IT beginner’s guide: Mobile device management (MDM)

Data breaches caused by lost or stolen devices loaded with vulnerable data occur all too frequently. In 2016, an unencrypted laptop containing medical records and staff details was swiped from a nursing home in Northern Ireland, resulting in a £15,000 fine. In 2017, over 43,000 patient records were compromised at Coplin Health System after a laptop containing sensitive medical data was stolen from an employee's car. 

Not to mention the fact that 74% of global IT leaders have experienced a breach due to mobile security issues, and you can tell businesses have a major problem on their hands. 

With more employees working remotely and devices increasingly accessing corporate networks from anywhere, getting a firm grasp on mobile security is essential. This is where mobile device management (MDM) comes in.

What is mobile device management (MDM)?

Mobile device management, or MDM, refers to the practice of monitoring, managing, and securing mobile devices like smartphones, tablets, and laptops across multiple service providers and operating systems. 

Think of it as a device-centric management tool that simply provides the ability to configure, deploy, and manage policies centered around the device. This enables you to keep track of where the devices are located, what data resides on them, and control various security aspects and configurations. 

The primary objectives of MDM are:

• Enforcing security policies and compliance across all devices
• Enabling remote device monitoring and tracking
• Facilitating mobile device and app deployments
• Securing corporate data on devices through encryption
• Remotely locking down or wiping lost or stolen devices

MDM gives IT administrators centralized control and visibility over the entire lifecycle of mobile devices in their corporate environment. This allows them to proactively identify and address security risks, push out software updates, configure settings, and manage every device.

Why is mobile device management important?

In a world where we see more and more data breaches and cyber threats, managing mobile devices has become a critical component of any organization's cybersecurity strategy. Here are some key reasons why MDM is essential:

• Enhanced security: An unmanaged mobile device connecting to your network presents a vulnerability, making it a huge security risk. One of the greatest MDM benefits is the improved security practices it enables. Typically these devices are manually provisioned by users with no assurance of proper authentication setup, let alone enterprise network access controls. Now consider multiplying that across an entire user population—you have many potential entry points for malicious actors. With MDM, security is deployed to every device on the network with protocols to act on suspected threats. This helps avoid costly data breaches by securing corporate data on personal or company-owned mobile devices. MDM also keeps underlying platforms up-to-date with the latest software patches.

• Remove oversight of users, devices, and apps: Without an MDM solution, companies have limited visibility and control over the devices, users, and applications within their network. MDM removes those blind spots by providing a centralized platform to monitor and manage all devices, users, and applications, reducing the risk of unauthorized access or usage.

• Cost reduction: MDM helps lower costs in several ways. The management capabilities it offers reduce capital costs by enabling secure BYOD (bring your own device) policies where employees can use their own hardware instead of the company issuing devices. These cost savings come on top of benefits like increased productivity, uptime, and resources.

• Workflow improvement and flexibility: Think of MDM as a tool to control and manage technology deployments that enable your enterprise to run efficiently. It simplifies internal IT demands by streamlining overhead tasks like firmware and configuration management through a centralized platform, reducing support burdens.

• Data protection and compliance: Many industries, such as healthcare and finance, are subject to strict regulations regarding data privacy and security. MDM solutions help organizations maintain compliance with these regulations by enforcing security policies and providing audit trails. You can also enable hardening measures or a remote wipe if a device is lost or out of geofence policy.

• Mobility and remote work enablement: Given infrastructure advancements and the fact that more employees are working remotely, MDM builds a framework to manage the mobile technologies that enable secure remote work, extending critical resources, and security practices while limiting vulnerabilities.

BYOD and supporting the remote workforce

The rise of remote work and bring-your-own-device policies are the new normal. Your staff likely has multiple devices now, and they expect to use their phones and tablets to stay connected and productive from anywhere. But BYOD creates security challenges that need to be thoroughly considered and addressed with policies and technology solutions. It’s important to find the right balance between embracing the convenience mobile devices provide while still protecting your corporate data.

An MDM solution helps support this remote, mobile workforce using personal devices. MDM allows you to properly provision those BYOD devices to access your company's resources securely. You can configure security policies, ensure devices are updated and patched, and maintain that separation of personal and business use.

The alternative? Allowing unmanaged personal devices on your network is a major risk, especially if those devices become outdated or modifications like jailbreaking occur. With MDM, you can authenticate, secure, monitor, and if needed, remotely wipe just the corporate information from an employee's device while leaving their personal apps and data untouched. 

