Why is an MDM important to a small business? This is a question that all small businesses should be asking in this age of ubiquitous mobile devices. In fact, any business should be asking the question.
What is an MDM?
An MDM is a Mobile Device Manager. It does just what it sounds like it does! It provides tools to manage your mobile devices. The better MDM’s out there allow you to manage access to your corporate life blood (information) on mobile devices. The devices may be corporate or personal. The potential for an information breach is almost a certainty because of data stored on the devices. Or data easily accessed from the devices. An MDM can help to mitigate data loss and/or data breaches by imposing a level of control over the devices.
At a basic level an MDM should let you remotely lock and wipe a lost or stolen device. Better MDM’s will take this ability to the next level and allow you to “selectively” wipe data. For example, you could wipe corporate data and apps from a device while leaving the device owner’s personal data and apps in place. Really good MDM’s will expand on all of this. They allow you to put policies in place that control many aspects of data access. They can even ban or bar data sharing outside of the corporate environment.
Most larger enterprises have been involved with MDM’s for some time and have already realised the benefits provided by a good MDM. Most smaller organizations, on the other hand, probably aren’t even aware MDM’s exist. And that’s a shame because there are excellent MDM tools available to smaller orgs for little or no cost. There’s no reason to not be using an MDM! Two MDM’s that come to mind in this space are Meraki’s System Manager (free for managing up to 100 devices) and the MDM tools built in to Microsoft Office 365. Both MDM’s offer some very powerful tools but come at things from slightly different angles. This post and following posts will delve into the capabilities and benefits available to small business from these tools. And, I hope will demonstrate why it’s so important to have an MDM in place as part of your overall security posture.
Why do I need one?
Every business has information that they would prefer did not fall into the hands of persons outside the company. It might be something as simple as an internal price list. Or maybe something far more important like plans for a new product. Whatever it is there is a good chance that similar files are on mobile devices or stored in Cloud accounts connected to mobile devices. You must manage user access to this information (security policies) and control how this information is shared. And in a worst case scenario such as a lost or stolen device, you need to be sure that your data is secure.
A complicating factor is the whole BYOD thing (Bring Your Own Device). Many companies have moved away from providing cell phones in favour of just paying employees an allowance for their own personal devices. In a scenario like this, how do you manage the device and the data? Some of the data on the device may be yours. But a lot isn’t and the device itself is not yours. Things get very complicated very quickly.
So, there is a strong need to be able to manage data on your devices and on user personal devices. That’s where an MDM comes into its own.
How does it work?
At a very basic level, MDM’s insert and enforce policies on devices or between devices and various services. In some cases, the policies may only be at the service end and in other cases the policies may be enforced on the device locally. Local enforcement is usually provided by some form of app or “wrapper” plugged into hooks provided by the device operating system (e.g. iOS or Android). Policies are created in the MDM to manage various aspects of operation and are “pushed” out to the devices. The MDM policies create a “fence” around the items you define. This is similar to the processes you can follow in systems like OneDrive or DropBox to control how data can be shared.
MDM’s that install an app or security wrapper on devices also usually allow you to manage various aspects of the device. Features like remote app installation, remote tracking, remote device access and remote lock/wipe are very common. Generally, the app or wrapper “maintains” the security profile on the device even when the device is off-network. For remote lock and wipe the MDM can push out the command which will be executed as soon as the device connects to the network. The mechanics of the MDM/device interaction is much more complex than the basics that I’ve described but I’m sure you get the idea.
My next couple of posts will take a look at two MDM’s in action, the Meraki System Manager and the MDM functions built into Office 365. For small businesses either is an excellent choice. Meraki because it’s absolutely free for up to 100 devices. Office 365 because you get the MDM functionality with any Business or Enterprise tenancy subscription. Either one is an easy “win” for small business.