Debate Club: Comparing the Merits of Enterprise Mobility Management and Client Management Tools
For IT and security leaders, the ability to manage devices, apps and content are critical to end-user productivity and the protection of corporate information.
There are two popular methods for doing this across smartphones, tablets, laptops and servers. For mobile devices, the technology is most commonly referred to as enterprise mobility management (EMM). For laptops, companies typically leverage client management tools (CMT). But which method is more effective?
Let’s take a closer look at what defines and separates EMM and CMT, both of which are powerful tools that have made a place for themselves in the world of IT management.
Client Management Tools Versus Enterprise Mobility Management
CMT gives IT visibility into the organization’s servers, laptops and operating systems. This technology is a stalwart of IT management that is responsible for much of the inventory and patching completed in the past few decades. It also helps administrators detect vulnerabilities and attacks against endpoints and shut them down. Most of this activity is considered behind the firewall.
Since its inception, EMM’s purpose has been to manage smartphones and tablets in the enterprise by focusing on security and productivity. This is done by enabling some key capabilities, including:
- Mobile device management (MDM) — managing devices via APIs;
- Mobile application management (MAM) — pushing applications;
- Mobile content management (MCM) — distributing documents and content; and
- Mobile threat management (MTM) — reporting and remediating mobile malware.
Another standout feature of enterprise mobility management is support for bring-your-own-device (BYOD) environments. This helps IT reduce costs and increase user satisfaction, since it eliminates the need for employees to understand and set up new devices.
OS Support and Enrollment Options
CMT is a dominant force that supports servers, Linux, UNIX and Microsoft Windows, as well as Apple macOS on a limited basis. Leveraging an agent-based approach to enrollment, CMT requires traditional Microsoft Win32 and Mac PKG/DMG packages. Taking a more hands-on approach to installation compared to EMM, CMT must be manually installed via sneakernet, USB or download site. Another major advantage of CMT is the ability to embed or ghost it into an OS image.
Free from the requirements of on-domain registration, EMM allows users to install their devices over the air (OTA) with APIs and rarely requires IT intervention. EMM can also support Apple’s Device Enrollment Program (DEP), Windows’ Out-of-Box Experience (OOBE) and Android’s Zero-Touch enrollment to make enterprise setup effortless. In addition, EMM integrates with existing infrastructure, such as Microsoft Active Directory/Lightweight Directory Access Protocol (AD/LDAP).
EMM outdoes CMT with support for Apple iOS, Android, macOS and Windows. However, neither solution is able to fully manage wearable and Internet of Things (IoT) devices.
Identity Management and OS Patch Management
Both solutions are well-matched in terms of capabilities such as distributing apps, documents and files, and enabling single sign-on (SSO) to web and cloud apps via desktop and mobile devices. This also includes identity management, which allows users to simply enter their corporate credentials to gain access to enterprise resources on apps and cloud services with SSO. This capability connects with public app stores to ease app distribution and accessibility.
CMT pushes Windows, macOS and third-party patches, as well as client configuration, registry changes and client-based actions. EMM can do some patch management, but it is limited by mobile OS platform restrictions.
EMM extends its reach a bit further with distribution options for smartphones and tablets. It also offers users access to encrypted content repositories and supports third-party file shares.
How EMM Handles Malware and Compliance
CMT can identify and understand potential cyberthreats and take action to maintain the security and compliance of servers, laptops and desktops. CMT also supports privacy and data standards, such as the Center for Internet Security (CIS), Defense Information Systems Agency Security Technical Information Guides (DISA STIGs), U.S. Government Configuration Baseline (USGCB) and Payment Card Industry Data Security Standards (PCI DSS).
EMM anticipates mobile mishaps and sets specific policies to counteract anything that might impact the environment. With its APIs, EMM utilizes MTM to remediate malware on devices across the enterprise. For additional security, EMM provides an encrypted container for emails, contacts, calendars, chats and a secure browser, which helps security professionals preserve user privacy while separating enterprise and personal data on employee-owned devices.
Unified Endpoint Management Replaces EMM and MDM
Unified endpoint management (UEM) encompasses capabilities of both CMT and EMM. This technology enables security and productivity for all users and devices, including smartphones, tablets, laptops, desktops, wearables and IoT devices, all from the same modern IT management tool. It does all the things that CMTs and EMMs are known for, offering the broadest level of support from legacy platforms to Windows 10 and macOS. It can send patches and third-party app updates, as well as app distribution and installation for Win32, PKG/DMG and AppX payloads. It also includes a universal app catalog with support for all major endpoint and mobile platforms.
UEM provides consistent policy management, enforcement, vulnerability detection and remediation across all form factors, making it easy to secure all endpoints used for work. Finally, UEM delivers cognitive insights, contextual analytics and cloud-sourced benchmarking capabilities. These features help IT make sense of the mobile minutiae they encounter daily while protecting endpoints, users, apps, docs and their data from one platform.
The Power of Cognitive UEM
IBM MaaS360 with Watson delivers cognitive capabilities to help IT leaders make sense of their endpoints and mobile environments. MaaS360 puts risks, opportunities and general information front and center for IT, providing ample context and recommendations for what to do next. Taking a cognitive approach to UEM saves time for IT teams while enabling their endpoints, end users and everything in between, including apps, content and data.