Anyone who has worked in ICT for a while will know it is almost impossible to go a day without using an acronym or initialism, so I apologise in advance for the offenders in this article. But when you are asked to compare enterprise mobility management (EMM) with mobile device management (MDM), you’ll appreciate the use of such abbreviations to save on the syllables.
In ICT, you need to walk the walk before you can talk the talk. Trust is shattered if you can’t talk from experience. So, before we offered EMM to our customers, we tested various solutions before we eventually chose and implemented MobileIron into our own systems. We wanted to know to what extent EMM really is a step up from MDM. What are the differences between the two, what are their respective limitations, and when do the additional security benefits of EMM outweigh those of MDM? We also sought to anticipate the types of questions we would receive from our customers: Do I really need EMM if I already have MDM? Is it complicated to deploy? What are the potential teething problems? And so on.
The differences between MDM and EMM
First up, let’s establish what MDM and EMM are, and how they differ. Most medium-to-large companies will already be familiar with MDM, having deployed it to manage their fleet of mobile devices. MDM allows organisations to monitor, manage and, to a certain extent, secure their employees’ mobile devices. It has proven particularly useful for organisations with devices from multiple service providers and/or operating systems (iOS, Android, BlackBerry, Windows Mobile, etc.) since they can all be managed from one platform.
More recently, EMM has emerged as the logical successor to MDM, building on the centralised management functionality of MDM, while broadening the types of devices it can manage and providing much deeper levels of control and customisation. For example, MobileIron, the EMM we eventually chose, adds Windows 10 support so laptops and tablets are now included under the umbrella of the mobile devices it manages.
Whichever product you decide on, though, security is where EMM differentiates itself from MDM due to its more extensive access controls for applications, data, apps, email, corporate platforms and pretty much anything else. EMM brings enterprise-grade security to every mobile device, irrespective of whether they are owned or just managed by the organisation. Given that today’s mobile devices are broadly as powerful as their desktop PC counterparts, and often have access to the same amount of data, this level of security is critical. Remember that mobile devices are just that – mobile. Your organisation’s systems and data are no longer protected by your four walls; they are exposed every time an employee walks out the door – and back in, too. EMM provides the levels of security necessary to protect this data, helping your organisation to meet its ISO 27001 requirements, for example, while helping it meet its upcoming obligations under the GDPR.
Our story
Bamboo has been using a variety of MDM solutions since 2003, when we first deployed our BlackBerry Enterprise Server (BES). After seeing the emergence of EMM solutions during the past few years, we evaluated the market and eventually gravitated towards MobileIron due to its high levels of customisability, which was key to ensuring it supported our own internally developed applications.
Our technical manager, Paul Lees, led Bamboo’s internal MobileIron deployment to manage our 50-plus devices. Unapologetically describing himself as your “typical IT manager”, Paul likes to understand how technology works. He also likes to deploy as much of the technology himself to get under the skin of it – and keep an eye on the budget. Just the man for the job! But in deploying MobileIron, he soon learnt why you need outside experts to implement an EMM solution properly.
Paul explains: “I soon realised this really wasn’t your typical install. So, with my tail slightly between my legs, for a smooth installation that gave us exactly what we wanted and didn’t take me away from my other day-to-day activities, we brought in external MobileIron experts to handle the more technical aspects of the implementation. While it depends on what you want to get out of the software, to get the most from it you need to engage with EMM experts and this is something to bear in mind when planning your implementation.”
The reason EMM offers much greater security than MDM is because it offers so much more flexibility and customisation, but this means you need to allocate more time and expertise to get the most out of it (in our case it took approximately one day longer than an MDM solution, and three days in total to install).
EMM solutions often have multiple deployment models, too. MobileIron, for example, has three different deployment models – on-premise, cloud, or a mixture of both (which is the approach we took at Bamboo). Most organisations have multiple tunnels into their business, network drives or intranets, for example. As Paul explains: “Each of these must be secured and knitted together for the EMM to be as effective as it can be. The skill here is being able to knit together all the different components, which is definitely something for a trained professional in your chosen EMM solution to carry out. It now makes complete sense to me why there is a MobileIron University that takes two years to complete – and that’s just their trained engineers. The integration between this software and your specific requirements needs to be planned and engineered.”
In addition to its more extensive security credentials, we also found EMM better suited to our hybrid BYOD environment. Like most organisations, we are neither 100 per cent BYOD nor 100 per cent corporate-owned. This just wouldn’t be practical. Thankfully, EMM takes this mix into account. For our BYOD users, we simply set up a secure folder on their personal device where all their work apps are located and controlled through MobileIron. The user is happy too as corporate control of their device is limited to the contents of that one folder. Their iCloud photos, personal messages and emails are strictly out of bounds and invisible to MobileIron. On the other hand, with corporate-owned devices, EMM can set policies for every aspect of the phone, from whether the camera is functional to whether someone can print remotely. This is where you start to see EMM’s true scope and where its security credentials shine through for us.
EMM = peace of mind
Put simply, EMM enables an organisation to build a truly secure, ‘mobile first’ environment that ultimately helps users to increase their productivity by making the most of their mobile devices. As a business, you can set it to be as flexible or as rigid as is necessary for the protection of your data. Thankfully, striking a balance between user freedom and data protection is easy to achieve without being invasive.
For us, the significant advances in security are enough to make the move from MDM to EMM an obvious choice, while the additional coverage of Windows 10 devices, hybrid BYOD support, a more comprehensive management console and the extensive customisation options only cemented our decision further. Despite the additional security assurances that we have gained with EMM, our staff still have full access to the resources they need without compromising on usability. As a business we have the levels of security we need without hampering usage benefits, but if the threat landscape changes, only EMM gives us the peace of mind that we can secure our devices at the micro level with just a few clicks on a dashboard. That alone is worth the price of admission.
