How do modern businesses keep access and rights secure when dealing with thousands of employee laptops and smartphones? And how do they make sure all this tech is kept up to date? It’s a massive undertaking for even the most technologically advanced companies.
The bottom line is: Security is vital when running a content management operation and using software-as-a-service. And where more than one person has administrative access, this can be tricky. Certainly getting your security certifications can help — we encourage every business to get relevant, validated certifications — but that’s not the only thing you can do.
The workplace is becoming much more location independent as people work remotely or from home offices. There’s also a huge uptake in freelance work. Modern productivity scenarios dictate a simple fact: we don’t have to be in brick-and-mortar offices to be doing good work. Even the habits of office workers are changing.
For instance, it’s not uncommon to work on-the-go in a crowded subway train on a tablet. What is great for one person’s freedom and flexibility may not be great for security. There is a whole new host of challenges for those responsible. Small and portable devices are difficult to physically secure and are also prone to getting lost or stolen. It is also difficult for companies to work with end-user hardware running operating systems like iOS and Android, which were never initially designed to be managed by an organization.
Mobile device management (MDM) is one of the best concerted efforts that enterprises can take in securing data. It allows for flexibility and for IT departments to manage, secure, and monitor company-issued devices in-house. Security solutions for a mobile CMS are typically built to account for a broad array of devices — such as desktops, laptops, phones, and tablets — by supporting different operating systems.
What is mobile device management?
MDM is a type of security software used by IT administrators to monitor, manage, and secure employee-owned devices used for work purposes. The aim is to protect an organization’s data while giving employees the freedom to use their own devices for work.
MDM solutions usually come in the form of a mobile app that must be installed on each device. Once installed, the app gives the IT department complete control over the device. This includes the ability to remotely lock or wipe the device if it’s lost or stolen, as well as push updates and install apps.
How does mobile device management work?
An MDM solution usually consists of three main components:
A management console: This is where IT admins can view all devices that are connected to the system, as well as information on each device such as its location, OS, and whether it’s been lost or stolen.
An agent: This is a small piece of software that must be installed on each device that needs to be managed. The agent gives the IT department complete control over the device and allows them to remotely lock or wipe it if necessary.
A gateway: This component acts as a middleman between the management console and the devices that are being managed. The gateway ensures that only authorized commands from the management console are executed on the devices.
Mobile device management solutions usually come with a variety of features that IT admins can use to secure and manage employee-owned devices. Some of the most common features include:
Remote lock and wipe: If a device is lost or stolen, IT admins can remotely lock it to prevent unauthorized access. They can also remotely wipe the device to erase all data.
App management: An IT management team can remotely install and uninstall apps on devices, as well as push updates to installed apps.
Data encryption:IT admins can encrypt data on devices to protect it from being accessed by unauthorized users.
Device location:IT admins can track the location of devices in real time, which can be useful if a device is lost or stolen.
User management: IT admins can add, remove, and manage user accounts on devices.
The client-server architecture of MDM
MDM relies on a client-server architecture to function properly: The client is the mobile device that needs to be managed, while the server is the computer that runs the MDM software. The server is also responsible for managing all devices that are connected to it.
When a mobile device is connected to the server, the MDM server will push updates and install apps on the device. The client will then execute these commands and return any relevant data back to the server.
This architecture is necessary because it allows IT admins to manage a large number of devices from a single location. It also ensures that all data remains on the server, which makes it more secure.
MDM allows IT teams to perform a broad array of administrative and security-related tasks on their devices. For instance, an IT department can compose a standard suite of applications, functions and settings that is suitable for their workflows. This master image of the system is then used as a reference point so the same combination of apps and settings can be deployed en masse across all hardware. Devices can be configured from the get-go to include these functions and remain updated. It’s a huge time-saver for everyone, as devices don’t have to be individually configured or updated.
Fast mobile apps, functions, and settings would typically encompass implementations such as anti-virus software and firewall settings. Managing so many devices from a central place takes the responsibility out of individual hands. Users no longer need to remember to download updates or make adjustments to certain settings. This results in better security, as devices will always contain the latest security patches and most secure configurations.
