Everything You Need to Know about Mobile Device Management (MDM)

As an MSP, you know that the rise of the BYOD revolution has made data protection trickier. Your clients’ employees need to be able to access their work files and email on-the-go; it's simply a part of the job today. How do you secure the corporate data being accessed through these mobile devices? What are the pros and cons of offering an MDM solution and what should you look for in yours? Keep reading for answers to this and more!


    question-mark-what-is-rmmOverview

    mobile-device-management-mdm-overviewIn just a few short years, the way mobile devices are used by employees has shifted dramatically. Increasingly, employees are bringing their own devices to their workplaces and connecting to secure corporate networks. While employees enjoy the flexibility and ease this offers, employers also appreciate the added benefits of increased efficiency with lower equipment costs.

    However, with this trend comes a set of new considerations for security, connectivity, privacy and management. Employees also have varied mobile service providers, and their devices run varied operating systems. The inherent risks of a “bring your own device” (BYOD) policy has given rise to mobile device management (MDM) solutions –software used by an IT department to monitor, manage, and secure employees' laptops, smartphones, tablets, and other devices that are being used in the workplace. With security and data breaches becoming costlier every year, MDM solutions have become essential to the modern workplace

    Coupled with additional tools, technologies, processes, and policies, an MDM solution is a core component of enterprise mobility management (EMM), an ever-developing organizational trend that addresses the business and technological context of device usage in everyday business operations. However, not all MDM solutions are created equal, and the right choice for SMBs may depend on a variety of factors.


    bdr-wiki-evolution-of-backupThe Evolution of Mobile Device Management (and EMM)

    The field of mobile device management has continued to evolve as more professionals are using laptops and smartphones to work. This has increased the need for solutions that allow employees to access information wherever they are and at any time. Early solutions focused solely on devices, and lacked application and content management; today, they are now growing into broader EMM solutions to better capture and serve the mobile opportunity.

    Current EMM suites consist of policy- and configuration-management tools that are coupled with a management overlay for applications and content that’s intended for mobile devices, which are smartphone-OS specific. IT organizations and service providers use EMM suites to deliver IT support to mobile end users and to maintain security policies.

    Modern EMM suites provide the following core functions:

    • Hardware inventory
    • Application inventory
    • OS configuration management
    • Mobile app deployment, updating and removal
    • Mobile app configuration and policy management
    • Remote view and control for troubleshooting
    • Execute remote actions, such as remote wipe
    • Mobile content management


    bdr-wiki-key-terms-and-definitionsKey Terms & Definitions

    Mobile device management (MDM) is a type of security software used by an IT department to monitor, manage, and secure employees' mobile devices (laptops, smartphones, tablets, etc.) that are deployed across multiple mobile service providers and across multiple mobile operating systems being used in the organization.

    Enterprise mobility management (EMM) is the collective set of tools, technologies, processes, and policies used to manage and maintain the use of mobile devices within an organization. EMM is an evolving organizational trend that deals with the business as well as technological context of the increasing trend of mobile and handheld device usage in routine business operations. MDM software is often combined with additional security services and tools to create a complete mobile device and security EMM solution.

    Bring your own device (BYOD) is a term referring to a trend where employees are bringing or connecting their own computing devices to the workplace for use and connectivity on the secure corporate network.

    Mobile application management applies management and policy control functionality to individual applications, which are then managed by the EMM console. This capability is necessary when a device’s operating system (e.g., iOS, Android, Windows Phone) does not provide the required management capability or when organizations elect not to install an MDM profile on the device. There are two basic forms of mobile application management:

    • Preconfigured applications: These generally include a secure personal information manager (PIM) for email, calendars, and contact management, as well as a secure browser provided by the EMM provider or a third party. These tools are configured to be managed and secured by the EMM system.
    • Application extensions: These apply policies to applications through the use of a software development kit (SDK) or by wrapping. This capability is necessary when the OS does not provide the required management capability or when organizations elect not to install an MDM agent on the device.


