In this article...
Mobile devices are quickly becoming a staple of the professional world, and the value they add isn’t hard to identify: enhanced productivity, anytime access to corporate resources and systems, real-time collaboration, etc. But as personal smartphones, tablets, and laptops infiltrate the workplace, they also bring new uncertainties for which many businesses are still unprepared.
Mobile device management (MDM) or bring-your-own-device (BYOD) software helps businesses extend productivity to personal devices without compromising corporate security. This guide will simplify the buying process for IT leaders by outlining common software features, industry trends, and a case study of a leading mobile device management software solution.
Mobile device management software can alleviate many of these concerns by standardizing security measures, giving IT departments better control and visibility, and extending access to corporate content and applications. During your selection process, you may also see MDM referred to as enterprise mobility management (EMM). Functionally speaking, the two are near-synonymous, although EMM usually refers more to the larger methodology of controlling mobile devices in a business environment.
Most MDM software solutions are built around two main components: a server component (which sends configuration and security protocols from an administrative control center) and a client component (which receives the protocols, once installed on the mobile device). Some systems are built exclusively for mobile OS management (OS compatibility will vary according to vendor), but some MDM systems include other devices not owned by the company, from laptops to tablets and even desktop computers.
There are primarily two ways to package a solution:
Most MDM software solutions will address some or all of the following features:
MDM security measures help protect corporate networks from unwanted access by blocking foreign devices and providing gated access to employees. This usually entails role-based permissions and WiFi/VPN management. At the device level, IT managers can enforce passcode and encryption policies, distribute native malware protection and/or web filtering tools, and use audit reports to check for rooted or jailbroken devices.
Mobile applications can bring added productivity to business processes, but they’re also susceptible to exploitation. Application management features give IT control over which apps employees can download and which are blacklisted. In addition to basic filtering, application management can support enterprise purchasing and over-the-air distribution of business apps to all employees or to specific groups.
Mobile email management provides access to a corporate email infrastructure either through a secure gateway configured on the client component or through a containerized solution. This lets administrators block access by revoking certificates when a device doesn’t meet minimum security standards — for instance, if the device has no encryption or has been lost or stolen. Email management tools can also protect corporate documents attached to emails by restricting access to an approved application.
Some MDM solutions offer built-in messaging platforms that let company users exchange secure messages and files. These chat services are similar to instant messaging platforms (availability status, profile pictures, message threads, corporate directories), but the messages are encrypted during transmission and devices are authenticated according to corporate standards. Some platforms also enable managers/administrators to send push notifications to specific devices.
Lost or stolen employee devices represent one of the biggest mobile security threats, since an unauthorized user can then gain access to company files and back-office systems. Instead of leaving the door open for theft, administrators can use remote management tools to erase data or lock the device. More advanced systems can also track device location and may give the option of clearing only company data (vs. all data on the device).