps you make the right call on

mobile device management tools.

By Jim Rapoza

reports. informationweek.com
http://reports.informationweek.com/http://reports.informationweek.com/http://reports.informationweek.com/http://reports.informationweek.com/http://reports.informationweek.com/


2/40

Previous Next

reports

reports.informationweek.com Mont

CO

NTENTS

TABLE OF

3 Authors Bio

4 Executive Summary

5 Mobile Madness

6 Knowing the Platforms

7 Security

8 Administration

9 Under Control

14 Related Reports

Figures

5 Figure 1: Preferred Mobile Operating System

6 Figure 2: Smartphone Policy

7 Figure 3: Access to Company Resources via

Personal Mobile Devices

8 Figure 4: Securing End User Devices

9 Figure 5: Organizational Approach to

Consumer-Centric Technology

11 Figure 6: MDM Administration Features

12 Figure 7: MDM Platform and Reporting

Features

13 Figure 8: MDM Security Features

ABOUT US

InformationWeek Reports analysts arm

business technology decision-makerswith real-world perspective based on

qualitative and quantitative research,

business and technology assessment

and planning tools, and adoption best

practices gleaned from experience. To

contact us, write to managing director

Art Wittmann at [email protected],

content director Lorna Garey at

[email protected],editor-at-large

Andrew Conry-Murray at acmurray@tech-

web.com, and research

managing editor Heather Vallis at

[email protected] all of our

reports at reports.informationweek.com

M D M B u y e r s G
http://reports.informationweek.com/http://reports.informationweek.com/http://reports.informationweek.com/http://reports.informationweek.com/http://reports.informationweek.com/http://reports.informationweek.com/


3/40

Novembe

Previous Next

2011 InformationWeek, Reproduction Prohibited

reports

eports.informationweek.com

M D M B u y e r s GTable of Contents

Jim Rapoza is an editor for Network Computing and a contributor to Informa-

tionWeek Reports. He has been using, testing and writing about the newest

technologies in software, enterprise hardware and the Internet for more than

17 years. He served as the director of an award-winning technology testing labbased in Massachusetts and California. Rapoza is also the winner of five awards

of excellence in technology journalism and he was the co-chair of a summit on

technology industry security practices. He is a frequent speaker at technology

conferences and expositions and has been regularly interviewed as a technol-

ogy security expert by national and local media outlets including CNN, ABC,

NPR and the Associated Press.

Jim Rapoza

InformationWeek Reports
http://prevpage/http://reports.informationweek.com/http://reports.informationweek.com/http://reports.informationweek.com/http://reports.informationweek.com/http://reports.informationweek.com/http://reports.informationweek.com/http://prevpage/


4/40


5/40


6/40

Novembe

bilities available from their platforms. We as-

sembled this guide from questionnaires sent

to a large portion of the vendors in the mar-

ket. We received 10 detailed responses.

This bu yer s guid e us es th e vend or re -

sponses and our own analysis to help IT de-

fine an MDM strategy and offer guidelineswhen choosing an MDM product. We also

provide a detailed features chart for the 10 re-

spondents. While some features, such as com-

pany directory integration and remote wipe,

cut across all of the products, there are many

areas of differentiation among the vendors.

Finding the right MDM solution means

matching your company needs with the right

product capabilities. Weve also made the

vendors completed questionnaires available

for download.

Knowing the Platforms

The first question to ask when looking at an

MDM system is What type of mobile devices

and platforms do you want and need to man-

age? Will your business require a product

that has broad support for various Android

versions, Apple, BlackBerry and Windows mo-

bile devices? Or are you one of those lucky

few companies that standardized on one sin-

gle mobile OS? Its likely to be the former

rather than the later at most organizations.

According to a recent IT Pro Ranking survey

about mobile OSes, IT professionals chose Ap-

ple iOS and Android phone OS as their pre-

ferred platforms. Given the presence tha

has already established in the enterprise,

mobile environments are likely going to

mix of platforms.

Two vendors in our buyers guide, Abs

Software and JAMF Software, currently

support Apple iOS. Absolute plans to add

droid support in the near future. The o

Previous Next

FAST FACT

7%Survey respondents

whose companies dont

ssue or support any

smartphones


reports M D M B u y e r s GTable of Contents

Which of the following best describes your organizations formal or informal policy on smartphones?

35%27%

7%

8% 18%

5%

Smartphone Policy

Base: 595 respondents at organizations using or evaluating mobile operating systems for smartphones

Data: InformationWeek Mobile OS Vendor Evaluation Survey of 651 business technology professionals, May 2011

R2900

The organization issues a

preferred smartphone, butwill support a personal device

The organization lets userschoose any smartphone, butowns and supports the phone

The organization issues smartphones to

users; personal devices are not supported

We dont issue or support smartphones, butemployees still use personal devices for work

The organization supports anypersonal smartphone type

The organization supports a limitednumber of personal smartphone types

ohich of the fW

tphomarS

personal deusers;

ganizahe orT

our ores yibest descrwing bollo

yolice P

edte not supporvices arpersonal de

otphones ttion issues smarganiza

mal pmal or infftionganizaour or tphones?y on smarolicmal p

vicet a personal dewill supporbut,tphoneed smarrrefpr

tion issues aganizahe orT

vice

ees still use personal deyemplot issue or suppore donW

orkor wvices fees still use personal debut,tphonest smart issue or suppor

ypetphone tpersonal smarts antion supporganizahe orT

number of personal smarhe orT

ypeyts an

vicet a personal dewill suppor

ts the phonewns and supporob,tphoney smarchoose an

tion lets usersganizahe orT

ypestphone tnumber of personal smaredts a limittion supporganizahe or

vice

ts the phonebut

tion lets users

ypes

InformationWData:

espondents at organizations using or evaluating mobile operating systems for smartphonesBase: 595 r

ndor Evaluation SMobile OS Vek

espondents at organizations using or evaluating mobile operating systems for smartphones

ypetphone tpersonal smar

vey of 651 business technology prendor Evaluation Sur


number of personal smarype

May 2011ofessionals,vey of 651 business technology pr


ypestphone tnumber of personal smar

R2900

ypes

Figure 2


7/40

Novembe

MDM vendors support multiple mobile oper-

ating systems, but buyers need to realize this

does not mean the same capabilities can be

applied across all of the mobile platforms you

need to manage. For example, a product may

support full disk encryption and encrypted

folders on Android, but only full disk encryp-tion on iOS.

Security

While these are called mobile device man-

agement products, they could easily be re-

ferred to as mobile security systems. One of

the biggest forces driving companies to con-

sider these products is the potential risk of

data loss, particularly if a phone or tablet is

misplaced or stolen. Organizations also need

to control access to corporate resources from

smartphones and tablets.

When it comes to finding a lost or stolen de-

vice, nearly all of the MDM products use ge-

olocation to pinpoint the whereabouts

(which is great for determining if the phone

or tablet has just been misplaced or if it is

speeding away). If the device cant be recov-

ered, the last defense to protect sensitive data

is a remote wipe, which cleans all of the data

off the device. All of the products in our sur-

vey had remote wipe capabilities. Several,

such as AirWatch and Sybases Afaria, can also

do selective wipes. This gives IT the option to

only destroy company data and access mech-

anisms, such as email, leaving the rest of the

personal data on the device untouched. T

a useful level of granularity in an era w

employees are bringing their own sm

phones and tablets into the office.

The other way to protect data on a m

device is to encrypt it, so even if the dev

lost, sensitive data is still secure. RIMs B

Berry and Apples iOS have built-in encry

Previous Next



63%

37%

Do you allow employees to access company resources with their personally owned mobile devices and/or tablets?

Access to Company Resources ia Personal Mobile Devices

Data: InformationWeek OS Wars Survey of 441 business technology professionals, May 2011 R2890

No

Yes

w emploou alloo yD

o Cccess tAy rompaness co accees tyw emplo

icesy Resourompan

s

ersonally oes with their pcesoury r

rsonal Mobile Dea Pes and/or tablets?vicwned mobile deersonally o

viceses and/or tablets?

