Understanding Mobile Device Management (MDM)
A core component of EMM, mobile device management is software that enables IT staff to secure, control and enforce mobility policies on devices such as smartphones, tablets, laptops and other endpoints, simultaneously protecting the corporate network while also optimizing the functionality and security of mobile devices.
Endpoint software, called an MDM agent in conjunction with an MDM server which live in a data center (either on-prem or in cloud) is the foundation of mobile device management. After configuring policies through the MDM server’s management console, the server pushes and applies those policies to the MDM agent on the mobile device by communicating with APIs that have been built directly into the device’s operating system.
As a result of mobile operating system developers and mobile device manufactures controlling what MDM software can and can’t do via their APIs, MDM has become commoditized, with most vendors offering a comparable set of core competencies. Vendor differentiation is born from the integration of the MDM servers with various enterprise software platforms. Common features of MDM include:
- App distribution and/or an enterprise app store
- App whitelisting and blacklisting
- Data encryption enforcement
- Device inventory and tracking
- Password enforcement
- Remote wipe
As suggested above, MDM offers a relatively simplistic solution to security and accessibility concerns largely specific to enterprise mobility. Some of the benefits of MDM include:
- Automated compliance: Tracks compliance in real-time, alerting IT admins
- Data loss protection: Allows IT admin the ability to remotely lock/wipe managed devices
- Easy device enrollment: Both admins and end-users can enroll devices via the agent or email
- Enterprise deployments: Manage large-scale deployments of mobile devices
- Flexibility: Employees have the freedom to use a variety of productivity devices and maintain real-time adherence to data security and compliance
- Secure Access: Enables secure mobile access to corporate resources while enforcing security and compliance policies
Meeting security and compliance parameters is perhaps one of the most important components of MDM. When assessing mobile device management products and vendors, these basic features should be used to create a baseline mobile security policy:
- Data Secured at rest & in motion: Capable of stopping data from being copied or sent
- Full disk encryption: an MDM provider should be able to enforce encryption on any device.
- Jailbroken or rooted device detection: Jailbreaking enables employees to install unapproved software or make changes to the mobile device's operating system, which is a risk.
- PIN enforcement: Admins can administer PINs to lock individual devices or to use as a password to the system.
- Remote wipe. In the event of theft or loss of device; it can be wiped clean remotely
Read more about Enterprise Mobility here.