Mobile Device Management - Buyer's Guide

November 2011 $99
Report ID: R3311111

Next
reports
Mobile Device
Management
Buyer
s Guide
As a greater variety of smartphones and tablets tap into corporate
resources, IT must have a strategy for security, access control and
management. Our buyers guide helps you make the right call on
mobile device management tools.
By Jim Rapoza
repor ts. i nformati onweek. com
Previous Next
reports
reports.informationweek.com Month 2011 2
C
O
N
T
E
N
T
S
TABLE OF
3 Authors Bio
4 Executive Summary
5 Mobile Madness
6 Knowing the Platforms
7 Security
8 Administration
9 Under Control
14 Related Reports
Figures
5 Figure 1: Preferred Mobile Operating System
6 Figure 2: Smartphone Policy
7 Figure 3: Access to Company Resources via
Personal Mobile Devices
8 Figure 4: Securing End User Devices
9 Figure 5: Organizational Approach to
Consumer-Centric Technology
11 Figure 6: MDM Administration Features
12 Figure 7: MDM Platform and Reporting
Features
13 Figure 8: MDM Security Features
ABOUT US
InformationWeek Reports analysts arm
business technology decision-makers
with real-world perspective based on
qualitative and quantitative research,
business and technology assessment
and planning tools, and adoption best
practices gleaned from experience. To
contact us, write to managing director
Art Wittmannat awittmann@techweb.com,
content director Lorna Garey at
lgarey@techweb.com, editor-at-large
Andrew Conry-Murray at acmurray@tech-
web.com, and research
managing editor Heather Vallis at
hvallis@techweb.com. Find all of our
reports at reports.informationweek.com
MD M B u y e r s G u i d e
November 2011 3
Previous Next
2011 InformationWeek, Reproduction Prohibited
reports
reports.informationweek.com
Table of Contents
Jim Rapoza is an editor for Network Computing and a contributor to Informa-
tionWeek Reports. He has been using, testing and writing about the newest
technologies in software, enterprise hardware and the Internet for more than
17 years. He served as the director of an award-winning technology testing lab
based in Massachusetts and California. Rapoza is also the winner of five awards
of excellence in technology journalism and he was the co-chair of a summit on
technology industry security practices. He is a frequent speaker at technology
conferences and expositions and has been regularly interviewed as a technol-
ogy security expert by national and local media outlets including CNN, ABC,
NPR and the Associated Press.
Jim Rapoza
InformationWeek Reports
November 2011 4
Previous Next
Smartphones and tablets running a variety of operating systems are flooding the enter-
prise. Users expect access to critical resources such as email and business applications, and
will store sensitive information on the same machine they give to a restless five-year-old.
While platforms from RIM and Microsoft are designed with enterprise management
needs in mind, consumer-centric Apple iOS and Google Android devices are just as likely
to be in the hands of employees. Enter mobile device management (MDM). The products
put client software on users phones and tablets to help IT get a handle on mobile de-
vices. Key features include the ability to encrypt data, remotely wipe a device if its lost or
stolen, and perform inventory tracking and software updates.
This buyers guide discusses the similarities and differences among MDM products, out-
lines essential features and provides guidance on choosing products that match their fea-
ture requirements. Included with the report are detailed tables that highlight features
from 10 vendors. The tables were created based on vendor responses to our question-
naire. Weve also included the full questionnaire and response from each vendor.
EXECUTIVE
reports
S
U
M
M
A
R
Y
Table of Contents
November 2011 5
The influx of consumer smartphones and
tablets into the enterprise has become a ma-
jor challenge for IT. Administrators must deal
with a wide selection of mobile devices and
operating systems, protect enterprise data,
and control the apps and software installed
on these devices. These challenges are exac-
erbated by the fact that, in many cases, IT
doesnt actually own the smartphones and
tablets being used.
Mobile device management (MDM) prod-
ucts have been specifically designed to give
IT a greater degree of control over its mobile
workforce. However, MDM is still a relatively
new category with a variety of vendors and
offerings. Some MDM products focus on one
specific mobile platform, such as Apples iOS.
Some are designed for security, while others
are built for inventory, reporting and tracking.
InformationWeek Analytics created a mobile
data management buyers guide to give IT
professionals an overview of the vendors in
the market, as well as the features and capa-
Previous Next
If you could dictate one mobile operating system for smartphones or tablets to your employees, which would it be?
Preferred Mobile Operating System
Apple iOS
Android Phone
RIM Blackberry Phone
Android Tablet
Windows Phone 7
Windows Mobile
RIM Blackberry Tablet
HP Palm WebOS
Other
We wouldnt want to dictate that choice
Dont know
Data: InformationWeek Mobile OS Vendor Evaluation Survey of 651 business technology professionals, May 2011 R2900711/4
32%
18%
12%
8%
6%
4%
2%
2%
1%
14%
1%

Mobile Madness
reports MD M B u y e r s G u i d e
Table of Contents
Figure 1
November 2011 6
bilities available from their platforms. We as-
sembled this guide from questionnaires sent
to a large portion of the vendors in the mar-
ket. We received 10 detailed responses.
This buyers guide uses the vendor re-
sponses and our own analysis to help IT de-
fine an MDM strategy and offer guidelines
when choosing an MDM product. We also
provide a detailed features chart for the 10 re-
spondents. While some features, such as com-
pany directory integration and remote wipe,
cut across all of the products, there are many
areas of differentiation among the vendors.
Fi ndi ng the ri ght MDM sol uti on means
matching your company needs with the right
product capabilities. Weve also made the
vendors completed questionnaires available
for download.
Knowing the Platforms
The first question to ask when looking at an
MDM system is What type of mobile devices
and platforms do you want and need to man-
age? Will your business require a product
that has broad support for various Android
versions, Apple, BlackBerry and Windows mo-
bile devices? Or are you one of those lucky
few companies that standardized on one sin-
gle mobile OS? Its likely to be the former
rather than the later at most organizations.
According to a recent IT Pro Ranking survey
about mobile OSes, IT professionals chose Ap-
ple iOS and Android phone OS as their pre-
ferred platforms. Given the presence that RIM
has already established in the enterprise, most
mobile environments are likely going to be a
mix of platforms.
Two vendors in our buyers guide, Absolute
Software and JAMF Software, currently only
support Apple iOS. Absolute plans to add An-
droid support in the near future. The other
Previous Next
FAST FACT
7%
Survey respondents
whose companies dont
issue or support any
smartphones
Table of Contents
Which of the following best describes your organizations formal or informal policy on smartphones?
35%
27%
7%
8% 18%
5%
Smartphone Policy
Base: 595 respondents at organizations using or evaluating mobile operating systems for smartphones
Data: InformationWeek Mobile OS Vendor Evaluation Survey of 651 business technology professionals, May 2011
R2900711/10
R
The organization issues a
preferred smartphone, but
will support a personal device
The organization lets users
choose any smartphone, but
owns and supports the phone
The organization issues smartphones to
users; personal devices are not supported
We dont issue or support smartphones, but
employees still use personal devices for work
The organization supports any
personal smartphone type
The organization supports a limited
number of personal smartphone types
p o
o hich of the f o W
tphon a mar S
personal de users;
ganiza he or T
y
our or es y ib est descr wing b ollo
y oolic ne P
ed t e not suppor vices ar personal de
o tphones t tion issues smar ganiza
mal p or mal or inf o or s fo tion ganiza our or tphones? y on smar olic mal p
vice t a personal de will suppor
but , tphone ed smar err efferr pr
tion issues a ganiza he or T
vice
ees still use personal de y emplo
t issue or suppor e don W
ork or w vices f ees still use personal de
but , tphones t smar t issue or suppor
ype tphone t personal smar
ts an tion suppor ganiza he or T
number of personal smar
he or T
ype
y ts an
vice t a personal de will suppor
ts the phone wns and suppor o
bu ,, but tphone y smar choose an
tion lets users ganiza he or T
ypes tphone t number of personal smar
ed ts a limit tion suppor ganiza he or
vice
ts the phone
but
tion lets users
ypes
InformationW Data:
espondents at organizations using or evaluating mobile operating systems for smartphones Base: 595 r
endor Evaluation Sur Mobile OS V Vendor Evaluation Sur eek WWeek
espondents at organizations using or evaluating mobile operating systems for smartphones
ype tphone t personal smar

