Guest post by Chris Hazelton

As vendors work to compete for the attention of IT, they invariably take different approaches to achieve the same goal. There is a huge need to secure mobile devices in the enterprise, regardless of who owns them--in fact, in spite of who owns them. In the past week, there has been a lot of activity in the market as vendors move to secure smartphones and mobile tablets in the enterprise. During CTIA's Enterprise & Applications conference last week, we saw announcements that should significantly impact the way IT can manage and deploy mobile computing. While there has been a strong focus on mobile device management (MDM), other methods of management are coming to market. With new vendors and methods of securing mobile devices gaining attention, let's discuss what they bring to the table and which way is likely win.

MDM expands its reach

MDM leverages client software or specific APIs to enable the provisioning, monitoring and decommissioning of mobile devices over the air. This software connects to on-premises or hosted servers that enable IT to manage tens of thousands of devices, all without laying eyes on the device.

These capabilities have been augmented by the addition of private mobile app stores, allowing MDM to also manage the lifecycle of applications. While this market has been focused on Apple's (NASDAQ: AAPL) iOS devices, Android devices are starting to get much-needed attention, particularly as companies like 3LM move to provide additional management APIs within Google's (NASDAQ: GOOG) mobile OS.

New secure mobile containers

Competing against MDM, but sometimes in partnership with it, secure mobile containers have gained traction, since IT wants to provide secure email on devices coming into the enterprise that may not yet meet compliance requirements. These containers, like Good Technology's Good for Enterprise, provide an encrypted container at the application level to secure personal information management (PIM) data like email, calendar, contacts and tasks on smartphones and mobile tablets.

This application can be managed much like a device, with security controls and the ability to wipe the app and its data if the device should be lost or stolen. RIM's (NASDAQ: RIMM) BlackBerry Balance plays here, as well, allowing IT to store any data from applications provisioned by the BlackBerry Enterprise Server to be stored in an encrypted container, where it cannot be accessed by consumer applications.

While this segment of the market has been owned primarily by Good, another vendor, Fixmo, has entered the fray. Fixmo has announced its own secure mobile container, Fixmo SafeZone, which secures and isolates corporate PIM data and supports the use of Microsoft's (NASDAQ: MSFT) SharePoint, Office and third-party applications with the use of Fixmo's SDK.

Greater control of app stores by IT

The enterprise mobile app store segment has also seen new entrants. Mimicking, and potentially replacing, public mobile app stores, enterprise app stores provide a channel for IT to provision and manage the use of mobile apps by employees. IT can determine by group or user which applications are made available, whether mandatory or recommended, and they provide a guide and whitelist for what is acceptable in the enterprise. Stand-alone enterprise mobile app stores can run in place of MDM, where IT manages only the apps and does not have to worry about the device or other applications, which is particularly useful with employee-liable devices. With enterprise app store vendors like Apperian, AppCentral, Partnerpedia and Verizon (NYSE: VZ) Wireless, developers can leverage these vendors' SDKs to allow their apps to be managed and deployed.

We are now seeing the emergence of Nukona's App Center and Mocana's Mobile Application Protection (MAP) that allow IT to wrap applications themselves to impose management policies on specific mobile applications, without the need for SDKs.

Mobile virtualization wins over mobile operators

AT&T (NYSE: T) and Verizon Wireless recently announced that they would both offer mobile virtualization for the enterprise. Mobile virtualization comes in two flavors: type 1 (bare-metal) hypervisors and type 2 (hosted) hypervisors. Type 1 hypervisors are installed by device vendors and allow these OEMs to silo an entire OS stack--which could then be managed separately by IT, independent of a consumer stack. Type 2 hypervisors act much like secure mobile containers in that they are a guest OS that runs on top of an existing OS stack, and can also be managed and secured separately from other native applications on the device.

Both carriers have partnered with type 2 hypervisor suppliers. AT&T is using Enterproid for its Toggle application, and Verizon Wireless will use VMware. The idea is that users can switch between 'personas' as they use both consumer and enterprise apps. Both offerings will be available later this year. Other vendors in the mobile virtualization space include Red Bend Software and Open Kernel Labs. Citrix's Receiver has been active in this space as well, shipping on Motorola (NYSE: MMI) devices, and it recently announced support for RIM's PlayBook.

Which way to go?

Like all things in mobile, enterprise mobility management is only getting more complicated as the market evolves. This goes against IT's desire to streamline processes and tools--IT wants to view mobile environments through a single pane of glass. In a world of multiple operating systems, the use of containers, app stores and hypervisors adds another level of complexity to the mobile madness. These competing tools individually will not meet all of IT's needs, but in combination with MDM, they can be used to serve groups of employees. MDM will be the base from which IT can then build and manage these additional management layers, as needed, by ownership model, execs who need extra security, groups and individual employees. Containers, app stores, and hypervisors can run on top of MDM software and services, which will provide the one pane of glass from which to view the mobile enterprise. In this way, there are not four ways to secure enterprise mobile computing, but one.

Chris Hazelton leads 451 Research's Mobile and Wireless practice. His research focuses on the mobile device management and application development platform markets that target smartphones and tablets. He is primarily interested in the shift in computing from desktop to mobile operating systems.