Mobile Device Management (MDM): Everything You Need To Know (FAQs)
What Is Mobile Device Management (MDM)?
Mobile device management is the process of monitoring, managing, and securing the mobile devices connected to your corporate network. This includes personal and corporate-issued devices, and any different device types and operating systems your employees may be using. This can be a difficult task when undertaken manually; thankfully, MDM solutions exist to make it much easier.
How Do MDM Solutions Work?
MDM solutions give IT and security teams a unified view of all the mobile devices on their network. Usually, the IT team must install the MDM agent on all mobile devices—the best MDM solutions offer an option for remote users to install this agent themselves. Once the agent is installed, the MDM solution can monitor the device’s health and security posture.
As well as providing admins with health and security insights, MDM solutions also typically enable them to define policies for device configuration, manage the applications installed on a device, and remotely troubleshoot any issues that a user is having with their device—all from a single, centralized management console.
What Features Should You Look For In An MDM Solution?
All MDM solutions offer slightly different feature sets to meet specific use cases, but there are some features that you should look out for in any MDM solution. These are:
- Device compatibility: your chosen MDM solution must be compatible with all the device types in your business and offer patching and updates for all the operating systems those devices are running.
- Remote monitoring and troubleshooting: your IT team should be able to remotely troubleshoot user devices via a centralized management console, without having to visit users in person.
- Application management: admins should be able to define which applications can be installed on user devices, as well as update those apps. This could be via an app store experience, remote software distribution, or a containerized “work mode” that keeps personal and work apps separate.
- Reporting and analytics: admins should be able to generate and export reports into device posture including usage, compliance, patch status, and the presence of unauthorized apps. Admins should be able to schedule reports to be delivered automatically or generate them on demand.
MDM Vs. EMM Vs. UEM: What’s The Difference?
There are a few different types of endpoint management solution on the market: mobile device management (MDM), enterprise mobility management (EMM), and unified endpoint management (UEM). While these do overlap somewhat in terms of functionality, there are some key differences you should know about before you decide which one to invest in.
MDM solutions enable security teams to monitor, manage, and configure policies for all the mobile devices connected to their network, such as smartphones, tablets, and laptops. This is particularly useful for organizations with a high percentage of remote workers, or which don’t have a physical office with permanent workstations. However, businesses that have both remote and office-based workers would have to juggle two endpoint management tools for remote mobile devices and on-prem devices, such as desktops.
Enterprise mobility management solutions are an evolution of traditional MDM. They use containers to secure the apps and data on a mobile device, enabling employees to switch easily between work and personal activities on one device. This is useful for businesses with a large number of BYOD devices in their device fleet. However, while EMM was designed as an evolution of MDM, most modern MDM solutions also offer this app management functionality, amongst other security features—which we’ll talk about later on.
Unified endpoint management solutions build on this again to enable security teams to monitor, manage, and secure all of the devices connected to their corporate network—both mobile and on-site—via one interface. Because of this, UEM is a strong solution for businesses with remote and office-based employees or, more specifically, a combination of mobile devices, desktop PCs, and IoT devices in their device fleet.
So, if the majority of your staff work remotely or on mobile devices, you should consider implementing an MDM solution. If a lot of your staff work using a desktop at your business’ office site, you may prefer to compare the best unified endpoint management solutions, instead.
Why Do You Need MDM?
As organizations increasingly rely on the use of mobile devices to support their hybrid and remote workforce, the mobile attack surface also increases, with threat actors targeting mobile devices with malware and social engineering attacks in order to access sensitive company data. If an attacker successfully takes over a mobile device, they can use it to sign into all the user accounts associated with that device—including work applications.
Mobile devices are a lucrative target for cybercriminals and can also be an easy target when not properly secured. Without multi-factor authentication, for example, an attacker could steal their victim’s phone and sign into their corporate accounts. Without strong endpoint protection, such as antivirus and antimalware software, an attacker could install malware on a user’s device undetected, and use it to steal credentials or data, or spread laterally throughout the corporate network, infecting more devices along the way. And without a secure remote access solution, such as a VPN or zero trust network access (ZTNA), an attacker could tap into a user’s unsecured Wi-Fi connection and spy on all of their online activity—including their connection to the company network.
MDM solutions give IT and security admins comprehensive visibility of all the mobile devices connected to the company network and enable them to remotely manage and secure those devices, to protect them from these types of threat. MDM also allows admins to monitor device health such as checking for updates, which not only helps prevent the exploitation of software and operating system vulnerabilities but also ensures that each device is running optimally, which boosts productivity. After all, nobody wants to wait for 10 minutes after they’ve turned on their tablet just to be able to load up their inbox.