No

InformationWData: vey of 441 business technology prrs SurOS Wek ofessionals, May 2011vey of 441 business technology professionals, May 2011 R2890

Figure 3


8/40

Novembe

optionstheres no need for third-party soft-

ware. Full disk encryption is also possible with

Android, but only from an MDM product.

Some products offer folder-level encryption,

including AirWatch, Fiberlink Communica-

tions and Zenprise. Absolute Software sup-

ports folder-level encryption on iOS devices.As with selective wipe, folder-level encryption

is a welcome feature when dealing with em-

ployee-owned devices. It lets IT create a pro-

tected space for corporate data and encour-

ages users to segregate personal and

business information.

Administration

While security is clearly an important aspect

of MDM products, youd expect the system

management features to be similarly extensive.

However, at least when comparing these prod-

ucts to classic PC management systems, the

MDM products often come up a little short.

One bread-and-butter feature of any sys-

tems management product is its ability to in-

stall, update and remove applications, and to

remotely patch and update the operating

system. However, MDM products have limita-

tions in this area, particularly around apps.

This can be problematic: Just because an app

is on the market doesnt mean its safe

(though Apples gatekeeping does a good

job of preve nting malici ous soft ware from

getting into its app store).

However, eight of the 10 vendors in our

buyers guide offer whitelists and blacklists of

approved apps, and can stop blacklisted

from accessing corporate resources. T

typically done through a form of network

icy enforcement. In the same way that a

pany can define access to email or an H

tranet by setting policies for appro

connections (Are you on the network or

Do you have the proper access rights

your user login? and so on), they can a

Previous Next



How do you ensure security of end user devices that may contain company data?

Securing End User Devices

End user education regarding device-specific security awareness

Written policies in place governing use, no technology enforcement

Technology enforcement of polices, such as NAC, remote wipe, mandatory lock

We rely on employees common sense

Require encryption of any data at rest on the device

Other

Note: Multiple responses allowed

Data: InformationWeek2011 End User Device Management Survey of 551 business technology professionals, February 2011

R2110

68

62%

50%

48%

37%

1%

Figure 4
http://prevpage/http://nextpage/http://reports.informationweek.com/http://reports.informationweek.com/http://reports.informationweek.com/http://reports.informationweek.com/http://reports.informationweek.com/http://reports.informationweek.com/http://prevpage/http://nextpage/


9/40

Novembe

this type of control on a mobile device.

When it comes to in-house mobile apps,

many MDM vendors offer internal app stores

that let IT distribute and update corporate apps

and allow users to browse for approved apps.

Inventory tracking is another core systems

management requirement. All the MDM ven-dors offer some form of inventory tracking, but

their capabilities vary. Some are highly detailed,

showing every bit of information on device, OS,

apps and usage history. Others provide basic

hardware inventory lists. Another valuable fea-

ture lets IT set alerts around or prevent specific

types of expensive mobile usage, such as

roaming or exceeding a bandwidth cap.

MDM products come in a variety of deploy-

ment options. As with traditional desktop and

laptop management, the MDM products need

to touch the device, either with a full client or

lightweight agent. A central management plat-

form collects data from the agents and lets ad-

ministrators monitor the devices, push out poli-

cies, update software and more. Some vendors

in our buyers guide, such as Sybase, offer the

choice of either on-premises software for the

management platform or a SaaS version thats

hosted off site. Fiberlink Communications is

SaaS-only, while Absolute Software, Odyssey

Software and Symantec only offer premises-

based software.

Starting prices range from as low as $9.95 per

device up to $85 per device annually. Pricing

may change based on volume and feature set.

Some vendors offer monthly or annual

The monthly option will help reduce the

expense but may cost more in the long te

Under Control

IT has wrestled with the issue of mo

computing since laptops became the de

compute platform for most enterprise w

Previous Next

FAST FACT

16%Companies with strict

consumer device policies



29%

13%

16%

19%

23%

What is your organizations general approach as it relates to consumer-centric new technology such as the iPad?

Organizational Approach to Consumer-Centric Technology

Data: InformationWeek2011 End User Device Management Survey of 551 business technology professionals, February 2011 R2110

Proactive; we treat it like any new technologydevelopment and IT explores whether we canleverage within our enterprise

Strict; we have policies regarding newdevices and expect everyone to follow them

Resistant; any new device needs tomeet our design and security standards

before its even considered for a test

Neutral; we dont actively test or lookat new devices, but were willing to listenif someone makes a suggestion or request

Accepting; we let employeesuse them if they see value

Figure 5
http://prevpage/http://reports.informationweek.com/http://reports.informationweek.com/http://reports.informationweek.com/http://reports.informationweek.com/http://reports.informationweek.com/http://reports.informationweek.com/http://prevpage/


10/40

November

ers, but consumer smartphones and tablets

take mobility challenges in entirely new direc-

tions. They tend to live outside the boundaries

of traditional management tools, particularly

Apple and Android products. Thus, its imper-

ative for IT to have a strategy for these de-

vices. MDM products will play an importantrole in that strategy.

IT should also be aware that this is a new

market, and consolidation of one form or an-

other is likely. At one end of the spectrum,

these upstart platforms may take over the role

of traditional desktop management systems.

In fact, five of the vendors in our guide can

manage laptops. At the other end, the majormanagement and security vendors may get

into the market, likely via acquisition, s

vendor you choose today could become

of a larger organization in the future.

Either way, mobile devices are on your

work and being used to store and access

company data and resources. And if you

to protect those resources, you need mayour mobile workforce.

Previous Next



Related Report

How do you keep corporate data

safe when employees and businesspartners are accessing it on their

smartphones and tablets? Find out

n our Fundamentals report DownSide of Mobile Apps: Keeping Data

Safe on the Move.

DownloadDownload
http://prevpage/http://reports.informationweek.com/http://reports.informationweek.com/http://reports.informationweek.com/http://reports.informationweek.com/http://reports.informationweek.com/abstract/21/7675/Security/strategy-mobile-application-security.htmlhttp://reports.informationweek.com/abstract/21/7675/Security/strategy-mobile-application-security.htmlhttp://reports.informationweek.com/abstract/21/7675/Security/strategy-mobile-application-security.htmlhttp://reports.informationweek.com/abstract/21/7675/Security/strategy-mobile-application-security.htmlhttp://reports.informationweek.com/abstract/21/7675/Security/strategy-mobile-application-security.htmlhttp://reports.informationweek.com/abstract/21/7675/Security/strategy-mobile-application-security.htmlhttp://reports.informationweek.com/abstract/21/7675/Security/strategy-mobile-application-security.htmlhttp://reports.informationweek.com/abstract/21/7675/Security/strategy-mobile-application-security.htmlhttp://reports.informationweek.com/abstract/21/7675/Security/strategy-mobile-application-security.htmlhttp://reports.informationweek.com/abstract/21/7675/Security/strategy-mobile-application-security.htmlhttp://reports.informationweek.com/abstract/21/7675/Security/strategy-mobile-application-security.htmlhttp://reports.informationweek.com/http://reports.informationweek.com/http://prevpage/


11/40

November

Previous Next



!"#$%&' )*+",-./

0"1.2%3/

)435%.67 84*/3,4&9 :);8

0"1.2%3/

;"*4,/

I%3.4%, "&

4=0

54&>"2+

;"*4,/

"&,'

G/+ G/+ G/+ )+

%,,"2/>

*' /%67

=0

B/#"./ =0

-$@3%>/

J" G/+ G/+ J" J" 54&>"2+

;"*4,/

54&>"2+

;"*4,/

54&>"2+

;"*4,/K0'#*4%&K

)&>3"4>

G/+ =&

0%#+-&@)&>3"4>

)+

%,,"2/>*' /%67

=0

!"#$,4%&6/ %&>

$",46'

/&1"36/#/&.

