The functions and necessity of EMM software and processes

Many organizations today have reached the point where they need to move beyond a basic device enforcement policy to an enterprise mobility management (EMM) process. Organizations must determine when to implement an EMM strategy and the best way for them to do it.


What are the use cases for EMM software components?

Products such as Microsoft’s Exchange Server and Google Apps are useful for policy enforcement when implementing a device management system. Policy enforcement gives companies the tools to access email and other personal information management services (calendar, contacts and notes) and to provide limited policy control on devices for tasks such as wiping a lost or stolen device. Policy enforcement can only go so far in managing mobile devices, though; IT teams need to use EMM software to gain greater control over mobility management.

Organizations need to adopt an EMM strategy when the following questions arise:

  1. How do we manage company devices?
  2. Can IT control how apps are installed and controlled on a device?
  3. How can we control content pushed out to a device?
  4. How can IT treat all endpoint devices (laptops, phones, tablets and more) from one console?
  5. How do we manage identity across many operating systems and web interfaces?

IT admins require visibility into personal and company devices

Immediate access to corporate email and content through a mobile device is beneficial to any business. But as the benefits increase, so does the risk. Employees can lose devices, send emails to unknown sources and easily share sensitive business data from their mobile device. It is the responsibility of IT and the CISO to create an environment where employees can leverage leading edge technology without creating an insecure environment.



Find more PRO+ content and other member only offers, here.

  • E-Handbook

    What IT needs to know about unified endpoint management

  • E-Chapter

    Secure mobile data inside and outside the firewall

  • E-Handbook

    Effective mobile enablement embraces devices, data and apps

Mobile device management (MDM) is one part of an EMM strategy. The goal of an MDM system is to manage a corporate network’s devices. The leading MDM providers include support for Apple’s iOS and Google’s Android mobile operating system in their products. For many companies, MDM is the first step in an EMM strategy.

Many MDM features are migrating to UEM (unified endpoint management) services. The goal of UEM is to streamline PC and mobile device support management. Under UEM, PCs, laptops, tablets and smartphones are all regarded as endpoints (points where data is presented to the user). Indeed, the scope for different endpoint devices will continue to increase as new digital devices, such as smartwatches and the internet of things, gain usage in larger organizations.

Managing mobile content and apps

MDM is effective for managing an entire device, but what if companies only want to maintain a single app on a device or the content inside of an app? This type of scenario is important when apps are pushed out to personal devices or to devices that belong to third-party partners. If you are building tools that will be used by partners, then you need to consider how to leverage both mobile application management (MAM) and mobile content management (MCM) in your EMM strategy.

MAM provides control over custom enterprise apps and selects which third-party apps users can install on a device, whether the device is company-owned or BYOD. The strategy works by encapsulating an app in a siloed space on the device. Encapsulation offers protection from malicious software on the device. Many of the leading EMM software providers support MAM functions in their services.

While MAM is a relatively inexpensive tool for content control, the method of encapsulation restricts the app from communicating with other apps on a device. MCM is a newer, more precise process that manages the content in the app.

Device user authentication

Single sign-on (SSO) is a set of established technologies that enable Windows users to authenticate through websites quickly. It is a VPN that was made into a mobile feature. The demand for SSO services has extended well beyond Windows-based authentication and now includes authentication across social networks and new operating systems (iOS and Android, for example).

Identity as a service (IDaaS) has evolved to address the shortcomings of SSO for the modern world, where many devices and many operating systems are now standard. The core of IDaaS is built around open standards such as OAuth 2.0, OpenID Connect and other current authentication criteria. IDaaS aims for easier and more secure authentication to access device content.

If the first challenge for mobile devices is user authentication, the second challenge is managing user profiles. A profile is common on Windows, Mac OS X and Linux systems. At its core, a profile sets the correct email, settings and applications access for each account that logs onto the device. Both Apple and Google have immature models to address profile management. For Apple, the ability to control profiles is only currently available in education settings where students can share an iPad. For the Android platform, Google introduced Android for Work, which builds on the profile management now in Android’s core OS. Both technologies, however, are still new, and organizations should treat them with caution.

Operational Simplicity

EMM software provides IT with the tools to manage users, control apps and manage content usage. It also manages mobile device features, like audio and location services, and device management features for IT, like fingerprint sensors and camera blocking.

The number of devices that IT needs to manage is growing exponentially. Millennial workers typically own three or more devices. The pressure weighs heavily on IT to manage an increasing number of devices with faster rollover for each device (many companies support a two-year life replacement cadence for mobile devices versus four years for PCs). If departments feel the pressure to increase the rollover of devices while still ensuring effective management, then they need to incorporate MDM and UEM technologies in their EMM strategy.

[Source:-Tech Target]