PREVENTING DATA LOSS ON USER DEVICES DOESN’T HAVE TO MEAN LOCKING DOWN THE DEVICE OR CRIPPLING PRODUCTIVITY BY ENFORCING VPNS.
Users will balk at working from their BYO device if the organization requires them to enroll that device. But since hackers are shifting their focus from servers to devices and users, organizations must account for these attack vectors.
Figure 2: Trends of attack targets, from Verizon's 2016 Data Breach Investigation Report
The “user devices” line is on the rise due to devices being infected with malware, and the “person” line is from users being victimized by phishing attacks.
Typical Mobile Device Management systems have two main shortcomings which are resolved by Mobile Application Management solutions. First, there are too many users (contractors, field workers, techs, BYOD users) for which device enrollment isn’t feasible. MAM enables control without enrolling devices. Also, Mobile device management lacks the granular control that enables governance at the app-level.
MAM solutions can address both issues and more, by providing granular, application level security. Applications can be secured without enforcing enrollment. MAM solutions can properly manage devices that are more loosely controlled, such as partners and agents.
Mobile Application Management (MAM) allows a business to:
- Deliver and manage apps across a broad range of devices, including iOS, Android, Windows and Windows Phone all from a single management console
- Simplify administration by deploying required apps automatically during enrollment and allowing users to easily install corporate apps from the self-service Company Portal
- Help maximize productivity with the Office mobile apps your employees know and love while preventing the leakage of company data by restricting actions such as copy/cut/paste/save in your managed app ecosystem, and extend these capabilities to existing line-of-business apps
- Deploy certificates, WiFi, VPN, and email profiles automatically once a device is enrolled, enabling users to seamlessly access corporate resources with the appropriate security configurations
- Provide comprehensive settings management for mobile devices, including remote actions such as passcode reset, device lock, and data encryption
- Remove corporate data and applications when a device is unenrolled, noncompliant, lost, stolen, or retired from use
- Extend System Center Configuration Manager infrastructure through integration with Microsoft Intune to provide a consistent management experience across devices located on-premises and in the cloud