MDM vs. MAM: which one is right for you? Mobile Device Management, or MDM, is often compared against Mobile Application Management, or MAM. What are they, what do they do, how do they work, and which one should you adopt for your business? Let’s explore!
Before we dive in…
It’s important to understand that both MDM and MAM are systems designed to help secure company data, as well as access to that company data. Where they primarily differ is in how they protect that data, and how they integrate with a given device.
They both have their pros and cons, and each one is appropriate in different situations. Many companies will actually use both in different capacities to help protect their devices and data, and can be integral if you want to offer remote work opportunities! One isn’t inherently better than the other. With that disclaimer, let’s start with some definitions:
What is MDM?
Mobile Device Management is, at its core, a platform that takes over the entire device and gives a company the ability to manage pretty much all aspects of the device. From the wallpaper to preinstalled apps, MDM gives an organization virtually unlimited control. MDM allows companies to do things like:
- Remotely lock down a device
- Configure update settings
- Set up password or security requirements
- Force certain apps to install automatically
- Restrict what an employee can or can’t do on a device
As you can see, MDM is extremely invasive, which is where its primary use case comes in: MDM is usually used to manage company-owned devices.
Let’s use an example: Let’s say you wanted to open up the Outlook application on a phone. If you have a phone that is configured with MDM, the company can force your whole device to be encrypted, and limit the amount of time that your screen can stay on before it shuts off. Before you even think about opening Outlook, the entire device is already being monitored and can be controlled, locked, and wiped on a moment’s notice.
What is MAM?
Mobile Application Management, unlike MDM, is much, much less invasive. Where MDM takes over an entire computer, MAM simply controls a specific application that you might use to access company information, such as a company email account or cloud storage. MAM does not have access to anything outside of the protected application, and cannot exert control or see what goes on elsewhere in the device. MAM allows companies to do things like:
- Require a PIN code when accessing a specific app
- Block access to data in a specific app if the device owner doesn’t update their device
- Remotely wipe the data in a specific app
If MDM is appropriate for company owned devices, MAM is primarily intended for personal devices that might be used to access company resources: It’s much, much less invasive, and only focuses on securing company data and accounts on the device, without taking over the entire device.
Using our example above, let’s try to access Outlook on a device with MAM: You open Outlook and MAM immediately kicks in, making sure that the app is secure. It can’t activate before you access the app, and can’t touch anything outside a specific app.
Which one should I use?
Most organizations use a combination of both, but the use case for each is pretty clear:
- MDM is designed to control company owned devices. Using MDM on personal devices raises many legal, privacy, and security concerns due to the incredibly invasive nature of MDM. If your company purchases and owns its own computers and/or phones and then provides those to its employees, MDM is the best option. MDM prioritizes security at the cost of device privacy, which isn’t a problem for company owned devices.
- MAM is designed to allow personal devices to securely access company data, without compromising the privacy of the personal device. MAM is the preferred route if your goal is to give your employees the ability to access company resources on their personal device, while minimizing the risk of data compromise. MAM balances security with privacy, making it perfect for BYOD (Bring Your Own Device) programs.
As you can see, the true discussion isn’t MDM vs MAM. They both have their valid business uses, and they both bring value and security when configured correctly. It’s primarily a matter of finding out which one is right for you.
How can I set up MDM and/or MAM in my business?
You might be surprised, but if you use common identity provider services like Google Workspace, Microsoft 365, or JumpCloud, you are likely already paying for some basic MDM and MAM features! Contact us today for help unlocking these features.
Both MDM and MAM solutions require thorough due diligence and configuration to properly implement, including appropriate policies and procedures to make sure that they succeed, but here’s a quick rundown of the process:
- Settle on an MDM or MAM solution. Depending on your needs and business makeup, you may want to consider multiple services before you settle on the system of choice.
- Develop policies and procedures. All the fanciest and most powerful systems out there don’t amount to much if you don’t develop documentation to help educate and instruct your workforce. Consider developing policies such as “Remote working policy” or “Bring Your Own Device policy”.
- Enroll all company devices into MDM, and/or launch a BYOD program with MAM. Once you’re ready, have your systems, policies, and documentation in place, it’s time to launch!
- Have ongoing support. This is arguably the most important step. Ongoing support helps users when they run into issues, or when adjustments need to be made. These aren’t set-it-and-forget-it systems, they need to be tended to and adjusted as time goes by.
MDM and MAM solutions are incredibly powerful and valuable tools that can help keep your company safe. If you want to explore to see if MDM and/or MAM is right for your company, we can help guide you through the entire process.
From settling on a solution to maintaining ongoing support, we are ready to be your security partners in matters of MDM, MAM, security, and more. Reach out to us today to schedule a free consultation!