Imagine a scenario where a sales manager uses their laptop for an hour while waiting for their flight, on the plane for another few hours — several times a month. When used regularly away from home or office, chances of devices being dropped and damaged, misplaced, or stolen goes up drastically.
Considering the treasure trove of information and data stored within devices, this is extremely problematic for organizations. Throw in data and privacy protection laws that are all too common with today’s regulations, and an unexpected incident can quickly become costly to fix.
MDM provides organizations with a huge advantage of being able to track devices. If necessary, they can also issue a remote wipe order to ensure data does not fall into the wrong hands. This is a great thing for organizations, including Contentful, since we are able to ensure that proprietary data and information stay confidential. Tracking those devices can also help owners locate their company phone that fell behind a couch or law enforcement find stolen company property.
Monitoring device status can ensure hardware health is in good standing. Any symptoms that could potentially lead to data loss, such as a failing storage drive or faulty components, can be identified. Measures to mitigate the issue can be put into place.Though, it is always important to have a backup of data because catastrophic failures can happen at unexpected times.
Pros and cons of mobile device management apps
There are several advantages and disadvantages of using mobile application management solutions to improve employee-owned device security:
Increased security: MDM solutions can help to increase the security of an organization’s corporate data by encrypting it and preventing unauthorized access.
Complicated setup: MDM solutions can be complicated to set up and manage.
Improved productivity: MDM can improve productivity by allowing employees to use their own devices for work purposes.
Higher costs: MDM solutions can be expensive, especially if they need to be purchased for a large number of devices.
Better management: IT admins can better manage employee-owned devices with an MDM solution.
Little visibility: Some softwares provide limited data and IT admins may need to manually gather information.
What is bring your own device (BYOD)?
Bring Your Own Device, also known as BYOD, is when employees use their own personal devices for work purposes. One will naturally wonder how an MDM solution can adapt to BYOD devices. The answer is rather simple: an MDM solution can be used to manage both company-owned and BYOD devices.
The main difference between managing company-owned and BYOD devices is that BYOD devices are usually not subject to the same level of control. For example, IT admins may not be able to remotely wipe a BYOD device if it is lost or stolen given that the personal data on the device belongs to the employee, not the organization.
But even in a BYOD environment, MDM software can help companies keep their data secure. These practices may include automatic backup to the cloud, performing regular vulnerability scans, and standardizing app security policies like two-factor authentication.
The best time for MDM
The ideal time to implement MDM is as soon as possible. Having a single, unified way of managing and keeping all devices up to date is a huge security and productivity boost for an organization.
Like everything else in this world, MDM doesn’t come free. However, the cost is nominal when you think about the losses you could incur from data and security breaches. Preventing data from being lost, or worse, falling into the wrong hands, is priceless.
There are many MDM options on the market. The one with the feature set that fits your organization best is something only you can decide. Here at Contentful, we use Cisco’s Meraki to help keep the devices of our employees constantly up to date and secure.
Paired with other measures, such as user password security and other best practices, MDM can help ensure that data stays in the hands of the intended owner. Every organization should look into how to deploy MDM and go about doing that as quickly as they can.
Frequently asked questions (FAQs)
Want to learn more about mobile device management? Here are some answers to help you get started.
Is mobile device management necessary?
Mobile device management is not a requirement for every organization. However, it can be a helpful tool to have in order to keep track of devices and ensure they are up-to-date with the latest security patches.
Can mobile device management track browser history?
Most mobile device management tools have the ability to track browser history. This can be helpful for organizations in order to monitor employee activity and ensure they are not visiting any sites that could potentially harm the company network.
How can mobile device management prevent cyberattacks?
Mobile device management can help prevent cyberattacks in a few different ways. First, by keeping all devices up-to-date with the latest security patches, it minimizes the risk of cybersecurity vulnerabilities being exploited.
Second, tracking devices and issuing remote wipes if necessary helps to ensure that data does not fall into the wrong hands if a device is lost or stolen.