Earlier this year, AirWatch proposed a standard approach for building and securing mobile apps. It was intended for use by enterprises that wanted to give their employees tools for doing their jobs while away from the office. Since then this proposed standard, Application Configuration for Enterprise or ACE, has been endorsed by a number of mobile software vendors.

But is ACE on-target, or does it miss the mark? Let’s take a look.

ACE describes a standard approach for implementing five key security-related capabilities in enterprise mobile apps. These are App Configuration, App Tunnel, Single Sign On, Access Control, and Security Policies (encrypted storage, data leakage prevention, etc.).

On paper, this appears to be a fairly comprehensive approach to mobile security, with the additional benefit of being EMM vendor-neutral. Most EMM vendors–Citrix included–are capable of supporting all of the capabilities that ACE describes. This is because all of these capabilities are implemented using APIs that Apple and Google have already built into iOS and Android.

But here’s where the problem comes in. None of the capabilities described in ACE is available without enrollment in an MDM. This is a huge problem.

Out in the real world, more and more enterprises are adopting BYOD policies for employees that want mobile access to their corporate email, etc. Employees are pushing back on MDM enrollment for their personal devices. They view it as an intrusion into their privacy, putting their music, pictures, personal information, etc. at risk. For example, imagine if you lost your phone and then discovered that your employer turned off iCloud backup and all of your pictures are gone.

Enterprises are starting to view this level of control over employee-owned devices as an unnecessary liability. MDM is becoming a niche technology that is only applicable when an enterprise issues devices to their employees.

So, what is a better approach?

XenMobile MDX technology provides all of the capabilities described in ACE without employees needing to cede control over their entire devices. XenMobile has the ability to run in an MAM-only mode (MAM = Mobile Application Management) that doesn’t require MDM enrollment.

With XenMobile, enterprises can control and secure their apps and data, including device-level checks for things such as jailbreaking/rooting, without needing to rely on MDM enrollment to do so. This is a huge win for enterprises and employees alike.

Please see our white paper with a deeper analysis of ACE vs XenMobile here.