mobile device management (MDM) Apple iOS

Mobile Application Management (MAM)

Mobile application management (MAM) is software that secures and enables IT control over enterprise applications on end users' corporate and personal smartphones and tablets.

MAM software allows IT administrators to apply and enforce corporate policies on mobile apps and limit the sharing of corporate data among apps. It also enables the separation of business apps and data from personal content on the same device. Other common MAM features and capabilities include software delivery (often through an enterprise app store), software license management, app configuration, and inventory management and application lifecycle management.

Why mobile application management is important

Mobile application management provides IT administrators with a more granular way to control and secure corporate data, which is important in any mobile strategy, particularly in bring your own device (BYOD) programs.

Traditionally, IT departments relied on mobile device management (MDM) software, which provides device activation, device enrollment and provisioning capabilities, remote wipe and other device-level functionality. This approach sufficed for scenarios in which an organization purchased mobile devices for employees, who used them only for work-related matters.

But after Apple released the iPhone in 2007, followed by the release of Google Android-powered smartphones, more employees began using their personal devices for work. Many of these employees were reluctant to allow their IT departments to remote wipe their personal devices, blacklist certain apps or use other MDM capabilities. And as the workforce grew more tech-savvy, it became more difficult for organizations to completely block end users from doing work on personal devices. As such, these devices went unsecured, which created an enterprise risk.

MAM emerged to help solve this problem. As part of a larger mobile strategy, it allows IT administrators to apply and enforce policies only on specified apps that access corporate data, leaving personal apps and data untouched. Some of MAM's functionality is similar to that of MDM. With MAM, IT can remote wipe an app -- but not the whole device, as is the case with an MDM managed device, for example.

How MAM works

There are several different approaches to mobile application management:

Software development kits (SDKs) and application wrapping. These methods involve additional code being added to an app, either during SDKs or after (app wrapping) the development process. This code connects the app to back-end MAM software, enabling IT administrators to apply and enforce policies on the app and take other measures to protect its data.

Containerization. This approach, also known as application sandboxing, isolates an app or group of apps from other apps on a device. Data within this isolated area, known as a container, cannot leave, and apps within the container cannot interact with those on the outside. An extreme example of containerization is dual persona technology, which creates two completely separate user interfaces -- one for work and one for personal use -- on the same device.

Device-level MAM. Another, newer method is the ability to control and secure apps through the MDM protocols built into mobile operating systems. Apple's Managed Open In feature, introduced in iOS 7, gives IT the ability to control how apps share data with each other. An admin can prevent a user from taking a document received in their corporate email app and uploading it to a personal cloud storage app, for example. Google Android uses sandboxing to create a secure, managed work profile that contains corporate apps and data on personal devices. Samsung offers similar capabilities on its Android devices through its Knox technology.

Understand how mobile technology changes businesses' operations.

The major drawback to app wrapping, MAM SDKs and third-party containerization is that they do not always work across all mobile apps, operating systems and devices. The wrapping and SDK approaches require access to an app's source code, which is not always available -- especially for apps in a public app store. And Apple does not allow developers to abstract apps from iOS as containerization and dual persona require.

In response to this challenge, a group of enterprise mobility management (EMM) vendors formed the AppConfig Community in 2016. AppConfig aims to ensure more standardized use of MAM by promoting the use of the app management capabilities built into mobile operating systems over the use of third-party MAM technologies. Members of the AppConfig Community include BlackBerry, IBM, VMware, Jamf Software and others.

MAM vs. MDM, EMM and UEM

Mobile application management was available as a stand-alone product from several vendors in the early days of the BYOD era. As the market matured, however, major enterprise software companies acquired stand-alone MDM and MAM vendors and began bundling their products. This collection of technologies became known as EMM.

The main components of EMM are MDM, MAM, identity and access management. Some vendors also include enterprise file sync and share in their offerings. Although there was some MAM vs. MDM debate at first, it is now common for organizations to rely on a combination of the technologies to meet their security and IT administration requirements. An IT department may use MDM to enforce basic security measures, such as the use of a device passcode, and rely on MAM for app protection to prevent data leakage from business apps, for example.

Unified endpoint management (UEM) then evolved from EMM products, because organizations needed a way to manage all their endpoints -- including desktops and laptops -- from one tool. Most UEM platforms can manage Windows and macOS devices along with smartphones and tablets. Many existing EMM vendors combined their products with other tools to allow for hybrid management of desktops and mobile devices or added desktop management to their mobility management offerings.

Major vendors and products

The 2019 Gartner Magic Quadrant for UEM named six vendors as market leaders: Microsoft, VMware, MobileIron, IBM, Citrix and BlackBerry. Other major vendors include Ivanti and 42Gears. All these vendors offer mobile application management as part of their UEM suites.

There are still some vendors that focus solely on MAM or enterprise app stores as well, including Apperian (owned by Arxan), Appaloosa and App47.

This was last updated in April 2020

Continue Reading About Mobile Application Management (MAM)

Dig Deeper on Mobile management

Unified Communications