Implementing BYOD policies and an MDM solution enables your staff to work how and where they need to safely. You're giving them the flexibility modern employees demand, while still applying enterprise-grade security controls around mobile device access. It's a win-win for embracing the new normal of work through secure mobility.

How does MDM work?

1. The first step is bringing mobile devices under the management and control of an MDM solution via device enrollment. There are various enrollment methods available, such as bulk enrollment for large-scale deployments, user self-service enrollment, and zero-touch enrollment for enterprise-owned devices pre-configured by the manufacturer. 
2. Once devices are enrolled, IT administrators can use the MDM portal to push configurations, applications, and security policies to the managed devices. At its core, MDM has two constituents—an admin portal or console and device software agents. 
   The MDM portal provides a dashboard-style interface that lets IT administrators configure settings, deploy mobile apps and data, and enforce security policies across the whole mobile device fleet. 
3. Groups allow different policies to be applied to different user segments like executives, contractors, sales teams, etc. Policies cover a wide range of settings from password complexity, approved app lists, remote wipe rights, and more. Once policies and groups are defined, the MDM software or agents deployed on user mobile devices will enforce those policies.
4. The MDM software agents are installed on each user's mobile device to ensure those centrally-defined policies and settings are implemented. The agent implements the policies onto the device through direct communication with application programming interfaces (APIs) integrated into the device's operating system. Data, apps, and updates are transmitted from the admin portal to user devices over-the-air. 

Also, many MDM solutions offer integrations with other enterprise systems, such as identity and access management (IAM) solutions, to streamline user authentication and access control processes for managed devices. MDM solutions can also be part of a broader unified endpoint management (UEM)  and enterprise mobility management (EMM) suite, integrating with mobile application management (MAM) and mobile content management (MCM) solutions for a comprehensive mobile device and app management experience. 

Components of mobile device management software

Effective MDM solutions often incorporate various components to provide a comprehensive security and management framework. These may include:

• Single sign-on (SSO) and password managers: One of the biggest risks of unmanaged devices is the lack of proper authentication controls. An MDM solution allows enforcing SSO and centralized password policies to ensure secure access to enterprise resources. Password manager integration enables secure credential storage and sharing.
• Identity and Access Management (IAM): IAM solutions ensure that only authorized users and devices can access corporate resources, enforcing role-based access controls (RBAC) and providing granular permission management.
• Endpoint security: Mobile devices are just another endpoint that needs to be secured. MDM solutions provide a centralized way to deploy, enforce, and update endpoint protection standards like encryption, anti-malware, firewalls, and more. This protects data at rest on the devices.
• Application management: Beyond just deploying apps, a robust MDM tool allows installing, updating, configuring, and removing applications across devices from a centralized console. App configuration policies, whitelists/blacklists, and licensing controls are also key app management capabilities.
• Device tracking and geofencing: To prevent rogue access and data leakage, MDM enables tracking device locations through GPS and geofencing capabilities. Policies can be set to automatically lock, wipe, or disable devices that move outside approved areas.
• Lifecycle management: From deployment to retirement, MDM software provides full lifecycle management over devices by handling provisioning, configuration, OS/firmware updates, troubleshooting, remote control support, and secure data wipes before hardware refreshes.   

What devices does MDM support?

MDM solutions are designed to support a wide range of devices, including:

• Smartphones and Tablets (Apple iOS iPhone,  iPadOS, Android devices)
• Laptops and desktops (Microsoft Windows, macOS, Linux, ChromeOS)
• Internet of Things (IoT) devices

Even if your company uses a mix of device types from different manufacturers, a good MDM solution will allow you to apply policies and security settings tailored to each operating system.

Key MDM features

Install applications

One of the primary features of MDM is the ability to install applications remotely on managed devices. This feature allows IT admins to deploy essential software, productivity tools, and security applications across the organization's mobile fleet. By centrally managing application installations, MDM ensures that all devices have the necessary software for employees to perform their duties effectively while maintaining compliance with corporate policies.

Set network preferences

MDM tools enable IT administrators to configure and enforce network settings on managed devices. This includes managing Wi-Fi and VPN connections, ensuring that devices connect to secure corporate networks, and preventing unauthorized access to sensitive data. 

Activate user accounts

MDM platforms facilitate the activation and management of user accounts on mobile devices. IT administrators can provision new user accounts, assign appropriate permissions, and enforce security policies based on user roles and access levels. This feature streamlines the onboarding process for new employees, ensuring that they have immediate access to the necessary resources while maintaining proper access controls. 

