Being able to provide your sales and distribution teams with full access to business systems helps with a range of functions, such as sales presentations and delivery scheduling, but it also provides a potential point of data leakage.

Here is our list of the five best Mobile Client Management Clients:

  • ManageEngine Mobile Device Manager Plus This system will manage devices running Windows, macOS, Chrome OS, Android, iOS, and tvOS and it offers a range of options for content delivery strategies in conjunction with a MAM. Offered as a SaaS package or for installation on Windows Server.
  • BlackBerry Unified Endpoint Management This package covers desktops as well as mobile devices and it can be used to synch storage, making content available across devices. This is a SaaS platform but the software is also available for installation on Windows Server.
  • Cisco Meraki Systems Manager This cloud-based package offers mobile device management with an option to deliver content through containerization.
  • SOTI MobiControl This MDM is part of the SOTI One SaaS platform and implements a range of content delivery and protection strategies for mobile and IoT devices. Also available for installation on Windows Server.
  • Citrix Endpoint Management MDM with MAM and MCM delivered from a cloud platfor4m and catering to devices running Windows, macOS, iOS, tvOS, Android, ChromeOS, and Citrix.

You can read more about these options in the following sections.

BYOD policies help peripatetic employees seamlessly move from the office to the worksite and switch to the home office whenever necessary. However, a lost phone can mean disaster for your data protection policy.

The solution to securing data on mobile devices has multiple layers and needs to take into account the differences in operation between corporate fleet devices and user-owned devices. Control of content starts with control of the device and involves Mobile Device Management (MDM) functions that include tracking, locking, and wiping. Mobile Application Management (MAM) also plays a role because applications very often control access to backend data stores.

Mobile content management lets you control where documents go and who can access raw data. Depending on your corporate infrastructure, you might opt for a full unified endpoint management system that covers desktops, IoT devices, and wearables as well as laptops, smartphones, and tablets. Other options just allow users to access a portal to see data rather than possessing it in file formats.

Content security challenges

Mobile devices create security weaknesses because they are outside of the controlled environment of business premises. At the company offices, a degree of discretion can be ensured by controlling who has access through the lobby. Outside of that environment, there are no physical blocks to strangers getting at your data.

It has to be noted that many of the risks of data disclosure that are encountered with mobile devices are also possible with the home-based PC of work-from-home employees. As businesses have managed to cope with that risk, there should be a greater acceptance of the risk that mobile access to data represents.

The extra problem that mobile devices present is that they are out in the big wide world and so can be lost or pilfered when a user is distracted. These scenarios should be addressed by the tracking, locking, and wiping capabilities of a mobile device management package and therefore should be put to one side when examining MCM systems.

Mobile content delivery

The choice of a mobile content management client is inextricably linked with the selection of the mobile content management system and mobile device management package that is to be used. So, when considering the best mobile content management client, we are examining the mobile content management system as a whole.

The method of delivery that is used for mobile content management greatly influences how access to that content is permitted. Options include:

  • Portal access through a private Web system
  • Containerization, which works well for BYOD devices
  • Kiosk systems, which disable many key functions

A kiosk delivery service is best suited for display devices, such as tablets that are used in a salesroom or as input devices for order input in restaurants or stores. Kiosk displays are closely tied to MAM, which delivers a tightly controlled interface, reducing the ability of the user to break through to the operating system of the device.

Portal access systems function in the same ways as SaaS packages, such as Google Workspace or Microsoft 365, only set up only for corporate access. These Web-based solutions can be delivered across the internet but are protected with access credentials. Saving to local drives can be blocked and all data access is performed through Web-based applications that have copy functions blocked.

Containerization provides local storage for data but this is kept separate from the operating system. Access to the container’s functions can be controlled by credentials and idle-time locking can be implemented. This is a good solution for employees who want to use their own devices for work because it keeps business and leisure use of the device separate.

The best MCM clients

In this review, we will look at a range of MCM solutions that cater to different mobile asset strategies. We will also address the needs of a range of company types and sizes. The structure of the client used on mobile devices depends on which control and delivery system you prefer.

With these criteria in mind, we identified several suitable mobile content management solutions. There are many ways to approach content control on mobile devices but a very important factor is to ensure that the MCM system doesn’t drain device batteries too quickly or force heavy processing on the device’s CPU.

What should you look for in an MCM client for your business?  

We reviewed the market for mobile content management systems and analyzed the tools based on the following criteria:

  • Containerization options
  • Copy watermarking and tracking
  • Kiosk mode possibility
  • Portal content delivery
  • Linked MAM
  • A free trial or a demo system for a no-obligation assessment opportunity
  • Value for money from a solution that prevents data theft and if offered at a good price

1. ManageEngine Mobile Device Manager Plus

ManageEngine Mobile Device Manager Plus is a full mobile management system that includes device security, mobile application management, and mobile content management.

Key Features:

  • Includes an app for iOS, Android, and Windows
  • Secures transfers
  • Includes a Document Viewer
  • Blocks content forwarding or copying
  • Content updates

The MDM client for the system is called the ME MDM app. The app is an agent that is resident on the device and acts as a client for connection security with the MDM server system. The app also includes a menu of data access options, such as the MDM Document Viewer.

BYOD devices can be enrolled in the MDM service on demand through a self-service portal. Business fleet devices can be set up in bulk by the administrator. Delivery and security policies can be defined for each group, enabling each type of device ownership to get a different treatment. BYOD devices can be enrolled in the network through a containerized delivery, keeping corporate utilities and data separate from the device’s operating system.

The central administrator can access each enrolled device, even getting a view of the screen. This is a great tool for remote support. Security measures enable the administrator to track all devices and lock and wipe those that are lost or stolen.

