Enterprise Mobility Management (EMM) is the process of securing an organization’s data on employee mobile devices, whether employee owned or corporate issued. EMM solutions typically include a broad suite of services designed to keep an organization’s intellectual property and customer personally identifiable information (PII) safe and secure while integrating with other enterprise IT systems and applications to deliver a broad range of business functionality.
EMM solutions vary widely from organization to organization. Some are focused on securing specific applications; others attempt to completely secure or lock down employee devices, limiting applications that can be installed and erasing data and applications if a device is lost or stolen. EMM has evolved over the past several years from a strictly mobile device focus to enabling mobility in a broader sense, including Windows and MacOS laptops and tablets, access management, and improving the user experience (UX) for mobile applications and devices.
Enterprise Mobility Management provides a single platform for enterprise mobility management, featuring a centralized console to manage mobile devices, email, applications, content, browsing, and more, offering a flexible approach to manage the devices or a secure workspace on devices to address the different use cases and needs organization-wide.
Some common benefits of EMM systems include simplified and unified management and security by:
- Support for a broad range of devices, mobile and stationary, so as many devices as possible can be managed by a common platform.
- The ability to protect all data on devices, whether corporate or personal data, by protecting all information with passwords and multifactor authentication, and with the ability to selectively erase corporate data without affecting personal employee information.
- Ensure security software is current by pushing updates as they become available to help prevent zero-day attacks.
- Utilize app stores to speed deployment of business applications in a secure manner and limit which applications can be installed on corporate devices.
- Enforce compliance by ensuring devices used remotely are utilizing secure infrastructure before access is granted to protected information or intellectual property.
- Provide usage data, analytics, and reporting to help uncover patterns that can improve utilization or that might indicate possible breaches or exfiltration of data.
- Applying a policy engine that can set and implement policies, modify them as need be, and tailor them for geography, department, job function, or other factor.
There are many components and technologies used in EMM, and they are constantly evolving. Here are the most common elements of an EMM system:
Mobile Device Management (MDM). MDM is used to manage mobile devices via the use of profiles installed on each device. This enables remote control, encryption, policy enforcement, and the ability to wipe a device of select applications and data should it be lost, stolen, or when an employee leaves the organization.
Mobile content management (MCM). MCM is responsible for managing content on mobile devices, including content access, security, pushing content to devices and protection of content at the file level. Many MCM tools work directly with popular cloud storage products to authorize access and data for each user.
Mobile identity management (MIM). MIM is concerned with authentication and sign-on, including certificates, code signatures, authentication, and single sign-on to ensure that only authorized users and trusted devices can access corporate resources.
Mobile application management (MAM). MAM focuses on deploying, managing, and updating the applications that run on an organization’s mobile devices. MAM tools include pushing updates, license management, and application security, enabling specific applications to be protected, managed, and deleted if they are retired. MAM is gaining in popularity as it is a way to apply policies and security protocols to specific applications and their data without the need to wipe the entire phone.
Mobile information management (MIM). MIM, which is usually part of MDM or MAM services, is responsible for remote access of databases from the mobile devices, and often integrates with the many public cloud storage and collaboration services such as Dropbox.
Mobile expense management (MEM). MEM tracks mobile communication expenses, delivering insights to the organization regarding device usage, services consumed, and policies such as BYOD reimbursements. Data collected by MEM can also be used for chargebacks or audits of mobile device usage.
EMM manages the entire mobile device, while MDM is focused on specific device features. While EMM includes security and policy compliance, application tailoring, and integration with enterprise network directory services, MDM is used to manage mobile devices via the use of profiles installed on each device. This enables remote control, encryption, policy enforcement, and the ability to wipe a device of select applications and data should it be lost, stolen, or when an employee leaves the organization.
MDM’s device focus also provides insight into specifics such as OS being used, provisioning status, and what types of device are in use where, by whom, and in which department or business unit.
As organization demand a more holistic approach and view of mobility, many are expanding from a simple MDM approach to an EMM approach that offers a single view of all endpoint user devices and incorporates security from the ground up. As a result, many organizations now utilize a cloud enterprise mobility management platform, opting to store device data in the cloud rather than on a specific device for ease of access and to enhance analysis capabilities.
Related Solutions and Products
Enable cloud-native, modern management to simplify IT operations, secure endpoints and enhance the employee experience from all devices, including Windows 10 and Windows 11.