GeekSpeak: MDM/MAM
BYOD (Bring Your Own Device) policies have been evolving over the last decade as companies try to balance the benefits of increased productivity and decreased equipment cost with the menagerie of security considerations that come with covering a host of mobile devices. Employees work best (and happiest) on equipment they’re accustomed to, but an open mobile device policy can poke holes in a company’s network security and provide leak points for sensitive data.
So how to allow employees to bring devices to work and still protect your network security? The answer for many is device and application settings that allow users the freedom to get work done without compromising security (or freedom).
Mobile Device Management
Mobile Device Management (MDM) minimizes risk for companies by keeping close tabs on what happens on each device, and is the more intrusive of the device management strategies. MDM systems allow IT departments to track information about mobile assets such as their owners, their current condition, their usage, service and support requests made for them. Basically, MDM allows the company to see everything happening on a particular smartphone or tablet.
While some applications of this concept can appear totalitarian in practice, everything is geared toward maintaining the security and integrity of a mobile asset. Users must have their mobile devices password protected to prevent unauthorized use by other employees. The IT department may also install remote wiping software so they can ensure deletion of all the data contained on devices that are reported lost or stolen. GPS may also be installed on devices to help track their movement. MDM can also block users from downloading apps that are not on the company’s list of allowed programs. It’s rare that this method is implemented in entirety without complaint from employees who own the monitored devices.
Mobile Application Management
The tricky part is balancing the capabilities of your MDM solution with the privacy and personal interest of the mobile asset owner. Going too far may go against one of the goals of BYOD which is to promote convenience for your employees. This is where Mobile Application Management (MAM) comes in.
MAM focuses more on enabling employees to access company data and applications on their private devices without intrusively securing the entire device. Instead, MAM systems impose control and restrictions only to specific areas/functions or applications. By distinguishing between personal data and company-related data, MAM systems allow IT departments to track and view only what it needs to. If a device is reported lost or stolen, only data the system recognizes as company-related can be remotely erased. MAM also does not fully restrict the download and installation of unlisted programs. It just prevents such programs from accessing corporate data.
The primary drawback of MAM is that it uses a unique code for each type of mobile device, which can require more IT setup time, effort, and resources before it is able to cover all devices.
Combining MDM and MAM
Integrating an MAM system to your MDM system can be the best solution to finding the right balance between security and enablement. You can let your MDM system handle basic security and integrity while MAM handles advanced and specialized controls. This way, the minimum required level of security can be achieved while still allowing employees to do more work using their mobile devices.
Instead of using a list of allowed programs, you can instead make a list of unwanted programs or a blacklist. You can then set the MDM to handle the blacklisted applications while the MAM handles the rest. This way, employees can still download and install apps that they want without compromising the network with known malware.
Mobile devices offer challenges for business security. But with a thoughtful MDM/MAM policy, you can keep things secure and convenient for employees and guests. Don’t be hasty. Make sure you take your time in determining what elements and functionalities your MDM/MAM solution will possess. With so many options available, it is highly advised that you study each alternative so that you can find the best combination that will work best for your business.
Curious to learn more? Contact your Atlanta managed IT service provider today!
