Last week, we published an article discussing the value that Mobile Application Management (MAM) brings to modern organizations. This week, we switch our attention to Mobile Device Management (MDM), focusing on the following questions:
- What is Mobile Device Management?
- What’s the difference between Mobile Device Management and Mobile Application Management?
- Why do organizations need Mobile Device Management?
- How has GDPR impacted Mobile Device Management?
- How have BYOD practices impacted Mobile Device Management?
- How does Mobile Device Management work?
- How can 42matters’ datasets help you build Mobile Device Management solutions?
Before we dig into the minutia, let’s review the enterprise mobility landscape.
First and foremost, while advancements in mobile technologies have made enterprises substantially more efficient, they’ve also left them, in many ways, more vulnerable. Unsecured employee devices have been especially thorny, leaving businesses open to ransomware, phishing attacks, man-in-the-middle attacks, etc. Moreover, the proliferation of mobile apps and the flourishing of the mobile app landscape have given fraudsters more attack vectors than ever before.
Unfortunately, the headaches don’t end there. Coronavirus has accelerated the “Remote Work Revolution,” forcing many businesses to implement work-from-home and “Bring Your Own Device” (BYOD) policies to keep employees productive during global lockdowns. On the face of it, these seem like perfectly harmless solutions to an unprecedented set of circumstances — and in many ways they are! Still, with millions of people around the globe working outside the friendly confines of the office, using their own devices to conduct business, corporate data has never been more at risk. Indeed, internet threats, device threats, and user behavior all present a unique set of challenges to decentralized workplaces.
And of course, the European Union’s General Data Protection Regulation (GDPR) has made corporate security even more complex, limiting the ability of enterprises to implement top-down control over the devices of their employees. Pragmatic as this may be from a privacy perspective, it’s forced IT administrators to completely rethink their mobile security strategies.
The failure to cope with any one of these challenges could have serious financial and reputational consequences — from crippling cyber-attacks, to lackluster employee productivity and lost business. This is where Mobile Device Management (MDM) enters the picture…
Mobile Device Management (MDM) is a method of monitoring, managing, and securing mobile devices used in an enterprise environment. This includes laptops, smartphones, tablets, and any other device used to access business-critical systems and data. While MDM is fundamentally concerned with securing corporate networks, it seeks to do so without infringing upon employee productivity. This means that, in today’s corporate landscape, the ideal MDM strategy can accommodate company-issued devices as well as employees’ personal devices.
Typically, MDM falls under the purview of a company’s IT department. It is generally guided by a set of mobility policies and administered via software tools that facilitate device management, regardless of service provider, operating system, or user.
What’s the difference between Mobile Device Management (MDM) and Mobile Application Management (MAM)?
As we discussed last week, Mobile Application Management (MAM) refers to the administration of mobile applications on corporate and personal smartphones, tablets, and other mobile devices. While MDM seeks to enforce security at the device level, MAM does so at the application level, leveraging software tools to monitor app lifecycles (installations, deletions, updates, licenses, permissions, configurations, etc.).
Since MDM addresses security at the device level only, it leaves businesses vulnerable to corrupt mobile apps, intrusive app permissions, and fraudulent SDKs. It also depends on a cumbersome degree of IT compliance, typically requiring users to turn off certain features, use specific browsers or operating systems, and agree to the monitoring of their usage, location, and data.
Indeed, MAM stands in sharp contrast to MDM in that it enables corporate administrators to create separate accounts for personal apps and those used to access corporate data. As such, MAM reduces the amount of control businesses have over employee devices. While GDPR prevents businesses in the EU from implementing the most intrusive MDM practices, the simple fact of the matter is that most people don’t want their employers managing their devices — personal or corporate.
There are several reasons why MDM platforms are essential to any enterprise mobility management strategy. Consider the following benefits:
Remote management of mobile devices — MDM platforms enable businesses to manage their workers’ mobile devices, giving them insight into potentially risky behavior and enabling them to secure company data against potential threats.
Improve productivity — MDM helps employees stay productive no matter what. By giving employees secure access to corporate infrastructure and tools on managed devices, they will have everything they need to complete mission critical tasks whether they’re at home, in the office, or anywhere in between.
Enhanced Security — By administering security protocols from a centralized MDM platform, organizations can ensure that employees take necessary precautions before accessing corporate data from a personal or company-issued device. In addition, MDM solutions enable administrators to configure devices to protect personal and business data, remotely lock lost or stolen devices, delimit access to certain information, define which data can be shared, etc.
Regulatory compliance — MDM solutions also protect businesses from themselves. By establishing enterprise mobility policies in accordance with legal standards, organizations can leverage the reporting capabilities of MDM platforms to assure regulatory compliance and network integrity.
Cost savings — Implementing MDM software is also a great way to cut costs. For instance, it enables organizations to reduce new device purchases by tracking down lost or unused devices, or by establishing safe, efficient BYOD environments.
Controlled device updates — MDM also makes it possible for IT administrators to control device updates, facilitating remote, automatic updates across an entire fleet of devices. This not only protects company devices and data, but is also a requirement for regulatory compliance in many countries.
Over the last 10 to 15 years, there’s been a revolution in communications technologies. And, with smartphones, unlimited data plans, OTT messaging solutions, video conferencing platforms, and social media apps, staying connected with work has never been more convenient. Indeed, as these technologies have advanced, millions of people around the world have willingly opted to use personal devices to stay productive.
