Magic Quadrant for Enterprise Mobility Management Suites

Magic Quadrant for Enterprise Mobility

Management Suites
8 June 2015 ID:G00265477

Analyst(s): Terrence Cosgrove, Rob Smith, Chris Silva, John Girard, Bryan Taylor

VIEW SUMMARY EVALUATION CRITERIA DEFINITIONS

Enterprise mobility management suites are the glue that connects mobile devices to their enterprise
workflow. End-user computing leaders must consider short-term and long-term objectives amid
rapid market changes.
Market Definition/Description
This document was revised on 9 June 2015. The document you are viewing is the corrected version.
For more information, see the Corrections page on gartner.com.
Enterprise mobility management (EMM) suites help organizations integrate mobile devices into their
security frameworks and systems and information technology life cycles. Organizations use EMM tools
to perform the following functions for their users:
Provisioning: EMM suites configure devices and applications for enterprise use.
Auditing, tracking and reporting: These products audit mobile devices and applications to track
compliance with enterprise policies. They also maintain inventory for cost and asset
management purposes and are capable of tracking usage of services and apps.
Defense of enterprise data: EMM suites apply technologies to encrypt data, control data flow
and remotely revoke user access to mobile applications and information in the event the user
or device becomes untrusted (for example, through device loss, unauthorized reconfiguration or
employee termination).
Support: EMM suites help IT departments troubleshoot mobile device problems through
inventory, analytics and invoking remote actions.
There are four core EMM technical categories that help IT organizations perform these services.
There are some overlapping capabilities between the categories. Organizations may use some or all
of these features, depending on their requirements:
1. Mobile device management (MDM): MDM is a platform life cycle management technology that
provides inventory, OS configuration management, mobile app provisioning and
deprovisioning, remote wipe, and remote viewing/control for troubleshooting. MDM profiles,
installed on the device, facilitate these functions.
2. Mobile application management (MAM): MAM applies management and policy control
functionality to individual applications, which are then delivered via enterprise app stores and
managed locally on devices via the EMM console. This capability is necessary when the OS
does not provide adequate management or security capability or when organizations elect not
to install an MDM agent on the device. MAM can also provide analytics capabilities to help
administrators and application owners understand usage patterns. MAM and MDM functions
may also be used complementarily. There are two basic forms of MAM:
Preconfigured applications: EMM vendors provide proprietary mobile apps or integrate
with particular third-party apps to provide enhanced levels of manageability. These
most commonly include productivity and collaboration applications, such as a secure
personal information manager (PIM) for email, calendaring and contact management,
as well as a secure browser provided by the EMM provider or a third party.
Application extensions: These apply policies to applications through the use of a
software development kit (SDK) or by wrapping.
3. Mobile identity: EMM tools help ensure only trusted devices and users access enterprise
applications. Mobile identity capabilities may utilize one or more use of the following
technologies: user and device certificates, app code signing, authentication, and single sign-
on. EMM tools are increasingly using contextual information (such as location and time) to
help inform access decisions.
4. Mobile content management (MCM): MCM enables users to access content from their mobile
Ability to Execute
Product/Service: Core goods and services offered
by the vendor for the defined market. This includes
current product/service capabilities, quality, feature
sets, skills and so on, whether offered natively or
through OEM agreements/partnerships as defined in
the market definition and detailed in the subcriteria.
Overall Viability: Viability includes an assessment of
the overall organization's financial health, the
financial and practical success of the business unit,
and the likelihood that the individual business unit
will continue investing in the product, will continue
offering the product and will advance the state of the
art within the organization's portfolio of products.
Sales Execution/Pricing: The vendor's capabilities
in all presales activities and the structure that
supports them. This includes deal management,
pricing and negotiation, presales support, and the
overall effectiveness of the sales channel.
Market Responsiveness/Record: Ability to
respond, change direction, be flexible and achieve
competitive success as opportunities develop,
competitors act, customer needs evolve and market
dynamics change. This criterion also considers the
vendor's history of responsiveness.
Marketing Execution: The clarity, quality, creativity
and efficacy of programs designed to deliver the
organization's message to influence the market,
promote the brand and business, increase awareness
of the products, and establish a positive identification
with the product/brand and organization in the minds
of buyers. This "mind share" can be driven by a
combination of publicity, promotional initiatives,
thought leadership, word of mouth and sales
activities.
Customer Experience: Relationships, products and
services/programs that enable clients to be
successful with the products evaluated. Specifically,
this includes the ways customers receive technical
support or account support. This can also include
ancillary tools, customer support programs (and the
quality thereof), availability of user groups, service-
level agreements and so on.
Operations: The ability of the organization to meet
its goals and commitments. Factors include the
quality of the organizational structure, including skills,
experiences, programs, systems and other vehicles
that enable the organization to operate effectively
and efficiently on an ongoing basis.
Completeness of Vision
Market Understanding: Ability of the vendor to
understand buyers' wants and needs and to translate
those into products and services. Vendors that show
the highest degree of vision listen to and understand
buyers' wants and needs, and can shape or enhance
those with their added vision.
Marketing Strategy: A clear, differentiated set of
messages consistently communicated throughout the
organization and externalized through the website,
advertising, customer programs and positioning
statements.

http://www.gartner.com/technology/reprints.do?id=1-2HF4VDW&ct=150608&st=sb[15/06/2015 13:42:35]
Magic Quadrant for Enterprise Mobility Management Suites