G/+ G/+ G/+ G/+ G/+ G/+ G/+ G/+ G/+ G/+ G/+

B/#"./ 6"&.3", J" G/+ G/+ J" G/+ G/+ L,%69L/33'K

54&>"2+

;"*4,/

G/+ G/+ 0"#/

)&>3"4>

>/E46/+

G/+

!"##-&46%.4"&+

6%$.-3/

J" G/+ J" J" !%,,K 0;0K

>%.%

%6.4E4.'M

0;0

%3674E4&@

J" J" J" N"46/ %&>

0;0

=&

0%#+-&@

)&>3"4>

N"46/

%&> 0;0

B/#"./ 6"&./&.

*%69-$

J" J" 0/..4&@+K

%$$+ %&>

6"3$"3%./

>%.%

J" J" J" J" G/+ J" G/+ J"


12/40

Previous Next



!"#$%&' )*+",-./

0"1.2%3/

)435%.67 84*/3,4&9 :);8

0"1.2%3/

;"*4,/"2+

;"*4,/I

54&>"2+

K7"&/ L

)&>3"4>I

J,%69J/33'I

4=0I

5/*=0I

54&>"2+

;"*4,/I

54&>"2+

K7"&/ L

)&>3"4>I

J,%69*/33'I

4=0I

0'#*4%&I

54&>"2+

;"*4,/

)&>3"4>I

J,%69J/33'I

4=0I 0'#*4%&I

54&>"2+

;"*4,/I

54&>"2+

K7"&/ L

)&>3"4>I

J,%69J/33'I

4=0

)&>3"4>I

J,%69J/3

4=0I K%,#

0'#*4%&

5/*=0I

54&>"2+

;"*4,/

?%*,/. M/+ M/+ M/+ M/+ M/+ M/+ M/+ M/+ M/+ M/+ M/+

N%$."$ ;%6I

54&>"2+

O" ;%6I

54&>"2+

;%6 O" M/+ O" 54&>"2+ O" E&> 7%,1

EFGE

O"

P/,4Q/3'

#">/,

0"1.2%3/ 0%%0I

%$$,4%&6/ "3

+"1.2%3/

0%%0 0%%0I

+"1.2%3/

0%%0I

+"1.2%3/

0"1.2%3/ 0"1.2%3/ R"+./>I

0"1.2%3/

0%%0I

0"1.2%3/

0%%0 0%%0I 0"1

P43/6."3'

4&./@3%.4"&

M/+ M/+ M/+ M/+ M/+ M/+ M/+ M/+ M/+ M/+ M/+

*+,&'$-./

S/","6%.4"& M/+ M/+ M/+ O" M/+ M/+ 4=0 "&,' M/+ M/+ M/+ M/+

T+%@/

%&%,'.46+ %&>

.3%694&@

O" M/+ M/+ O" M/+ M/+ O" M/+ M/+ M/+ M/+

T+%@/ %,/3.+ U"%#4&@ M/+ U"%#4&@

%&> >%.%

M/+ U"%#4&@I

Q"46/V>%.%V

0;0

O" U"%#4&@

%&> >%.%

U"%#4&@ U"%#4&@ %&>

>%.%

U"%#4&@ U"%#4&@

>%.%

/Q46/$/3 #"&.7[

W\F $/3$Y

,46/&+/ $/3

>/Q46/

W\ $/3>/Q46/ $/3

#"&.7[ WGF

$/3 -+/3I $/3

#"&.7

-&,4#4./>

>/Q46/+

WZF $/3>/Q46/I 2V

EF] %&&-%,

#%4&./&%&6/

W\ $/3>/Q46/ $/3

#"&.7[

WLZ $/3$Y

,46/&+/ $/3

>/Q46/

;4>^WEF+." #4>^

WDF+ $/3

>/Q46/

>/$/&>4&@

"& Q",-#/

W_E 1"3 G-&4.

WEX $/3 +/%.+.%3.4&@

$346/

WE^WZ $/3>/Q46/ $/3

#"&.7

WDYZF^WZ $/3>/Q46/ $/3

#"&.7

W`Z $/3 4& 143+. '/

>4+6"-&.

*/@4&&4&

+/6"&> '

U/$"3.4&@ 8/%.-3/+

Figure 7


13/40


14/40

SubscribeSubscribe

Newsletter

Want to stay current on all new

nformationWeek Reports?

Subscribe to our weeklynewsletter and never miss

a beat.

November

Previous Next


reports M D M B u y e r s G

MOR

ELIKE THIS

Want More Like This?

Making the right technology choices is a challenge for IT teams everywhere. Whether its

sorting through vendor claims, justifying IT projects or implementing new systems, theres

no substitute for experience. And thats what InformationWeek providesanalysis and ad-

vice from IT professionals. Our Reports site houses more than 900 reports and briefs, and

more than 100 new reports are slated for release in 2012. Right now, youll find:

Research: IT Pro Ranking/Smartphones and Tablet OSes: Apple and Google topple the

BlackBerry as consumer phones and tablets swarm the enterprise. And IT doesnt seem to mind.

Research: 5 Steps to Clean Up the OS Mess: Windows is still ubiquitous, but the average

company now supports three OSes, our survey finds. Many companies also are letting devices

based on almost any OS connect to the network, many without a clear policy on IT support.

Research: 2011 End User Device Survey:The forces of cloud, mobility and consumeriza-

tion will eventually spell the end of the fat corporate desktop as we know it. Think you can

hold the line against the trifecta of change?

Informed CIO: Reducing Mobile Device Risks to Enterprise Data: Smartphones have al-

ready altered the enterprise risk landscape, and tablets will only accelerate the pace of change.

Employees want access from their personal devicesand companies need to provide it.

PLUS: Find signature reports, such as the InformationWeek Salary Survey, InformationWeek

500 and the annual State of Security report; full issues; and much more.

Table of Contents
http://links.techwebnewsletters.com/servlet/SignUpForm?f=491839http://links.techwebnewsletters.com/servlet/SignUpForm?f=491839http://links.techwebnewsletters.com/servlet/SignUpForm?f=491839http://links.techwebnewsletters.com/servlet/SignUpForm?f=491839http://links.techwebnewsletters.com/servlet/SignUpForm?f=491839http://links.techwebnewsletters.com/servlet/SignUpForm?f=491839http://links.techwebnewsletters.com/servlet/SignUpForm?f=491839http://links.techwebnewsletters.com/servlet/SignUpForm?f=491839http://reports.informationweek.com/http://reports.informationweek.com/http://reports.informationweek.com/http://reports.informationweek.com/http://reports.informationweek.com/abstract/18/8034/Mobility-Wireless/it-pro-ranking-smartphone-and-tablet-oses.htmlhttp://reports.informationweek.com/abstract/18/7697/Mobility-Wireless/research-the-os-mess.htmlhttp://reports.informationweek.com/abstract/18/5975/Mobility-Wireless/research-end-user-devices.htmlhttp://reports.informationweek.com/abstract/18/5975/Mobility-Wireless/research-end-user-devices.htmlhttp://reports.informationweek.com/abstract/18/5215/Mobility-Wireless/informed-cio-mobile-device-security.htmlhttp://reports.informationweek.com/abstract/18/5215/Mobility-Wireless/informed-cio-mobile-device-security.htmlhttp://reports.informationweek.com/abstract/18/5975/Mobility-Wireless/research-end-user-devices.htmlhttp://reports.informationweek.com/abstract/18/7697/Mobility-Wireless/research-the-os-mess.htmlhttp://reports.informationweek.com/abstract/18/8034/Mobility-Wireless/it-pro-ranking-smartphone-and-tablet-oses.htmlhttp://links.techwebnewsletters.com/servlet/SignUpForm?f=491839http://reports.informationweek.com/http://reports.informationweek.com/


15/40

Mobile Device Management Questionnaire: Absolute

1. Which mobile device operating system platforms can your product manage? These include Apple iOS(as well as iPad), Android, BlackBerry, and Windows Mobile.

