What is Mobile Device Management?

Mobile Device Management, or MDM, are systems granting businesses some amount of control over data on your mobile devices. What does this mean for you? Let's explore a couple things you, as a consumer and an employee, might encounter.

Does your employer issue you a mobile device to use for your work-related tasks? They might, especially if you work for a larger company, but for many businesses, bring-your-own-device is the standard.

You'll use your personal cell phone to log into email, retrieve documents, and access work-related apps. This puts a large amount of sensitive corporate data on a device your employer doesn't control. What if you decide to leave? Will you take copies of your email with you? Customer lists? Trade secrets?

Fortunately, for businesses anyway, MDM is a solution for this risk.

The most straightforward way your employer might assert control over their data is through the features built into mobile operating systems. These are presented as options when you attempt to connect your device to corporate systems, like email through Microsoft Exchange. The system administrators can enable options that will require you to grant them certain permissions, including:

• Requiring a certain level of security to unlock the device.
• The ability to lock the device remotely.
• The ability to monitor if a certain number of unsuccessful unlock attempts are reached.
• The ability to monitor Internet activity.
• The ability to wipe all storage on the device.

The goal here is clear. Your company wants to make sure it's not easy for anyone to pick up the device and get access to it, and if someone does, the company can make sure valuable corporate data doesn't fall into an outsider's hands.

In most cases, this will only impact you if you lose track of your device, but it also represents some loss of privacy for you. Your employer (or another member of your company) might be able to track your location with your device without your knowledge. If you do legitimately lose your device, your employer can wipe all your data, including personal items like text messages or photos.

On Android, for example, if you attempt to sign into Exchange using the Gmail app, you're prompted to grant it permissions (shown in the above screenshots). But not if you use the Outlook app. In this case, administrators can utilize Microsoft's own safeguards without requiring access to other areas of your device. If you have concerns about the things your employer is asking you for, it's worth first checking for workarounds that may exist.

Now, you don't need to grant these permissions, but in this case, you won't get access to the system, meaning you can't check your work email on your phone. Nor will you get reminders for appointments on your work calendar. This can be both a blessing and a curse, but in today's environment of always-connected work, you may find yourself agreeing to these to make your work life easier.

There is a more sophisticated version of mobile device management. Companies like Google and its Android Enterprise Recommended program have solutions that effectively split your phone in two. One "area" is your personal stuff, and contains whatever is on your phone up to that point. The second is the "work area," and contains the stuff related to your job, including apps, files, and possibly even the connection to the outside world.

For example, if your company uses a VPN to access file shares in the company, you'd be able to access these using apps from the "work area." However, if your company also has a web filter preventing you from accessing game-related websites on your work PC, you likely won't be able to do so from your "work area" browser apps. The company can also perform actions like installing applications in this area. Google's "Work Profiles," as shown in the above screenshot, clearly show which applications belong to your company with a briefcase-style badge.

On the whole, this is a very clean way to differentiate between what's yours on your device, and what rightly belongs to the company. The catch here is these solutions aren't free. Your company will need to subscribe to a service so they can set up all these restrictions, and someone to monitor it, set up new users, etc. For smaller firms, it's much easier and cheaper to use the more intrusive built-in measures.

As mentioned above, MDM solutions are something your employer (or another organization with which you're affiliated) is going to put in place. It's not a statement against you personally, but rather a safeguard in an age where employees are bringing their own devices to the workplace.

If you have an employer using these measures, you basically have a choice to make. On one hand, you can grant whatever permissions are required, or install the necessary apps, thereby allowing you to be connected to your workplace around the clock, for better or worse.

Or you can decide not to accept the restrictions, if you're even given the option. If you leave your employer, there's nothing on your device to give them concern, but it may leave you out of touch when you're not in the office, or require you to carry a larger device like a laptop when you're on the go. The choice is yours.