Mobile Device Management (MDM)
What Is Mobile Device Management (MDM)?
Mobile device management (MDM) is a type of security software that enables organizations to secure, monitor, manage, and enforce policies on employees’ mobile devices.
The core purpose of MDM is to protect the corporate network by securing and optimizing mobile devices, including laptops, smartphones, tablets, and Internet-of-Things (IoT) devices, that connect to enterprise networks. Besides boosting the security of business networks, it also enables employees to use their own devices, rather than corporate-supplied devices, to work more efficiently and be more productive.
MDM software is part of the wider enterprise mobility management (EMM) family, which incorporates enterprise file syncing and sharing, identity and access management (IAM), and mobile application management (MAM). MDM, in the context of controlling PCs, is referred to as unified endpoint management (UEM), which enables organizations to manage all of their enterprise devices from one single location.
How Mobile Device Management Works
To further understand what is mobile device management, you have to know how it works. MDM relies on two separate components. The first is an MDM server management console, which is stored in an organization’s data center and enables administrators to configure, manage, and enforce policies. The second is an MDM agent that receives and implements these policies on users’ devices.
Policies are configured by IT administrators through the MDM server management console, then the server pushes the policies to the MDM agent. The agent applies the specified policies onto a device by using application programming interfaces (APIs) that are built into the device’s operating system.
Early MDM solutions relied on subscriber identification module (SIM) cards and client-initiated steps, which restricted scalability. But modern versions can automatically detect when new devices connect to corporate networks and apply commands or policies for them to implement.
BYOD and MDM
MDM first emerged in the early 2000s to allow organizations to take control and secure the first wave of smartphones and devices—like personal digital assistants—that were being used in the workplace. The consumerization of IT that has snowballed since then, starting with the launch of Apple’s first iPhone in 2007, fueled the trend of bring your own device (BYOD), which placed more importance on effective MDM tools.
The risks associated with the BYOD trend led to organizations implementing MDM software that helped their IT teams monitor, manage, and secure all devices brought into the workplace. These MDM tools remain crucial to securing the workplace in the face of increasingly sophisticated and costly cyberattacks and data breaches.
As employees increasingly expect to be able to use their personal devices at work, organizations need to be able to secure those devices and keep their users safe. Some employees who want to use their personal devices at work will do so even if their organization does not have a BYOD policy, a practice also known as shadow IT. It is therefore vital for businesses to implement a strong BYOD policy that enables employees to use their own devices without creating potential gaps in security.
However, implementing MDM within a BYOD environment can be challenging. Organizations must balance the need to secure their applications and data with maintaining employees’ privacy, such as IT being able to see the applications that users download or tracking their location.
The Advantages and Disadvantages of a BYOD Policy
BYOD offers a wide range of benefits, such as reducing the cost of buying new laptops for users and reducing the amount of office space required because of employees being able to work remotely. It also helps reduce the time IT teams have to spend managing devices, as users can do it themselves.
However, it also raises serious security issues. Employees' devices run the risk of exposing security vulnerabilities if they are not directly monitored or supervised by IT or if they are not covered by the organization’s antivirus software. The growth in smartphone and tablet usage is a particular threat, as these devices are not preinstalled with protection against malware, whereas laptops typically come with some form of antivirus protection.
The onus therefore rests on IT managers to find and deploy a reliable and secure mobile endpoint management solution. Hackers know this and increasingly release new threats targeting mobile device vulnerabilities, such as SMS-based phishing attacks that spread keyloggers, malicious applications, and Trojans.
The Importance of MDM
The increasing adoption of mobile devices combined with more people working from home or remotely highlights the importance of MDM. Organizations need mobility solutions that secure user access, regardless of where they connect to networks and which device they use.
MDM helps organizations ensure that information on users’ devices, especially devices that are lost or stolen, does not fall into the hands of cyber criminals. It also minimizes the risk of devices being infected by malware or other viruses that hackers use to compromise or steal sensitive corporate data.
A lost corporate device presents a major security threat to an organization. MDM enables them to lock, locate, and sometimes wipe devices that have been lost, and in some cases, initiate that process automatically. An MDM tool can use a geofencing feature to create alerts and initiate actions if devices suddenly appear in a suspicious or unusual location that could be a sign it has been stolen.
MDM also uses policy-based security, such as configuring corporate devices to require a personal identification number (PIN), restricting actions available to users, or preventing the use of specific applications. This can be tricky on personal devices, but organizations can use time-based restrictions to balance employee happiness with security.
Despite BYOD being a fairly old concept, many businesses are only just becoming aware of the need for it as their employees start to work from home for the first time. Those that do not have experienced IT teams or large budgets must be able to protect themselves just as much as larger organizations. That is because hackers are equally likely to target a small company as they are a global corporation.