Absolute Manage Mobile Device Management currently supports iOS, and we anticipate

release of a new version with support for Android in calendar Q3 2011.

2. Is your product available in a SaaS model, an internal software model, or both?

Absolute Manage is a premise-based software solution only.

3. Does your product have the ability to enforce baseline security policies and settings (such aschecking for required security products, proper passwords, and acceptance of company usage policies)on devices connecting to the network?

Absolute Manage can enforce security policies such as password length and complexitystandards, or requiring encrypted backups, through OTA-deployed configuration profiles oniOS devices. Additionally, it can detect noncompliance with company security policies, such as

jail breaking, or installation of blacklisted apps. Administrators can report on noncompliance,or automate certain remedial actions, such as removing access to corporate resources suchas email, Wi-Fi or VPN, or even wiping and resetting the device.

4. Can the product manage installed apps on mobile devices, for example, by being able to remotelyupdate or remove apps from devices?

Actually installing or removing apps remotely is not possible on the iOS operating system.However, Absolute Manage does provide extensive deployment and management options forboth in-house and iTunes Store apps. In-House apps can be hosted by Absolute Manage, andpublished to the on-device user self-service portal (Absolute Apps) where users install withone tap. Subsequent updates are received via notifications similar to those used by the AppStore. Administrators cannot actually remove these apps, but they can revoke the provisioningprofile, which disables the app and removes access to any associated data.

For iTunes App Store apps, Absolute Manage can also publish recommended apps to the on-device self-service portal, so that users may easily install approved apps without the need tosearch for them the iTunes App Store.

Beyond that, Absolute Manage can automatically apply redemption codes purchased underthe App Store Volume Purchase Program (ASVPP.) This program, which has recently beenexpanded from education customers to business customers, allows organizations to buy appsin bulk. Absolute Manage not only distributes the codes, but tracks redemption by device sothat organizations can ensure license compliance.

5. Can GPS and other location information be used for tracking or device recovery?

Yes. With Absolute Manage, administrators can track and map the location of iOS devices forrecovery or workforce management. Tracking interval and accuracy are configurable, and canbe reported as often as once per second, and as accurately as a ten meter radius.


16/40

6. Does your product have the ability to remotely wipe data from devices? Can this be done in aselective manner to wipe just corporate information and not personal user information?

Absolute Manage can remotely wipe devices, resetting them to factory specs. It can alsoremove only corporate datafor example, removing corporate email Configuration Profiles

removes access only to the data (email, contacts, calendar) associated with that profile,leaving personal email and other data untouched.

7. With your product, is it possible to enforce folder-level encryption, full disk encryption, or both forremote mobile devices?

Absolute Manage does not provide encryption.

8. Can features of devices, such as cameras, be remotely disabled using your product?

Yes.

9. Does your product provide monitoring services to track usage and look for exceptions or anomaloususer behavior?

No.

10. Is it possible to deploy company data to user-owned devices and keep that data separate from userspersonal data?

We recommend provisioning corporate email via Configuration Profiles in order to leveragethe built-in "sandboxing" of iOS.

11. What is the approximate or typical pricing for your product?

MSRP begins at $9.95 per year per device, with significant discount for volume, longer termsand educational institutions. Perpetual licenses are also available.

12. Does the product offer out-of-the-box and/or customizable reports?

There are some out of the box reports included, but the simple drag and drop reportinginterface enables administrators to easily create or customize reports to fit their own needs,using any of the 60+ data points collected from the devices. Additionally, Absolute Manageadministrators may create Custom Data Fields, which become part of the device record, totrack information such as cost centers. Absolute Manage also automatically imports directoryinformation from Active Directory/Open Directory and adds it to device records. All of thisinformation is available for management and reporting.

13. Does the product offer out-of-the-box integration with third-party products such as securitymanagement systems, SIEM, help desk, or ticketing? If not out-of-box integration, does it offer APIs?Absolute Manage is easily integrated with third party management applications, and has pre-built integrations for WebHelpDesk and Microsoft SCCM.


17/40

Mobile Device Management Questionnaire: AirWatch

1. Which mobile device operating system platforms can your product manage? These include AppleiOS (as well as iPad), Android, BlackBerry, and Windows Mobile.

AirWatch is a cross-platform mobile device management solution that secures and manages Apple iOS(iPhone, iPod & iPad), Android, BlackBerry, Symbian, Windows Mobile and Windows Phone mobiledevices and tablets.


AirWatchs scalable architecture enables the solution to be deployed on-premise (dedicated hardware orVM), as an appliance or SaaS and meets strict requirements for high availability and redundancy.Global customer deployments range from 50 devices to 100,000+.


AirWatch provides the ability to configure security policies/settings, identify exceptions/threats andmanage policy violations through a robust compliance engine. AirWatchs security capabilities include:

- Enterprise directory-based authentication

- SCEP/Certificate Authority integration

- Configurable device password policies

- Device data encryption

- Compromised device detection

- Secure email gateway with device level access control and policies for securing attachments

-

Secure mobile web browser- Application lock down- Real-time monitoring of required security policies and security audits- Compliance engine to proactively manage security threats/exceptions- Events logs

- Remote lock, corporate/selective or full wipe

- Configurable privacy policies for employee-liable versus corporate-owned devices

- Role-based console access with enterprise directory integration

When a user enrolls their device with AirWatch, they must accept a company specific EULA describingcorporate usage policies and MDM capabilities that will affect their device.


AirWatch offers the ability to wirelessly distribute and update internal enterprise apps. ITadministrators can monitor installed apps on mobile devices, manage app compliance via white listsand black lists and even remove apps from a device. Also, AirWatch can limit selection, recommendand ease the distribution of publicly available apps from the Apple AppStore or Android Market.


18/40


AirWatch can track a devices location via GPS or Wi-Fi information. With AirWatch, you can map adevices current location as well as view historical breadcrumbs showing speed, location and direction.


AirWatch supports both corporate or selective remote wipe as well as a full wipe, returning the deviceto factory defaults. When performing a selective wipe, AirWatch removes all corporate data and accessto corporate services, such as VPN, Wi-Fi, Email and even applications. Also, AirWatch has developeda robust compliance engine that enables companies to define compliance policies and automatedprocesses, which could trigger a remote device wipe in the event of a policy violation.


Depending on the mobile platform, AirWatch supports encryption of mobile device data and full diskencryption.


AirWatch can restrict specific device features such as, camera, YouTube, web browsers etc. and evenlock down devices to IT-defined programs or apps. Capabilities vary by device platform.


AirWatch is designed to monitor a companys entire fleet of devices in real-time and identify anyexceptions/threats or anomalous user behavior. AirWatchs alerting system can instantly notify both endusers/IT when specific device or user actions occur. For example, AirWatch can detect when a device isroaming and alert the end user/IT, preventing data overages.


AirWatch provisions corporate data and access to corporate services, such as Email, Calendar, Contact,VPN, Wi-Fi and even applications to all devices, including employee-liable devices. AirWatch has theability to selectively manage corporate data and access separate from an end users personal data.


$3 Monthly SaaS subscription per device$40 Perpetual license per device


AirWatch offers an extensive library (100+) of out-of-the-box reports that can be customized based onvarious data elements and automatically distributed using subscriptions.


19/40

13. Does the product offer out-of-the-box integration with third-party products such as securitymanagement systems, SIEM, help desk, or ticketing? If not out-of-box integration, does it offer APIs?

Out-of-the box, AirWatch integrates to enterprise infrastructure such as Microsoft Exchange, BPOS,Office 365, Lotus Notes, Gmail for Business, LDAP/AD, SAML, PKI (Certificate Authority).AirWatch also integrates to help desk or ticketing systems, business intelligence tools, alerting andmore using APIs and a complete DataMart for easy export of data.


