Mobile device management and mobile application management are critical to securing your organization’s data and IoT devices.
According to recent research, the average household has 25 connected devices, an increase from 11 in 2019. This widespread adoption, along with a global pandemic, has changed the way we operate and communicate, both personally and professionally.
Many industries are adapting to remote work, enabled by technology that makes possible remote patient consultation and monitoring, virtual classes, and food ordering and tracking via mobile devices. Additionally, many organizations have adapted to a bring-your-own-device (BYOD) environment as workers want to perform their tasks at home and in the office seamlessly, without switching devices. This movement toward a device-dependent workforce requires security teams to take a closer look at how they’re managing and securing the data they collect and the devices they use.
Whether it’s a personal or corporate-owned device, security teams need to enforce corporate data access and productivity rules on mobile devices through mobile device management (MDM) and mobile application management (MAM).
MDM is a way of securing mobile devices such as smartphones and tablets, whereas MAM secures the applications on those devices that are used to access organizational data, such as Outlook, SharePoint, and OneDrive. MDM software is typically designed to support one or more operating systems such as iOS and Android. It maintains a device profile, which allows companies to track, lock, secure, encrypt, and wipe the devices remotely as needed. The software also installs agents on the devices to query and fetch the device status.
Enterprise mobility management (EMM) focuses on application, content, and identity management on the devices, whereas MDM focuses solely on the device security. But EMM cannot support platforms such as Windows and iOS, so unified endpoint management (UEM) was created as a centralized management solution providing multiplatform support, eliminating the need for multiple solutions. It’s important to note that the security and confidentiality of the data accessed through any of these solutions is only as good as their implementation.
Devices include MDM software either through vendor-specific programs from the manufacturer or by manual enrollment using a token, QR code, email, or SMS. There are several MDM software options on the market, such as VMWare Workspace One, Microsoft Intune, Citrix Endpoint Management, MobileIron, and SimpleMDM. MDM software sends a set of commands to enrolled devices through APIs built in operating systems. It collects details from enrolled devices like hardware and software details, installed and configured applications, security status, location, etc., and it manages the applications running on the devices, allowing, blocking, or removing them depending on preconfigured settings.
Compliance restrictions from standards such as HIPAA, GDPR, and PCI are enforced through policies. Devices can be centrally managed and maintained, and policies are applied to devices in bulk. Automation makes it easier to track, encrypt, secure, and wipe the devices.
Devices are not required to enroll in MAM software. Corporate apps are pushed into enterprise app stores, and employees can install and download them on their BYOD devices. Apps are run in secure containers to keep personal and corporate data separate.
One significant way that MAM is different than MDM is that MAM does not need control over the device. MAM ensures that sensitive data is not sent or copied to other applications. Employees using their own devices feel more at ease with MAM, as it has less control over their entire device than MDM software.
Microsoft Intune is a cloud-based service focusing on MDM and MAM. It can enforce policies onto devices to ensure that data does not cross organizational boundaries. It supports devices including laptops, mobile devices, and tablets, and it enforces policies and provides protection to data whether or not a device is enrolled. One major advantage of Microsoft Intune is its integration with Azure Active Directory and Office 365 applications. When integrated with Azure Active Directory, it controls who has access and what they have access to. Office 365 applications such as Outlook, OneDrive, SharePoint, Teams, etc. are used by many organizations, including mobile apps on personal devices, so corporate policies must be applied consistently on those devices as well.
There are five important security controls to configure when using Microsoft Intune.
MDM and MAM is an important security technology for both the remote and BYOD workforce. Microsoft Intune can be configured to provide security controls that ensure MDM and MAM has complete coverage.
Learn how to accelerate and scale your application security testing with on-demand resources and expertise from Synopsys. Our cloud configuration services include identifying misconfigurations around Microsoft Intune and other MS related applications.
Prasanthi Akella is a security consultant at Synopsys with over four years of industry experience in cloud security, penetration testing, and secure code reviews. Her interests include working with clients, understanding their needs, and helping them secure their overall security posture. In her free time, Prasanthi enjoys unwinding in nature, pencil sketching, and reading.