vey of 651 business technology pr endor Evaluation Sur
number of personal smar
ype
May 2011 ofessionals, vey of 651 business technology pr
ypes tphone t number of personal smar
R2900711/10
ypes
Figure 2
November 2011 7
MDM vendors support multiple mobile oper-
ating systems, but buyers need to realize this
does not mean the same capabilities can be
applied across all of the mobile platforms you
need to manage. For example, a product may
support full disk encryption and encrypted
folders on Android, but only full disk encryp-
tion on iOS.
Security
While these are called mobile device man-
agement products, they could easily be re-
ferred to as mobile security systems. One of
the biggest forces driving companies to con-
sider these products is the potential risk of
data loss, particularly if a phone or tablet is
misplaced or stolen. Organizations also need
to control access to corporate resources from
smartphones and tablets.
When it comes to finding a lost or stolen de-
vice, nearly all of the MDM products use ge-
olocation to pinpoint the whereabouts
(which is great for determining if the phone
or tablet has just been misplaced or if it is
speeding away). If the device cant be recov-
ered, the last defense to protect sensitive data
is a remote wipe, which cleans all of the data
off the device. All of the products in our sur-
vey had remote wipe capabilities. Several,
such as AirWatch and Sybases Afaria, can also
do selective wipes. This gives IT the option to
only destroy company data and access mech-
anisms, such as email, leaving the rest of the
personal data on the device untouched. Thats
a useful level of granularity in an era where
employees are bringing their own smart-
phones and tablets into the office.
The other way to protect data on a mobile
device is to encrypt it, so even if the device is
lost, sensitive data is still secure. RIMs Black-
Berry and Apples iOS have built-in encryption
Previous Next
Table of Contents
63%
37%
Do you allow employees to access company resources with their personally owned mobile devices and/or tablets?
Access to Company Resources ia Personal Mobile Devices
Data: InformationWeek OS Wars Survey of 441 business technology professionals, May 2011 R2890711/15
R
No
Yes
o
w emplo ou allo o y D
o C ccess t A
y r ompan ess c o acc ees t y w emplo
i y ou ces y Resour o pa ompan
es YYes
o a ob
ersonally o es with their p c esour y r
ersonal Mobile De a a P
es and/or tablets? vic wned mobile de ersonally o
vices
es and/or tablets?
No
InformationW Data:

vey of 441 business technology pr ars Sur OS W Wars Sur eek WWeek ofessionals, May 2011 vey of 441 business technology professionals, May 2011 R2890711/15
Figure 3
November 2011 8
optionstheres no need for third-party soft-
ware. Full disk encryption is also possible with
Android, but only from an MDM product.
Some products offer folder-level encryption,
including AirWatch, Fiberlink Communica-
tions and Zenprise. Absolute Software sup-
ports folder-level encryption on iOS devices.
As with selective wipe, folder-level encryption
is a welcome feature when dealing with em-
ployee-owned devices. It lets IT create a pro-
tected space for corporate data and encour-
ages users to segregate personal and
business information.
Administration
While security is clearly an important aspect
of MDM products, youd expect the system
management features to be similarly extensive.
However, at least when comparing these prod-
ucts to classic PC management systems, the
MDM products often come up a little short.
One bread-and-butter feature of any sys-
tems management product is its ability to in-
stall, update and remove applications, and to
remotely patch and update the operating
system. However, MDM products have limita-
tions in this area, particularly around apps.
This can be problematic: Just because an app
i s on the market doesn t mean i t s safe
(though Apples gatekeeping does a good
job of preventing malicious software from
getting into its app store).
However, eight of the 10 vendors in our
buyers guide offer whitelists and blacklists of
approved apps, and can stop blacklisted apps
from accessing corporate resources. This is
typically done through a form of network pol-
icy enforcement. In the same way that a com-
pany can define access to email or an HR in-
tranet by setti ng pol i ci es for approved
connections (Are you on the network or VPN?
Do you have the proper access rights from
your user login? and so on), they can apply
Previous Next
Table of Contents
How do you ensure security of end user devices that may contain company data?
Securing End User Devices
End user education regarding device-specific security awareness
Written policies in place governing use, no technology enforcement
Technology enforcement of polices, such as NAC, remote wipe, mandatory lock
We rely on employees common sense
Require encryption of any data at rest on the device
Other
Note: Multiple responses allowed
Data: InformationWeek 2011 End User Device Management Survey of 551 business technology professionals, February 2011
R2110411/12
68%
62%
50%
48%
37%
1%

Figure 4
November 2011 9
this type of control on a mobile device.
When it comes to in-house mobile apps,
many MDM vendors offer internal app stores
that let IT distribute and update corporate apps
and allow users to browse for approved apps.
Inventory tracking is another core systems
management requirement. All the MDM ven-
dors offer some form of inventory tracking, but
their capabilities vary. Some are highly detailed,
showing every bit of information on device, OS,
apps and usage history. Others provide basic
hardware inventory lists. Another valuable fea-
ture lets IT set alerts around or prevent specific
types of expensive mobile usage, such as
roaming or exceeding a bandwidth cap.
MDM products come in a variety of deploy-
ment options. As with traditional desktop and
laptop management, the MDM products need
to touch the device, either with a full client or
lightweight agent. A central management plat-
form collects data from the agents and lets ad-
ministrators monitor the devices, push out poli-
cies, update software and more. Some vendors
in our buyers guide, such as Sybase, offer the
choice of either on-premises software for the
management platform or a SaaS version thats
hosted off site. Fiberlink Communications is
SaaS-only, while Absolute Software, Odyssey
Software and Symantec only offer premises-
based software.
Starting prices range from as low as $9.95 per
device up to $85 per device annually. Pricing
may change based on volume and feature set.
Some vendors offer monthly or annual fees.
The monthly option will help reduce the initial
expense but may cost more in the long term.
Under Control
IT has wrestled with the issue of mobile
computing since laptops became the de facto
compute platform for most enterprise work-
Previous Next
FAST FACT
16%
Companies with strict
consumer device policies
Table of Contents
29%
13%
16%
19%
23%
What is your organizations general approach as it relates to consumer-centric new technology such as the iPad?
Organizational Approach to Consumer-Centric Technology
Data: InformationWeek 2011 End User Device Management Survey of 551 business technology professionals, February 2011 R2110411/17
R
Proactive; we treat it like any new technology
development and IT explores whether we can
leverage within our enterprise
Strict; we have policies regarding new
devices and expect everyone to follow them
Resistant; any new device needs to
meet our design and security standards
before its even considered for a test
Neutral; we dont actively test or look
at new devices, but were willing to listen
if someone makes a suggestion or request
Accepting; we let employees
use them if they see value
Figure 5
November 2011 10
ers, but consumer smartphones and tablets
take mobility challenges in entirely new direc-
tions. They tend to live outside the boundaries
of traditional management tools, particularly
Apple and Android products. Thus, its imper-
ative for IT to have a strategy for these de-
vices. MDM products will play an important
role in that strategy.
IT should also be aware that this is a new
market, and consolidation of one form or an-
other is likely. At one end of the spectrum,
these upstart platforms may take over the role
of traditional desktop management systems.
In fact, five of the vendors in our guide can
manage laptops. At the other end, the major
management and security vendors may get
into the market, likely via acquisition, so the
vendor you choose today could become part
of a larger organization in the future.
Either way, mobile devices are on your net-
work and being used to store and access vital
company data and resources. And if you want
to protect those resources, you need manage
your mobile workforce.
Previous Next
Table of Contents
Related Report
How do you keep corporate data
safe when employees and business
partners are accessing it on their
smartphones and tablets? Find out
in our Fundamentals report Down
Side of Mobile Apps: Keeping Data
Safe on the Move.
Download Download
November 2011 11
Previous Next
Table of Contents
Company AbsoluLe
SofLware
AlrWaLch llberllnk !AMl
SofLware