Sales Strategy: The strategy for selling products

devices. The MCM function within EMM suites has four fundamental roles:
A client-side app that enables a user to store content securely on a mobile device.
The EMM can enforce policies such as authentication, file sharing and copy/paste
restriction. Content comes from sources such as attachments in email, files accessed
from a back-end repository, or files accessed from a cloud repository.
Content access: This is a connection to a back-end repository where users can pull
content to their devices.
Content push: These capabilities involve push-based file distribution, replacement and
deletion.
File-level protection: EMM tools are not full-blown data loss prevention (DLP) or
information rights management (IRM) products, but they may apply file-level
protections in certain mobile contexts, and they may integrate into larger
frameworks.
Magic Quadrant
Figure 1. Magic Quadrant for Enterprise Mobility Management Suites
that uses the appropriate network of direct and
indirect sales, marketing, service, and communication
affiliates that extend the scope and depth of market
reach, skills, expertise, technologies, services and the
customer base.
Offering (Product) Strategy: The vendor's
approach to product development and delivery that
emphasizes differentiation, functionality, methodology
and feature sets as they map to current and future
requirements.
Business Model: The soundness and logic of the
vendor's underlying business proposition.
Vertical/Industry Strategy: The vendor's strategy
to direct resources, skills and offerings to meet the
specific needs of individual market segments,
including vertical markets.
Innovation: Direct, related, complementary and
synergistic layouts of resources, expertise or capital
for investment, consolidation, defensive or pre-
emptive purposes.
Geographic Strategy: The vendor's strategy to
direct resources, skills and offerings to meet the
specific needs of geographies outside the "home" or
native geography, either directly or through partners,
channels and subsidiaries as appropriate for that
geography and market.

Source: Gartner (June 2015)

Vendor Strengths and Cautions

AirWatch by VMware
Since AirWatch's acquisition by VMware in February 2014, AirWatch has become part of the End-User
Computing business unit, but has largely operated as an independent entity. This is starting to
change, as AirWatch is becoming integrated with various VMware technologies, most notably
VMware's identity and access management and software-defined networking products. AirWatch's
offering has comprehensive EMM functionality and as a result, appears most frequently in Gartner
clients' EMM vendor shortlists. Previously, AirWatch was a closed system with limited support for
third-party independent software vendor (ISV) mobile applications. However, this has changed under
VMware with a large expansion of applications that now directly integrate with the product. Gartner
hears of periodic code quality issues with the AirWatch product, which likely come as a result of
attempting to provide a broad set of capabilities quickly. AirWatch is a good fit for organizations that
require a comprehensive EMM feature set on a broad range of platforms.

Strengths

http://www.gartner.com/technology/reprints.do?id=1-2HF4VDW&ct=150608&st=sb[15/06/2015 13:42:35]
Magic Quadrant for Enterprise Mobility Management Suites

AirWatch has proven large-scale deployments across most vertical markets.

The administrative console is one of the easiest to use with embedded training videos, links
and a wizard-like approach to help new administrators become productive quickly.
AirWatch continues to push innovation with zero-day support of new operating systems and
expansion into management of Internet of Things devices.

Cautions
Customers report that the Inbox email application lacks maturity, causing customers to use
third-party PIM products. AirWatch is working to improve the capabilities of the Inbox product.
On-premises infrastructure components are based on Windows, SQL Server and Linux (not
appliance-based), adding administrative overhead compared with other on-premises products.
Product stability continues to be an issue with AirWatch. Gartner clients have reported several
recent issues on both the console side and the agent side.

BlackBerry
BlackBerry released BlackBerry Enterprise Service 12 (BES12) in November 2014. BES12 provides
improved non-BlackBerry OS support, and it consolidates the management of BlackBerry devices,
which previously required separate versions of BlackBerry Enterprise Service, depending on the type
of device. BlackBerry's strategy is to use BlackBerry Enterprise Service as the management platform
for additional software products including split billing, identity and access management, its Internet
of Things platform, and (most recently) its acquisition of WatchDox. WatchDox offers an enterprise
file synchronization and sharing (EFSS) product with enhanced security and content collaboration
features. BES12 is a more complete EMM product than prior versions, and it should meet many
organizations' requirements for cross-platform management. Our research has found that uptake of
BES12 to manage large numbers of non-BlackBerry devices is still low. BES12 is a good fit for
organizations that plan to support BlackBerry devices for the foreseeable future and are satisfied with
a capable EMM product for non-BlackBerry devices.

Strengths
BlackBerry Enterprise Service's MDM support for BlackBerry devices is the strongest in the
market, including the ability to audit and log SMS messages.
The BES12 console is very well-designed, and it provides good navigation and administration.
The console's "filter grid" and "quick filters" make it easy to find users and devices, based on
many attributes.
BlackBerry support continues to get very positive feedback from customers.

Cautions
Customers cited usability problems with the Secure Work Space for BES12, particularly on
Android.
BlackBerry Enterprise Service MDM capabilities on non-BlackBerry devices have improved; the
product still lags competitors in terms of completeness supporting new MDM features, such as
Apple Device Enrollment Program (DEP) and certificate management.
BES12 does not currently support Windows 8.1 or Mac OS X.

Citrix
In January 2015, Citrix released version 10 of its XenMobile product, which takes significant steps in
simplifying the product's architecture and unifies the MDM and MAM console. In addition, XenMobile
10 added a self-service portal for users and support for Android for Work. ShareFile, Citrix's MCM
product, is a full-featured EFSS product that is included in XenMobile Enterprise and remains among
the best in the market. Citrix is a good fit for organizations that are looking to deliver a secure
workspace comprising Windows, Web and mobile applications, as well as organizations that use
ancillary technologies, such as XenApp, XenDesktop and NetScaler.

