In conversations with IT managers, a common challenge surfaces – the lack of control over personally owned mobile devices within the workplace. Managing these external devices, each running on varying operating systems with different update cycles and settings, poses a complex security dilemma. While it's not feasible to reverse the trend of bringing personal devices to work, finding a solution that safeguards company assets becomes imperative. Until recently, Mobile Device Management (MDM) served as the primary defence, but in the face of evolving threats and rapid innovations, does MDM truly offer effective protection? In this article, we delve into alternative mobile device security strategies and explore the potential of secure containers.
Evolving Beyond Mobile Device Management (MDM)
MDM has been the conventional method at the heart of securing enterprise mobility. MDM, or Mobile Device Management, involves installing remote management software on devices, granting IT managers control over various aspects. This authority extends to setting user rules, such as configuring pin code length, managing updates, app versions, user privileges, and overall IT security. Some MDM implementations even enable monitoring of users' online activity and communication patterns.
However, the trade-off for this apparent security is the intrusion into users' privacy. MDM's extensive control translates into a constant presence alongside colleagues, infringing upon their personal space. Moreover, MDM makes it unrealistic to adopt a Bring Your Own Device (BYOD) policy due to the reluctance of employees to allow an MDM client on their private devices. This restriction is further amplified by the disparity between Apple and Android devices' operating systems, making standardised MDM solutions impractical for users' diverse preferences. Additionally, the fast-paced updates in the mobile landscape make it challenging for MDM to adapt seamlessly.
Navigating the Landscape with Unified Endpoint Management (UEM)
Recognising the limitations of MDM in a BYOD-centric world driven by privacy concerns and freedom of choice, attention shifts to an alternative: Unified Endpoint Management (UEM). This comprehensive solution aims to secure various devices and software iterations. UEM integrates deeply with operating systems, offering Identity and Access Management (IAM) capabilities. It assists in identifying and mitigating threats while also managing content and applications.
Yet, like MDM, UEM primarily serves as a tool for assessing settings' correctness rather than securing the devices themselves. Furthermore, UEM remains susceptible to circumvention, as scenarios like shared device access compromise effectiveness. Such situations highlight the limited grasp IT managers have on device security.
Harnessing the Power of App Containers
As MDM proves inadequate against the backdrop of rapid innovations, and UEM falls short in preventing breaches, a novel approach emerges – using app containers. This method veers away from securing endpoints and instead focuses on safeguarding assets. App containers operate by isolating company-owned elements like applications, content, and emails within a distinct compartment on the device. This isolation ensures no interaction with personally owned assets. This approach accommodates any device and operating system, constructing a fortified enclave accessible only by authorised individuals. IT managers maintain control over the app, while users retain command over the device.
Embracing the Embassy Principle
A fitting analogy for app containers is the concept of embassies. Like an embassy operates within a foreign nation but remains under the jurisdiction of its home country, app containers function within users' devices, adhering to the rules set by the company. This separation delineates company-owned assets from personal ones, avoiding automatic synchronisation with external services. This distinction offers IT managers a delicate balance between asserting control and respecting colleagues' autonomy. The result is a blend of freedom, oversight, and flexibility, a trifecta vital for modern corporate environments.
A New Era in Device Security
Redefining security strategies is paramount in safeguarding company assets amid the proliferation of personal devices. As MDM's limitations become apparent and UEM's potential is scrutinised, app containers emerge as a promising paradigm shift. By establishing secure enclaves for company assets, this approach addresses both security and privacy concerns. App containers embody the ideal blend of control and independence, symbolising a new era in device security strategies.
Are you curious to delve deeper into the distinctions between MDM, UEM, and app containers? Download our complimentary white paper on Enterprise Mobility.