Mobllelron Cdyssey
SofLware

SymanLec Sybase 1angoe Wyse Zenprlse
!"#$%$&'()'$*%
8emoLe app
managemenL
(lnsLall/remove
apps)
8emoLe
provlslonlng
and app
dlsable
?es ?es ln-house
apps only
ubllsh and
revoke on
lCS and
Androld
arLlal on
lCS
Wlndows
Moblle
only
?es ?es ?es As
allowed
by each
CS
8emoLe CS
upgrade
no ?es ?es no no Wlndows
Moblle
Wlndows
Moblle
Wlndows
Moblle,
Symblan,
Androld
?es Cn
Samsung
Androld
As
allowed
by each
CS
Compllance and
pollcy
enforcemenL
?es ?es ?es ?es ?es ?es ?es ?es ?es ?es ?es
8emoLe conLrol no ?es ?es no ?es ?es 8lack8erry,
Wlndows
Moblle
?es ?es Some
Androld
devlces
?es
CommunlcaLlons
capLure
no ?es no no Call, SMS,
daLa
acLlvlLy,
SMS
archlvlng
no no no volce and
SMS
Cn
Samsung
Androld
volce
and SMS
8emoLe conLenL
backup
no no SeLLlngs,
apps and
corporaLe
daLa
no no no no ?es no ?es no

lnformaLlonWeek Moblle uevlce ManagemenL 8uyer's Culde: AdmlnlsLraLlon leaLures
Figure 6
Previous Next
Table of Contents
Company AbsoluLe
SofLware
SofLware
Mobllelron Cdyssey
SofLware
!"#$%&'(
Moblle
plaLforms
supporLed
Androld

(C3 2011),
lCS
Androld,
8lack8erry,
lCS, Symblan,
Wlndows
Moblle,
Wlndows
hone 7
Androld,
8lack8erry,
lCS,
Symblan,
WebCS
Wlndows
Moblle,
Wlndows
hone 7
lCS Androld,
8lack8erry,
lCS,
Symblan,
WebCS,
Wlndows
Moblle,
Wlndows
hone 7
Androld,
8lack8erry,
lCS,
Wlndows
Moblle,
Wlndows
hone 7
Androld,
8lack8erry,
lCS,
WebCS,
Wlndows
Moblle,
Wlndows
hone 7
Androld,
8lackberry,
lCS,
Symblan,
Wlndows
Moblle
Androld,
8lack8erry,
lCS, Symblan,
Wlndows
Moblle,
Wlndows
hone 7
Androld,
8lack8erry,
lCS
Androld,
8lack8erry,
lCS, alm,
Symblan,
WebCS,
Wlndows
Moblle
1ableL ?es ?es ?es ?es ?es ?es ?es ?es ?es ?es ?es
LapLop Mac,
Wlndows
no Mac,
Wlndows
Mac no ?es no Wlndows no 2nd half
2012
no
uellvery
model
SofLware SaaS,
appllance or
sofLware
SaaS SaaS,
sofLware
SaaS,
sofLware
SofLware SofLware PosLed,
SofLware
SaaS,
SofLware
SaaS SaaS, SofLware
ulrecLory
lnLegraLlon
*+,&'$-./
CeolocaLlon ?es ?es ?es no ?es ?es lCS only ?es ?es ?es ?es
usage
analyLlcs and
Lracklng
no ?es ?es no ?es ?es no ?es ?es ?es ?es
usage alerLs 8oamlng ?es 8oamlng
and daLa
?es 8oamlng,
volce/daLa/
SMS
no 8oamlng
and daLa
8oamlng 8oamlng and
daLa
8oamlng 8oamlng and
daLa
lnvenLory
managemenL
?es ?es ?es 8eporLlng ?es ?es ?es ?es ?es ?es ?es
!'-0-./ $9.93 per
devlce per
year
$3 per devlce
per monLh,
$40 perp.
llcense per
devlce
$4 per
devlce per
monLh, $10
per user, per
monLh
unllmlLed
devlces
$30 per
devlce, w/
20 annual
malnLenance
$4 per
devlce per
monLh,
$73 perp.
llcense per
devlce
Mld-$20s
Lo mld-
$30s per
devlce
dependlng
on volume
$62 for 1
unlL
$29 per seaL
sLarLlng
prlce
$2-$3 per
devlce per
monLh
$3.30-$3 per
devlce per
monLh
$83 per devlce
ln flrsL year,
dlscounLs
beglnnlng ln
second year

lnformaLlonWeek Moblle uevlce ManagemenL 8uyer's Culde: laLform and 8eporLlng leaLures
Figure 7
November 2011 13
Previous Next
Table of Contents
Company AbsoluLe
SofLware
SofLware
Mobllelron Cdyssey
SofLware

!"#$%&'(
8ules englne
for devlce
securlLy check
App whlLellsLs/
blackllsLs
?es ?es ?es no ?es ?es no ?es ?es ?es ?es
8emoLe wlpe ?es ?es ?es ?es ?es ?es ?es ?es ?es ?es ?es
8emoLe
camera conLrol
lolder-level
encrypLlon
lCS ?es ?es no no no no no no ?es ?es
lull dlsk
encrypLlon
lCS ?es ?es ?es ?es ?es ?es ?es no ?es ?es
Sandbox
corporaLe from
personal daLa
lCS ?es CorporaLe
documenLs
no SelecLlve
wlpe
vlslblllLy
lnLo daLa
Cnly
Wlndows
Moblle
no ?es no ?es ?es
vn ?es ?es ?es ?es ?es no SupporLs
conflg. of
naLlve vn
apps
?es ?es ?es ?es

lnformaLlonWeek Moblle uevlce ManagemenL 8uyer's Culde: SecurlLy leaLures
Figure 8
Subscribe Subscribe
Newsletter
Want to stay current on all new
InformationWeek Reports?
Subscribe to our weekly
newsletter and never miss
a beat.
November 2011 14
Previous Next
M
O
R
E
LIKE THIS
Want More Like This?
Making the right technology choices is a challenge for IT teams everywhere. Whether its
sorting through vendor claims, justifying IT projects or implementing new systems, theres
no substitute for experience. And thats what InformationWeek providesanalysis and ad-
vice from IT professionals. Our Reports site houses more than 900 reports and briefs, and
more than 100 new reports are slated for release in 2012. Right now, youll find:
Research: IT Pro Ranking/Smartphones and Tablet OSes: Apple and Google topple the
Black Berry as consumer phones and tablets swarm the enterprise. And IT doesnt seem to mind.
Research: 5 Steps to Clean Up the OS Mess: Windows is still ubiquitous, but the average
company now supports three OSes, our survey finds. Many companies also are letting devices
based on almost any OS connect to the network, many without a clear policy on IT support.
Research: 2011 End User Device Survey: The forces of cloud, mobility and consumeriza-
tion will eventually spell the end of the fat corporate desktop as we know it. Think you can
hold the line against the trifecta of change?
Informed CIO: Reducing Mobile Device Risks to Enterprise Data: Smartphones have al-
ready altered the enterprise risk landscape, and tablets will only accelerate the pace of change.
Employees want access from their personal devicesand companies need to provide it.
PLUS: Find signature reports, such as the InformationWeek Salary Survey, InformationWeek
500 and the annual State of Security report; full issues; and much more.
Table of Contents
Mobile Device Management Questionnaire: Absolute

1. Which mobile device operating system platforms can your product manage? These include Apple iOS
(as well as iPad), Android, BlackBerry, and Windows Mobile.

