em360tech image

Smartphones, tablets, laptops, and a host of other mobile devices are what keep modern businesses up-and-running. But think about the hundreds — possibly thousands — of mobile devices in use across your organisation. Are those devices secure? What data and company assets are accessible through them? Can you see who’s accessing what? How do you keep them updated? Mobile device management (MDM) is essential, precisely because it addresses these challenges.

Read on to discover what mobile device management means in today’s working environment, the threats and issues you need to be aware of, answers to common MDM-related questions, and the capabilities you need to track and secure an ever-growing fleet of devices.

What Does MDM Stand For?

MDM stands for mobile device management. MDM is concerned with all aspects of administering mobile devices across an organization. The most common examples of these devices include smartphones and tablets, laptops, portable scanners, and wearables.

From a strategic perspective, mobile device management involves a kind of balancing act: you need to make sure your people have access to the devices necessary to get their jobs done, while also ensuring those devices are secure.

What is Mobile Device Management?

Security

Research indicates that threat actors have the ability to at least 93% of business networks. Meanwhile, the latest Verizon Security Index suggests that 85% of security leaders have seen a stepping up of the mobile device threat over the last year. As well as this, 64% believe they are at significant or extreme risk from mobile device threats and 51% have experienced mobile-related incidents from factors such as malware or unpatched vulnerabilities.

When poorly managed, mobile devices present a significant weak point in your security stance. More specifically, when you have a sprawling IT estate with a growing number of mobile devices in play, this offers up multiple fresh attack vectors for hackers.

MDM gives you visibility and control over all mobile devices across your network. Through this, you have the ability to implement and enforce user authentication, access management, encryption, remote patching, and a host of other measures to protect your data and your wider business.

Centralised control

A UK government survey suggested that the typical medium-sized business (50-249 employees) has around 185 devices to manage. Larger organisations (250+ employees) averaged 2,949 devices. From a security and inventory management perspective, this represents a lot for your IT team to keep track of — especially if you are relying on ad-hoc, manual processes.

One of the key objectives of MDM involves streamlining and centralising device management. Ideally, you should have a single view of all assets, complete with the ability to deploy and configure all devices, install applications, apply security updates — both automatically and from a single location. This allows you to achieve consistency and compliance across all devices.

Compliance

Especially when it comes to personal data, regulations such as GDPR require you to keep tight control over who is accessing what, and for what purposes. This also involves having appropriate and proportionate safeguards in place to protect that data from unlawful access.

A robust approach to mobile device management allows you to demonstrate to regulators that you are taking these obligations seriously. In particular, with the ability to monitor and manage device usage, access, security controls and configurations, MDM gives you a framework for enforcing adherence to company policies and regulatory requirements.

Supporting new ways of working

More than 80% of organisations have a bring your own device (BYOD) approach in play, allowing employees to use personal devices for work purposes. Especially since the pandemic, many businesses have introduced a much more flexible working model, including greater freedom in terms of when and how corporate assets can be accessed by employees.

bring your own device byod

If your business has shifted towards this way of working, consider updating your security procedures and management capabilities accordingly. It’s essential to maintain a proper balance between employee convenience and organisational security requirements. Facilitating things such as data separation through containerisation on personal devices used to access works material, and remote data wiping in the event of devices getting lost or stolen, MDM helps you achieve this balance.

Efficiency and cost reduction

From patch updates and configuration through to software license renewals, a fit-for-purpose mobile device management approach allows you to automate a whole host of routine tasks, giving you the chance to reduce your IT workload and free up bandwidth for more profitable activities.

More widely, MDM can help you boost visibility across your IT estate, to understand what’s being used, and for what purpose. Are you wasting money on laptops, tablets, and software licenses that are underutilised? With increased visibility comes the chance to highlight areas of waste, consolidate, and reduce your costs.

What is MDM Software?

A comprehensive MDM software is a security software which allows organisations to monitor, manage, enforce, and secure employees’ devices. It can be categorized based on the following models and management capabilities:

MDM software deployment options

On-premise MDM solutions are installed and managed on the organization’s own servers. Building and configuring your own solution gives you full authority and control of your MDM, enabling you to customise it to match existing systems, workflows, and compliance requirements. On the flipside, setting up an on-premise MDM system can involve high upfront costs and can require substantial in-house IT resources for maintenance.

While the MDM software market as a whole is growing rapidly, that uptick is strongest among cloud-based SaaS (Software as a Service) solutions, which, according to Research Dive, are growing at a rate of around 30% per-year. With the SaaS MDM model, you get a ready-to-go set of MDM functions, with everything hosted on the cloud by your service provider. This model operates on a subscription basis, giving you the benefits of predictable recurring costs, and eliminating the need to invest in and maintain physical infrastructure. Scalability is a further benefit here — as the number of devices in play across your business increases, you can usually adjust your plan accordingly.

So which MDM deployment option is right for your business? This depends on your priorities and resources. For instance, for many small or medium-sized organisations, ease of set-up and low upfront costs makes the SaaS MDM model a highly attractive one. But if you want more freedom when it comes to configuration, or if you have stringent compliance mandates to adhere to, the on-premise option may be a preferable option.

