Mobile security is a huge challenge for IT departments. Two different approaches can be taken: one uses mobile device management and focuses on the device itself; the other deploys user-friendly container apps and focuses on data. Both have advantages. But which approach is best?
Mobile work is impossible without mobile security
Nowadays, it would be hard to find a company that does not use mobile devices in some area or another. Not only can they be used in a thousand different ways; they also increase productivity and employee satisfaction. Companies must embrace mobile work if they want to safeguard their own future.
But despite all the advantages and opportunities which mobile work brings, there’s also a flip side to the coin. Mobile devices generate new security risks, increasing the line of fire to which companies are exposed. Cyber criminals now target mobile devices as the new point of entry into companies. Which means that companies have to rethink the way they protect devices and company information – taking the mobile aspect into account. There are various solutions to this problem.
Two solutions, two approaches
One is comprised of MDM (mobile device management), and the more recent EMM (enterprise mobility management) and UEM (unified endpoint management) systems. The other is comprised of container solutions. Each of these camps takes a completely different approach. We’re going to take a look at how they compare, and how they complement each other.
Before deciding which solution best meets their needs, companies should analyse their situation and their mobile strategy. The make-or-buy decision (do we buy in external services or develop an in-house solution?) will also influence the choice, as will the question of who the device belongs to (BYOD).
Mobile device management
As the name suggests, MDM (mobile device management) solutions address the security of the device. MDM is frequently complemented by MAM (mobile application management) and MCM (mobile content management). The entire device – including all apps and all data – is protected. MDM systems allow administrators to implement mobile security guidelines, control access to internal and external data, and impose password requirements (minimum length, degree of complexity).
Another crucial feature is that in the event of an emergency, administrators can even gain remote access to the mobile device and delete everything. This is extremely important if a device is lost. Depending on the manufacturer, different MDM systems have different features; some are more user-friendly than others, and some offer add-ons. For example, many include extra features for managing mobile apps (enterprise app stores, for example, or sandboxing for apps). Some even include cost management tools.
Container solutions
Container solutions take a completely different approach to mobile security. In effect, they’re the ‘diet’ version. Instead of managing the entire device, containers focus solely on protecting relevant business content (internal data). Containers create an additional safe room inside the mobile device. If a person gains access to the device, they don’t automatically gain access to the container. Here, further credentials are required. Inside the container, business applications such as calendars, email, contacts and Office applications run completely separately to non-business apps. In addition, company data inside the container is encrypted. Any business communication sent out from the container is secured and encrypted. A strict dividing line is drawn between professional and private content on the mobile device.
The advantages and disadvantages of each approach
MDM offers a considerably broader range of features as well as complete control over devices and data. This broad range of features, however, not only makes MDM more complex, it also makes it more expensive. A company that opts for MDM needs sufficient qualified staff to handle it. From the company’s point of view, having complete control over devices is an attractive proposition. However, it has distinct disadvantages when it comes to modern mobile work arrangements such as BYOD, COPE or Extended Enterprises, for example. The level of acceptance is low because users generally don’t want to give their employers complete control over their mobile devices (whatever happened to privacy?!). It can take hours and hours of discussions with staff reps before both sides are able to come to an agreement. If companies decide to develop their own MDM in-house, they will need to have the necessary IT resources. Whereby this challenge is fairly easy to circumvent by buying in managed services or using SaaS from the cloud.
All in all, it takes around twelve months to implement MDM. First the system needs to be tested on various mobile devices, and then the company needs to carry out advance tests with complex policies if they want to avoid complications at a later date. If a company wants to develop its own apps, however, there’s no avoiding MDM.
Being more streamlined, container solutions are fast and inexpensive to implement. Thanks to the fact that they can adapt to existing infrastructures, they are far more flexible than MDM solutions. And if the infrastructure changes, container solutions can be adapted with minimum effort. In addition, the app places very few demands on IT. Nonetheless, the golden rule for standardised services applies: additional measures should be taken in connection with individual, complex internal infrastructures.
Using a container solution is highly advantageous when it comes to respecting the privacy of employees. The IT department only has access to the business container – so if the employee uses their mobile device privately, it really does remain private. Which means staff reps are much more likely to agree to the solution. The idea of protecting business data, business communication and business systems can also be used to support all modern mixed-use scenarios. For example, it can easily cater to extended enterprises for temporary external workers, BYOD, COPE and more.
If your company is considering MDM, don’t make the mistake of imagining a container solution is superfluous. Because MDM systems can only guarantee a safe work environment in connection with containers.
So which solution is right for which type of company?
When selecting a mobile security solution, companies should also pay attention to relevance and practicality. An analysis conducted by Gartner concluded that companies with MDM systems tend to use only 10% of the available features. Which means they’re paying for a whole lot of options that they don’t actually use.
Whichever solution you choose, it should ‘fit’ your mobile strategy, your user requirements and the size of your company. If the IT department in your company is streamlined, you’ll need a streamlined solution that provides sufficient protection with relatively little administrative input.
The cost-benefit ratio, the level of effort involved and the level of flexibility are not the only decisive factors when choosing a mobile security solution. You also need to be sure your IT department (administrators) and employees (users) will actually use the solution. Whether or not they accept a solution will often depend on how user-friendly it is. And if they don’t accept it, they won’t use it; and if they don’t use it, the company data won’t be protected.
The reality is complex, and various different voices clamour for attention when it comes to choosing a solution for mobile security. So let’s end with the good news – it doesn’t have to be a case of either/or! Containers and MDM are not mutually exclusive. They can easily be combined to create a holistic solution and cater to all the different security aspects of your mobile strategy.
Find the right solution for mobile security
Contact us! There’s no one-size-fits-all answer when it comes to finding a solution for mobile security. We’ll help you find the right answer to fit your specific company needs.
Container app: increase mobile security with a single cure-all solution
Container apps such as SecurePIM protect business data on mobile devices. SecurePIM stores the data in a dedicated container and encrypts it for storage and transfer. As a result, it becomes impossible for outsiders to access company data when the mobile device is being used for private purposes. This eliminates a host of laborious tasks for the IT department, since company data is only accessible via the app. At the same time, SecurePIM has all the important features you need for mobile work. For example, users can send and receive encrypted emails from their mobile device or access company documents via a secure gateway. The integrative design of the app means you can easily combine it with an MDM or EMM system.