Strengths
Citrix gets high marks for user experience. WorxMail (Citrix's secure PIM product) added a
weekly calendar view, zip file support and other new features with the XenMobile 10 release.
Citrix ShareFile remains one of the strongest MCM products among EMM vendors.
Citrix provides an integrated user experience between virtual Windows applications and native
mobile applications.

Cautions
Though the product has sold reasonably well, Gartner was still unable to find many reference
customers with very large current deployments (over 10,000 devices).
XenMobile 10 console is separate from those of NetScaler and ShareFile. While NetScaler and
ShareFile do not require a great deal of day-to-day administration, XenMobile administration is
less streamlined, as well as a more demanding project, for organizations that do not already
use NetScaler.
Citrix released an upgrade tool to simplify the move from XenMobile 9 to XenMobile 10 in April

http://www.gartner.com/technology/reprints.do?id=1-2HF4VDW&ct=150608&st=sb[15/06/2015 13:42:35]
Magic Quadrant for Enterprise Mobility Management Suites

2015. However, the tool supports only MDM instances. Citrix has announced that it will release
tools to migrate MAM and MDM-plus-MAM instances later in 2015.

Globo
Globo offers EMM through its GO!Enterprise Workspace suite, which includes its EMM solution, a
mobile application development platform (MADP) tool, and a secure container for content and
applications. Globo is unique in its offering of a full MADP component within its product suite for
which no additional license beyond the GO!Enterprise suite is required; however, additional licensing
of the secure container offering is required for any apps built on the MADP that an organization
wishes to distribute, secure and manage. In June 2014, Globo announced the acquisition of
Sourcebits to strengthen Globo's mobile application development capabilities. Additionally, Globo
completed third-party National Institute of Standards and Technology (NIST) validation of its use of
Federal Information Processing Standard 140-2 data protections in its EMM solution in October 2014.
Globo is a good fit for organizations seeking an application-centric EMM that offers a low barrier to
entry into the MADP space.

Strengths
Globo remains one of three vendors in this analysis with a strong tie-in of mobile app
development capabilities that go beyond an SDK or app wrapper offering.
Administrators can create a comprehensive secure workspace, without the need for a
configuration profile, including PIM, browsing, chat, camera, file access, and apps built using the
Globo MADP.
The ability to make use of app instrumentation through its MADP module provides Globo
customers a potentially rich trove of app usage and performance data.

Cautions
Globo's presence is much more prominent in European markets than in U.S. markets, and the
vendor does not enjoy the name recognition or customer base of many leaders outside of
Europe. Therefore, identifying relevant reference customers when buying may prove
challenging.
The GO!Enterprise suite lacks some core components present in competitive offerings, such as
remote view and control of apps or devices, as applicable, by platform and the ability to create
dynamic policy groups based on device status, such as roaming state.
GO!Enterprise has weak certificate management. It lacks certificate support for mobile
applications. It also lacks its own certification authority and supports few third-party
certification authorities.

Good Technology
Good Technology released Good Work, the successor to the Good for Enterprise PIM client, in 2014.
Good Work is built on the Good Dynamics Secure Mobility Platform, inheriting the security and
functional capabilities of that platform, such as single sign-on, multifactor authentication, workflows
and presence. The transition from the legacy Good for Enterprise and AppCentral products to the
current Good Work and Good Dynamics products has caused confusion among customers, as the
current products do not yet contain all of the capabilities of the legacy products. In October 2014,
Good acquired Macheen, a cloud application service provider specializing in device connectivity. Good
has brought Macheen services into the Good Dynamics to add split data billing capabilities. Good
Technology EMM is a good fit for organizations with stringent security requirements, those in
regulated industries, or those with aggressive mobile app development plans that can benefit from
the broad range of capabilities of the Good Dynamics SDK.

Strengths
Good's PIM functionality is the most advanced among the EMM vendors, including capabilities
such as mail push notifications on iOS/Android/Windows, presence, advanced search and
contact history.
Good's service management capabilities are among the best in class, with powerful reporting
tools to facilitate remote support.
The Good Dynamics platform has evolved from a security focus to a general-purpose collection
of libraries that organizations developing their own apps will find attractive. Split-billing
capabilities for data (implemented via Good Dynamics) are differentiating for bring your own
device (BYOD) environments looking to implement this capability today.

Cautions
The Good Work platform is new and has numerous end-user functional limitations on Android,
iOS and Windows Phone.
Good's current grouping mechanism is primarily through user groups. It does not provide a
good way of creating groups based on device properties.
Good lags the competition in many MDM functions on iOS, Android and Windows Phone.

IBM

http://www.gartner.com/technology/reprints.do?id=1-2HF4VDW&ct=150608&st=sb[15/06/2015 13:42:35]
Magic Quadrant for Enterprise Mobility Management Suites

IBM rebranded MaaS360 to "MobileFirst Protect" in 2015 to align EMM with the IBM MobileFirst
strategy. MobileFirst Protect EMM manages the three popular mobile OSs: iOS, Android and Windows
Phone in addition to workstation systems based on Windows 7/8 and Mac OS X. MobileFirst Protect is
part of the "Secure and Manage" practice, which represents the second of four practice areas in the
MobileFirst portfolio, the others being "Build" tools for developing and testing mobile apps, "Engage"
tools for analyzing and optimizing mobile customer experiences, and "Transform" tools to help build
mobile business models. MobileFirst Protect is a good fit for organizations looking for an easy-to-
deploy EMM product and for those interested in the broader IBM MobileFirst strategy.

