Mobile Device Management (MDM)
Mobile device management (MDM) is the process and supporting technologies for tracking, controlling, and securing the organization’s mobile infrastructure.
- MDM systems are used to apply and enforce rules about how a device has to be configured and used
- MDM is centrally managed
- can enforce security policies
- require mobile devices to be locked
- enable remote lock or wipe capabilities
- often incorporated into broader configuration management systems called Unified Endpoint Management (UEM) solutions
- manage both mobile and fixed devicesj
Centrally managed means that these devices are under the control of one main system that maintains them.
- lets you:
- automatically patch vulnerabilities and upgrade software
- regulate and track installed software
- adjust a device’s settings to a standard dictated by a particular policy
How MDM Works
Uses an agent (piece of software) on the mobile device to enforce a certain configuration on the device.
- agents typically regulate access to a business’ resources, such as email, calendaring, network resources
- can discontinue a client’s access
- Can remotely wipe a device
- either completely or just corporate data
- Can disable entirely
Deployment Models
Bring-your-own-device (BYOD) is a security framework and tools to facilitate use of personally owned devices to access corporate networks and data.
- mobile device is owned by the employee
- device must comply with established requirements developed by the organization
- employee must:
- agree to having corporate apps installed
- acknowledge the organization’s right to perform audit and compliance checks within the limits of legal and regulatory rules
- popular with employees
- but poses significant risk for security operations
Corporate-owned mobile devices are devices given to employees and owned by the corporation.
- easier for the organization to manage devices
- 2 kinds:
- Corporate-owned business only (COBO)
- Enterprise mobile device provisioning model where the device is the property of the organization and personal use is prohibited
- allow only business use
- Corporate-owned personally enabled (COPE)
- Enterprise mobile device provisioning model where the device remains the property of the organization, but certain personal use is permitted
- e.g., private email, social networking, and web browsing
- device is chosen and supplied by the organization and remains its property
- allow for personal use
- subject to acceptable use policy
- Enterprise mobile device provisioning model where the device remains the property of the organization, but certain personal use is permitted
- Corporate-owned business only (COBO)
Choose-your-own-device (CYOD) is an enterprise mobile device provisioning model where employees are offered a selection of corporate devices for work and, optionally, private use.
- given a choice of devices to select from a pre-established list