Mobile Device Management (MDM)

Mobile devices have revolutionized communication. Few technologies have seen such widespread adoption, with almost all Americans (98%) owning a mobile device, according to Pew Research. In addition to becoming ubiquitous in our personal lives, mobile devices are also common in the workplace. The Bring Your Own Device (BYOD) movement has made mobile devices an integral part of the enterprise, so much so that 87% of companies allow employees to access business apps from their mobile phones.

Using a personal mobile for business purposes brings potential security risks. Mobile Device Management (MDM) is a methodology used by companies to manage and control mobile devices that access IT resources on a corporate network.

What is Mobile Device Management (MDM)?

The advent of Bring Your Own Device (BYOD) brought about an urgent need to manage all the devices connecting to a corporate network. The development of the discipline and associated technology to do this is in the form of Mobile Device Management (MDM).

MDM is used to control and manage mobile devices across the entire expanded corporate network, ensuring usage and security compliance. The technology is available for use in on-premises or as-a-service deployment models.

MDM software centralizes the management of multiple types of mobile devices and operating systems. The technology is typically based on client-server software and is used to manage personal and corporate devices. The MDM software is used to enroll devices, deploy, and enforce mobile usage and security policies. Sanctioned apps can be installed using MDM. The apps can be pre-configured and ready-to-go, with pre-registered login credentials so the device owner can immediately begin to work.

MDM is often a component of a unified endpoint management solution (UEM), the capabilities of device management being encompassed by a broader scope that includes laptops and IoT devices.

Main Components of an MDM Solution

The basic working components of an MDM solution are as follows:

Why Does a Company Need MDM?

Mobile devices are used to create and share data, and as such, they are a potential security risk. Research from Zimperium concludes that attackers have adopted a "mobile-first attack strategy". This translates to attackers preferring a mobile device route to initiate or amplify cyberattacks.

Recent attack statistics support this theory; Verizon found that more than half of companies (53%) experienced a mobile or IoT-related security incident resulting in data loss or downtime. Security problems often stem from insecure mobile devices. The Verizon report found that 25% of mobile devices cannot be upgraded to the latest OS, and 23% of apps used on work devices communicate with risky or embargoed countries. The proliferation of unsanctioned apps is also a security concern. Gartner Inc. found that each mobile user has between 80 and 100 apps installed, but only uses 11 for work purposes.

The future of mobile security is under threat from AI, with more sophisticated and evasive attacks. The Verizon researchers noted that 77% of respondents expect AI-assisted SMS phishing and deepfakes to increase the likelihood of successful attacks.

A company needs to use MDM to mitigate mobile device risks. It helps to prevent attacks by controlling apps and the way that employees use mobile devices for work; attacks that exploit mobile security loopholes can be prevented. However, MDM is not a security solution. Instead, it is used in conjunction with other security measures, such as VPNs and encryption.

Shadow IT and MDM

One of the benefits of using mobile device management is the control of app usage and security. One of the areas that has become synonymous with app insecurity is Shadow IT.

Shadow IT describes unsanctioned apps used by employees who may otherwise have to wait to receive access to sanctioned apps. Sometimes, Shadow IT apps are simply preferred by an employee. SaaS has made the purchase of apps much easier and affordable. However, these apps are not visible to the IT department and so are not protected by security policies.

Shadow IT creates an expanded attack surface, resulting in missed security gaps, licensing issues, and non-compliance with data protection laws. A recent survey found that 87% of companies are somewhat worried about Shadow IT.

MDM is used to control Shadow IT by enforcing the downloading and use of sanctioned apps. This prevents employees from subscribing to external apps without enterprise email accounts and single sign-on (SSO).

MDM also helps to prevent licensing issues associated with unsanctioned apps. Unlicensed apps can open a company to legal challenges. Shadow IT apps can lead to the duplication of technologies and the uncontrolled sharing of data between apps.

Mobile Device Management and Security

Endpoint security risks include malware infections, Smishing (SMS phishing), and insecure connections, which pose risks when sharing data. MDM is used to roll out security policies that prevent risky actions, such as connecting via an insecure Wi-Fi network. Policies can be applied to wipe a device if it is lost (remote wiping). The ability to perform device monitoring and patch management ensures that the OS and apps are up to date. Devices can be checked for unsanctioned apps and compliance status. MDM monitoring capabilities also ensure that devices are not jailbroken.

Mobile Vulnerability Management (MVM) is a component of MDM-enabled threat detection and prevention. MVM may be AI-enabled to help identify emerging threats. Mobile Device Management (MDM) may be used with Mobile Application Management (MAM). MAM protects data loss from personal apps and enforces data sharing policies.

MDM is not a complete protective measure. Phishing messages may still get through, and users may still click on a malicious link and/or be socially engineered. It is, therefore, important to use MDM along with other security measures, like security awareness training.

Benefits of MDM

Used to manage and control mobile devices, including personal devices, MDM offers various benefits:

MDM Best Practices

When deploying and configuring a mobile device management system, one should be informed by a set of best practices:

Create an MDM Policy

Effective MDM use begins with a precise and understandable MDM policy. The policy document should outline enrolment expectations, security requirements, and monitoring. These requirements should be communicated to all employees affected by the MDM policy.

Enforce Device Enrollment

Effective MDM use begins with a precise and understandable MDM policy. The policy document should outline enrollment expectations, security requirements, and monitoring procedures. These requirements should be communicated to all employees affected by the MDM policy.

Implement Robust Access Controls

Safeguard your network with role-based device and app usage permissions to corporate accounts. MDM solutions support the use of single sign-on (SSO) to facilitate seamless app usage. They also enforce risk-based authentication and MFA as required.

Monitor Devices

MDM monitoring should be comprehensive and include device health, usage patterns, policy violations, etc. Alerts can be configured and reports generated to provide insights that can be used to adjust policies.

Implement Data Containerization

Separate work apps from personal apps. This is vital to prevent employee pushback and to manage work-related apps more carefully.

Educate Employees

Do not rely on MDM alone to prevent social engineering and phishing of employees on a mobile device. Employees must receive security awareness training and be educated on the risks of using a mobile device for data creation and sharing.

Conduct Regular Risk Assessments

The mobile threat landscape changes. It is, therefore, important to carry out regular risk assessments that reflect any changes in mobile threats. The results of the risk assessment can be used to update MDM policies and modify employee security training programs.

FAQs