Enterprise mobility is undergoing a bit of a revolution. Bring your own device (BYOD) is growing at a rapid pace and making significant inroads in today's dynamic enterprise world. Be it bring your own technology (BYOT) Bring your own phone (BYOP) or even bring your own PC (BYOPC), enterprises are now allowing employees to use their personally owned devices in offices to access confidential company information and applications. (Get more background info on this movement in BYOT: What It Means for IT.)
But it isn't all roses. The growing proliferation of personal devices in the workplace is a bit of an albatross for IT administrators. And, as businesses grapple with complex mobility management challenges arising from the increasing number of smartphone models, conflicting platforms and operating system versions, mobile device management (MDM) and mobile application management (MAM) are emerging and evolving to enable secure smartphone and tablet use in the enterprise. Here we'll take a look at MDM, MAM and how companies can use them to address their IT security concerns - and users' needs.
Mobile Device Management (MDM): Complete Control ... but Invasive
MDM takes complete control of users' devices. It adopts a full-device approach aimed at securing smartphones and tablets. The user is required to provide a pass code to gain secure access to the device and sensitive data. You can remotely wipe a lost or stolen device, as well as track inventory and perform real-time monitoring and reporting. MDM tries to eliminate downtime and reduce costs as well as business risks by protecting the data and configuration settings of all mobile devices in the network.
MDM does not go over so well with employees, however, due to its intrusive nature.
Advantages of MDM:
- Provides the ability to remotely wipe devices for security
- Saves users from the hassle of updating devices and apps. Automatically updates without user permission.
- Controls devices remotely and helps troubleshoot problems
Challenges of MDM:
- Integrating mobile device management with existing IT infrastructures and third-party applications can be a daunting task.
- Needs specific enterprise terms that are acceptable to users
- MDM software and features require rigorous and specialized training.
Despite several advantages, many companies shy away from heavily investing in mobile device management software because of the sheer cost involved. However, larger enterprises spend millions on cloud-based MDM services, or MDM systems installed on a server.
Mobile Application Management: An Effortless Way to Manage Enterprise Apps
Mobile application management (MAM) is another option, and one that offers much more refined control. It enables IT administrators to manage and secure apps that were internally developed to be used in business settings on both company-provided and "bring your own" smartphones and tablet computers. For instance, employers can restrict access to the employee's corporate mails without meddling with personal information. MAM can also set limits or curb sharing of corporate data. However, MAM comes with its own set of challenges such as coding for each MAM product, as well as limited availability of apps for each specific platform.
How MAM and MDM Really Differ
Authentication, Network Usage & Support
MAM is not concerned with the device, but with the software that runs on the device. IT administrators can authorize employees with dedicated usernames and passwords, as well as limit app downloads and their use on employee devices.
MDM provides limited or restricted network access to registered devices by employing best practices and privacy control. It also minimizes downtime. MDM aims to provide robust functionality as well as optimum security for mobile networks.
Remote Lock and Wipe
Disgruntled employees can (and sometimes do) abuse corporate data. Not any more. MAM can remove apps from mobile devices, track enterprise applications and discontinue their use when employees leave a company or lose their mobile devices. This prevents indiscreet app usage and protects sensitive information.
With MDM, if a device is not available (in the case of hostile employee or device theft or loss of the mobile device), it can be remotely locked and wiped. (Learn more about discarding computer devices in The Data Security Gap Many Companies Overlook.)
Version Upgrade and Device Configuration
MAM saves you from the hassles of updates as it checks for application version updates. MAM is modified in the context of business function and tracks app versions. MDM adopts a different approach; it configures mobile devices with respect to location and provides access to cloud data if a device is authorized.
MAM or MDM?
While MDM focuses more on the device, MAM is concerned more with the apps running on the device. MDM accomplishes crucial security tasks, but it comes at a high cost and fails to protect against every possible data leak. MAM enables admins to control entire the app management life cycle and can be more cost effective, although its features are more limited. Evaluating and understanding the advantages and loopholes of both options can help set the right expectations and help organizations choose the right security setup to meet their needs.