20/40

Mobile Device Management Questionnaire: Fiberlink


Fiberlinks MaaS360 platform provides comprehensive management capabilities across a wide range ofsmartphones and tablets including iOS, Android, BlackBerry, Windows Phone 7, Windows Mobile,Symbian, and WebOS devices.


MaaS360 is built on a multi-tenant infrastructure and delivered as a cloud-based, SaaS model.Customers can access the platform from the Internet and provision a fully operational Mobile DeviceManagement solution in minutes. This approach delivers rapid time to value with the flexibility to startmanaging a small group of users and scale from 10 to 100,000 plus users as needs changes, reaping thebenefits of a pay-as-you-go subscription model.


MaaS360 provides all of the essential capabilities to enforce baseline security policies including:

OTA configuration

Customizable acceptable use policy

Passcode enforcementWifi, VPN, and email settings

Remote lock and full wipe

Selective wipe of corporate data

Device restrictions

Jailbreak and root detection

Device location

MaaS360 goes above and beyond these baseline securities policies to provide more advancedmanagement capabilities. MaaS360s Compliance Engine lets IT administrators easily define andimplement powerful compliance rules for smartphones and tablets to deal with specific events and

contextual changes. Managed devices are continuously monitored against defined rules or events. If asecurity policy violation occurs, MaaS360 can be configured to immediately and automatically takeactions such as warning the user with onscreen messaging, blocking corporate email access or evenwiping the devices memory to factory default settings.



21/40

MaaS360 provides organizations with a private, easy-to-use system to categorize, distribute and updatein-house developed enterprise applications, as well as view Apple Store and Android Marketapplications recommended, approved, and unapproved by the enterprise.

MaaS360 also provides the ability to remove apps from devices.


Yes . Device location via GPS is supported for device types which allow for this type of technology tobe used. Ex. An end user reports back to the help desk that they may have lost their smartphone. ITstaff can locate down to the street address where that device currently is. MaaS360 also provides thelast know IP connection which the device had or currently has.


MaaS360 supports both full factory wipe as well as selective wipe which will remove corporate datasuch as e-mail, calendaring, contacts, corporate apps and data, while leaving personal data such aspictures and music.


MaaS360 is able to detect and enforce encryption standards on devices across folder-level and full diskwhere applicable by the device or OS platform. MaaS360 can require the user to take the requiredaction to encrypt the device. If for example the user fails to encrypt the device, MaaS360 is able todetect this and automatically take a predefined action on that device such as block access to corporatedata, perform a selective wipe, remove a Wi-Fi or VPN profiles, and other actions.


Yes, Cameras can be disabled remotely. In addition, features such as Bluetooth, USB, DeviceTethering, and the use of iTunes App Store can be remotely disabled.

These are included as part of MaaS360s baseline security policy settings that can be configured by theIT administrator.

9. Does your product provide monitoring services to track usage and look for exceptions or anomalous

user behavior?

Yes. MaaS360 provides service management with real-time monitoring and tracking usage and can flagand take automated actions on exceptions and anomalous behavior.

Malicious application install, data roaming, and SIM changes are some examples of anomalousbehavior companies can detect by using MaaS360. MaaS360 also enables behavior modificationtechniques to help prevent ongoing and repeat violations.


22/40


MaaS360 allows organizations to distribute documents remotely to their users. Once these documentsare received by the end users device, they can be kept in a separate container for viewing. The userwill not be able to save these documents or open them with other applications. IT admins have theability to remove these documents at any time from the device.

In addition, MaaS360 is able to remotely deploy and wipe corporate data such as e-mail, calendaring,contacts, Wi-Fi Profiles, and VPN settings.


Volume pricing for MaaS360 starts at $4 per device, per month or $10 per user, for an unlimitednumber of devices. These models can be combining across an organization for the most flexibleapproach.

The pricing is inclusive of 24x7x365 customer support, training, maintenance, installation, and productupdates.


Mobile Device Reporting in MaaS360 includes My Watch List (real-time), Mobile IntelligenceDashboards, and Device Management View (real-time). The different areas of reporting havenavigation between them for a seamless workflow and experience. MaaS360 provides additionalreporting features within these main areas (ex. Smart Search, Device Grouping) and together, combinefor a detailed and flexible reporting capability. MaaS360 platform offers robust reporting across MDMas a standalone offering or in combination with DTM for a single pane of glass experience.

My Watchlist: My Watch List section lists the real-time device monitoring metrics for smartphones andtablets (also available for desktops and laptops). A predefined list of best practice items are provided tothe customer by default and a customer can customize or create their own personalized watch list items.Also, My Watch List alerts are automatically delivered to IT staff on a daily and weekly basis.

Mobile Intelligence Dashboards: Mobility Intelligence Dashboards (MI) provide an interactivesummary and detailed reports for users. Charts and graphs show how many of your devices are ownedby the company and how many are owned by the users, number of devices by platform and type, timeseries of enrolled devices by month for the last 6 months, and approved, blocked or quarantined

devices. Clicking on part of the graph provides a drill down into a more detail report that isautomatically filtered to show the data from the graph. Available tabs allow users to navigate to thedetailed data then apply additional filters. Customers are able to see their entire device environment at asummary level then drill in and around the data.

Device Management View: MaaS360s Device Management View provides a wealth of informationabout devices. Users can see inventory, security and compliance, status information, and lots more.Information here is specific to an individual device and very detailed. In addition, features such asSmart Search and Device Grouping are available for detailed information across multiple devices.


23/40

Smart Search: The Smart Search feature allows IT staff to create ad-hoc reporting and groupingacross almost every device attribute available from MaaS360. This allows for flexibility in IToperations as well as custom reports. Smart Search can be performed on custom deviceattributes that have been created and assigned by IT staff (Ex. Business unit, warrantyexpiration, etc).

Device Groups: Provides canned reports which customers can access quickly from a drop downmenu or portal navigation. These reports include predefined criteria such as devices which arepersonally owned vs. corporate owned. Customers can create their own device groups basedupon the hundreds of available attributes and save them for shared viewing within theorganization or private viewing.


MaaS360 offers integration with other third part products and systems via an API. The web-servicesAPI requires no infrastructure to implement and typically integrates into third party system in an hour.

MaaS360 reporting data can be exported in several common file formats for easy import into thirdparty systems.


24/40

Mobile Device Management Questionnaire: JAMF


iOS iPad, iPhone, and iPod touch devices.


Software is available for premise or cloud based installations. No SAAS offering directly from JAMFSoftware at the moment, although our MSP partner network do offer SAAS offerings using oursoftware. (More deals available if youre interested.)


Yes.


Yes, with caveats. The capability to remotely update or remove App Store apps over-the-air is notcurrently provided by Apples iOS Mobile Device Management API. However, we can control updatesof in-house apps using automated sync to iTunes which we can manage using the Casper Suites MacOS X management capabilities. (For more information, please see the Mobile Point of Sale workflowin our webinar entitled An Introduction to iOS Management http://jamfsoftware.com/solutions/ios-management.)


The Casper Suite does not currently include this capability. Our approach is to integrate with, extendand augment Apples offerings, so we often recommend using Apples native technologies whenavailable. In this scenario, we might recommend using MobileMe (FindMyPhone) to locate and track adevice if determined to be prudent. In many scenarios, an IT department considers the data to be morevaluable than the hardware, so they would leverage the Casper Suites security capabilities to remotelywipe or lock a lost iOS device.


Yes, the Casper Suite is able to remotely wipe an entire device. The Casper Suite is also able to revokeaccess to any systems on which access has been granted using MDM. So, removing corporate emailaccounts and the associated data while leaving personal email accounts, revoking network access thatwas granted using MDM, etc.



25/40

It is possible to enforce full disk encryption (data encryption). Would need clarification on what exactlyis meant by folder-level encryption for iOS, as this is most likely referring to other operating systems.It most likely would not be possible (depending on definition) with the iOS MDM API.


Yes.


Yes. Software and hardware inventory can be queried, alerts can be sent based on wide range of devicesettings.


