Nine in ten Americans now own a smartphone, according to a 2024 Pew Research study. And these smartphones are increasingly being used for work. A general rise in remote work since the COVID-19 pandemic has led to an increase in the usage of mobile devices and personal software for work purposes, as people report in from home, coffee shops, or anywhere.
This increased mobility offers many benefits for workers. It also puts new demands on IT to secure their networks across various devices and protect those endpoints from bad actors. Mobile device management (MDM) is one solution many organizations use to secure their networks. But what is mobile device management, and how well does it actually serve that purpose?
There are plenty of myths about mobile devices, chief among them that they’re more secure than desktop devices. This couldn’t be more wrong. The unfortunate truth is that mobile devices are increasingly being targeted by threat actors, and MDM alone isn’t sufficient to secure your network against mobile-based intrusion. To explain why, we’ll need to dive into how MDM works and examine why MDM isn’t enough.
What is mobile device management?
MDM is a methodology and toolset that provides IT teams with the means to manage, monitor, and secure mobile devices on their networks. MDM can be used with a variety of devices, including mobile phones, tablets, laptops, and Internet of Things (IoT) devices.
How MDM works
While every piece of MDM software is different, in general, MDM works by enrolling devices into the network’s protection policies and then monitoring the usage of each device as it accesses the network. Different MDM solutions then offer further tools IT teams can use to analyze how a device accesses data, manage what data it is authorized to access, troubleshoot the device, and even wipe it in the event of a breach.
The idea is to grant IT teams near-universal access to mobile devices. Functionally, MDM allows organizations to perform the following tasks:
- Device tracking: Devices can be configured to include GPS tracking so that organizations can track their current location.
- Policy monitoring: MDM can help monitor devices to ensure they follow organizational policies, such as disabling cameras and enabling passcodes, etc.
- Remote device management: MDM can be used to manage devices by installing updates, remotely locking them, or even wiping them.
Why MDM isn’t enough
Though it can streamline the management of different kinds of devices, MDM does present some challenges. Simply put, MDM isn’t enough for the following reasons.
No standard
Choosing the best MDM solution is the first and biggest challenge most companies face. There is no one-size-fits-all MDM application. Instead, it’s a mix of toolkits implemented across different solutions by different companies.
Lack of foresight
To make matters worse, many companies look for the MDM solution that best meets their needs at the time instead of looking for what will meet them 12 to 24 months down the road. As a result, many MDM solutions are outdated by the time they are implemented.
Mobile device targeting
Threat actors are always going to target the weakest link in the chain. For organizations where people commonly access corporate resources with mobile devices, that link will often be the mobile devices themselves. We’re already seeing attacks directed explicitly at mobile devices that attempt to exploit gaps in MDM protection.
Multiple operating systems
Although it may be simpler to manage a workspace with only one operating system, the reality is that multiple operating systems have become the norm. This means IT teams have to not only manage different kinds of devices but also different update schedules and security requirements.
The majority of MDM platforms weren’t designed for multiple operating system environments. This means IT teams have to purchase different versions of their chosen MDM software for each operating system or else leave some of the devices connected to their networks unprotected.
Data challenges
A work-from-anywhere culture introduces opportunities for data to spread across multiple devices and operating systems. While this myriad of devices is convenient, it comes with a cost in data quality. Attempting to keep track of data spread across too many devices can lead to missed updates and a degradation of data accuracy in any given device.
Keeping up with dynamic data sets can also be a challenge with MDM. Modern workflows demand access to the right data at the right time. Ensuring access while also ensuring every device upholds an organization’s security policies can lead to measures that are either not enforced or become unenforceable over time.
Compliance
Compliance with regulations often relies on strict data management. Failure to ensure data security can mean noncompliance and potentially a loss of business. MDM doesn’t strictly enforce compliance, leaving data managers to fend for themselves.
Privacy
Finally, some employees may have concerns about privacy when a company deploys MDM. MDM collects a lot of data about a device, and some of that data may be personal. Employees may also object to location tracking, especially when using their personal devices to connect to the network.
How to augment MDM
While MDM is a great first layer of security for companies utilizing mobile devices, it’s clear that additional protection is required. Mobile threat defense (MTD) picks up where MDM leaves off to fully secure your networks against mobile-based attacks and address many of the challenges faced when using MDM.
MTD is a proactive strategy dedicated to detecting, analyzing, and mitigating threats against mobile devices in real time. MTD solutions provide continuous protection of mobile devices whether or not they’re in use, or even online. They use AI and machine learning to block cyber threats, quarantine devices to prevent attacks from escalating, alert users and security teams of a breach in progress, and automatically remediate certain issues and vulnerabilities.
Additionally, MTD enhances MDM in the following areas:
Endpoint security
MTD secures the mobile device as a whole, not just at its connection to the network. Enhanced endpoint security guards against mobile malware and data loss.
User behavior monitoring
MTD analyzes network activity and detects threats in real time. By examining the typical behavior of users, MTD can detect when a user might be behaving in ways that are not typical — often a sign of a breach in progress.
Zero trust
Zero trust architecture is what it says: zero trust. Instead of verifying a user only when they sign onto the network, zero trust requires verification at every step of a user’s interactions. It never assumes a user has proper access. Integrating MTD with zero trust technologies ensures that activity is monitored continuously, severely limiting the impact of a breach.
Add another layer of protection with Lookout
Mobile devices aren’t going anywhere, so the safer you can make your network against mobile-based intrusion, the better off you’ll be. MTD adds a holistic and proactive approach to mobile device security, increasing productivity and streamlining compliance. To learn more about how to enhance your mobile data protection strategy, download our free e-book, The Mobile EDR Playbook.
Book a personalized, no-pressure demo today to learn:
Discover how adversaries use non-traditional methods for phishing on iOS/Android, see real-world examples of threats, and learn how an integrated security platform safeguards your organization.
The Mobile EDR Playbook: Key Questions for Protecting Your Data
Mobile devices reshape work, but also bring new risks. Are you safeguarding your people and data? Discover answers in our e-book—assess your mobile threat readiness now!
Explore resources by topic
Subscribe
Sign-up for the latest Lookout news and threat research