Strengths
IBM's mature shared-processing multitenant architecture is the best-in-class cloud among
ranked EMM vendors. It allows easy separation of access for users, as well as separation of
duties and scope for different levels of administrators and help desks.
Reference customers consistently praise MobileFirst Protect for ease of deployment. Installations
can be readily personalized to meet a company's needs, and extensive self-help is available for
individual users.
MobileFirst Protect provides a robust and extensive device monitoring and tracking system,
which includes features that can be used for selective notifications based on geography. Several
of IBM's clients have begun to use it as a basic emergency or mass notification service (EMNS).

Cautions
User feedback indicates that it is the original Fiberlink team that drives satisfaction with
MobileFirst Protect. Interference has been minimal since the acquisition, but clients do note a
slight drop in service.
The uptake of MAM (app wrapping and securing apps using an SDK) with MobileFirst Protect is
low, based on our research. It trails other products in some areas, particularly because of its
lack of mobile app certificates (currently in development), its lack of SAML support, and its
limited app analytics capabilities.
We continue to get feedback from customers about console and administration issues. For
example, records of retired devices remain in the system for a period of time, and there are
sometimes issues in synchronizing data between the mobile gateway and the MobileFirst Protect
console.

Landesk
Landesk is a longtime leader in client management with its Landesk Management Suite. The
company's acquisition of Wavelink in 2012 resulted in the creation of two EMM products, Mobility
Manager and Avalanche. Mobility Manager is the company's general-purpose EMM suite, while
Avalanche carries forward Wavelink's focus on purpose-built and ruggedized devices (in addition to
consumer-grade devices like smartphones and standard tablets). In addition to selling these
products as stand-alone offerings, the company sells bundled offerings that include Mobility Manager
tightly integrated into its adjacent client management, service desk and endpoint protection. Through
its acquisition of LetMobile, Landesk also offers secure PIM and Web apps that allow these apps to be
used without any local data on the device. Landesk is a good fit for ruggedized device management
and unified endpoint management.

Strengths
Landesk has one of the strongest offerings for converged endpoint management, with tight
integration between Landesk Management Suite and Mobility Manager.
Mobility Manager is one of the few products in the market to offer integrated EMM and service
desk.
LetMobile's unique architecture allows for delivery of email while keeping all data in the data
center and off the device, an approach that appeals to some organizations for enabling highly
secure email access for BYOD users, boards of directors or business partners.

Cautions
MDM policy support still lags leading EMM products for both iOS and Android devices.
MCM remains basic and is limited to content push and storage on the device. Mobility Manager
does not provide access to back-end content stores or file share and sync.
Gartner did not find customers using the MAM or MCM capabilities of Mobility Manager.
References were using only the MDM module.

Microsoft
Microsoft's EMM product is the Enterprise Mobility Suite (EMS), which includes Microsoft Intune,
Azure Active Directory Premium and Azure Rights Management. Microsoft Intune provides the core
EMM capabilities of MDM and MAM. Intune's strengths are its support of Office 365 and integration of
System Center Configuration Manager (ConfigMgr). Microsoft also recently developed a secure PIM
capability based on the Outlook mobile app for iOS and Android. This will rival secure PIM offerings
available from other EMM vendors. While the end-user functionality of the Outlook mobile app looks
compelling, it was not generally available at the time of this report. The EMS represents a
comprehensive mobility security and management vision, and it positions Microsoft well for the

http://www.gartner.com/technology/reprints.do?id=1-2HF4VDW&ct=150608&st=sb[15/06/2015 13:42:35]
Magic Quadrant for Enterprise Mobility Management Suites

future in this market. Currently, Intune adoption is low, and the product is still maturing.
Organizations that should consider Intune are those that want to extend the Office 365 services to
mobile devices and ConfigMgr customers that value client management and EMM integration over
best-of-breed EMM functionality.

Strengths
Intune has unique technical capabilities to manage the Office Mobile apps on iOS and Android
devices, including "conditional access," app-level authentication and copy/paste control.
The Intune license includes entitlement to ConfigMgr, allowing organizations to manage PCs and
mobile devices through the same license and console.
The combination of Azure Active Directory Premium, Azure Rights Management and Intune
addresses some useful mobile scenarios, for example, changing an Active Directory password
from a mobile device.

Cautions
Intune has two modes: "standalone" and "hybrid" with ConfigMgr. The "hybrid" mode creates
dependencies between Intune and ConfigMgr. Advanced administrative functionality requires
Intune to be connected to ConfigMgr. However, new Intune functionality is not immediately
available when Intune is connected to SCCM, and changes to ConfigMgr can affect its ability to
work with Intune. The next major version of ConfigMgr plans to address this issue.
Intune supports most of the generic Android MDM APIs, as well as some Samsung Knox
capabilities. It does not support MDM APIs of Android for Work or other handset manufacturers
(such as LG and HTC).
Intune's MAM has limited compatibility with third-party mobile application development tools,
and it is behind most competitive products on containerization and analytics features.

MobileIron
MobileIron became a publicly traded company in June 2014. MobileIron is one of the few stand-alone
EMM vendors, and it faces the challenge of increasingly competing with large IT infrastructure and
operations vendors. The company has continued to demonstrate growth in the number of customers
and the sophistication of its EMM deployments. MobileIron's strategy continues to be to enable an
"open" ecosystem of devices and mobile applications, and to protect access and information through
server-side functions. This strategy can also add cost and complexity for customers that prefer a
single-vendor solution for EMM along with other mobile-relevant products, such as EFSS,
collaboration and anti-malware. MobileIron continues to receive high marks for its ability to scale to
multiple-hundred-thousand-device deployments with few or no issues in architecture. Organizations
that want a comprehensive EMM product, particularly to enable a diverse range of mobile
applications, should consider MobileIron.