No.


Pricing is tiered based on quantity and type of organization. Significant volume discounts are available.Additionally, K-12 education customers receive a 100% discount on license pricing and highereducation customers receive a 70% discount on license pricing. (I could provide more specificinformation in conjunction with our sales team if it would be helpful.)


Yes.


Yes. The Casper Suite offers out-of-the-box integration with some third-party products. We also offer aRESTful API (http://jamfsoftware.com/developer-resources/)that can be used to develop integrationsbetween the Casper Suite and other systems. Our custom development team is also available to buildcustom integrations using the JSS API to integrate with customers business systems.
http://jamfsoftware.com/developer-resources/http://jamfsoftware.com/developer-resources/http://jamfsoftware.com/developer-resources/http://jamfsoftware.com/developer-resources/


26/40

Mobile Device Management Questionnaire: MobileIron

1. Which mobile device operating system platforms can your product manage? These include AppleiOS (as well as iPad), Android, BlackBerry, and Windows Mobile.Android, BlackBerry, iOS, Symbian, WebOS, Windows Phone 7, Windows Mobile

2. Is your product available in a SaaS model, an internal software model, or both?Both we will announce that our SaaS offering is GA at the beginning of August, it has been in betawith 11 customers including 5 Fortune 1000 companies

3. Does your product have the ability to enforce baseline security policies and settings (such aschecking for required security products, proper passwords, and acceptance of company usage policies)on devices connecting to the network?Yes

4. Can the product manage installed apps on mobile devices, for example, by being able to remotelyupdate or remove apps from devices?Yes, MobileIron delivered the industrys first Enterprise App Storefront in December 2009. UsingMobileIrons Enterprise App Storefront, IT publishes approved internal and external applications, anddefines access based on employee role or IT policy. Employees then browse their Enterprise App Storeand click on the app icon to install the application. The Enterprise App Storefront also ensures thatinternal apps are never made public. Note that on iOS and Android, we manage the end-to-endprovisioning of apps but the operating system requires the users consent to accept the app installation.

In Dec 2010, MobileIron introduced App Control, the ability to monitor application inventory and takeaction if users download unapproved apps. In the case of a less serious threat, this can be sending theuser an alert or blocking access to corporate resources. In a more serious situation, IT can wipe allenterprise data from the device.

Recent attacks by malware-infected apps have made Android security a very real concern forenterprises. In June 2011, MobileIron introduced App Data Visibility to bring Android security to a newlevel by identifying which permissions Android apps have and therefore which datathey are trying toaccess.

5. Can GPS and other location information be used for tracking or device recovery?Yes

6. Does your product have the ability to remotely wipe data from devices? Can this be done in aselective manner to wipe just corporate information and not personal user information?Yes to both. In fact, MobileIron was the first to offer selective wipe to remove corporate information

while preserving personal data.

7. With your product, is it possible to enforce folder-level encryption, full disk encryption, or both forremote mobile devices?Yes, where encryption is an option, we monitor encryption state and enforce/report on it.

8. Can features of devices, such as cameras, be remotely disabled using your product?Yes


27/40

9. Does your product provide monitoring services to track usage and look for exceptions or anomaloususer behavior?Yes

10. Is it possible to deploy company data to user-owned devices and keep that data separate from userspersonal data?Yes, we provide the ability to provision and selectively wipe a device. On iOS this means configuringthe device for enterprise use and then selectively wiping enterprise email and configurations whileleaving personal content alone if the employee leaves the company.

11. What is the approximate or typical pricing for your product?Customers buy MobileIron either by subscription or perpetual license. Costs are:Subscription: $4 per device per monthPerpetual: $75 per device

12. Does the product offer out-of-the-box and/or customizable reports?Yes

13. Does the product offer out-of-the-box integration with third-party products such as securitymanagement systems, SIEM, help desk, or ticketing? If not out-of-box integration, does it offer APIs?Yes MobileIron integrates with third-party systems and also has an API.


28/40

Mobile Device Management Questionnaire: Odyssey


A: iOS (iPad), Android, Blackberry, Windows Phone, Windows Mobile, Windows Embedded CE


A: Internal Software Model (i.e. on-premise solution)


A: Yes


A: Yes, as permitted by the mobile device platforms.


A: Yes


A: Yes. Full device wipe is available on all supported mobile platforms. Selective wipe isavailable on iOS and Windows Mobile.


A: Yes. Athena can invoke the mobile platforms native data encryption capabilities.


A: Yes. Athena can remotely disable device features such as cameras on mobile platforms that

support these capabilities (e.g. iOS).


A: Yes. Athena reports comprehensive hardware, software and device health information.

Exceptions and anomalous user behavior such as installing unapproved applications can not onlybe tracked, but can automatically result in remediation for example, disabling access to

corporate e-mail.


A: Athena does not manage the separation of corporate data from users personal data on

devices. In our experience, there is no practical way to truly enforce this short of the deviceplatform vendors addressing it even with products that claim to have a secure mobile

messaging application. However, Athena is able to selectively wipe data from devices such as iOS

and Windows Mobile.


29/40


A: Depending on the number of devices being managed, license pricing for Athena is in the mid

$20s to mid-$30s per device.


A: Yes. Athena offers both out-of-the-box and customizable reports.


A: Yes. Athena is implemented as a set of mobile device management extensions to the MicrosoftSystem Center Configuration Manager enterprise management platform. Athena leverages to

Configuration Manager infrastructure and its inherent scalability, security and reliability no

Odyssey Software-specific server, appliance or console is required.


30/40

InformationWeek Mobile Device Management Questionnaire: Sybase Afaria

1. Which mobile device operating system platforms can your product manage?Afaria supports a variety of mobile device operating systems that are prevalent in the enterprisetoday, including RIM BlackBerry, iOS (iPhone and iPad), Android, Windows Mobile andSymbian. One of the strengths of Afaria is in hiding the differences across varying operatingsystems and manufacturers to provide common key capabilities such as application deployment,security (remote wipe, password controls), asset collection and beyond.

2. Is your product available in a SaaS model, an internal software model, or both?Afaria simplifies complexity by delivering device and applications management capabilities ina hosted or on-premise model.

3. Does your product have the ability to enforce baseline security policies and settings (such aschecking for required security products, proper passwords, and acceptance of company usagepolicies) on devices connecting to the network?

Yes, Afaria has the ability to enforce baseline security policies and settings, includingpasswords, VPN and WIFI certificate requirements, application security requirements just toname a few with our Access Control component.

4. Can the product manage installed apps on mobile devices, for example, by being able toremotely update or remove apps from devices?

Afaria has a central administration console that can remotely update or remove apps fromdevice. The level of functionality and the way it is implemented is dependent on the OSmanufacturer. To combat the platform differences, Afaria has added application managementcapabilities to the core product that allows administrators to control app-level settings andsecurity.

5. Can GPS and other location information be used for tracking or device recovery?Afaria is adding location information that can be used to track devices and view which devicesare in high-cost roaming environments (see iPad screen shot).


31/40


Afaria has selective remote wipe functionality enabling IT to only wipe corporate data withoutthe end user losing any personal, music or photo data. Some of our customers also demand fulldevice wipe so we provide both options.

7. With your product, is it possible to enforce folder-level encryption, full disk encryption, orboth for remote mobile devices?

We provide device-level encryption for Windows Mobile and Symbian and can enable built-inbit locker security on Win32. For Android and iOS we enforce security policies while leavingthe actually encryption to the device manufacturers.


Afaria can remotely disable camera functionality on device. For iOS we can control all thefeatures found in the Apple Configuration Utility. For Android, it is manufacturer dependent.

9. Does your product provide monitoring services to track usage and look for exceptions oranomalous user behavior?


32/40

Afaria collects large amounts of data on device and user usage (it is configurable); The usagedata is used by our customers differently depending on their industry. For instance, in thepharmaceutical industry our customers track the delivery of all drug information and store it upto two years for legal and compliance purposes.