Absolute Manage Mobile Device Management currently supports iOS, and we anticipate
release of a new version with support for Android in calendar Q3 2011.

2. Is your product available in a SaaS model, an internal software model, or both?

Absolute Manage is a premise-based software solution only.

3. Does your product have the ability to enforce baseline security policies and settings (such as
checking for required security products, proper passwords, and acceptance of company usage policies)
on devices connecting to the network?

Absolute Manage can enforce security policies such as password length and complexity
standards, or requiring encrypted backups, through OTA-deployed configuration profiles on
iOS devices. Additionally, it can detect noncompliance with company security policies, such as
jail breaking, or installation of blacklisted apps. Administrators can report on noncompliance,
or automate certain remedial actions, such as removing access to corporate resources such
as email, Wi-Fi or VPN, or even wiping and resetting the device.

4. Can the product manage installed apps on mobile devices, for example, by being able to remotely
update or remove apps from devices?

Actually installing or removing apps remotely is not possible on the iOS operating system.
However, Absolute Manage does provide extensive deployment and management options for
both in-house and iTunes Store apps. In-House apps can be hosted by Absolute Manage, and
published to the on-device user self-service portal (Absolute Apps) where users install with
one tap. Subsequent updates are received via notifications similar to those used by the App
Store. Administrators cannot actually remove these apps, but they can revoke the provisioning
profile, which disables the app and removes access to any associated data.

For iTunes App Store apps, Absolute Manage can also publish recommended apps to the on-
device self-service portal, so that users may easily install approved apps without the need to
search for them the iTunes App Store.

Beyond that, Absolute Manage can automatically apply redemption codes purchased under
the App Store Volume Purchase Program (ASVPP.) This program, which has recently been
expanded from education customers to business customers, allows organizations to buy apps
in bulk. Absolute Manage not only distributes the codes, but tracks redemption by device so
that organizations can ensure license compliance.

5. Can GPS and other location information be used for tracking or device recovery?

Yes. With Absolute Manage, administrators can track and map the location of iOS devices for
recovery or workforce management. Tracking interval and accuracy are configurable, and can
be reported as often as once per second, and as accurately as a ten meter radius.

6. Does your product have the ability to remotely wipe data from devices? Can this be done in a
selective manner to wipe just corporate information and not personal user information?

Absolute Manage can remotely wipe devices, resetting them to factory specs. It can also
remove only corporate data for example, removing corporate email Configuration Profiles
removes access only to the data (email, contacts, calendar) associated with that profile,
leaving personal email and other data untouched.

7. With your product, is it possible to enforce folder-level encryption, full disk encryption, or both for
remote mobile devices?

Absolute Manage does not provide encryption.

8. Can features of devices, such as cameras, be remotely disabled using your product?

Yes.

9. Does your product provide monitoring services to track usage and look for exceptions or anomalous
user behavior?

No.

10. Is it possible to deploy company data to user-owned devices and keep that data separate from users
personal data?

We recommend provisioning corporate email via Configuration Profiles in order to leverage
the built-in "sandboxing" of iOS.

11. What is the approximate or typical pricing for your product?

MSRP begins at $9.95 per year per device, with significant discount for volume, longer terms
and educational institutions. Perpetual licenses are also available.

12. Does the product offer out-of-the-box and/or customizable reports?

There are some out of the box reports included, but the simple drag and drop reporting
interface enables administrators to easily create or customize reports to fit their own needs,
using any of the 60+ data points collected from the devices. Additionally, Absolute Manage
administrators may create Custom Data Fields, which become part of the device record, to
track information such as cost centers. Absolute Manage also automatically imports directory
information from Active Directory/Open Directory and adds it to device records. All of this
information is available for management and reporting.

13. Does the product offer out-of-the-box integration with third-party products such as security
management systems, SIEM, help desk, or ticketing? If not out-of-box integration, does it offer APIs?
Absolute Manage is easily integrated with third party management applications, and has pre-
built integrations for WebHelpDesk and Microsoft SCCM.
Mobile Device Management Questionnaire: AirWatch

1. Which mobile device operating system platforms can your product manage? These include Apple
iOS (as well as iPad), Android, BlackBerry, and Windows Mobile.

AirWatch is a cross-platform mobile device management solution that secures and manages Apple iOS
(iPhone, iPod & iPad), Android, BlackBerry, Symbian, Windows Mobile and Windows Phone mobile
devices and tablets.


AirWatchs scalable architecture enables the solution to be deployed on-premise (dedicated hardware or
VM), as an appliance or SaaS and meets strict requirements for high availability and redundancy.
Global customer deployments range from 50 devices to 100,000+.


AirWatch provides the ability to configure security policies/settings, identify exceptions/threats and
manage policy violations through a robust compliance engine. AirWatchs security capabilities include:

- Enterprise directory-based authentication
- SCEP/Certificate Authority integration
- Configurable device password policies
- Device data encryption
- Compromised device detection
- Secure email gateway with device level access control and policies for securing attachments
- Secure mobile web browser
- Application lock down
- Real-time monitoring of required security policies and security audits
- Compliance engine to proactively manage security threats/exceptions
- Events logs
- Remote lock, corporate/selective or full wipe
- Configurable privacy policies for employee-liable versus corporate-owned devices
- Role-based console access with enterprise directory integration

When a user enrolls their device with AirWatch, they must accept a company specific EULA describing
corporate usage policies and MDM capabilities that will affect their device.


AirWatch offers the ability to wirelessly distribute and update internal enterprise apps. IT
administrators can monitor installed apps on mobile devices, manage app compliance via white lists
and black lists and even remove apps from a device. Also, AirWatch can limit selection, recommend
and ease the distribution of publicly available apps from the Apple AppStore or Android Market.


AirWatch can track a devices location via GPS or Wi-Fi information. With AirWatch, you can map a
devices current location as well as view historical breadcrumbs showing speed, location and direction.


AirWatch supports both corporate or selective remote wipe as well as a full wipe, returning the device
to factory defaults. When performing a selective wipe, AirWatch removes all corporate data and access
to corporate services, such as VPN, Wi-Fi, Email and even applications. Also, AirWatch has developed
a robust compliance engine that enables companies to define compliance policies and automated
processes, which could trigger a remote device wipe in the event of a policy violation.


Depending on the mobile platform, AirWatch supports encryption of mobile device data and full disk
encryption.


AirWatch can restrict specific device features such as, camera, YouTube, web browsers etc. and even
lock down devices to IT-defined programs or apps. Capabilities vary by device platform.

user behavior?

AirWatch is designed to monitor a companys entire fleet of devices in real-time and identify any
exceptions/threats or anomalous user behavior. AirWatchs alerting system can instantly notify both end
users/IT when specific device or user actions occur. For example, AirWatch can detect when a device is
roaming and alert the end user/IT, preventing data overages.

personal data?

AirWatch provisions corporate data and access to corporate services, such as Email, Calendar, Contact,
VPN, Wi-Fi and even applications to all devices, including employee-liable devices. AirWatch has the
ability to selectively manage corporate data and access separate from an end users personal data.


$3 Monthly SaaS subscription per device
$40 Perpetual license per device


AirWatch offers an extensive library (100+) of out-of-the-box reports that can be customized based on
various data elements and automatically distributed using subscriptions.