MDM software scope and compatibility

Some mobile device management software solutions are designed to manage devices running a specific operating system (such as Jamf Pro for macOS and iOS, and Esper for Android). There are also solutions such as Microsoft Intune, which, while offering some capabilities across multiple operating systems, is designed primarily for specific environments (in this case, Windows).

If your business uses a single platform, then these types of platform-specific solutions can be appropriate, offering you the benefits of deep integration with the operating system’s native features. However, especially if you have a BYOD policy in place spanning different types of operating systems, it’s worth paying close attention to multi-platform MDM software solutions. Just a few examples here include IBM MaaS360, ManageEngine, Hexnode, and SOTI MobiControl. With a single solution covering your entire ecosystem, it means fewer separate tools to manage and a simpler tech stack.

What MDM Capabilities Do You Need?

What does fit-for-purpose mobile device management software actually consist of? What features do you need in order to meet the needs of users and protect your business? Here are the key areas to focus on…

MDM software solutions: essential functionality explained

If you’re looking to secure your data and devices, and streamline your IT management workload, these are the MDM software features that are likely to be of most value to your business:

  • Device discovery

MDM software often includes device discovery features, allowing you to identify and track all devices connecting to your network. Especially in a ‘hybrid’ environment where both corporate and employee-owned devices regularly connect to the network, this capability gives IT administrators comprehensive visibility across all types of device, helping to ensure that only authorised devices access company resources.

  • Device inventory

Inventory capabilities allow you to maintain an up-to-date list of all managed devices, including details such as device type, OS version, and installed applications.

  • Configuration management

MDM software should enable you to define, apply, and enforce whatever specific controls you need in order to translate your formal security policies into practice. This includes the following:

  • Device settings: This includes WiFi, email accounts, and VPN configurations, including the ability to limit certain functionalities (screen share, and file transfer, for instance).
  • Security: You should be able to remotely enforce your desired password or other authentication requirements, apply your desired mode of encryption for data in transit and at rest. Your MDM solution should also enable you to remotely lock devices or erase data in case of loss or theft.
  • Content management: This includes the ability to distribute files to devices in batches, and to apply browser-level restrictions to prevent access to inappropriate or non-work related websites or content.
  • Connectivity: This includes the ability to manage and restrict mobile data usage when roaming to control costs, as well as geofencing to implement location-based restrictions.

mobile device management mdm for employees
 

  • Application management

This covers the ability to install and uninstall software, and remotely apply OS, firmware, and other software updates to ensure devices are up-to-date.

Mobile Device Management FAQs

When carrying out needs analysis, and when weighing up MDM software options, it’s important to ask the following types of questions:

Does the MDM solution support the types of devices used within your business?

Carry out an inventory of the device types and operating systems in use within your organisations. Make sure that the solution you use is compatible with all of these assets.

Should you use an MDM solution for managing IoT devices, or does this require a dedicated platform?

Especially in industrial settings, it’s not unusual for businesses to have a large (and growing) fleet of connected internet of things (IoT) devices to manage, alongside standard mobile equipment such as smartphones and laptops.

Some MDM software (IBM MaaS360, for instance) lets you manage IoT and standard mobile devices side-by-side on a unified platform. Alternatively, for your IoT projects, you can opt for a dedicated IoT Device Management solution. One important factor to consider here is the frequency of interactions required. If your IoT project requires frequent and complex interactions (e.g. large-scale, real-time data collection or continuous monitoring of industrial equipment), a specialist IoT device management solution is often a more suitable option, as these are specifically optimised to handle high-frequency and large-scale deployments efficiently.

Is the MDM software solution suitable for managing a BYOD environment?

If you already allow (or intend to allow) employees to access work assets and data via their personal devices, opt for an MDM solution that specifically supports this.

On BYOD-compatible solutions, employees can voluntarily ‘enroll’ their personal devices onto the management system, usually by downloading a dedicated app (an MDM agent). Post-enrollment, the MDM solution identifies the device, and assigns appropriate controls. A key element of this is containerisation, whereby corporate applications and information is hived off to reside in a secure, managed environment within the device, while the user’s personal data and resources remain private.

How does the MDM software work, and is it easy to use?

Most modern MDM software solutions are based around two core elements.

First off, there is the MDM management console. This is essentially your control hub, allowing you to configure and apply policies and controls relating to all of the mobile devices within your IT ecosystem.

The MDM agent is the second element. This small app is installed on each mobile device you need to manage. It acts as a kind of intermediary, making sure that your preferred controls across all relevant devices.

Any MDM solution you are considering should be test driven to assess its ease-of-use for both managers, and end-users. Things to look out for here include the following:

  • An easy-to-navigate dashboard designed to simplify device management tasks, and reduce the learning curve for IT staff.
  • An easy-to-understand enrollment process for users (especially relevant in BYOD environments).
  • Automation of routine tasks, including software updates, access controls, and compliance checks.
  • Device groupings, allowing you to create categories based on criteria such as device type, location, employee department and/or level of seniority. This simplifies management by allowing you to apply specific policies and configurations to all devices within a particular group.

What’s Next?

A Jamf survey from late 2023 suggested that around half of European enterprises still had no formal BYOD policy in place, and lacked any real visibility on if and how employees are connecting personal devices to corporate networks.

With growing volumes of devices to manage, a robust approach to MDM is essential, giving you the ability to manage and secure all endpoints, and protect your data, right across your network.