A fully managed MDM tool can remove the need to hire dedicated staff to manage user devices. It puts the security of users and their devices into experienced hands and enables business owners to rest assured that they have 24/7 monitoring of their devices and systems.
MDM plays a key role in avoiding the risk of data loss and enabling users to be productive and secure. This is vital as data breaches become increasingly common and sophisticated, and more costly for businesses.
Some Key Full Forms and Definitions
The MDM and BYOD space can be quite complicated, with lots of technologies and solutions available for organizations to choose from. We have distilled these into a list of terminologies and definitions below:
- Bring your own device (BYOD): BYOD is the concept of employees using their own laptop or mobile device for work. Traditionally, it meant bringing a device to the employee’s workplace or connecting it to a secure corporate network.
- Content access: Content access means providing a connection to a back-end repository that employees can use to share or transfer content onto their devices. This includes providing content access to repositories like SharePoint or Documentum, while avoiding roaming download restrictions and enabling logs of which users access and download files.
- Enterprise mobility management (EMM): An EMM solution is a collection of policies, processes, technologies, and tools used to manage and maintain employees’ mobile devices. An EMM suite enables organizations to manage mobile device usage and drive the secure use of devices on their networks and systems. For example, MDM software is frequently used in combination with security tools as part of a complete EMM solution.
- Mobile application management (MAM): Mobile application management is a process that enables organizations to apply policy control functionalities to applications, which are managed by their EMM console. This is particularly useful if a device does not allow the management capability that an organization requires or if businesses choose not to install MDM profiles onto devices. Mobile application management comes in two forms:
- Preconfigured application: This is typically an application like a personal information manager for calendars, contacts, or email. It could also be a secure web browser provided by a third party or an EMM provider. A preconfigured application is set up to be managed and secured by the organization’s EMM system.
- Application extension: This sees policies applied to applications through a software development kit (SDK) or through a wrapping process.
- Mobile content management: Mobile content management is the process of enabling employees to access content via their mobile devices. This can be achieved through client-side applications, or secure containers, that enable users to store content on a mobile device. The EMM enforces security policies such as authentication, copy and paste restriction, and file sharing to secure the process. The user is then able to access applications like email or content from back-end repositories. Content can also be managed through push-based document delivery, which puts functions in place to control document versions, issue alerts to users when new files are added, or to flag upcoming content expiration dates.
- Mobile device management (MDM): MDM is software that allows organizations to monitor, manage, and secure their employees' devices across multiple service providers and operating systems.
- Remote monitoring and management (RMM): RMM is another piece of software that enables IT service providers to monitor devices, endpoints, and networks remotely. It is also known as remote IT management, whereby a provider manages a fleet of devices across an organization or multiple companies.
Mobile device management is most commonly managed through third-party products. Common features of such products include:
- Device inventory and tracking
- Mobile support and management
- Applications to allow and deny
- Remote service management
- Passcode enforcement
- Alerts that help users bypass jailbreaking restrictions
How Fortinet Can Help
Fortinet endpoint visibility and device protection solutions enable organizations to protect every single employee, regardless of where they are or which network they are connected to. The solutions provide organizations with visibility of every device across the enterprise, then control and protect each. This ensures organizations understand which devices are accessing their networks, and from where, so that they can continuously assess their potential risk and take a more proactive approach to endpoint protection.
To further protect devices, Fortinet offers real-time endpoint protection, detection, and automated response through FortiEDR, a proactive solution that automatically prevents data breaches in real time without overwhelming organizations' security teams with false alarms or disrupting the business’s regular operations.
Fortinet solutions also include pre- and post-infection protection against ransomware attacks, as well as contextual incident response that includes customizable playbooks to help organizations with threat investigations, discovery, and threat hunting.
These endpoint protection solutions are tightly integrated with the Fortinet Security Fabric, which ensures advanced protection, reduces businesses’ attack surface, ensures dynamic access control, and detects and diffuses threats in real time. They also help organizations automate and orchestrate responses to threats.
How Does Mobile Device Management Work?
MDM relies on two separate components. The first is an MDM server management console, which is stored in an organization’s data center and enables administrators to configure, manage, and enforce policies. The second is an MDM agent that receives and implements these policies on users’ devices.
Why is mobile device management required?
Mobile device management (MDM) is required because it allows organizations to secure their networks, ensure employees access corporate systems using secure devices, and prevent the risk of data breaches. Cyber criminals are increasingly launching cyberattacks against mobile devices and platforms, which means it is imperative for organizations to have solutions in place to defend themselves. MDM solutions provide protection against attacks aimed at mobile devices by detecting the latest threat strands and preventing them from infiltrating corporate networks.
What does mobile device management mean?
MDM means mobile device management, which is a type of software that enables organizations to monitor, manage, and secure their employees’ mobile devices. Businesses can use MDM to secure corporate networks and enable employees to work using their own personal devices. The term is included within the Gartner Magic Quadrant for unified endpoint management (UEM).