Determine permissions 

MDM solutions offer granular control over device permissions, allowing IT administrators to define and enforce policies that govern data access, application usage, and device functionalities. This feature is crucial for maintaining data security and ensuring compliance with industry regulations, such as HIPAA, GDPR, or PCI-DSS.

Decommission devices

As part of the device lifecycle management process, MDM solutions provide tools for decommissioning devices that are no longer in use or need to be retired. This feature allows IT administrators to remotely wipe data from devices, ensuring that sensitive information is securely removed before the device is repurposed or disposed of.

Mobile device management best practices 

Identifying MDM needs 

The first step in implementing an effective MDM solution is to assess your organization's specific needs. Every business has unique requirements, and a thorough evaluation of your mobile device landscape, usage patterns, and security risks is important. Consider factors such as the types of devices used, the sensitivity of data accessed, and the level of remote access required. This assessment will help you determine the appropriate MDM solution and tailor it to your organization's needs.

Selecting a cloud-based or on-premise solution

Once you have identified your MDM needs, the next step is to choose between a cloud-based or on-premise solution. Cloud-based MDM solutions offer the advantage of easy scalability, automatic updates, and reduced infrastructure costs. However, on-premise solutions may be preferred for organizations with stringent data privacy requirements or those operating in highly regulated industries.

Automating MDM processes

Automating MDM processes can significantly improve efficiency and reduce the risk of human error. Look for MDM solutions that offer automated device enrollment, configuration, and software updates. Automation can streamline the provisioning process for new devices, ensuring consistent security settings and minimizing the risk of misconfiguration.

Data backup and recovery

Protecting sensitive data is a critical aspect of MDM. Implementing robust backup and recovery mechanisms is essential to ensure business continuity and minimize data loss in the event of device theft, loss, or compromise. Consider solutions that offer secure, encrypted backups and remote wipe capabilities to safeguard your organization's data.

Enforcing strong password and multi-factor authentication policies 

Strong password policies and multi-factor authentication (MFA) are necessary for preventing unauthorized access to mobile devices and corporate resources. MDM solutions should enable the enforcement of password complexity requirements, password expiration intervals, and MFA for added device security.

Keeping systems updated

Keeping mobile devices and MDM systems up-to-date with the latest security patches and software updates is essential for mitigating vulnerabilities and protecting against emerging threats. Implement a robust patch management strategy and leverage MDM solutions that automate the update process for seamless deployment across your device fleet.

Employee safety training

While technical measures are crucial, it is equally important to educate and train employees on secure mobile device usage practices. Provide regular training sessions on topics such as recognizing phishing attempts, secure data handling, and reporting incidents promptly. A well-informed workforce can significantly reduce the risk of security breaches and data leaks.

MDM data privacy and security 

MDM solutions collect information about devices to enforce security policies and maintain up-to-date software, ensuring compliance, and reducing vulnerabilities. However, it's essential to strike a balance between security and the end user's need to maintain privacy.

At Rippling, we take a proactive approach to this by collecting only limited, non-sensitive information necessary for enforcing security policies and maintaining device integrity. This includes basic user account details, configuration profiles, package receipts, and available software updates. We do not collect sensitive information like application usage data, keychain passwords, personal data, browsing history, employee passwords, or organizational data and files, demonstrating a commitment to respecting employee privacy. Furthermore, we cannot remotely log into employee devices without explicit consent or the installation of custom software by the IT administrator, ensuring devices remain private and secure. 

Conclusion

Rippling IT offers a comprehensive solution that combines MDM, IAM, SSO, password management, and endpoint security—all in one place. By taking a holistic approach to managing your entire fleet of devices, you can minimize the risk of data breaches, streamline IT processes, and empower your employees to work securely from anywhere, on any device. Get started with Rippling Device Management here.

Frequently asked questions

What does mobile device management do? 

Mobile device management platforms enable organizations to monitor, manage, and secure mobile devices, such as smartphones (Android, iPhone), tablets, and laptops (Mac, Windows), across their entire lifecycle. Key functionalities include device configuration, application deployment, security policy enforcement, remote device management, and data protection.

What can a company see with MDM? 

With MDM solutions, companies can gain visibility into various aspects of managed devices, including device locations, installed applications, network connections, and usage patterns. 

Why is device management important? 

Device management plays a critical role in safeguarding sensitive data and ensuring compliance with industry regulations. It also streamlines IT processes, supports remote work policies, and maintains control over corporate assets.