Working from home, using various mobile devices and laptops, and remotely accessing company data while maintaining maximum security are now standard requirements for corporate IT environments. Modern security concepts require a comprehensive approach, and MDM systems still play an indispensable role in this.
What is the practice?
It is often noted that the original term Mobile Device Management – MDM has been overtaken and replaced by a new generation of systems called Enterprise Mobility Management – EMM and then Unified Endpoint Management – UEM. While the differences between MDM, EMM, and UEM are well-defined, the term “MDM” remains prevalent among manufacturers and users. Even though no one offers a pure MDM system anymore, except maybe a few marginal solutions, these are always broader platforms, including functionality typical of EMM and UEM. This trend is likely to continue, just like the lux vacuum cleaner or karma water heater. In the following discussion, therefore, I will use the term MDM.
Management of all endpoints and IoT
In comparison to the past, current systems for managing and securing devices have considerably broader capabilities. While the original MDM solution allowed for the management of only mobile devices (phones and tablets), the current scope and management options are much wider – as indicated by the term UEM – Unified Endpoint Management. Even desktops and laptops can be managed today, whether they run on Windows, MacOS or Linux. The recent trend, of course, includes the management of the so-called wearables (watches, glasses) or devices supporting IoT standards.
What MDM can and cannot do
Occasionally, it is possible to hear claims that MDM solutions are outdated and have been replaced by other systems. I beg to differ – MDM solutions are still an essential part of corporate infrastructure and security, and I believe it will remain so for some time. However, MDM alone is certainly not a comprehensive answer to the problems and requirements of modern corporate security – it needs to be combined with other policies and systems. Deploying only MDM ensures the management and security of endpoint devices and application distribution. Modern enterprise security solutions, however, require more – a combination of MDM with other security tools such as Identity and Access Management (IAM), Zero Trust concept, Extended detection and response (XDR) and others.
There are also opinions (and some companies even build their marketing around this) that MDM performs the function of a ‘big brother’, monitoring users and their activities and that its presence in the corporate IT environment is harmful. However, if we look at how endpoint management is designed and how MDM works, we can safely classify such claims as hoaxes and half-truths.
It is undeniable that it is possible to track a user’s location, app usage or monitor communication. There are situations where such functionality is required, for example in tracking vehicles by a dispatcher.
However, it always holds true that the user is informed of any data collection and access to sensitive information and nothing happens without their knowledge. Modern MDM systems are built with privacy protection in mind and comply with legal requirements. They support a strict separation of private and corporate information, whether in BYOD (user-owned devices also used for corporate work), COPE (corporate devices also used for private purposes) or COBO (corporate devices only for corporate purposes) models.
General and special tools for device management
The vast majority of modern device management solutions cover the standard needs customers expect from MDM – device management, inventory and security of devices, application distribution, secure access to the corporate network, and similar functions. However, there are several highly specialised systems that extend standard management options and offer solutions for specific customer needs.
Among these systems, two technologies stand out: JAMF, which focuses on managing devices with MacOS operating system, and the SOTI One technology, which specialises in managing industrial devices.
Compared to other MDM solutions, Jamf significantly expands the management capabilities of devices on the Apple platform. It provides comprehensive lifecycle management of devices – automated device setup including required applications, operating system and application updates. The Jamf platform is built on modern pillars and approaches such as Zero-Trust, security threat prevention and real-time risk assessment.
The Soti One Platform specialises in managing industrial devices, known as rugged devices. These include signature tablets, barcode scanners and mobile industrial printers and terminals. Soti enables detailed management and control of these devices, including remote access to the device and advanced monitoring. Soti also enables significant acceleration of low-code mobile app development, offers its own identity management solution, and many other features.