IT administrators must write and deploy custom shell scripts to gather valuable data to answer pressing questions about the fleet. Most MDMs only provide a small number of essential data points about a device. These valid security objectives are too nuanced for the blunt instruments provided by traditional MDM solutions.īecause they’re unsolvable through the MDM lens, they’re often declared out of scope, which gives everyone a false sense of security. Such as encrypting SSH keys, securing plain-text two-factor backup codes, or minimizing the time production data is stored on a device. ![]() If an MDM can’t get a device compliant with brute force or automation, you’re out of luck.Īnd that means you have no way of dealing with some of the highest-risk compliance issues, Here are a few MDM drawbacks to consider: They can’t get you to 100% compliance. MDMs have a clear use case, but there are still many device security problems they can’t solve or for which their solutions create bigger problems. OS vendors are building their own device management products(e.g., Apple Business Essentials and Microsoft Intune) that are cheaper and often have better features than third-party MDM vendors. Most IT administrators and managed service providers are familiar with MDMs and can easily find IT engineers with experience running them at scale. The commoditization of MDM software means buyers can get competitive pricing and a wide array of vendor choices. The barrier to entering the MDM space is much lower than building a device management solution from scratch. Since the OS vendor provides most of the functionalities that make MDM possible, However, setting up MDM on existing (not new) devices can present challenges and failures of installation are common. That ensures that things like disk encryption are enabled the first time an end user logs in. The agent portion of MDM is often built into the OS, and IT can pre-configure devices before they are distributed to employees. These capabilities are crucial for third-party audits since they ensure that sensitive data is not at risk if a device is lost or stolen or an employee is terminated. This has some clear advantages, but it turns out to be a double-edged sword, as we’ll see in the next section. That means a user whose device is enrolled in MDM can’t turn off its firewall,download unapproved applications, or put off a software update. MDMs can force a device into the desired compliant state (at least on the simplest level) and keep it there without consulting or negotiating with the end user. Here are some of the most common reasons organizations use MDM solutions: They are effective at rapidly achieving surface-level compliance. MDMs’ technological capabilities certainly play a role, but so do cost and force of habit. ![]() ![]() There are several reasons why MDM solutions are so widely-used, although some of those reasons are more well-founded than others. This can be as benign as setting the default state of various security features or as extreme as forcing a device to erase itself without the consent of the person behind the keyboard. While the capabilities of MDMs differ by platform, they all grant the MDM administrator a form of remote control over the device’s capabilities. In this analogy, MDM is the hammer–a blunt instrument that’s good at solving some problems but can’t address more nuanced issues, and its approach can even be harmful.Īn MDM solution requires employees to agree to have their devices fully managed by a central authority, their employer. You know the expression, “when the only tool you have is a hammer, then every problem looks like a nail?” In this article, we’ll go over MDM’s strengths and weaknesses, and where it fits into a larger approach to endpoint security. Leaning too hard on MDM can create problems not only for security but employee morale. ![]() The problem is that many companies assume they can use MDM to solve all their device security issues. Ultimately, most companies of a certain size need an MDM solution (or potentially more than one) to accomplish things like remote wipes and configuring default settings for new devices. There are many independent MDM providers and proprietary MDMs from Microsoft and Apple. In a nutshell, MDM solutions make devices behave in specific ways according to predefined security policies so companies can pass audits, prevent data breaches, and obey data privacy and security laws.ĭespite the word “mobile” in the name, MDMs often extend to the management of laptops, desktops, and tablets.
0 Comments
Leave a Reply. |