IT pros have a lot of choices in mobile security. But what might be more important than actual products is how IT decides to implement its bring-your-own-device--BYOD--strategy.

Mobile device management software vendor MobileIron recently announced support for OS X, which means that IT can manage all mobile devices and Macs with MobileIron--including apps and content--by monitoring devices that connect to the corporate network.

MobileIron's VP of strategy Ojas Rege stopped by the BYTE office to discuss his company's toolkit for helping customers manage personally-owned smart phones and tablets.

BYTE: Why are BYOD policies important for IT to follow?

Ojas Rege: We saw every customer going mobile but not necessarily sure how to do it well. There was no guidebook--all the best practices were being built in real-time in real-world settings. It's very different than traditional enterprise technology adoption where early adopters go first and the rest wait and see until some later phase of the market. With mobile, since it's user-driven instead of IT-driven, IT hasn't had the luxury of wait and see. The devices are flooding in and the demand of internal apps is shooting up.

So we figured that our customer base itself was the best source of evolving best practices. The goal of the toolkits is to make mobile deployments easier, faster, and more successful. So with BYOD, everyone was asking us questions like, "What should my end-user agreement look like?" or, "What should my baseline security policies be?" And then they were asking, "What's everyone else doing?" That practical knowledge wasn't being captured anywhere by anyone in the industry.

Consistent, thoughtful mobile IT policies are important because they let you scale business operations more effectively. For instance, it's like having one usable password policy consistent globally. It's way more efficient than every region spending two months figuring out its own version.

In traditional IT, though, policies are viewed as a way to slow down projects versus speed them up. Speeding up mobile projects is the goal of the toolkits. They give a starting point and confidence. But before the policies, you actually need a mobile IT strategy. A lot of organizations are very reactive, not proactive right now with mobile.

BYTE: With Windows 8 and Windows Phone 8, Microsoft is putting phones and tablets on the regular network where they can be managed by conventional management tools. Is this the wave of the future? How does this affect MobileIron and the rest of the mobile management business?

OR: Conventional management tools focused on Windows patch updating, asset tracking, device imaging, and lockdown. And they did a great job of that. The device was not personal either in ownership or use.

Mobile brought a whole new set of "consumerized" end-user-driven requirements--enterprise app stores, BYOD privacy/selective wipe, multi-OS platforms, consumer-grade user experiences, vendor-controlled OS updates, et cetera. So you had a new set of mobile specialists, like MobileIron, emerge with a focus on a very different set of capabilities.

BYTE: What will the end user want as their enterprise experience for the next generation of Windows devices? Will it be more like traditional Windows or more like iOS/Android?

OR: We believe it's the latter. That the horse is out of the barn and user expectations and requirements are fundamentally different now than they were five years ago. The user wants a certain experience, regardless of the form factor.

So I expect we will absolutely compete against traditional management vendors but that we and similar vendors will have a product advantage because the traditional guys will be forced to dramatically retool their offering, which is difficult.

BYTE: Do you think enterprise apps stores like AT&T's is indicative of what is to come? More personalized app stores?

OR: Do you mean their hosted enterprise app store? All the operators are in the process of defining their value proposition for mobile enterprise. You will definitely see operator-branded hosted managed services out there--app stores being one piece. All the operators are looking at managed services as a potential growth opportunity.

AT&T is actually the biggest U.S. reseller of MobileIron--we are a major part of their business and vice versa.

BYTE: What are some of the ways you've seen deployments fail or be successful?

OR: Mobile IT must be interdisciplinary: Security, management, and apps are intertwined in mobile enterprise--if you can't get those teams to work together--or better yet, give one person/team the authority to make the calls--you'll never get anything of high value deployed beyond mobile email.

In many companies, security, management, and apps are separate silos with nothing in common but the CIO. Maybe not even that. IT silos are a path to mobile failure because they lead to slow progress and constant compromise. Two years ago so many IT departments told us, "We'll never let the iPhone in."

If the primary goal of IT is securing data loss, they will never take any risks with new technology. So the governance and goals for the mobile IT team have to be focused first on how they are helping the business. If mobile IT is measured on security first and enablement second, the business users will just bypass it like a stream going around a rock.

Mobile IT must be UX-trained (or at minimum UX ready); user experience is critical and it's not an expertise most IT departments have. Crappy apps on a mobile device are even worse than on a laptop.

Mobile IT must be consumer-fast: You blink and you fall behind in this market. The IT team needs to be educated and up-to-date on what's happening in mobile technology and able to respond like a consumer company. "Responsible not restrictive" is what one of our customers calls it. Fast and credible.

Mobile IT must communicate: Sounds simple but again not a core competence for many IT organizations. "What devices do you support?" "What apps do you allow?" "If not, why not?" "What are you monitoring on my device?" There will be a barrage of questions from the end users because they are catalyst for mobile. How IT handles those concerns will either establish a trusted partnership with the end user or create anxiety, confusion, and poor adoption.

BYTE: Some say that MDM has become commoditized and the action is in more advanced systems, generally labeled MAM or Mobile Application Management. Where are MobileIron's products relative to these systems from Apperian, Boxtone, Citrix, and others?

OR: Customers don't want one system to configure email, another system to do password policies, a third system to provide an app store, a fourth system to manage certificates, and a fifth system to distribute docs. They want a mobile IT platform that secures and manages apps, content, and devices.

BYTE: How does MobileIron help with that?

That's why we started MobileIron, actually. We launched the first multi-OS MAM solution (enterprise app store) in the market in 2009, but we also launched the first jailbreak detection (security), privacy policy controls (to enable BYOD), and real-time roaming alerts (to manage costs) in that same release.

We don't see many other platforms out there built from scratch for mobile IT. Most vendors have either picked one piece to do and are reselling the rest (your first two examples), or have backed into mobile IT from an older business.

Also, VDI is a fundamentally poor experience for the mobile user. It has a role to play in some early deployments but emulating a Windows desktop on an iPad will never be the way to a user's heart.