Mobile Device Management Systems (MDMs) can come in very useful, as your business is growing, the employees will grow with it. In turn, the devices that your employees work with will also increase. Regardless of the nature of your business, you will still have employees on devices that need to be secure. While making them secure, you also need to ensure that it’s not a pain to manage, that each device does not need to be individually updated, and from a security and compliance point of view you can easily track and wipe them. We had the same challenge so decided to research into MDMs. First, we had to understand what they are.

What Are MDMs?

The ownership of work devices can vary widely from business to business. For example, a lot of companies will have a BYOD (bring your own device) policy where work information is kept securely on a personal device. Others take the more traditional approach of having a personal device and a ‘work phone’. In both instances we still need something that centrally manages these devices — enter MDMs. It should be noted that MDMs by nature cover mobile phones; however, some will offer the ability to add laptops and computers to their policy.

The core use for an MDM is to set policies on what apps can or can’t be downloaded on the device, what data can be stored etc. You effectively have complete control over the device to the extent that you could even choose if the device camera, location services or accelerometer can be used.

This makes it tricky if you have a personal phone but some MDMs offer a way to ‘partition’ private information from company information. From a security perspective, MDMs are extremely useful and are the main reason we at Indiespring use them for our QA devices. You can force screen locks, pins and wipe the devices in an emergency.

Some of the other core functions of an MDM include:

  • Ensuring that user equipment is configured to a consistent standard and it has a supported set of applications
  • Updating devices or applications for all users
  • Ensuring that users use applications in a consistent and supportable manner
  • Monitoring the use and performance of devices and being able to diagnose issues remotely
  • Monitoring and tracking equipment (e.g. location, status, ownership, activity)

If you have read our article on Data Security, you will notice that MDMs cover a number of the security issues we see in our industry today. There needs to be a balancing act with your Mobile Content Management (MCM). You need sufficient security so that it is protected from outsiders while still being accessible and usable to your device users.

How we use MDMs at Indiespring

As we are primarily a mobile development agency, you would expect that we have a lot of phones used for both development and QA purposes. We need to ensure that our apps are consistently up to date, as we discussed in our article about Ongoing Assurance.

The main reason we use our MDM is to ensure we have the correct number of devices across all platforms so that we can give our customers the best experience, both from a development point of view and quality assurance. This starts with development and planning with our clients. As part of our discovery process, we will identify the devices/OS’s that your project needs to work on and can then use the MDM as a record to show all available devices, versions, and operating systems.

For QA, we use them for a similar purpose. We can track who internally has which phone for planning purposes and identify any phones that need to be updated. Some MDMs will also allow you to force these updates due to, for example, any security vulnerabilities that might cause issues with our developing apps.

Mainly the MDMs help with the security and the ‘peace of mind’ aspect of our business. In a number of cases we may need to do some testing with sensitive data from our clients. The MDM will allow us to track what’s installed on the device and turn off any apps that may be harmful. The MDM will also allow us to wipe the devices from anywhere should they get lost or stolen and ultimately protect our data and that of our clients.

How to choose an MDM

When we were looking at our options for an MDM we took into account all that you have read before this, along with third party integration support and costs. At the end of the day, we narrowed it down to three options.

ManageEngine Mobile Device Manager Plus

ManageEngine Mobile Device Manager Plus is an MDM that you can try for free, which I would highly recommend doing for any MDMs you are researching. ManageEngine Mobile Device Manager Plus is a solution that will allow you to monitor computers/laptops, smartphones, and tablets. Unlike Jamf, it will also support more than just Apple – you can add Android and Windows devices, too.

They pride themselves on the ‘360 degree support for enterprise mobility.’ By this, they make sure that users can quickly bring devices on board, ensure those devices are compliant with new policies, give an easy-to-use dashboard that anyone can use regardless of ability, and finally the ability to troubleshoot devices in real-time.

The main feature is the dashboard. With this, you will be able to monitor mobile smart device statuses giving you complete visibility over all devices that you have within your business. For example you can see what applications are installed on each phone, schedule regular device scans, pinpoint their location easily, and most importantly from a security point of view, easily wipe them. A lot of this can be automated and set up to send a flag/alert when a problem is found, giving you more time to get on with your day-to-day job.

As an administrator, you will be able to start a remote conversation with the user on the phone to help diagnose any issues, or you can even issue security commands to the phone.

Citrix Endpoint Management

Citrix is another top MDM on a lot of lists, which led us to complete a trial with it. Like ManageEngine it allows users to monitor their devices and platforms all from one console. You can monitor multiple operating systems and devices, and even control your Apple TVs.

Their focus is on securing the devices you add to it while also optimising the employee’s experience when using it. Citrix has a focus on the BYOD/multiple devices that we are working on in our daily lives today. So whereas ManageEngine focuses on locking down devices securely, Citrix adds a layer to ensure that when a user uses their system, it’s seamless.

With BYOD, Citrix will aim to isolate corporate and personal data, to ensure that you can still effectively use your own device for business. However, this may lead to issues with blocked apps on specific personal phones secured by Citrix. In order to avoid this, there is a lot of setup required at the start.

You can set up roles, locations or device rules to ensure that sensitive data isn’t compromised whoever or wherever you are. The helpful analytics screens will also allow you to easily see what is working for your users and what isn’t.

Jamf Pro

Jamf Pro offers management of Apple mobile devices, although there is currently no support for Android or Windows devices. This is the perfect tool for a start-up business that may not necessarily focus on Android or Windows.

Admins on the tool can troubleshoot the iOS devices, which will allows them to keep the phones up-to-date with security, phone updates, and the location of the phone. Jamf makes it easy to automate these options, which again will free up some time from users having to update and secure phones manually.

Like the Apple products that it seeks to secure, the user interface is extremely simple to operate, so once set up, anyone should be able to use it.

The MDM Software Indiespring Uses

We decided that the best for us was ManageEngine Mobile Device Manager Plus. It was a close call between that and Jamf, but the lack of Android support spurred our decision. However, the important takeaway is to conduct your own research to ensure your MDM meets all of your requirements. The MDM for us is unlikely to be the best MDM