10. Is it possible to deploy company data to user-owned devices and keep that data separatefrom users personal data?

Yes. Afaria uses the built-in features of memory isolation of iOS and Android to keepapplication data separate. With iOS 5 it is even easier to separate personal and enterprise email(no forwarding from other accounts). For Android email, we use the Nitrodesk Touchdownemail client to keep data separate.


Pricing for Afaria varies depending on deployment. Seats start at $29.


Afaria has a very rich set of out-of-the-box reports. Administrators can also build custom viewsand additional reports. SAP Business Objects customers can also use our deep reporting toolsto get additional flexibility.

13. Does the product offer out-of-the-box integration with third-party products such as securitymanagement systems, SIEM, help desk, or ticketing? If not out-of-box integration, does it offerAPIs?

Afaria integrates with back-end systems in several ways including back-end databaseintegration, Web services APIs, and SNMP traps through the alerting console.


33/40

Mobile Device Management Questionnaire: Symantec Mobile Management

1. Which mobile device operating system platforms can your product manage? These include

Apple iOS (as well as iPad), Android, BlackBerry, and Windows Mobile.

Symantec Mobile Management supports Android, iOS, BlackBerry and Windows Mobile.


Symantec Mobile Management is available in an internal software model.

3. Does your product have the ability to enforce baseline security policies and settings (such as

checking for required security products, proper passwords, and acceptance of company usage

policies) on devices connecting to the network?

Yes. Policies, passwords, etc. can be enforced using Symantec Mobile Management in order to enableaccess to company resources.

4. Can the product manage installed apps on mobile devices, for example, by being able to

remotely update or remove apps from devices?

Yes, but for Windows Mobile only. iOS will only allow removal of corporate apps delivered using theVolume Purchase Program capability.


Yes. Symantec Mobile Management can provide the last known location of iOS devices and thiscapability will soon be available for Android devices as well.

6. Does your product have the ability to remotely wipe data from devices? Can this be done in a

selective manner to wipe just corporate information and not personal user information?

Yes, Symantec Mobile Management features the capability to remotely wipe devices of data. Selectivewipe is available for iOS devices.

7. With your product, is it possible to enforce folder-level encryption, full disk encryption, or both

for remote mobile devices?

Symantec Mobile Management is capable of enforcing full disk encryption only. Most mobileoperating systems only provide device-level configuration settings and no APIs for any other level of

encryption.


Yes, Symantec Mobile Management is capable of remotely disabling devices features, such as cameras.

9. Does your product provide monitoring services to track usage and look for exceptions or

anomalous user behavior?


34/40

Symantec Mobile Management can control and limit usage, as in data roaming, but it does not monitoruse. Anomalous behavior, such as jail breaking, is detected by Symantec Mobile Management and itcan thus deny access to such devices.

10. Is it possible to deploy company data to user-owned devices and keep that data separate from

users personal data?

Yes. Corporate apps and data may be deployed and removed separately from personal/public apps anddata with Symantec Mobile Management, with specific platforms supporting different levels ofsegregation depending on their design and APIs.


Pricing for Symantec Mobile Management is $62 MSRP for one unit.


Yes, both.

13. Does the product offer out-of-the-box integration with third-party products such as security

management systems, SIEM, help desk, or ticketing? If not out-of-box integration, does it offerAPIs?

Yes, Symantec Mobile Management offers out-of-the-box integration with security managementsystems, help desk and ticketing all via the Symantec Management Platform. SIEM integration is notyet available, but is planned. APIs are also offered for additional integration, as well as a workflowengine that provides visual configuration of automated processes.


35/40

Mobile Device Management Questionnaire: Tangoe

Tangoe MDM

1. Which mobile device operating system platforms can your product manage? These include AppleiOS (as well as iPad), Android, BlackBerry, and Windows Mobile. iOS, Android, Blackberry, WindowsMobile, Windows Phone 7, and Symbian

2. Is your product available in a SaaS model, an internal software model, or both? On-Premise softwaremodel and Hosted Managed Services model

3. Does your product have the ability to enforce baseline security policies and settings (such aschecking for required security products, proper passwords, and acceptance of company usage policies)on devices connecting to the network? Yes, for all supported mobile platforms

4. Can the product manage installed apps on mobile devices, for example, by being able to remotelyupdate or remove apps from devices? Yes. Tangoe MDM supports pushing applications to BlackBerry,Android, Windows Mobile, and iOS (enterprise apps only). We can remove applications fromBlackBerry, Android, and Windows Mobile devices.

5. Can GPS and other location information be used for tracking or device recovery? Yes.

6. Does your product have the ability to remotely wipe data from devices? Yes. Can this be done in aselective manner to wipe just corporate information and not personal user information? Yes

7. With your product, is it possible to enforce folder-level encryption, full disk encryption, or both forremote mobile devices?No

8. Can features of devices, such as cameras, be remotely disabled using your product? Yes

9. Does your product provide monitoring services to track usage and look for exceptions or anomaloususer behavior? Yes

10. Is it possible to deploy company data to user-owned devices and keep that data separate from userspersonal data?No


12. Does the product offer out-of-the-box and/or customizable reports? Yes

13. Does the product offer out-of-the-box integration with third-party products such as securitymanagement systems, SIEM, help desk, or ticketing? If not out-of-box integration, does it offer APIs?No


36/40

Page 1of 5

Mobile Device Management Questionnaire: Zenprise

Zenprise, Inc.

As the global mobile worker population approaches 1.2 billion in 2013 (according to IDC), and IT isgrappling with how to secure and manage the billions of mobile devices used by these workers,Zenprises strategy to meet this need is by protecting the entire mobile enterprise. With the opportunitypresented by the mobile enterprise comes intense hype and confusion over the best approach to ensurenot only that devices are secure, but that the information and applications being accessed are safe fromtampering and theft.At the core of Zenprises strategy is Zenprise Mobile Manager, which is the only enterprise mobilemanagement and security solution with a demonstrated ability to scale to tens and even hundreds ofthousands of devices table stakes in this next phase of market development beyond the pilot. Today,Zenprise is continuing to execute on this strategy by adding a cloud offering to its portfolio withZencloud, the industrys first cloud based mobile security and device management solution with 100percent SLA.

Basic level security, such as enforcing password protection or wiping a device clean if it is lost orstolen, is no longer sufficient for enterprises. They need the security surrounding devices to be on parwith the security of the overall network. Zenprise has expanded its mobile management solutions toencompass the protection of not only the devices themselves, but the applications running on them, aswell as the networks they are accessing. The Company has done this with global enterprisedeployments in mind, not small pilot deployments, meaning it can protect and manage hundreds ofthousands of devices and with a level of resiliency and redundancy not previously available.

Its not new news that IT is faced with an onslaught of requests to allow network and application accessfor personal devices the iPad is to thank for that. Almost as quickly as the iPad--and now a wholeslew of Android devices--came on the scene, the number one and two top mobility challenges for IThave become data and network security and device manageability, according to IDC. CIO Magazines2011 State of the CIO survey underscored this issue is top of mind with senior IT executives, notingthat the next generation workforce, ubiquitous data and the consumerization of IT are three of the topfive trends driving change for IT.

Zenprises strategy to protect the mobile enterprise is anchored by three tenets:1. Protecting the device isnt enough.Zenprises fully integrated platform is set apart by a Triple

Defense approach which not only secures the device, but provides comprehensive security for

applications and information residing on and accessed by that device, and the network on which

it is communicating. It does this by providing a security solution that goes everywhere the data

goes, securing every point in the enterprise's mobile environment.

2. If the server goes down, protection and management must continue.Zenprise has built in highavailability and redundancy into its product because of the critical importance of mobile

security. Products with no high availability can create huge exposure- any server outages result

in the entire enterprise compromised and exposed.