The suite of administration tools that are accessible in the Web-based console system includes security scans that examine all devices for malware and misuse, such as jailbreaking. The package also includes a mobile email management module.

ManageEngine Mobile Device Manager Plus can be installed on Windows Server or accessed as a cloud service. The full package can be used for free forever to manage up to 25 mobile devices and there is an edition for MSPs. You can access either the SaaS version or use the Windows Server edition on a 30-day free trial.

Pros:

  • Containerization for BYOD
  • Remote access
  • Tracking, locking, and wiping
  • Connection security
  • Malware scans

Cons:

  • Doesn’t offer cross-device continuity

2. BlackBerry Spark UEM Suite

BlackBerry Spark UEM Suite is a package of mobile device management systems that includes a secure mobile content management bundle. The main MCM concept in the package is implemented with encryption that is implemented on connections and individual files. These enable document owners to set access rights and permission levels for other team members. Access to data is also restricted through the use of a suite of BlackBerry-created productivity tools, called BlackBerry Workspaces.

  • Data access control through apps
  • Containerization for BYOD
  • Activity logging and auditing
  • Digital rights management

The MDM can run devices with iOS, Android, Windows, macOS, BlackBerry, Linux, and Samsung Knox. Fleet devices can be accessed remotely and user-owned devices can be included in the network through the creation of an access app. This amounts to a containerized locker of access and tools. The Spark UEM administrator controls don’t include a tracking service and, other than remote access, there is no utility for locking or wiping a device.

Data controls include a DRM system and the package also includes integration with DocuSign, which includes copy tracking.

BlackBerry Spark UEM Suite is a SaaS platform but it is also available for installation on Windows Server. The BlackBerry Spark UEM Suite is available for a free trial.

  • Access permission controls for document owners

  • Document signing and copy tracking

  • File-based encryption

  • DocuSign integration

  • No tracking function in the console

3. Cisco Meraki System Manager

Cisco Meraki is a unified endpoint management system that covers office endpoints, mobile devices, and IoT equipment. The MDM package within this cloud-based package can monitor and manage devices running Windows, macOS, Windows Phone, iOS, Android, Chrome OS, and Samsung Knox operating systems.

  • Containerization for BYOD
  • Standard configuration for device types
  • Role-based application menus

System administrators can set up a fleet of mobile devices en masse by setting up a standard configuration that follows specific security and content delivery policies by the group. So, you can vary the app library added to each type of device and also create work-level groups that provide access to job-specific applications and data.

User-owned devices can be added to the network through a self-service portal. This adds an MDM app to the device, which also acts as a MAM and MCM client. This package of services is then delivered as a locker, which loads onto the device through containerization and keeps corporate functions and data separate from the device’s operating system.

The Web-based Meraki administrator dashboard includes a great map-based device tracker. There are also straightforward device locking and wiping commands available in the system. Call and data activity is logged per device and it is possible to put a limit on the amount of each that a specific device can use on the corporate account.

The Meraki system includes a service called Backpack. This is a containerization service and it allows files to be made available to mobile devices without them becoming accessible to the device’s operating system. Thus, any native or alternative apps for viewing various document types cannot be used with these files, and access to them is limited to authorized applications with disabled copy and forwarding functions.

  • Device usage logging

  • Tracking, locking and wiping

  • Cloud-based console

  • Stronger on device management in general than content management

Cisco Meraki is available for a 14-day free trial.

4. SOTI MobiControl

SOTI MobiControl is an on-premises software package that runs on Windows Server. It is also available as a SaaS package from the SOTI One cloud platform. The tool enables you to manage mobile devices running You can manage Windows, iOS, and Android devices plus IoT devices running Linux.

  • On-premises or SaaS
  • Control mobile and IoT devices
  • Option for BYOD

All enrolled devices are listed in the administrator dashboard, which also shows their locations on a map. In the case of fleet devices, the entire device can be set up and controlled by the administrator and it is also possible to allow BYOD owners to install an app, which is containerized and gives access to business data.

The MAM and MCM client is implemented as a secure browser, which connects through to a content distribution network, called SOTI Xtreme Hub. This distribution system controls access to corporate documents and also speeds up delivery. All file activity is logged.

The administrator dashboard enables remote access to devices, including a remote screen viewer. Locking and wiping are also possible. The Saas version of SOTI MobiControl on the SOTI One platform is available for a 30-day free trial.

  • Secure app

  • Containerized applications

  • Content delivery network

  • No free trial for the on-premises version

5. Citrix Endpoint Management

Citrix Endpoint Management uses virtualization in its MCM client, which capitalizes on this provider’s core technology. The MAM strategy of the Citrix system provides proprietary email, messaging, collaboration, and file-sharing utilities. System administrators can make third-party or in-house tools available to mobile devices through a system called “wrapping.” This is an encryption service that protects the communication between the device and the server and also controls access to apps on the device.

  • Added security for apps
  • File access through proprietary apps
  • BYOD policy

Applications are not loaded onto each device. Instead, the device gets a network access app. This app works for both BYOD and fleet devices and it requires a sign-in. So, if the device gets lost, those who discover the device can’t get to any corporate apps or data because they are hosted on the company server and nothing, other than the secure app, is on the device. This strategy also means that users can access their workspace from any device and continue where they left off.

The Citrix system gives users views on their server-hosted workspace wherever they are, so it is also great for delivering access to WFH employees. Request a demo to see the Citrix system.

  • Hosted workspace accessible from any device

  • Cross-device continuity

  • Almost no software is installed on the device

  • Access rights need extensive planning