MDM Is Not The Answer for Every Healthcare Enterprise

Mobile Device Management (aka, MDM) is a hot topic in all enterprises and especially in healthcare.  The general thinking is that an MDM solution (ie, MobileIron, AirWatch, Good, etc) is required to keep mobile devices (primarily smartphones) secure and the company out of harms way.  Based upon experience, my opinion and a few of my colleagues is that an MDM isn’t a solution for every healthcare enterprise.  

So why say no to MDM?  As an enterprise the question has to be asked, what is an MDM solution providing over what the newest version of Active Sync (primary means of connecting smartphones to corporate email) provides?  In most cases, Active Sync provides the necessary security policies (require pin code and validate device encryption) which meets the requirements for most industries.  While MDM solutions provide a lot of bells and whistles they are built on the basic foundation of the phone security policies and the use of Active Sync. Based upon countless reviews of solutions and discussions with colleagues in the healthcare industry, the following have been identified as the primary reasons for implementation of an MDM:

  • Need to lock down devices to only use specific programs.  For example, you don’t want mobile devices to have access to the YouTube app.
  • Need to be able to deliver internally developed applications.  Although this could be handled through Citrix solutions if you have a big investment in a Citrix environment.
  • If you only allow corporate devices and need to be able to manage the mobile device operating system updates.

For some companies, these requirements aren’t needed and don’t justify the cost of implementing an MDM solution.  As you review solutions just make sure you actually need the features an MDM provides versus what can be achieved through the use of Active Sync.