Strengths
MobileIron's MCM product, Docs@Work, can encrypt and delete files, allowing organizations to
protect individual files even when they are in unmanaged content repositories.
MobileIron's MAM product, AppConnect, has good compatibility across a wide range of MADP
tools, and reference customers this year reported heavy use of AppConnect.
MobileIron gets very positive feedback from customers for its certificate management
capabilities, with a built-in certificate authority, support for a long list of public app store apps,
and single sign-on to enterprise systems.

Cautions
MobileIron's infrastructure is appliance-based and more difficult to monitor for availability and
performance than many competitive products.
MobileIron has a SaaS version of its EMM product as well as an on-premises version, and there
is not feature parity between the two versions.
Reporting is a challenge with MobileIron, in terms of building customized reports and
scheduling.

SAP
SAP Mobile Secure is a suite of products that includes Afaria (on-premises MDM), SAP MDM (SaaS-
based MDM), SAP Mobile App Protection by Mocana (for MAM) and SAP Mobile Documents (for MCM
and EFSS). SAP also released a SaaS edition of SAP Mobile Secure in 2014. Mobile Secure benefits
from SAP's breadth of assets, including SAP business intelligence, to deliver a unique administrator
dashboard experience. SAP Mobile Secure's primary differentiation lies in its ability to integrate and
support SAP products. SAP Mobile Secure is a good fit for companies that own SAP products and
value the extension of those products within a single vendor's offering, although the product does
not require an existing SAP back end.

Strengths
Organizations can build and wrap certificate-signed SAP Fiori apps and custom apps built on
SAP Mobile Platform or SAP Hana Cloud Platform mobile services.

http://www.gartner.com/technology/reprints.do?id=1-2HF4VDW&ct=150608&st=sb[15/06/2015 13:42:35]
Magic Quadrant for Enterprise Mobility Management Suites

SAP Mobile Secure's reporting is strong. It provides nice visualizations and intuitive ways to
create custom reports.
SAP has good Android for Work support, including the ability to wrap applications with Android
for Work security capabilities for pre-Android L devices.

Cautions
The SAP Mobile Secure administrative interface is disjointed, with MDM, MAM and MCM residing
in separate consoles.
Several of the references using Afaria were running older versions of software due to their
experience of challenges with Afaria updates.
SAP Mobile Secure lacks a proprietary secure PIM capability.

Sophos
Sophos' EMM product is part of a broader strategy aimed at securing PCs and mobile devices through
a combination of endpoint and network-based technologies. Sophos Cloud provides this broad set of
capabilities, although Sophos also sells EMM as a stand-alone offering through Sophos Mobile Control
(SMC). SMC is one of the few products to provide a form of digital rights management as a core
component in its MCM. Gartner frequently sees SMC deployments with small and midsize businesses,
but rarely in large enterprise customers' sites. Sophos is a good fit for organizations looking for
integrated endpoint protection and EMM from the same console.

Strengths
Sophos' MCM encrypts files leaving a PC or mobile device to prevent data leakage. This
integrates with third-party file storage providers and enables companies to securely use low-
cost third-party storage.
Most of Sophos' references cited ease of administration and use as a significant product
strength.
SMC directly integrates security capabilities, such as anti-malware, Web security, unified threat
management (UTM) gateways from Sophos, Cisco integrated development environment (IDE),
and Check Point for easier enablement of remote access.

Cautions
Sophos can be slower to support the latest advancements in mobile technology than the leading
vendors' technology; for example, it does not plan to support Android for Work until later in
2015.
SMC has limited role-based administration, which can be an issue, particularly for large
organizations.
Sophos MAM functionality is limited to a mobile SDK. Therefore, organizations looking to deploy
third-party developed apps must build in additional security that other EMM vendors provide as
a core portion of their products.

Soti
Soti has deep roots in the dedicated-purpose device management space. Its MobiControl Android+
technology, which allows MobiControl to manage Android devices with a high degree of control and
configuration management capability, remains a differentiator. The company has maintained its
affinity for the Android platform in version 12.1 with same-day support for Android for Work, and its
comprehensive management of this platform solidifies Soti's position as a leading EMM product for
Android environments. Soti is used less frequently as an EMM product where BYOD is the
predominant scenario, and we sometimes find Soti customers using another EMM products for iOS,
Windows Phone and Mac OS X devices. Soti is a good fit for organizations that require broad EMM
capabilities, especially those making a heavy investment in Android mobile devices.

Strengths
Soti's extensive experience with and comprehensive support for Android makes it one of the
strongest EMM solutions for this platform.
MobiControl has strong remote support capabilities, with full remote control for Android devices
and remote viewing for SDK-enabled iOS apps.
MobiControl implements sophisticated geofencing capabilities based on polygonal perimeters,
depending on devices in use.

Cautions
While Soti has strong support for Android (and legacy Windows Mobile), it has a relatively small
percentage of iOS devices under management.
While 24/7 support is available to "Advantage" and "Enterprise Support" customers, direct
support from named technical account managers is available only weekdays from 9 a.m. to 5
p.m. in the customer's local time zone. The published SLAs for escalations during off hours and
weekends for any issue that requires product development to be involved are tied to business
hours of Soti headquarters.

http://www.gartner.com/technology/reprints.do?id=1-2HF4VDW&ct=150608&st=sb[15/06/2015 13:42:35]
Magic Quadrant for Enterprise Mobility Management Suites

Customers have reported product stability to be an occasional issue with Soti.