The era of BYOD has thus enabled organizations to reduce both equipment costs and IT workload, while simultaneously improving employee output and satisfaction. But this decentralized approach to enterprise mobility is by no means an infallible. As a matter of fact, if employee devices are not adequately protected, BYOD policies can put corporate data and reputation in harm’s way.
To this end, BYOD has elevated the demand for comprehensive, light-touch security solutions. This is perhaps best achieved via the co-deployment of MDM and MAM softwares. Because, despite MAM’s ability to address security concerns without exerting onerous, top-down control over employee devices, there will nevertheless remain a host of security gaps at the device level that can be solved only by MDM.
The European Union’s General Data Protection Regulation (GDPR) was designed to protect people’s rights regarding their own personal data. Unsurprisingly, with the proliferation of smart devices and BYOD policies, this has had a significant impact on enterprise IT practices, and MDM in particular.
Now, GDPR doesn't hand much responsibility to organizations for the personal data stored on employee devices — private, company-issued, or otherwise. It’s only when organizations start backing up that information that GDPR kicks in. In effect, if a company wants to store employee data to a centralized MDM platform, GDPR requires that they obtain employee consent first. Moreover, employees withhold the right to withdraw consent at any time.
Another area where GDPR and MDM collide is when smartphones have access to customer data. Here, data breaches are the biggest concern. If data is lost and the breach is “likely to result in a high risk to the rights and freedoms of natural persons,” then it is the responsibility of the organization to notify everyone about the breach.
MDM has evolved substantially over the last few years, adapting cheek by jowl with the fast-paced communications industry. While scalability was initially a huge problem for MDM deployments, remote management functionalities have eliminated many of the more burdensome functions (SIM card updates, for instance). Indeed, most modern MDM platforms can automatically detect new devices connected to corporate networks and implement policy via over-the-air commands.
By and large, MDM platforms include the following functionalities:
- Device inventory and tracking
- Mobile support and management
- Application whitelisting/blacklisting
- Remote service management
- Passcode enforcement
In addition, MDM typically requires the following two components:
- A server component that enables IT administrators to configure and enforce policies through a management console.
- A client component capable of receiving and implementing commands on end-user mobile devices.
42matters can help you develop secure, efficient MDM solutions by assisting with your app intelligence requirements. Via our rich datasets and suite of APIs, we offer extremely detailed insight into 14+ million published and unpublished apps, from 2.6+ million publishers, across Google Play, the Apple App Store, Amazon Appstore, and Tencent Appstore.
While MDM platforms will give you the ability to secure any device used to access corporate data and tools, much of the decision making still requires outside inputs. In other words, IT administrators need to acquire information about apps themselves and use that information to guide MDM practices. Critically, this includes determining which apps to whitelist or blacklist. For this, they’ll need:
- App vendor names
- App descriptions
- App categories, genres, IAB categories
- App permissions
- SDK details
- App version histories/changelogs
Our datasets provide all of this and more, enabling you to pull app names, packages/IDs, icons, and app fingerprints to flag copycat apps. You’ll also have insight into such things as suspiciously low downloads, bad ratings and reviews, and more. As such, you’ll be able to keep your company data secure and bolster your MDM policies by preventing employees from accessing potentially harmful and non-productive apps.
Indeed, while our datasets can help inform your MDM strategy and bolster your ability to whitelist/blacklist apps, they can do a whole lot more. Check out our “Getting Started” page to learn about the following file dumps:
- App Details (see sample data) — Access detailed information for any app, including: name, description, category, pricing details, ratings, downloads, release dates, content localization, and more. View apps from Google Play, the Apple App Store, Amazon Appstore, and Tencent Appstore.
- SDK Intelligence — View the SDKs and permissions leveraged by any mobile app. We track 2,500+ SDKs and hundreds of iOS and Android permissions.
- Reviews Analysis — Access an extensive database of anonymized reviews, including advanced sentiment analysis.
- Top Charts (see sample data) — View daily top charts for either Google Play or the Apple App Store.
- IAB Categories for Apps (see sample data) — The Interactive Advertising Bureau’s (IAB) content taxonomy offers a more precise alternative to Google’s app categories and Apple’s app genres. Access IAB category information for any app.
- app-ads.txt for Apps (see sample data) — View app-ads.txt data for any app available on Google Play, the Apple App Store, Amazon Appstore, and more.
- App Content Ratings (see sample data) — Access app content ratings by country for both Google Play and the Apple App Store. This includes content rating insights from ESRB (Americas), PEGI (Europe, Middle East), USK (Germany), Australian Classification Board (Australia), ClassInd (Brazil), GRAC (South Korea), IARC (Generic), and the Apple App Store Rating System.
In addition, we offer the following, security-focused file dumps: Android and iOS APK Resources and File Structure, Android SDKs URLs, and Android App Signing Certificate: SHA-1, SHA-256, and MD5. And, of course, we’d be happy to create custom data sets based on your particular needs.
To learn more about how to access our datasets, this blog post will walk you through the process. For access credentials to full file dumps, feel free to reach out!
If you would like to learn more about how our file dumps and APIs can improve your Mobile Device Management strategy, schedule a free demo with one of our experts!