Out-of-the box, AirWatch integrates to enterprise infrastructure such as Microsoft Exchange, BPOS,
Office 365, Lotus Notes, Gmail for Business, LDAP/AD, SAML, PKI (Certificate Authority).
AirWatch also integrates to help desk or ticketing systems, business intelligence tools, alerting and
more using APIs and a complete DataMart for easy export of data.
Mobile Device Management Questionnaire: Fiberlink


Fiberlinks MaaS360 platform provides comprehensive management capabilities across a wide range of
smartphones and tablets including iOS, Android, BlackBerry, Windows Phone 7, Windows Mobile,
Symbian, and WebOS devices.


MaaS360 is built on a multi-tenant infrastructure and delivered as a cloud-based, SaaS model.
Customers can access the platform from the Internet and provision a fully operational Mobile Device
Management solution in minutes. This approach delivers rapid time to value with the flexibility to start
managing a small group of users and scale from 10 to 100,000 plus users as needs changes, reaping the
benefits of a pay-as-you-go subscription model.


MaaS360 provides all of the essential capabilities to enforce baseline security policies including:

OTA configuration
Customizable acceptable use policy
Passcode enforcement
Wifi, VPN, and email settings
Remote lock and full wipe
Selective wipe of corporate data
Device restrictions
Jailbreak and root detection
Device location

MaaS360 goes above and beyond these baseline securities policies to provide more advanced
management capabilities. MaaS360s Compliance Engine lets IT administrators easily define and
implement powerful compliance rules for smartphones and tablets to deal with specific events and
contextual changes. Managed devices are continuously monitored against defined rules or events. If a
security policy violation occurs, MaaS360 can be configured to immediately and automatically take
actions such as warning the user with onscreen messaging, blocking corporate email access or even
wiping the devices memory to factory default settings.

MaaS360 provides organizations with a private, easy-to-use system to categorize, distribute and update
in-house developed enterprise applications, as well as view Apple Store and Android Market
applications recommended, approved, and unapproved by the enterprise.

MaaS360 also provides the ability to remove apps from devices.


Yes . Device location via GPS is supported for device types which allow for this type of technology to
be used. Ex. An end user reports back to the help desk that they may have lost their smartphone. IT
staff can locate down to the street address where that device currently is. MaaS360 also provides the
last know IP connection which the device had or currently has.


MaaS360 supports both full factory wipe as well as selective wipe which will remove corporate data
such as e-mail, calendaring, contacts, corporate apps and data, while leaving personal data such as
pictures and music.


MaaS360 is able to detect and enforce encryption standards on devices across folder-level and full disk
where applicable by the device or OS platform. MaaS360 can require the user to take the required
action to encrypt the device. If for example the user fails to encrypt the device, MaaS360 is able to
detect this and automatically take a predefined action on that device such as block access to corporate
data, perform a selective wipe, remove a Wi-Fi or VPN profiles, and other actions.


Yes, Cameras can be disabled remotely. In addition, features such as Bluetooth, USB, Device
Tethering, and the use of iTunes App Store can be remotely disabled.

These are included as part of MaaS360s baseline security policy settings that can be configured by the
IT administrator.

user behavior?

Yes. MaaS360 provides service management with real-time monitoring and tracking usage and can flag
and take automated actions on exceptions and anomalous behavior.

Malicious application install, data roaming, and SIM changes are some examples of anomalous
behavior companies can detect by using MaaS360. MaaS360 also enables behavior modification
techniques to help prevent ongoing and repeat violations.

personal data?

MaaS360 allows organizations to distribute documents remotely to their users. Once these documents
are received by the end users device, they can be kept in a separate container for viewing. The user
will not be able to save these documents or open them with other applications. IT admins have the
ability to remove these documents at any time from the device.

In addition, MaaS360 is able to remotely deploy and wipe corporate data such as e-mail, calendaring,
contacts, Wi-Fi Profiles, and VPN settings.


Volume pricing for MaaS360 starts at $4 per device, per month or $10 per user, for an unlimited
number of devices. These models can be combining across an organization for the most flexible
approach.

The pricing is inclusive of 24x7x365 customer support, training, maintenance, installation, and product
updates.


Mobile Device Reporting in MaaS360 includes My Watch List (real-time), Mobile Intelligence
Dashboards, and Device Management View (real-time). The different areas of reporting have
navigation between them for a seamless workflow and experience. MaaS360 provides additional
reporting features within these main areas (ex. Smart Search, Device Grouping) and together, combine
for a detailed and flexible reporting capability. MaaS360 platform offers robust reporting across MDM
as a standalone offering or in combination with DTM for a single pane of glass experience.

My Watchlist: My Watch List section lists the real-time device monitoring metrics for smartphones and
tablets (also available for desktops and laptops). A predefined list of best practice items are provided to
the customer by default and a customer can customize or create their own personalized watch list items.
Also, My Watch List alerts are automatically delivered to IT staff on a daily and weekly basis.

Mobile Intelligence Dashboards: Mobility Intelligence Dashboards (MI) provide an interactive
summary and detailed reports for users. Charts and graphs show how many of your devices are owned
by the company and how many are owned by the users, number of devices by platform and type, time
series of enrolled devices by month for the last 6 months, and approved, blocked or quarantined
devices. Clicking on part of the graph provides a drill down into a more detail report that is
automatically filtered to show the data from the graph. Available tabs allow users to navigate to the
detailed data then apply additional filters. Customers are able to see their entire device environment at a
summary level then drill in and around the data.

Device Management View: MaaS360s Device Management View provides a wealth of information
about devices. Users can see inventory, security and compliance, status information, and lots more.
Information here is specific to an individual device and very detailed. In addition, features such as
Smart Search and Device Grouping are available for detailed information across multiple devices.

Smart Search: The Smart Search feature allows IT staff to create ad-hoc reporting and grouping
across almost every device attribute available from MaaS360. This allows for flexibility in IT
operations as well as custom reports. Smart Search can be performed on custom device
attributes that have been created and assigned by IT staff (Ex. Business unit, warranty
expiration, etc).
Device Groups: Provides canned reports which customers can access quickly from a drop down
menu or portal navigation. These reports include predefined criteria such as devices which are
personally owned vs. corporate owned. Customers can create their own device groups based
upon the hundreds of available attributes and save them for shared viewing within the
organization or private viewing.


MaaS360 offers integration with other third part products and systems via an API. The web-services
API requires no infrastructure to implement and typically integrates into third party system in an hour.

MaaS360 reporting data can be exported in several common file formats for easy import into third
party systems.

Mobile Device Management Questionnaire: JAMF


iOS iPad, iPhone, and iPod touch devices.


Software is available for premise or cloud based installations. No SAAS offering directly from JAMF
Software at the moment, although our MSP partner network do offer SAAS offerings using our
software. (More deals available if youre interested.)


Yes.


Yes, with caveats. The capability to remotely update or remove App Store apps over-the-air is not
currently provided by Apples iOS Mobile Device Management API. However, we can control updates
of in-house apps using automated sync to iTunes which we can manage using the Casper Suites Mac
OS X management capabilities. (For more information, please see the Mobile Point of Sale workflow
in our webinar entitled An Introduction to iOS Management http://jamfsoftware.com/solutions/ios-
management.)


The Casper Suite does not currently include this capability. Our approach is to integrate with, extend
and augment Apples offerings, so we often recommend using Apples native technologies when
available. In this scenario, we might recommend using MobileMe (FindMyPhone) to locate and track a
device if determined to be prudent. In many scenarios, an IT department considers the data to be more
valuable than the hardware, so they would leverage the Casper Suites security capabilities to remotely
wipe or lock a lost iOS device.