Vendors Added and Dropped

We review and adjust our inclusion criteria for Magic Quadrants and MarketScopes as markets
change. As a result of these adjustments, the mix of vendors in any Magic Quadrant or MarketScope
may change over time. A vendor's appearance in a Magic Quadrant or MarketScope one year and not
the next does not necessarily indicate that we have changed our opinion of that vendor. It may be a
reflection of a change in the market and, therefore, changed evaluation criteria, or of a change of
focus by that vendor.

Added
Microsoft

Dropped
Symantec: Symantec did not have the revenue necessary for inclusion. We believe Symantec
will continue to support current EMM customers but will focus R&D on adjacent mobile security
technologies, such as DLP, authentication and identity management.
Tangoe: Tangoe focuses on the telecom expense management (TEM) and managed mobility
services (MMS) markets. As the EMM market continues to move quickly, Tangoe has decided to
partner with EMM vendors to provide an integrated MMS-TEM offering.
Absolute Software: Absolute is a strong player in the client management tool space and sees
MDM as a component of its Absolute Manage product. The EMM market has been moving
quickly on the MAM and MCM fronts, and Absolute has not invested aggressively in these areas.
Absolute Software is still a good choice for organizations looking to extend MDM from their
client management tool consoles.

Inclusion and Exclusion Criteria

More than 100 vendors offer EMM functions. We developed inclusion criteria involving a combination
of business metrics and technical capabilities. Each vendor in the Magic Quadrant must meet the
following criteria:

The vendor must have at least $12 million in 2014 EMM revenue.
There must be five references from organizations using the EMM product in production.
The vendor must offer EMM support for iOS, Android and Windows Phone.
The vendor must provide MDM, MAM through app wrapping or an SDK, and MCM.

Many EMM products provide functions beyond those already listed. Some features were considered
optional and not necessarily critical criteria for comparison. For example:

Advanced MAM that manages PIMs, browsers and other applications

Support for Mac OS X and Windows
Mobile identity and access through capabilities such as certificate management, enabling single
sign-on on mobile devices, and executing "contextual authentication" through dynamic
conditions, such as time, location, user and device posture
Mobile analytics to understand usage trends and support troubleshooting
File-level protections to protect data consumed or created in a mobile context

Many vendors were considered for the Magic Quadrant but did not qualify because they did not meet
the business metrics or the technical capabilities required for inclusion. The following are a few
vendors that have increased their investments in EMM but lacked the product completeness or
established track record to qualify for inclusion:

Centrify has offered a free EMM for several years, with an option to buy into a fully supported
product. During 2014, Centrify was endorsed by Samsung as a Knox EMM provider. During the
review period for this report, Centrify was unable to meet sales thresholds for market size
inclusion. Centrify is separately pursuing secure server connections as alternatives to per-app
VPNs.
Cisco's EMM offering is marketed under the Meraki brand and has garnered significant interest
for organizations early in the process of selecting an MDM with little or no prior experience of
deploying one. Cisco does not currently have a MAM module and did not meet the revenue
inclusion requirements.
Oracle, a leading global ISV and database company that acquired Bitzer Mobile, offers basic
EMM, app wrapping, per-app mobile VPN and scalable mobile identity management. Pricing is
attractive, and the mobile framework integrates well with Oracle business apps. Oracle's
mobility solution has been available for too short a time to qualify for inclusion based on market
presence, but is expected to be increasingly competitive in 2015. Support needs to be expanded
to more platforms; currently, it is available only for iOS and a limited number of Android
models.

http://www.gartner.com/technology/reprints.do?id=1-2HF4VDW&ct=150608&st=sb[15/06/2015 13:42:35]
Magic Quadrant for Enterprise Mobility Management Suites

Evaluation Criteria
Ability to Execute
The Ability to Execute axis measures the vendors' ability to meet the current needs of EMM buyers,
as well as their ability to succeed in this market by gaining market share and achieving revenue
growth.

Product/Service: What features are provided, and does the vendor have customers using these
features successfully in production environments?

Overall Viability: This criterion evaluates the size of the vendor and its financial performance. We
also evaluated the size and growth of the vendor's EMM business.

Sales Execution/Pricing: This criterion was influenced by the frequency of the vendor's
appearance on buyers' shortlists. We also evaluated the degree to which the vendor has a presence
in North America, Europe, Latin America and the Asia/Pacific region.

Market Responsiveness/Record: We evaluated execution on delivering products consistently and

in a timely fashion, the agility to meet new market demands, and how well the vendor received
customer feedback and quickly built it into the product. We looked at the vendor's ability to meet
promised timelines.

Marketing Execution: This is a measure of brand and mind share through client references and
channel partner feedback. We evaluated the degree to which customers and partners have positive
identification with the EMM product, and whether the vendor has credibility in this market. We also
used search hits on gartner.com for the vendor and product as a measure of brand recognition and
market awareness.

Customer Experience: We assessed the vendor's reputation in the market based on customer
feedback regarding customers' experiences working with the vendor, whether they were glad they
chose the vendor's product and whether they planned to continue working with the vendor.

Operations: This refers to the ability of the organization to meet its goals and commitments.
Factors include the quality of the organizational structure, including skills, experiences, programs,
systems and other vehicles that enable the organization to operate effectively and efficiently on an
ongoing basis.

Table 1. Ability to Execute Evaluation

Criteria

Evaluation Criteria Weighting

Product or Service High

Overall Viability High

Sales Execution/Pricing High

Market Responsiveness/Record Standard

Marketing Execution Standard

Customer Experience High

Operations None
Source: Gartner (June 2015)

Completeness of Vision
The Completeness of Vision scale provides an aggregate measure of a vendor's likelihood of future
success in the EMM market. We evaluated vendors' statements about product direction, the degree
to which current capabilities map to future demands, and the vendor's focus on EMM requirements.