37/40

Page 2of 5

3. The mobile enterprise encompasses tens of thousands of devices, not tens or hundreds. With thechallenge of heterogeneous mobile device management being relatively new, its been common

for enterprises to pilot solutions with 50-200 devices. However, true protection of the mobile

enterprise will require the ability to secure and manage every device touching the network.

Today, Zenprises largest customer is protecting more than 65,000 devices, and future customers

are looking at as many as five million devices.

1. Which mobile device operating system platforms can your product manage? These include AppleiOS (as well as iPad), Android, BlackBerry, and Windows Mobile.Zenprise supports Apple iOS (iPhone, iPod touch, iPad), Android, BlackBerry, Windows Mobile,Windows Phone 7, WinCE, webOS, Palm and Symbian.

2. Is your product available in a SaaS model, an internal software model, or both?Both.Zenprise MobileManager:

Zenprise MobileManager provides IT with the control and visibility needed to proactively manage andsecure mobile devices, applications and corporate assets, while empowering mobile workers to beproductive from anywhere at any time. Many processes are automated and managed over-the-air or on-device to eliminate guesswork and save time for IT and help desk teams so they can focus on meetingSLAs. Zenprise MobileManager makes it easier to track, support and secure iPhone, iPad, BlackBerry,Google Android, Windows Mobile, Windows Phone 7, and WinCE devices throughout the mobilelifecycle.

Unlike other solutions currently available, Zenprise provides customers with a triple layer of securitythat operates at the device, application and network tiers; thereby providing a security solution thatgoes everywhere the data goes, securing every point in the enterprises mobile environment. Zenprise

Triple Defense is comprised of three components:

Dynamic Defense: provides contextually aware device security, automatically detectingpotential threats and intelligently adjusting security settings to mitigate risk

App Tunnels: provide flexible application security that allows IT to offer mobile users secure,encrypted access to specific business applications from their smartphone or tablet

Zenprise Secure Mobile Gateway: brings intelligent security to the network by providingapplication whitelisting and blacklisting capabilities for both iOS and Android devices. Thisfunctionality ensures that only approved applications are given access to the corporate network,

including personal or consumer applications installed on employee-owned devices. ZenpriseSecure Mobile Gateway automatically blocks users violating a whitelist or blacklist byquarantining their devices from the enterprise network.

Zencloud:Building on Zenprises strategy to provide security beyond the mobile device, Zencloud is a cloudoffering that offers the flexibility to run in several modesas a public cloud, a private cloud, or in ahybrid mode. This innovative offering is the only one of its kind available today. Zencloud enables


38/40

Page 3of 5

enterprises to perform core mobile device management functions and set security policies on devices,while also enforcing these policies. This enables them to seal the enterprise perimeter from mobilethreats; thereby making it a closed-loopsolution.

Mobile device management, including enrolling new users, configuring new devices, provisioningapplications and security policies are all handled in the public cloud. This provides customers with acomprehensive set of functions that help get mobile devices into a managed state.

The optional hybrid mode leverages theZenprise Secure Mobile Gateway, delivering advancedmobile security at the enterprise perimeter. This hybrid offering provides comprehensive securityincluding blocking unmanaged devices, users and blacklisted applications. Customers can also set uprules to permit certain device types or operating systems onto the corporate network.

Zenprise is providing Zencloud customers with an unprecedented 100 percent SLA. Under terms of theSLA, if a customer experiences any downtime as a result of an outage, Zenprise will provide servicecredits for every minute of downtime.

3. Does your product have the ability to enforce baseline security policies and settings (such aschecking for required security products, proper passwords, and acceptance of company usage policies)on devices connecting to the network?Yes. Zenprise Security Manager provides a smartphone audit feature that enables IT to:

enforce compliance of corporate policies through real-time device introspection

ensure that all smartphones are running only the latest software patches and firmware

protect working smartphones and prevent security breaches by validating that only company-approved mobile applications are available to your mobile workforce

By upholding policies, enforcing passwords, enabling content encryption, and disabling Bluetooth orcamera features, IT can mitigate risks and protect your company from non-compliance penalties

4. Can the product manage installed apps on mobile devices, for example, by being able to remotelyupdate or remove apps from devices?Yes. Zenprise MobileManager has an Enterprise App Store feature that is designed to enableadministrators to quickly configure and provision enterprise applications on smartphones and tabletswhile freeing up workers to remain productive. Zenprise Enterprise Application Store includes ITFavorites,(application discovery) making it easier for users to find safe and approved businessapplications to download. Further, Zenprise MobileManager will automatically detect when a userinstalls an application outside of the approved list and prevent blacklisted applications from launching(software updates).

Application discovery, e.g. through private application stores: Zenprise ships with privateapplication stores that allow IT to distribute internally developed apps or third party apps

directly to end users. Whereas most MDM vendors require user action to install apps (user must

open the enterprise app store & click on app to download), Zenprise can silently install

applications without any user involvement. The net result is fewer support calls to the IT Help

Desk.

Zenprise Secure Mobile Gateway brings intelligent security to the network by providingapplication whitelisting and blacklisting capabilities for both iOS and Android devices. This
http://zenprise.com/news_and_events/press_releases/Zenprise_introduces_industrys_first_secure_mobile_gateway_as_part_of_Zenprise_MobileManager/http://zenprise.com/news_and_events/press_releases/Zenprise_introduces_industrys_first_secure_mobile_gateway_as_part_of_Zenprise_MobileManager/http://zenprise.com/news_and_events/press_releases/Zenprise_introduces_industrys_first_secure_mobile_gateway_as_part_of_Zenprise_MobileManager/


39/40

Page 4of 5

functionality ensures that only approved applications are given access to the corporate network,including personal or consumer applications installed on employee-owned devices. ZenpriseSecure Mobile Gateway automatically blocks users violating a whitelist or blacklist byquarantining their devices from the enterprise network.

5. Can GPS and other location information be used for tracking or device recovery?Yes

6. Does your product have the ability to remotely wipe data from devices? Can this be done in aselective manner to wipe just corporate information and not personal user information?Yes, IT help desk representatives can immediately lock-down and remotely wipe a BlackBerry,Android, iPhone, iPad or other smartphone clean of corporate data to prevent unauthorized use. WithZenprise's "Selective Wipe" capability, IT can remove enterprise-specific data and applications whilekeeping an employee's applications, data and settings intact.

7. With your product, is it possible to enforce folder-level encryption, full disk encryption, or both forremote mobile devices?Yes.

8. Can features of devices, such as cameras, be remotely disabled using your product?Yes.

9. Does your product provide monitoring services to track usage and look for exceptions or anomaloususer behavior?Yes, for example IT can be proactively notified when a user begins roaming internationally. ZenpriseMobileManager can also detect and block jail-broken devices, quarantine devices that are infected withmalware, block devices that are violating set policies or trying to access data/applications they donthave permissions for (application whitelists/blacklists) and disable blacklisted applications on devices.

10. Is it possible to deploy company data to user-owned devices and keep that data separate from userspersonal data?Yes. App Tunnels provide flexible application security that allows IT to offer mobile users secure,encrypted access to specific business applications from their smartphone or tablet.


12. Does the product offer out-of-the-box and/or customizable reports?Yes. Zenprise helps organizations control mobile costs throughout the entire mobile lifecycle. Zenprisereduces wireless costs by decommissioning unused smartphones, optimizing plans according tobusiness policies, negotiating volume discounts and managing international roaming. With real-time

and historical reports, businesses have the visibility they need to proactively monitor employee mobileusage and enforce corporate wireless policies so that additional cost savings can be achieved. Zenprisealso provides reports showing company-owned devices vs. personal-owned devices, device types, OStypes and compliance

Zenprise provides complete visibility and control across the entire mobile service, from data centersacross carrier networks to devices and applications. A full-service dashboard provides a holistic viewof the mobile service, which can be customized to the needs of administrators, help desk operators and


40/40

extended IT staff, enabling each support tier to quickly diagnose and solve mobile problems.

Enterprise Platform Integration (e.g.: Ex

mobile device management - buyer's guide

Documents