How To Choose An MDM Solution
The cybersecurity market is crowded and the mobile device management market is no exception to that. With each provider offering different plans and pricing, and different feature sets to support specific use cases, it can be difficult to know which solution to go with. But there are some features that any organization should look for when implementing an MDM solution—so that’s where you should start.
Device Compatibility
Firstly, it’s critical that your chosen MDM solution is compatible with all the mobile device types in your device fleet. Otherwise, you won’t have visibility over every device—leaving you with gaps in your security. It should also support all the operating systems (OSs) on which your users’ devices are running, so that you can automate patching and updates on each device. Most MDM providers offer support for Android and iOS operating systems, but you’ll need to double check for compatibility with any other manufacturers and older OS versions.
Because of this, it’s important that you know which devices you have in your fleet—be they corporate-issued, or BYOD—before you invest in an MDM solution.
Remote Monitoring And Troubleshooting
If something goes wrong with a device on-prem, your IT team can take a look at it and troubleshoot the issue in person. To do the same for mobile devices that aren’t being used in the physical office, your team would have to travel constantly between your users’ houses, coffee shops, airports, and wherever else they might be working—which just isn’t feasible.
To solve this challenge, your chosen MDM solution should offer remote troubleshooting capabilities that allow your IT team to fix issues from anywhere via a centralized management console. Troubleshooting features could include remote device wiping and data encryption, and remote device locking or the lockdown of certain services when not in use to protect sensitive data on lost or stolen devices. Some MDM solutions even allow your IT or security team to view a device’s screen in real-time, for troubleshooting more complex issues.
Reporting And Analytics
Any strong MDM solution should offer robust reporting functionality that your admins can access via a single, centralized management console. Reports should be easily accessible through dedicated dashboards and you should be able to export them in multiple file formats so they’re easy to share with stakeholders, decision makers, and audit bodies.
You should be able to generate a wide range of reports such as device usage, device compliance, whether operating systems and software are up to date, and whether a device has unauthorized apps installed. This will help your IT and security teams monitor the security of each device, as well as make sure that they’re being used properly and safely.
As well as offering scheduled or on-demand reporting, the best MDM solutions use artificial intelligence or machine learning to analyze covered devices for changes in their health or security status and offer real-time alerting on those changes, so that you can address any issues as quickly and effectively as possible. These could include alerts on device inactivity, blocked applications or device lockouts, and more.
Application Management
Last year, 46% of businesses experienced a security incident that involved a user downloading a malicious application. Your MDM solution should give you a level of control over which applications can be installed on each device, to help prevent your users from accidentally installing malware.
These controls vary between solutions and differ depending on whether your users are working on their own personal devices or corporate-issued ones, so it’s important that you compare the functionality offered by each solution before deciding which is the best fit for your business.
If your device fleet is mostly corporate-issued and fully managed, you may want to choose an MDM solution with custom app store functionality. This enables you to set up a catalogue of applications that your users can install; anything else is out of bounds. Alternatively, you could look for an MDM solution that allows your IT team to remotely distribute software to certain users or user groups to ensure your employees can always access the resources they need, but nothing more.
If your device fleet is mostly BYOD, you should look for an MDM solution that enables you to isolate personal and workplace applications so that when a user’s device is in “work mode” you can manage the applications available to them and ensure they’re browsing securely. This empowers a secure BYOD environment, without encroaching on how your users use their personal devices in their own time.
As well as managing what applications your users are installing, it’s critical that you’re able to update those applications. Over 80% of successful breaches are unknown or zero-day attacks, which usually involve either a new malware variant, or the exploitation of undisclosed vulnerabilities. In 2020, a remote code execution (RCE) vulnerability in the Google Play Core Library led to the exploitation of 8% of all Google Play apps—including Cisco Webex Teams, Movit, and Edge. Once exploited, attackers had the same level of access to the target device as the vulnerable application, enabling them to steal credentials and multi-factor authentication codes, inject malicious code to view and send messages while impersonating their victim, and access sensitive corporate data stored in the apps on that device.
The best MDM solutions enable you to roll out automatic updates for legitimate apps installed across your devices, to prevent the delivery of malware through vulnerability exploitation.
Additional Security Features
Finally, the strongest MDM solutions offer additional security features to help protect your company’s data against endpoint attacks such as malware, man-in-the-middle (MitM) attacks carried out through unsecure WiFi networks, and device theft.
In particular, you should look for:
- An in-built VPN or integration with your existing remote access or zero trust network access (ZTNA) solution, to secure and encrypt each remote connection to the corporate network
- Multi-factor authentication or two-factor authentication to confirm users’ identities when they request access to business data via a mobile device
- Flexible security policy configuration and role-based access to restrict what data users can access remotely, and what data they are able to store on their mobile device
- Integrations with your existing endpoint security tools, such as antivirus software and firewalls