    Mobile content management
    enables users to access content from their mobile devices. The mobile content management function within EMM suites has three fundamental roles:

    • Secure Container: A client-side app that enables a user to store content securely on a mobile device. The EMM can enforce policies such as authentication, file sharing and copy/paste restriction. Content comes from three primary sources: email (and attachments), content pushed by the administrator or another internal person, and content accessed from a back-end repository
    • Content Push: Push-based document delivery. Some specific functions are to control document versions, to alert users of new files, and to flag a content expiration date

    Content Access: A connection to a back-end repository where users can pull content to their devices. Specific capabilities include support for specific back-end repositories (SharePoint, Documentum, etc.), roaming download restrictions, and audit logging to track who accesses/downloads files.


     weigh-prosand-cons-of-mdmThe Pros and Cons of Bring Your Own Device (BYOD) Policy


    522749373There are many tangible benefits of BYOD, including reduced equipment costs, increased employee efficiency and satisfaction, reduced office space square footage (should workers transition off-site), and a decreased IT staff burden since employees will maintain their own equipment.

    However, along with these benefits comes risk as well. With BYOD policies, employee-owned devices can potentially expose security vulnerabilities not directly supervised by IT staff or addressed by corporate antivirus solutions. This is where the need for mobile device management comes in.

    Tablets and smartphones are arguably less secure than desktop PCs and laptops because they lack pre-installed malware protection. Most computers include at least a trial version of an antivirus suite, but for the newest mobile gadgets, individual users and IT managers are on their own to search for and install mobile endpoint security management.

    This vulnerability has not escaped the attention of hackers, who unleash creative new threats like SMS text messaged-based attacks on a daily basis. The old-school virus, while still annoying, doesn’t hold a candle to the damage caused by these new approaches in cybercrime, which include more sophisticated Trojans, keyloggers, phishing attacks, and malicious apps than ever before.

    It is nearly impossible to enforce a ban on these devices, but there are options for businesses on a tight budget to maintain security:

    • The first cost-effective step is to immediately establish protocols regarding these devices in the workplace, including guidelines for acceptable use, forbidden applications, and how to avoid dangerous activities such as browsing certain questionable sites while connected to the company’s Wi-Fi.
    • Next, current solutions should be evaluated to see if they can be modified to protect BYOD devices through password enforcement, remote wiping or other protective measures.
    • If the quantity of devices or sensitivity of data requires a more robust solution, explore whether the use of Mobile Device Management (MDM) software makes sense. MDM provides a centralized platform to manage all BYOD devices and is recommended if IT personnel are spending a large amount of time securing tablets and smartphones – or if the sheer variety of devices and new threats tests their expertise.


    24-7-iconWhy Businesses Need MDM?

    The rapid adoption of smartphones and tablets, along with increasing numbers of employees who are working from home or other non-traditional locations, has placed mobility solutions near the top of many business’ priority lists.

    A recent study by Gartner indicates that PC sales are in decline – the majority (87%) of devices shipping in 2015 will be mobile phones and tablets. As a result, 451 Research predicts that the $3.8 billion EMM (enterprise mobile management) market will double to $9.8 billion by 2018. SMBs have been adopting mobile solutions at a fast and furious pace. SMB Group research indicates that 67% of SMBs now view mobile solutions and services as “critical” to their businesses, and 83% have already deployed mobile apps to help improve employee productivity. Of these, 55% are using mobile apps for specific business functions, such as CRM or order entry, and 49% of SMBs are building mobile-friendly websites, and/or deploying mobile apps to engage and transact with customers.

    EMM is clearly trending, and looks to continue to do so in the future. After looking at the risks of doing business without a proper MDM solution, it becomes obvious why. Without MDM, information on stolen or lost devices is not secure, which could allow it to easily fall into the wrong hands. Also, devices without MDM have an increased exposure to malware and other viruses that could compromise confidential data. And, once that confidential data is compromised, the ease of which a data breach or hacking incident can be achieved increases greatly – events that can permanently affect a company’s reputation with consumers and other business partners. According to Novell, a laptop or tablet is stolen every 53 seconds, and 113 cell phones are lost or stolen every minute. With the cost to recover from a corporate data breach getting increasingly more expensive every year, more and more businesses are seeing the value of a comprehensive EMM solution.

    what-to-look-for-in-mdm-1What to Look for in an MDM Solution?