Yes, the Casper Suite is able to remotely wipe an entire device. The Casper Suite is also able to revoke
access to any systems on which access has been granted using MDM. So, removing corporate email
accounts and the associated data while leaving personal email accounts, revoking network access that
was granted using MDM, etc.


It is possible to enforce full disk encryption (data encryption). Would need clarification on what exactly
is meant by folder-level encryption for iOS, as this is most likely referring to other operating systems.
It most likely would not be possible (depending on definition) with the iOS MDM API.


Yes.

user behavior?

Yes. Software and hardware inventory can be queried, alerts can be sent based on wide range of device
settings.

personal data?

No.


Pricing is tiered based on quantity and type of organization. Significant volume discounts are available.
Additionally, K-12 education customers receive a 100% discount on license pricing and higher
education customers receive a 70% discount on license pricing. (I could provide more specific
information in conjunction with our sales team if it would be helpful.)


Yes.


Yes. The Casper Suite offers out-of-the-box integration with some third-party products. We also offer a
RESTful API (http://jamfsoftware.com/developer-resources/) that can be used to develop integrations
between the Casper Suite and other systems. Our custom development team is also available to build
custom integrations using the JSS API to integrate with customers business systems.

Mobile Device Management Questionnaire: MobileIron

Android, BlackBerry, iOS, Symbian, WebOS, Windows Phone 7, Windows Mobile

Both we will announce that our SaaS offering is GA at the beginning of August, it has been in beta
with 11 customers including 5 Fortune 1000 companies

Yes

Yes, MobileIron delivered the industrys first Enterprise App Storefront in December 2009. Using
MobileIrons Enterprise App Storefront, IT publishes approved internal and external applications, and
defines access based on employee role or IT policy. Employees then browse their Enterprise App Store
and click on the app icon to install the application. The Enterprise App Storefront also ensures that
internal apps are never made public. Note that on iOS and Android, we manage the end-to-end
provisioning of apps but the operating system requires the users consent to accept the app installation.

In Dec 2010, MobileIron introduced App Control, the ability to monitor application inventory and take
action if users download unapproved apps. In the case of a less serious threat, this can be sending the
user an alert or blocking access to corporate resources. In a more serious situation, IT can wipe all
enterprise data from the device.

Recent attacks by malware-infected apps have made Android security a very real concern for
enterprises. In June 2011, MobileIron introduced App Data Visibility to bring Android security to a new
level by identifying which permissions Android apps have and therefore which datathey are trying to
access.

Yes

Yes to both. In fact, MobileIron was the first to offer selective wipe to remove corporate information
while preserving personal data.

Yes, where encryption is an option, we monitor encryption state and enforce/report on it.

Yes

user behavior?
Yes

personal data?
Yes, we provide the ability to provision and selectively wipe a device. On iOS this means configuring
the device for enterprise use and then selectively wiping enterprise email and configurations while
leaving personal content alone if the employee leaves the company.

Customers buy MobileIron either by subscription or perpetual license. Costs are:
Subscription: $4 per device per month
Perpetual: $75 per device

Yes

Yes MobileIron integrates with third-party systems and also has an API.

Mobile Device Management Questionnaire: Odyssey

A: iOS (iPad), Android, Blackberry, Windows Phone, Windows Mobile, Windows Embedded CE

A: Internal Software Model (i.e. on-premise solution)

A: Yes

A: Yes, as permitted by the mobile device platforms.

A: Yes

A: Yes. Full device wipe is available on all supported mobile platforms. Selective wipe is
available on iOS and Windows Mobile.

A: Yes. Athena can invoke the mobile platforms native data encryption capabilities.

A: Yes. Athena can remotely disable device features such as cameras on mobile platforms that
support these capabilities (e.g. iOS).

user behavior?
A: Yes. Athena reports comprehensive hardware, software and device health information.
Exceptions and anomalous user behavior such as installing unapproved applications can not only
be tracked, but can automatically result in remediation for example, disabling access to
corporate e-mail.

personal data?
A: Athena does not manage the separation of corporate data from users personal data on
devices. In our experience, there is no practical way to truly enforce this short of the device
platform vendors addressing it even with products that claim to have a secure mobile
messaging application. However, Athena is able to selectively wipe data from devices such as iOS
and Windows Mobile.

A: Depending on the number of devices being managed, license pricing for Athena is in the mid
$20s to mid-$30s per device.

A: Yes. Athena offers both out-of-the-box and customizable reports.

A: Yes. Athena is implemented as a set of mobile device management extensions to the Microsoft
System Center Configuration Manager enterprise management platform. Athena leverages to
Configuration Manager infrastructure and its inherent scalability, security and reliability no
Odyssey Software-specific server, appliance or console is required.

InformationWeek Mobile Device Management Questionnaire: Sybase Afaria

1. Which mobile device operating system platforms can your product manage?

Afaria supports a variety of mobile device operating systems that are prevalent in the enterprise
today, including RIM BlackBerry, iOS (iPhone and iPad), Android, Windows Mobile and
Symbian. One of the strengths of Afaria is in hiding the differences across varying operating
systems and manufacturers to provide common key capabilities such as application deployment,
security (remote wipe, password controls), asset collection and beyond.


Afaria simplifies complexity by delivering device and applications management capabilities in
a hosted or on-premise model.

checking for required security products, proper passwords, and acceptance of company usage
policies) on devices connecting to the network?

Yes, Afaria has the ability to enforce baseline security policies and settings, including
passwords, VPN and WIFI certificate requirements, application security requirements just to
name a few with our Access Control component.

4. Can the product manage installed apps on mobile devices, for example, by being able to
remotely update or remove apps from devices?

Afaria has a central administration console that can remotely update or remove apps from
device. The level of functionality and the way it is implemented is dependent on the OS
manufacturer. To combat the platform differences, Afaria has added application management
capabilities to the core product that allows administrators to control app-level settings and
security.


Afaria is adding location information that can be used to track devices and view which devices
are in high-cost roaming environments (see iPad screen shot).


Afaria has selective remote wipe functionality enabling IT to only wipe corporate data without
the end user losing any personal, music or photo data. Some of our customers also demand full
device wipe so we provide both options.

7. With your product, is it possible to enforce folder-level encryption, full disk encryption, or
both for remote mobile devices?

We provide device-level encryption for Windows Mobile and Symbian and can enable built-in
bit locker security on Win32. For Android and iOS we enforce security policies while leaving
the actually encryption to the device manufacturers.


Afaria can remotely disable camera functionality on device. For iOS we can control all the
features found in the Apple Configuration Utility. For Android, it is manufacturer dependent.

9. Does your product provide monitoring services to track usage and look for exceptions or
anomalous user behavior?

Afaria collects large amounts of data on device and user usage (it is configurable); The usage
data is used by our customers differently depending on their industry. For instance, in the
pharmaceutical industry our customers track the delivery of all drug information and store it up
to two years for legal and compliance purposes.

10. Is it possible to deploy company data to user-owned devices and keep that data separate
from users personal data?

Yes. Afaria uses the built-in features of memory isolation of iOS and Android to keep
application data separate. With iOS 5 it is even easier to separate personal and enterprise email
(no forwarding from other accounts). For Android email, we use the Nitrodesk Touchdown
email client to keep data separate.


Pricing for Afaria varies depending on deployment. Seats start at $29.


Afaria has a very rich set of out-of-the-box reports. Administrators can also build custom views
and additional reports. SAP Business Objects customers can also use our deep reporting tools
to get additional flexibility.

management systems, SIEM, help desk, or ticketing? If not out-of-box integration, does it offer
APIs?

Afaria integrates with back-end systems in several ways including back-end database
integration, Web services APIs, and SNMP traps through the alerting console.

