Mobile device management (MDM) technology has matured and is widely adopted across the enterprise. MDM now serves as a baseline management tool for organizations, supporting workers using smartphones, tablets and laptops for business use. While MDM technology has somewhat commoditized and evolved to the broader enterprise mobility management (EMM) market, businesses are seeing revived interest in device management as IT teams are tasked with discovering, managing and securing new types of endpoints connecting to business networks.

Learn about IBM’s industry-leading approach to MDM

Smartphones and Tablets Have Company: Supporting New Device Types

Broad new categories of devices types are appearing on enterprise networks and connecting to IT infrastructures. Technologies such as the internet of things (IoT) are appearing in the workplace, including connected conference room equipment such as video and audio gear, collaborative computing platforms (e.g., Microsoft Surface Hub), general-purpose wearables (Apple Watch), and specialty devices (augmented and virtual reality). These diverse form factors are increasingly being used in office environments and in specific use case scenarios. Consumer IoT devices, such as Apple TVs, Chromecast, and smart speakers such as Alexa and Google Home, are also popping up in the office, making business workspaces more connected and productive.

The general proliferation of screens in the enterprise is another trend driving new interest and deployment scenarios for MDM. When formerly analog processes (paper workflows, clipboards, etc.) become digitized, a smartphone or tabletlike device is often introduced into the process. The addition of these devices presents a new opportunity for mobile device management enrollment and use case support.

In industrial and ruggedized device scenarios, smartphones and tablets are increasingly replacing legacy and proprietary handheld devices for single-purpose applications, such as bar code scanning inventory tracking, image capture and data input. Many proprietary endpoint technologies are converging and standardizing on smartphone operating systems such as Android and iOS. These new rugged, single-app devices will still require close monitoring, management and security. In some use cases, the most sensitive information in a business’s supply chain, workflow or other operations often flows through such endpoint types.

Rapid adoption of Windows 10 devices and modern management frameworks is another driver of new MDM use cases and management scenarios. Windows 10 devices can be managed traditionally by PC management platforms such as Microsoft System Center Configuration Manage (SCCM), but also under a new modern management framework, where PCs are not managed by traditional domain-joined or active directory. Modern management is essentially “Windows MDM,” similar to MDM used for iOS/Android phones. Software updates, application delivery and other configurations are done over the air on the public internet. Modern management greatly expands the use cases as well as the potential universe of devices that could be managed by an MDM platform.

The Risks and Rewards of Connected Workspaces and Workplace IoT

There’s a strong business case for having a connected workspace and working environment. This notion encapsulates futuristic scenarios — such as connected conference rooms with audio, video and collaboration tools — where meetings start instantaneously when attendees enter the room. When technologies such as location tracking and awareness tie into systems like smart building and facilities solutions, advanced use cases around power management, smart facility management and physical security analytics come into focus.

There are risks and challenges involved in connecting all these new endpoint device types into a connected workspace. Industry standards surrounding IoT device security are in their infancy, and this space is rapidly evolving across a broad swath of industries looking to connect products to IP networks. There are already stories in the media about mundane connected endpoints used as launching points for sophisticated cyberattacks on enterprise IT infrastructure. Businesses will have to weigh the potential benefit of a highly connected workspace with the risk of breeches and intrusions that such an infrastructure might make possible.

MDM’s Role in Connected Workspace Device Management

The role of MDM in a connected workspace environment is similar to the traditional role of MDM in fleets of smartphones and tablets. Software updating, policy enforcement and endpoint configuration are primary functions of MDM in workspace IoT environments. Ruggedized, consumer and industrial IoT endpoints require software updates, patches and monitoring for compliance and security posture.

An MDM platform deployed for a connected IoT workspace can also be a critical tool in mitigating threats to connected devices on the network. If a hacked or compromised device is detected by a security platform, MDM platforms will play a critical role in the enforcement chain, from disconnecting devices from the network quarantine to providing OS-level wiping in other scenarios.

What to Look For in a Modern Mobile Device Management (MDM) Platform

An MDM deployed in the modern connected office should have a strong set of attributes and capabilities for securing and managing new types of connected devices. Not all traditional MDM platforms will apply to this new type of use case.

Look for MDM platforms that have strong device management capabilities across a broad set of endpoint operating systems. This means going beyond traditional MDM-managed OSs, such as iOS and Android. In these scenarios, MDMs must support platforms such as Windows, Linux, real-time operating systems, and emerging/embedded IoT operating systems such as Android Things. MDM tools for advanced workspace management scenarios should also have a strong ecosystem of software partners around security and management technologies. Key integrations here include security and vulnerability management systems, security information and event management (SIEM) platforms, and advanced mobile threat defense (MTD) integration.

As new deployments of screens, IoT devices and other connected endpoints proliferate across enterprises, IDC sees MDM technology as a strategic platform for businesses to secure, manage and control these new mobile-oriented use cases.

Learn about IBM’s industry-leading approach to MDM

More from Endpoint

The Needs of a Modernized SOC for Hybrid Cloud

5 min read - Cybersecurity has made a lot of progress over the last ten years. Improved standards (e.g., MITRE), threat intelligence, processes and technology have significantly helped improve visibility, automate information gathering (SOAR) and many manual tasks. Additionally, new analytics (UEBA/SIEM) and endpoint (EDR) technologies can detect and often stop entire classes of threats. Now we are seeing the emergence of technologies such as attack surface management (ASM), which are starting to help organisations get more proactive and focus their efforts for maximum…

5 min read

X-Force Identifies Vulnerability in IoT Platform

4 min read - The last decade has seen an explosion of IoT devices across a multitude of industries. With that rise has come the need for centralized systems to perform data collection and device management, commonly called IoT Platforms. One such platform, ThingsBoard, was the recent subject of research by IBM Security X-Force. While there has been a lot of discussion around the security of IoT devices themselves, there is far less conversation around the security of the platforms these devices connect with.…

4 min read

X-Force Prevents Zero Day from Going Anywhere

8 min read - This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…

8 min read

Patch Tuesday -> Exploit Wednesday: Pwning Windows Ancillary Function Driver for WinSock (afd.sys) in 24 Hours

12 min read - ‘Patch Tuesday, Exploit Wednesday’ is an old hacker adage that refers to the weaponization of vulnerabilities the day after monthly security patches become publicly available. As security improves and exploit mitigations become more sophisticated, the amount of research and development required to craft a weaponized exploit has increased. This is especially relevant for memory corruption vulnerabilities.Figure 1 — Exploitation timelineHowever, with the addition of new features (and memory-unsafe C code) in the Windows 11 kernel, ripe new attack surfaces can…

12 min read