Market Understanding: This criterion evaluated vendor capabilities against future market
requirements. It takes into consideration the evolution of the buyer for EMM suites, and whether the
vendor will remain focused on meeting the buyer's needs.

Marketing Strategy: This criterion considered how EMM technology and value are positioned. The
marketing strategy must be aligned with the evolution of the EMM buying center and its
requirements.

Sales Strategy: This criterion evaluated the vendor's route to market (for example, direct versus
indirect sales) and the strength of the offerings that go to market with the vendor's EMM tools (for
example, endpoint management, file sync and share, desktop virtualization, and endpoint security).
We also evaluated the vendor's pricing models and whether they map to customer requirements.

http://www.gartner.com/technology/reprints.do?id=1-2HF4VDW&ct=150608&st=sb[15/06/2015 13:42:35]
Magic Quadrant for Enterprise Mobility Management Suites

Offering (Product) Strategy: This describes the degree to which vendors have plans to deliver
differentiated functionality and have a timely roadmap to provide that functionality.

Business Model: This considers the vendor's business model for its EMM product and whether it
ensures future investment and success in the EMM market.

Innovation: This evaluated the vendor's plans to meet customer needs that extend beyond
conventional EMM technology.

Geographic Strategy: This refers to the vendor's strategy to direct resources, skills and offerings
to meet the specific needs of geographies outside the vendor's home or native geography, either
directly or through partners, channels and subsidiaries, as appropriate for the geography and
market.

Table 2. Completeness of Vision

Evaluation Criteria

Evaluation Criteria Weighting

Market Understanding High

Marketing Strategy Standard

Sales Strategy High

Offering (Product) Strategy High

Business Model Standard

Vertical/Industry Strategy Not Weighted

Innovation High

Geographic Strategy Standard

Source: Gartner (June 2015)

Quadrant Descriptions
Leaders
Leaders have the highest product revenue in the EMM market, several years of proven customer
implementations, customer mind share, and extensive partnerships with channel and other
technology providers. They have the most complete products in the EMM market. Their companies
are aligned with the trends of the EMM market. They possess product roadmaps that (if executed
upon) would establish continued differentiation in the market. Leaders also demonstrate commitment
to the EMM market. Overall, they have a strategy that creates a high likelihood of success in this
market.

Challengers
Challengers possess a strong ability to execute, demonstrated by high product revenue and a large
customer base. The vendor's considerable resources ensure long-term viability. Challengers may
have solid products but lack the product commitment to lead the market. They are not as closely
aligned with the most important EMM market trends, and they do not have a roadmap that
demonstrates compelling differentiation from other EMM products.

Visionaries
Visionaries have unique capabilities in certain aspects of EMM. They meet the requirements of
customers that place a high priority in certain critical EMM areas. They may not have the product
completeness, support capability, business performance, mind share or track record compared with
leading vendors.

Niche Players
Niche Players are often excellent choices for organizations. Niche Players do not have the product
completeness, revenue, mind share and track record of Leaders or Challengers. Their product
roadmaps typically represent a strategy of following the market, rather than leading it. In some
cases, this is due to a vendor's lack of resources. Often, many of the niche EMM products are
extensions of other management, security or mobility products from those vendors. If a customer
does not require best-of-breed capability, it may be best served by a Niche Player that may have an
easier or less expensive way to meet EMM requirements, compared with Leaders or Challengers, for
example.

Context
Organizations use EMM tools to integrate mobility into their business workflow. There are many
factors that determine the appropriate vendor and product for your organization. The vendor must
demonstrate the ability to keep up with the fast pace of mobile device change. Organizations must

http://www.gartner.com/technology/reprints.do?id=1-2HF4VDW&ct=150608&st=sb[15/06/2015 13:42:35]
Magic Quadrant for Enterprise Mobility Management Suites

also factor the EMM vendor's ability to support the enterprise's critical mobile applications and
integrate with its IT infrastructure (for example, public-key infrastructure [PKI], VPN, wireless
networking, identity and access management platforms).

EMM product requirements change as mobile platforms change. Keep abreast of these changes;
engage Gartner analysts regularly to understand the changing mobile device landscape and the
implications for mobility management. Best practices are to create your requirements first, consider
all the possible mobile scenarios you may have in your organization, such as BYOD and use cases
specific to your organization, and then create a shortlist of vendors. Do not choose vendors simply
on the basis of their position in the Magic Quadrant.

Market Overview
Gartner estimates that the average enterprise has deployed between eight and 15 mobile
applications to its employees. Where mobile strategy previously consisted wholly of basic, horizontal
productivity tools like email, contacts and calendar, role-specific and mission-critical apps and data
are increasingly the bulk of what is being pushed to users' mobile devices. As this trend matures, the
need for application-level controls and reporting along with the ability to deliver and consume a
growing number of content types is at the heart of many mobile strategies. The tools to manage
mobility are no longer sufficient if their purpose is solely to manage device hardware functions. An
ability to provide managed access, deliver and manage mobile apps, and facilitate access to content
on tablets and smartphones is the expanded set of core features demanded of EMM tools.

Mobile Identity and Access

Users no longer have a single device. They now frequently have a smartphone, a tablet and a laptop
and, more often than not, they want to use devices as part of a BYOD program. As a result, it has
become important to determine not just who is connected to the network but whether they are
connected with a corporate-authorized device. This is why Gartner recognizes mobile identity as a
key pillar in EMM. Mobile identity is typically done using digital certificates but can be accomplished
with a variety of other technologies, including biometric and token-based authentication. The next
wave of mobile identity is contextually based, with authentication identifying not only the user and
device, but where and how a user connects to the network (that is, in the office, at home, on a
public Wi-Fi, or out of the country), and based on these contextual values, granting the user different
levels of access. Over the next three years, Gartner expects contextually based mobile identity to
become standard functionality within EMM products.

