EMM vs. MDM: How Will Your Enterprise Manage Mobility?

Before progressing too far into the EMM vs. MDM debate, we’ll touch on the background behind the two systems, because it has been something of an evolutionary tale.

Mobile device management has been around almost as long as mobile devices have, and MDM software use grew in parallel with the adoption of smartphones and tablets as standard end-points for corporate IT and communications networks. That growth has been phenomenal and today, close to 80% of enterprises believe the use of a mobile phone is essential for their employees to work effectively, according to enterprise mobility research conducted by Samsung in 2018.

No company wants to lose control of its sensitive business data, but with employees choosing en masse to use personal devices in their jobs, it would have been seemingly inevitable without some concrete protection; hence the emergence of mobile device management solutions.

An MDM system is a central platform to which a company can link its employees’ mobile devices, including smartphones, wearables, tablets, and laptops. By insisting that all devices used for company business be enrolled on the MDM platform, a company’s IT department can control some aspects of their use.

Perhaps most notably, enrollment on an MDM enables administrators to wipe a device of data if it was lost or stolen. Sadly, while this capability was the greatest strength of mobile device management, it also transpired to be a terminal limitation.

Because it works only at the device level, MDM has proven largely unpopular with end users, who often consider it too invasive and threatening to their privacy. One reason for this is that when a phone or tablet appears compromised, all data on that device is deleted. MDM is unable to discriminate between sensitive data belonging to the company and personal data harmless to the organization.

This weakness led to a search for more effective solutions to supersede, or integrate with, mobile device management, spurring the emergence of mobile application management and later, enterprise mobility management.

A discussion of the differences between MDM and EMM must necessarily tend toward an appraisal of enterprise mobility management because in most cases an EMM platform is equipped with integrated MDM, the features of which have been covered in the previous section of this article.

The differences between the two solutions are really in the additional functions and features you will find available in EMM, all of which are designed to overcome the constraints of device-level control and provide a more flexible strategy for managing employees’ mobile technology.

The need for such a transition arose mainly from the bring-your-own-device (BYOD) movement that has seen enterprises shift from issuing phones or tablets to allowing employees to use personal devices for company business. Despite the potential security risks of BYOD, the trend was irresistible for corporate employers, and in any case, if results of a study by Cisco are to be believed, BYOD delivers savings of up to $350 per employee, per year; compared with the cost of issuing company-owned mobile hardware.

While MDM was more than satisfactory—and still is—for companies insisting that employees keep separate personal and company devices, the rise of BYOD required employers to find less invasive methods of controlling business data.

EMM emerged from that need to become the modern standard in corporate mobility management. Instead of solely controlling devices, EMM lets IT departments manage just about any combination of hardware, apps, internal web resources, and data.

Where MDM is a tool, it is more accurate to describe enterprise mobility management as a software suite, as it typically comprises an integrated collection of components for device, application, content, and authentication management. So let’s now look at the various functions and features that you will find in an EMM suite, but which are absent from mobile device management.

EMM places the control of mobile devices and the applications they run in the hands of a corporate IT team, but in this connected age when data is everything, that is still not enough protection in the eyes of many senior corporate stakeholders. That’s why mobile content management is also a part of the EMM concept.

While MAM isolates mobile enterprise apps in containers, mobile content management applies a similar principle to content, such as email attachments and corporate documents. Among the BYOD problems it solves is how to allow employees to use their preferred email apps for business communication without losing control of sensitive content in attachments.

By using targeted containerization to isolate email attachments, MCM automates the control of company-related email, preventing users from accidentally or intentionally releasing proprietary content into uncontrolled environments.

The following email and document protection features are typically available in EMM solutions:

• Secure on-device document storage
• Application-level data encryption
• Selective wiping of documents on a user’s device
• Device quarantining
• Blocking of the ability to cut, copy, and paste content from secure enterprise documents
• Selectively controlled access to documents for third-party apps
• Automated document back-up to the cloud

These controls are not constrained to the protection of emails, which nowadays would be a limitation indeed, given the range of tasks (see the chart below) that companies want their employees to perform on mobile devices.

For example, EMM software also secures documents contained in repositories like SharePoint, enabling employees to communicate, collaborate, access information, and share knowledge freely within the confines of the business domain, while retaining freedom over the personal use of their devices, safe in the knowledge that they will not be unwitting sources of corporate data leaks.

It should be clear from the comparisons drawn in this article that the difference between mobile device management and enterprise mobility management is significant. Any EMM solution worth having will include full device management functionality, whereas an MDM product will almost certainly have no capabilities beyond those needed to control a device as an inclusive whole.

You may be wondering at this point if there would ever be a reason to opt for MDM if you need to manage a fleet of company-assigned or personal devices used across your organization. The answer to that question will probably depend on what kind of mobile devices you need to control and their intended purpose.

Mobile device management can be very suitable for a fleet of mobile terminals such as those used in home delivery or warehouse management. These devices are only likely to connect to your internal network, and there will be no requirement to isolate corporate from personal apps, content, or data.

You could also stretch an MDM solution to managing phones and tablets if you only allow the use of devices owned and issued by your company, although even then, you would enjoy much more flexibility of control with an EMM platform. If your company maintains a BYOD policy or uses a mix of BYOD and corporate-issued devices, a product that allows only device management may not be especially useful.

On its own, mobile-device management might limit your ability to support remote working and could negatively affect user satisfaction. Furthermore, it may not protect your enterprise effectively if device-users are connecting to random networks, cloud applications, and remote servers to interact with your corporate data.