Mobile Device Management Questionnaire: Symantec Mobile Management

1. Which mobile device operating system platforms can your product manage? These include
Apple iOS (as well as iPad), Android, BlackBerry, and Windows Mobile.

Symantec Mobile Management supports Android, iOS, BlackBerry and Windows Mobile.


Symantec Mobile Management is available in an internal software model.

checking for required security products, proper passwords, and acceptance of company usage
policies) on devices connecting to the network?

Yes. Policies, passwords, etc. can be enforced using Symantec Mobile Management in order to enable
access to company resources.

4. Can the product manage installed apps on mobile devices, for example, by being able to
remotely update or remove apps from devices?

Yes, but for Windows Mobile only. iOS will only allow removal of corporate apps delivered using the
Volume Purchase Program capability.


Yes. Symantec Mobile Management can provide the last known location of iOS devices and this
capability will soon be available for Android devices as well.


Yes, Symantec Mobile Management features the capability to remotely wipe devices of data. Selective
wipe is available for iOS devices.

7. With your product, is it possible to enforce folder-level encryption, full disk encryption, or both
for remote mobile devices?

Symantec Mobile Management is capable of enforcing full disk encryption only. Most mobile
operating systems only provide device-level configuration settings and no APIs for any other level of
encryption.


Yes, Symantec Mobile Management is capable of remotely disabling devices features, such as cameras.

9. Does your product provide monitoring services to track usage and look for exceptions or
anomalous user behavior?

Symantec Mobile Management can control and limit usage, as in data roaming, but it does not monitor
use. Anomalous behavior, such as jail breaking, is detected by Symantec Mobile Management and it
can thus deny access to such devices.

10. Is it possible to deploy company data to user-owned devices and keep that data separate from
users personal data?

Yes. Corporate apps and data may be deployed and removed separately from personal/public apps and
data with Symantec Mobile Management, with specific platforms supporting different levels of
segregation depending on their design and APIs.


Pricing for Symantec Mobile Management is $62 MSRP for one unit.


Yes, both.

management systems, SIEM, help desk, or ticketing? If not out-of-box integration, does it offer
APIs?

Yes, Symantec Mobile Management offers out-of-the-box integration with security management
systems, help desk and ticketing all via the Symantec Management Platform. SIEM integration is not
yet available, but is planned. APIs are also offered for additional integration, as well as a workflow
engine that provides visual configuration of automated processes.

Mobile Device Management Questionnaire: Tangoe

Tangoe MDM

iOS (as well as iPad), Android, BlackBerry, and Windows Mobile. iOS, Android, Blackberry, Windows
Mobile, Windows Phone 7, and Symbian

2. Is your product available in a SaaS model, an internal software model, or both? On-Premise software
model and Hosted Managed Services model

on devices connecting to the network? Yes, for all supported mobile platforms

update or remove apps from devices? Yes. Tangoe MDM supports pushing applications to BlackBerry,
Android, Windows Mobile, and iOS (enterprise apps only). We can remove applications from
BlackBerry, Android, and Windows Mobile devices.

5. Can GPS and other location information be used for tracking or device recovery? Yes.

6. Does your product have the ability to remotely wipe data from devices? Yes. Can this be done in a
selective manner to wipe just corporate information and not personal user information? Yes

remote mobile devices? No

8. Can features of devices, such as cameras, be remotely disabled using your product? Yes

user behavior? Yes

personal data? No


12. Does the product offer out-of-the-box and/or customizable reports? Yes

No

Page 1 of 5

Mobile Device Management Questionnaire: Zenprise

Zenprise, Inc.

As the global mobile worker population approaches 1.2 billion in 2013 (according to IDC), and IT is
grappling with how to secure and manage the billions of mobile devices used by these workers,
Zenprises strategy to meet this need is by protecting the entire mobile enterprise. With the opportunity
presented by the mobile enterprise comes intense hype and confusion over the best approach to ensure
not only that devices are secure, but that the information and applications being accessed are safe from
tampering and theft
.
At the core of Zenprises strategy is Zenprise Mobile Manager, which is the only enterprise mobile
management and security solution with a demonstrated ability to scale to tens and even hundreds of
thousands of devices table stakes in this next phase of market development beyond the pilot. Today,
Zenprise is continuing to execute on this strategy by adding a cloud offering to its portfolio with
Zencloud, the industrys first cloud based mobile security and device management solution with 100
percent SLA.

Basic level security, such as enforcing password protection or wiping a device clean if it is lost or
stolen, is no longer sufficient for enterprises. They need the security surrounding devices to be on par
with the security of the overall network. Zenprise has expanded its mobile management solutions to
encompass the protection of not only the devices themselves, but the applications running on them, as
well as the networks they are accessing. The Company has done this with global enterprise
deployments in mind, not small pilot deployments, meaning it can protect and manage hundreds of
thousands of devices and with a level of resiliency and redundancy not previously available.

Its not new news that IT is faced with an onslaught of requests to allow network and application access
for personal devices the iPad is to thank for that. Almost as quickly as the iPad--and now a whole
slew of Android devices--came on the scene, the number one and two top mobility challenges for IT
have become data and network security and device manageability, according to IDC. CIO Magazines
2011 State of the CIO survey underscored this issue is top of mind with senior IT executives, noting
that the next generation workforce, ubiquitous data and the consumerization of IT are three of the top
five trends driving change for IT.

Zenprises strategy to protect the mobile enterprise is anchored by three tenets:
1. Protecting the device isnt enough. Zenprises fully integrated platform is set apart by a Triple
Defense approach which not only secures the device, but provides comprehensive security for
applications and information residing on and accessed by that device, and the network on which
it is communicating. It does this by providing a security solution that goes everywhere the data
goes, securing every point in the enterprise's mobile environment.

2. If the server goes down, protection and management must continue. Zenprise has built in high
availability and redundancy into its product because of the critical importance of mobile
security. Products with no high availability can create huge exposure- any server outages result
in the entire enterprise compromised and exposed.

Page 2 of 5

3. The mobile enterprise encompasses tens of thousands of devices, not tens or hundreds. With the
challenge of heterogeneous mobile device management being relatively new, its been common
for enterprises to pilot solutions with 50-200 devices. However, true protection of the mobile
enterprise will require the ability to secure and manage every device touching the network.
Today, Zenprises largest customer is protecting more than 65,000 devices, and future customers
are looking at as many as five million devices.

Zenprise supports Apple iOS (iPhone, iPod touch, iPad), Android, BlackBerry, Windows Mobile,
Windows Phone 7, WinCE, webOS, Palm and Symbian.

Both.
Zenprise MobileManager:
Zenprise MobileManager provides IT with the control and visibility needed to proactively manage and
secure mobile devices, applications and corporate assets, while empowering mobile workers to be
productive from anywhere at any time. Many processes are automated and managed over-the-air or on-
device to eliminate guesswork and save time for IT and help desk teams so they can focus on meeting
SLAs. Zenprise MobileManager makes it easier to track, support and secure iPhone, iPad, BlackBerry,
Google Android, Windows Mobile, Windows Phone 7, and WinCE devices throughout the mobile
lifecycle.

Unlike other solutions currently available, Zenprise provides customers with a triple layer of security
that operates at the device, application and network tiers; thereby providing a security solution that
goes everywhere the data goes, securing every point in the enterprises mobile environment. Zenprise
Triple Defense is comprised of three components:

Dynamic Defense: provides contextually aware device security, automatically detecting
potential threats and intelligently adjusting security settings to mitigate risk

App Tunnels: provide flexible application security that allows IT to offer mobile users secure,
encrypted access to specific business applications from their smartphone or tablet

Zenprise Secure Mobile Gateway: brings intelligent security to the network by providing
application whitelisting and blacklisting capabilities for both iOS and Android devices. This
functionality ensures that only approved applications are given access to the corporate network,
including personal or consumer applications installed on employee-owned devices. Zenprise
Secure Mobile Gateway automatically blocks users violating a whitelist or blacklist by
quarantining their devices from the enterprise network.