    Once resolved to pursue an MDM solution, one will find that there are multiples options available in the market. While many features will vary, certain criteria that are essential:

    • Cloud-based, so updates are automatic and painless
    • Fully managed, 24/7 monitoring
    • Remote configuration and monitoring
    • Passwords, blacklists and other security policies enforcement
    • Passcode enforcement/remote data wiping, to prevent unauthorized access to the phone
    • Geofencing, to restrict access to specific data and applications based on location
    • Backup/restore functionality of corporate data
    • Logging/reporting for compliance purposes
    • Jailbreaking and rooting alerts for users attempting to bypass restrictions
    • Remote disconnection or disabling of unauthorized devices and applications
    • Scalable, so new users and increasingly sophisticated devices can be accommodated easily


    MDM solutions, however, are only as useful as their implementation; they will only succeed if they are executed properly. Care and due diligence must be taken to evaluate an MDM platform to understand if it fits a company’s specific policies. For example, when an employee is terminated, what happens to their device under company BYOD policy? Is access simply shut off to corporate systems? What happens to saved or cached data on their device? Is it ignored, or is business data wiped? How is business data separated from a user’s personal data? Before choosing any MDM solution, these policies must be set in place in order to decide what is specifically needed and continuously reviewed to ensure best practices are maintained.

    There are also additional factors to consider:

    Architecture: Cloud services and infrastructure may be rising in popularity, however many organizations are still opting to have systems running in their own data centers. This has given rise MDM solutions for on-site, cloud and hybrid options. Before any business makes a decision on their MDM solution, they must consider which option is right for their preferences.

    Direction: For every shift, pivot, and change in the industry, MDM solutions are constantly being updated, revised, and enhanced. It’s important for businesses considering an MDM solution to have a good understanding of where their MDM provider is headed strategically. Is it a smaller part of an MSP’s total offering? Are there enhanced content functionalities, such as document editing and management? Can enterprise apps be controlled and secured? Are there additional integrations with other security apps? Those who are choosing the right MDM solution for their company must understand not only what is provided today, but where development is headed down the road, so that choice will best fit current and future needs.

    Integration: Simply, a company’s MDM solution needs to be able to integrate with their existing security and management controls and workflows. Most organizations have already made significant investments in this area, so integration with these systems is essential. The right MDM solution will enhance both security and efficiency, allowing an admin to control and monitor systems from a single access point.


    Many businesses are only just becoming aware of the burgeoning BYOD trend and the necessity of protecting mobile devices. Small- and medium-sized businesses without large IT staffs and large budgets need a solution that protects them as much as the larger companies. The pressure to have an in house technician who is fully knowledgeable about the entire breadth of BYOD policy, restriction, and effective implementation is a high barrier to SMBs as well as larger corporations. Fully-managed MDM solutions relieve the need to have dedicated, in-house staff managing this system – good news for the bottom line of businesses of any size. Additionally, those who take advantage of a fully managed MDM solution can rest easy knowing there is an always-on NOC monitoring their system for anomalies and irregularities 24/7, and handling these issues as they arise. Because BYOD employees are no longer tethered to a traditional work schedule, MDM solutions must follow suit.

    Employee-owned mobile devices are here to stay in the workforce. Businesses must develop a plan to manage them before they wreak havoc on their corporate data and digital security. MDM solutions control and protect the data and configuration settings for any mobile device in your network, whether it's a personal or company-owned device. Yet, every business has different data-management needs, so it's important for businesses to select a solution that's meets their individual needs. Proper research and due diligence when selecting an MDM solution will help anyone who needs to make that choice.


    Did you find this MDM article helpful? Share the wealth!
    twitter-icon.png linkedin.png reddit-icon-share.png spiceworks_icon.png