EMM Executes File-Level Protection at the Edge

Protecting enterprise data on mobile devices has traditionally been based on a multipronged
approach of encryption of data at rest, in use and in motion, as well as device- and app-level
policies, such as screen lock timeouts, PIN enforcement and "open in" restrictions. However, these
oblique protection approaches are incomplete, because once data leaves managed devices and
networks, such protection schemes are rendered moot. Users can and often do get around such
controls by emailing enterprise data to outside parties or personal email accounts, or copying data to
their PCs, where open-in restrictions are absent. In response, there is a growing need to protect data
intrinsically, and/or implement a rights-management-based approach to mobile data protection.

File-level encryption products encrypt the individual files themselves (rather than simply encrypting
stored data and network tunnels) and facilitate managed file access through PKI, such that data can
be protected wherever it is stored or accessed. No one without the encryption keys can access files
protected in this manner.

Rights management products extend identity and access management frameworks to allow control
over file operations, in addition to file access. These products allow an organization to restrict, for
instance, who has permissions to read, edit or delete a file, or forward a file via email. Such products
typically also facilitate file-level encryption as part of their mobile data protection schemes. Effective
data classification is thus critical in making a rights management approach work in a given
environment.

Some EMM vendors are building file-level protection and/or rights management capabilities as
adjuncts to their core products, while others are tightly integrating their EMM systems with general-
purpose identity and access management products synergistically to enable this. As with device-,
app- or content-level policies, EMM should provide a single point of administration for encryption and
access/rights policies where these capabilities are present.

EMM Is the "Glue"

EMM is the starting point, if you are planning to opt into managing anything on a mobile platform.
Since it is the presumptive foothold agent, EMM is the logical choice to broker policies for other
services and tools on the platform. EMM provides a common, cross-platform baseline to set, contain,
validate, enforce and update device policies for gateways, proxies, VPNs, network access controls
and certificates, application certificates, content and rights management systems, identity and
access management, version controls, backups, system updates, device initialization as well as wipe,
and countless other practice areas that enter the mobile space from adjacent markets. As a single
point of policy and accountability, EMM provides the opportunity to avoid agent bloat, which is so

http://www.gartner.com/technology/reprints.do?id=1-2HF4VDW&ct=150608&st=sb[15/06/2015 13:42:35]
Magic Quadrant for Enterprise Mobility Management Suites

often seen on PCs, where an endless parade of add-on utilities steal local resources, duplicate, and
complicate the task of policy coordination for system administrators. PCs have the resources to cope
with this situation, but users of small mobile devices and particularly BYOD cannot succeed with so
much unnecessary complexity.

Unified Endpoint Management

Organizations have historically used different management tools for PCs and mobile devices. IT
organizations are increasingly consolidating their PC and mobile device support groups and treating
their devices as "endpoints." Meanwhile, the PC and mobile architectures continue to fuse together,
blurring the boundaries between the EMM and client management tool capabilities. This trend
continues with Windows 10, which added to the MDM APIs introduced with Windows 8.1. This
presents organizations with the potential to manage PCs with either EMM tools or agent-based client
management tools. Large organizations will adopt both approaches based on user segmentation. As
Win32 applications decline in number, organizations will manage PCs, smartphones and tablets with
the same toolset. This is easier said than done, as Win32 applications still provide many critical
functions for the majority of organizations today. It will take several years for most organizations to
get to this point. Once organizations have retired their Win32 applications, the descriptor "unified"
will not be necessary, at which point, the term will be "endpoint management."

Unified endpoint management is not limited to PCs, tablets and smartphones. Smart devices, broadly
grouped as the "Internet of Things" (IoT), will increasingly become included in unified endpoint
management. Devices such as Apple TVs, printers and smartwatches are identifiable examples of IoT
devices managed by EMM tools today. Not all IoT objects will fall under the realm of EMM tools,
however. Some devices may be managed directly by manufacturers. Other types of devices will have
proprietary management tools. And many devices will not need to be managed at all. However, it is
clear that the diversity and number of devices will continue to grow, and IT organizations must be
ready.

© 2015 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. or its affiliates. This publication may not be
reproduced or distributed in any form without Gartner’s prior written permission. If you are authorized to access this publication, your use of it is subject to the
Usage Guidelines for Gartner Services posted on gartner.com. The information contained in this publication has been obtained from sources believed to be reliable.
Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information and shall have no liability for errors, omissions or inadequacies in
such information. This publication consists of the opinions of Gartner’s research organization and should not be construed as statements of fact. The opinions
expressed herein are subject to change without notice. Although Gartner research may include a discussion of related legal issues, Gartner does not provide legal
advice or services and its research should not be construed or used as such. Gartner is a public company, and its shareholders may include firms and funds that
have financial interests in entities covered in Gartner research. Gartner’s Board of Directors may include senior managers of these firms or funds. Gartner research is
produced independently by its research organization without input or influence from these firms, funds or their managers. For further information on the
independence and integrity of Gartner research, see “Guiding Principles on Independence and Objectivity.”

About Gartner | Careers | Newsroom | Policies | Site Index | IT Glossary | Contact Gartner

http://www.gartner.com/technology/reprints.do?id=1-2HF4VDW&ct=150608&st=sb[15/06/2015 13:42:35]