As more and more of your company’s staff have moved to a BYOD (Bring Your Own Device) preference for work, it’s important for us to ensure the security of both the device itself as well as the applications running on it. In this article, we’ll discuss the difference between Mobile Device Management (MDM) and Mobile Application Management (MAM), and what you should consider for your organization in 2020.
Let’s work through a common scenario and the options available to you:
Mobile Device Management and BYOD
A staff person at your company would like to work from her iPad instead of her laptop to help lighten her briefcase/backpack. This iPad is both owned by your employee and controlled by her. This physical device could be lost or stolen, and it may have either a simple password or no password altogether. It also means it could have her personal photos, apps, messages, email, etc. If your employee uses her work email on the standard Mail app on the device, that device will store copies of those emails on her iPad. Her personal device now contains both her data and your company information.
Mobile Device Management (MDM) was first introduced to mitigate the risks involved with this scenario. As her employer, you can install MDM software on the iPad to ensure the security of the device is maintained. The following stipulations now apply to her personal device:
• The employee is required to use a strong password to unlock the device
• The employee is required to use an app that puts her work email in a “sandbox.” Instead of the standard iPad Mail app, you stipulate she uses the Microsoft Outlook app instead. This means – outside of the Outlook app – her work email cannot be accessed
• The employee installs a device-based piece of security software. We refer to this as “enrollment.” This means, upon her departure from your company, you as her employer can “wipe” the entire device and restore it to its factory-based state. Both your company-specific information and her personal data will be deleted from the device with no way of recovery
Mobile Device Management vs Mobile Application Management
Mobile Device Management alone is considered an “all or nothing” option. Once you trigger a device reset, all the data is gone.
As an alternative, Mobile Application Management (MAM) was created to help limit the effects on an employee’s personal device. Instead of the entire device being “wiped,” you can now selectively control apps installed on her device.
Considering the same situation from above (a personally owned iPad with a mix of information), MAM can remotely both restrict access and delete the emails from Outlook alone. It’s not just email, though. If you’re utilizing the Microsoft Office 365 environment, Microsoft’s Intune Mobile Application Management software will allow your Information Technology Managed Services Provider to control myriad apps on personally owned devices. Word, Excel, PowerPoint, OneDrive, SharePoint, and even Adobe Acrobat can be remotely controlled.
Would you like your employees to view documents, but not copy/paste or use the ‘save as’ function? Mobile Application Management can limit that access. Want to ensure web links open inside only a secure browser? It’s a simple option to turn on or off.
If you haven’t yet considered Mobile Device Management (MDM) or Mobile Application Management (MAM) to limit your security risks, now is a great time look at these options. Applied Tech – with our 20 years’ experience in the IT Services industry – can assist you in both assessing and implementing MDM and MAM options.