Mobile endpoint security: What enterprise infosec pros must know now
A comprehensive collection of articles, videos and more, hand-picked by our editors
As workforce mobility extends into enterprises, management needs are being refined and expanded, which means IT needs more advanced mobile device management software capabilities.
For a portion of your workforce, basic mobile device capabilities may be sufficient. But other workers may have more sophisticated application needs, pose greater security risks or work with regulated data. In addition, some devices have different management needs, such as multi-user tablets or consumer-grade smartphones. Such use cases are often addressed through more advanced mobile device management controls.
Advanced mobile device management software features
The capabilities detailed in the table may be bundled with basic mobile device management (MDM) software, sold as an MDM add-on module or even be available as a standalone product. Most of these capabilities are relatively new, and products may or may not include a range of features.
For example, many MDM products have now expanded to offer some degree of mobile application management (MAM). But, a product may do nothing more than display a catalog of apps whitelisted (recommended or required) by IT, relying on users to complete installation.
Another product might maintain a database of enterprise apps, transparently pushing apps and subsequent updates to devices based on IT-configured policies. A more advanced MDM product might actually "wrap" each enterprise app with features intended to prevent unauthorized use or unsafe data storage.
If MAM is on your requirements list, carefully establish baseline features that must be present, and ask each MDM vendor to demonstrate whether and how those features are delivered.
Similarly, a smaller but growing number of MDM products are expanding to offer mobile document management. This could include pushing an IT-configured collection of PDFs out to enrolled devices or creating an authenticated, encrypted container that stores an automatically synchronized set of business documents that users can update offline. Decide whether your workforce requires enterprise file share or cloud file-service integration and whether you want to impose copy/paste restrictions.
Both document and application management features have emerged to better meet high-risk and bring your own device (BYOD) needs. For high-risk users or users working with data subject to regulatory requirements, these capabilities add an extra layer of IT control, security and monitoring.
More on mobile device management software
Guide to enterprise MDM software
What to look for in MDM systems
For BYOD programs, these capabilities are sometimes used with very minimal device policy management, giving users more freedom to use devices as they wish while carving out an environment that IT can separately secure -- and delete if necessary.
A related trend is container management, where an entire section of a managed device is controlled by IT and used to safely house enterprise apps and data, while leaving a separate section available for unfettered personal use.
Since these capabilities are so new, meaningful comparison among MDM products can be extremely difficult. Instead, focus on specifying exactly what you need from containerization and how well any candidate meets those needs.
Mobile device management software deployment models
The mobile device management features described here can often be deployed in several ways (see Figure 1). The traditional deployment model involves installing MDM software in-house, on a dedicated server operated by IT and located in a corporate data center or a hosting facility. Many large corporations continue to prefer this deployment model to simplify integration with other enterprise services such as directories, mail servers and file servers.
Recently, the rise of cloud computing has prompted the growth of alternative models. Specifically, enterprises may now consider deploying MDM software on private or public cloud servers, taking advantage of network redundancy, high availability and infinite scalability. Most mobile device management software can be deployed in this fashion without requiring any special features.
But a third deployment model -- Software as a Service (SaaS) -- is quickly becoming popular, especially among small and midsize businesses. In this case, MDM vendors install their own software on their own multi-tenant servers, selling MDM capabilities as public cloud services.
Many companies find this pay-as-you-go alternative extremely attractive, especially to lightly manage a large number of devices under BYOD. Even if over the long run your organization prefers to manage its own MDM server, SaaS can be a powerful tool for MDM evaluation. Once you have whittled down your candidate list to a select set of MDM products to consider, conduct a live pilot with real-world mobile devices and users. If a product under consideration is available in SaaS form, a pilot can often be launched in a matter of hours.
Take advantage of all such opportunities to test capabilities and features, fine-tune MDM policies, and get feedback from business units and participating employees on IT-defined requirements and how well any product really meets them.
This part of your evaluation can also assess critical product attributes such as usability, scalability, reliability and support. Ultimately, comparing capabilities and features on paper gets you only so far. Taking an MDM product out for a test drive is essential before making a final decision.