Zencloud:
Building on Zenprises strategy to provide security beyond the mobile device, Zencloud is a cloud
offering that offers the flexibility to run in several modesas a public cloud, a private cloud, or in a
hybrid mode. This innovative offering is the only one of its kind available today. Zencloud enables

Page 3 of 5

enterprises to perform core mobile device management functions and set security policies on devices,
while also enforcing these policies. This enables them to seal the enterprise perimeter from mobile
threats; thereby making it a closed-loop solution.

Mobile device management, including enrolling new users, configuring new devices, provisioning
applications and security policies are all handled in the public cloud. This provides customers with a
comprehensive set of functions that help get mobile devices into a managed state.

The optional hybrid mode leverages the Zenprise Secure Mobile Gateway, delivering advanced
mobile security at the enterprise perimeter. This hybrid offering provides comprehensive security
including blocking unmanaged devices, users and blacklisted applications. Customers can also set up
rules to permit certain device types or operating systems onto the corporate network.

Zenprise is providing Zencloud customers with an unprecedented 100 percent SLA. Under terms of the
SLA, if a customer experiences any downtime as a result of an outage, Zenprise will provide service
credits for every minute of downtime.

Yes. Zenprise Security Manager provides a smartphone audit feature that enables IT to:
enforce compliance of corporate policies through real-time device introspection
ensure that all smartphones are running only the latest software patches and firmware
protect working smartphones and prevent security breaches by validating that only company-
approved mobile applications are available to your mobile workforce

By upholding policies, enforcing passwords, enabling content encryption, and disabling Bluetooth or
camera features, IT can mitigate risks and protect your company from non-compliance penalties

Yes. Zenprise MobileManager has an Enterprise App Store feature that is designed to enable
administrators to quickly configure and provision enterprise applications on smartphones and tablets
while freeing up workers to remain productive. Zenprise Enterprise Application Store includes IT
Favorites, (application discovery) making it easier for users to find safe and approved business
applications to download. Further, Zenprise MobileManager will automatically detect when a user
installs an application outside of the approved list and prevent blacklisted applications from launching
(software updates).

Application discovery, e.g. through private application stores: Zenprise ships with private
application stores that allow IT to distribute internally developed apps or third party apps
directly to end users. Whereas most MDM vendors require user action to install apps (user must
open the enterprise app store & click on app to download), Zenprise can silently install
applications without any user involvement. The net result is fewer support calls to the IT Help
Desk.
Zenprise Secure Mobile Gateway brings intelligent security to the network by providing
application whitelisting and blacklisting capabilities for both iOS and Android devices. This

Page 4 of 5

functionality ensures that only approved applications are given access to the corporate network,
including personal or consumer applications installed on employee-owned devices. Zenprise
Secure Mobile Gateway automatically blocks users violating a whitelist or blacklist by
quarantining their devices from the enterprise network.

Yes

Yes, IT help desk representatives can immediately lock-down and remotely wipe a BlackBerry,
Android, iPhone, iPad or other smartphone clean of corporate data to prevent unauthorized use. With
Zenprise's "Selective Wipe" capability, IT can remove enterprise-specific data and applications while
keeping an employee's applications, data and settings intact.

Yes.

Yes.

user behavior?
Yes, for example IT can be proactively notified when a user begins roaming internationally. Zenprise
MobileManager can also detect and block jail-broken devices, quarantine devices that are infected with
malware, block devices that are violating set policies or trying to access data/applications they dont
have permissions for (application whitelists/blacklists) and disable blacklisted applications on devices.

personal data?
Yes. App Tunnels provide flexible application security that allows IT to offer mobile users secure,
encrypted access to specific business applications from their smartphone or tablet.


Yes. Zenprise helps organizations control mobile costs throughout the entire mobile lifecycle. Zenprise
reduces wireless costs by decommissioning unused smartphones, optimizing plans according to
business policies, negotiating volume discounts and managing international roaming. With real-time
and historical reports, businesses have the visibility they need to proactively monitor employee mobile
usage and enforce corporate wireless policies so that additional cost savings can be achieved. Zenprise
also provides reports showing company-owned devices vs. personal-owned devices, device types, OS
types and compliance

Zenprise provides complete visibility and control across the entire mobile service, from data centers
across carrier networks to devices and applications. A full-service dashboard provides a holistic view
of the mobile service, which can be customized to the needs of administrators, help desk operators and

Page 5 of 5

extended IT staff, enabling each support tier to quickly diagnose and solve mobile problems.

Enterprise Platform Integration (e.g.: Exchange Active Sync, LDAP, BES, Certificate authority,
Trouble Ticketing and Help Desk such as Remedy, Network Mgmt such as Tivoli)

Zenprise has out of the box integration with Remedy, Microsoft Systems Center, Tivoli, HP Openview,
BMC Patrol.

Yes. Our product has a unified web based console. Zenprise does offer integration with SIEM that
provides trigger alerts of unauthorized access to files; thereby preventing data leakage. Additionally,
the product has over 260+ web service APIs that customers are using to automate many common tasks.
As an example, we have a customer who uses Zenprise MobileManager web services APIs to integrate
device data and management capabilities into their expense management solution that is delivered as a
portal-based expense management solution to many EMEA-based customers and telecom providers.

Customers have used the APIs to integrate with workflow systems (e.g., when users boss approves
device for use, command automatically sent to Zenprise to provision a device). Additionally, Zenprise
has specific capabilities in each of the areas below:

OTA provisioning: We can activate new devices OTA. End users can either download the
Zenprise app from the platform respective app stores, or can point their browser to a corporate
provided URL to initiate enrollment.

Role-based access: Zenprise ships with multiple levels of roles based access typical for the tasks
that need to be performed at the help desk, operator, administrator, and super user.

Group-based actions: Zenprise can apply policies to multiple groups of users, can take action
across groups of users (wipe, change passcode, etc)

Remote Control (realtime or permission based): Zenprise has both real-time and permission
based remote control for BlackBerry, Windows Mobile, & Android. We believe that we are the
only company today with remote control capabilities for Android. Our remote control
capabilities also ships with the ability to initiate chat between the administrator & user, the
ability to initiate VOIP connections via our remote control (helps save expenses when user is
international), the ability to remotely view and kill processes running on the devices.

Enterprise Platform Integration (e.g.: Exchange Active Sync, LDAP, BES, Certificate authority,
Trouble Ticketing and Help Desk such as Remedy, Network Mgmt such as Tivoli): Zenprise has
out of the box integration with Remedy, Microsoft Systems Center, Tivoli, HP Openview, and
BMC Patrol.

Zenprise now can be used with Crystal Reporting to generate over 200 custom reports.

Mobile Device Management - Buyer's Guide

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Mobile Device Management - Buyer's Guide

Enviado por

Direitos autorais:

Formatos disponíveis

November 2011 $99

Report ID: R3311111

Você também pode gostar

Mobile Device Management - Buyer&#39;s Guide

Enviado por

Dados do documento

Direitos autorais

Formatos disponíveis

Compartilhar este documento

Compartilhar ou incorporar documento

Opções de compartilhamento

Você considera este documento útil?

Este conteúdo é inapropriado?

Direitos autorais:

Formatos disponíveis

Mobile Device Management - Buyer&#39;s Guide

Enviado por

Direitos autorais:

Formatos disponíveis

November 2011 $99

Report ID: R3311111

Você também pode gostar

Mobile Device Management - Buyer's Guide

Mobile Device Management - Buyer's Guide