22 Mar

Understanding Endpoint Management: Is MDM, EMM, or UEM Right for You?

There’s really no way to sugarcoat it: endpoint management is, rather unsurprisingly, a complex subject. One that has given its fair share of headaches to IT professionals, employees, and users alike.

Within the unfairly broad stroke of endpoint management, you’ll find a host of nightmarish, cringeworthy challenges. Security gaps expanding attack surface, compatibility issues, legacy support, legacy investments, enterprise mobility endpoints versus EoT (“Enterprise of Things”) endpoints, multiple user groups … there’s a lot to consider here, and there are many avenues where things can go hellishly wrong very, very quickly.

Security perimeters themselves have been shifting in the past couple of decades. It used to be true that only local devices needed managing. But the advent and proliferation of smart devices has led to the need to manage (if not micromanage) endpoints, contending with the idea that proprietary company data and IP can be accessed by an employee using the guest Wi-Fi while visiting a coffee shop on their lunch break.

There is, of course, a sizable helping of solutions available for tackling these varied dilemmas. Mobility Device Management, Mobility Application Management, Enterprise Mobility Management, and Unified Endpoint Management all offer their own similar-but-different approaches to managing endpoints.

Which solution is right for you? Well, that’s going to depend heavily on your internal policies, your compliance approaches, and who knows how many other factors. But we can at least help break down what they are and how they might be — or might not be — beneficial.

Mobile Device Management

Mobile Device Management (MDM) is essentially a method of remote endpoint management where end-to-end security is enforced through your IT department’s administration of devices, apps, data, and networks.

MDM by itself is very hands-on, with IT micromanaging individual devices and everything that gets installed on those devices. Stated bluntly, if it’s found on an MDM endpoint, your IT team put it there. And all of this is often (but not always) handled remotely through a single software platform.

MDM is great for strict policy enforcement, and gives IT a lot of flexibility in how they tackle endpoint management. For instance, handling firmware or app upgrades across multiple devices from a single machine is quite handy.

And having the ability to remotely wipe a compromised or lost device helps protect company data and IP. Telecom service, inventory management, provisioning, location tracking … MDM has strong curbside appeal for your IT department.

Need to track a company device, or even an employee? Looking to streamline the rollout of your sales reps to use in the field? Migrating office computers to a new OS and need a new method of managing those devices? MDM is your best option when users aren’t needing their own devices in the workplace.

Mobile Application Management

We live in a society where just about everyone has a smartphone. Even most children have their own smartphones and tablets. There are actually more mobile devices than the world population. And your employees, beng the social creatures they are, will want to keep their devices with them at all times.

With MDM, your employees are either forced to work with on-site immobile devices, carry around two or more devices, or surrender their personal devices to IT. And obviously that latter option is a non-starter.

So how does your IT team get around this issue? How do you satiate the needs of your BYOD (Bring Your Own Device) employees? How do you minimize the number of devices employees need to carry, especially if they are out on the field?

That’s where Mobile Application Management (MAM) steps in. MAM is similar to MDM, but focuses on apps rather than the device as a whole. Employees have SaaS apps installed on their own devices, and those apps are managed remotely by IT.

MAM provides privacy and freedom to employees, while IT isn’t losing sleep over data security. It can handle updates in real time even while apps are in use, and personal apps are unaffected as well. So it’s a pretty great solution for enterprise and individual users alike.

There are a lot of drawbacks to MAM too, though. Compatibility with varied OS platforms, SDK juggling, development issues with third-party resources, and conflicts with native app store applications can bog down an otherwise smooth MAM operation. And licensing can be pretty costly as well.

Endpoint Management

Enterprise Mobility Management

MDM and MAM solutions quickly merged and evolved into Enterprise Mobility Management (EMM), which is arguably the most popular endpoint management solution today … though whether it’ll stay that way for long is highly debatable.

EMM combines the perks of MDM and MAM, as well as MCM (Mobile Content Management) and MIM (Mobile Information Management). It uses app-wrapping and containerization technology to secure business data. And all of that is packed into a customizable, BYOD-friendly solution.

With MDM, you’re doling out dedicated devices. With MAM, you’re augmenting personal devices. But with EMM, you’re turning personal devices into dedicated ones while also protecting employee privacy. It works on dedicated and personal devices, making it dynamic as well.

Whereas MDM manages the features of a device, EMM manages the device itself from top to bottom, and that’s why EMM is so popular throughout the realm of endpoint management today.

Unified Endpoint Management

Enter the next stage in endpoint management evolution: Unified Endpoint Management (UEM). UEM can be thought of sort of like “EMM-plus.” It’s similar to EMM, only more configurable, more efficient, and requires less operational overhead.

Cloud-based UEM allows IT to manage or micromanage all of its endpoints from a single platform with integrated security assurance. It’s ideal for large-scale deployments where licensing fees could otherwise drag migration down. The upfront expenses tend to be resource-intensive, but long-term savings are more pronounced.

UEM comes into its own when compatibility comes into consideration. When you’re dealing with thousands of devices spread out across multiple operating systems (Windows 10, iOS, Chrome, Android, etc.), UEM helps streamline your operations more than MDM, MAM, or EMM can.

UEM shows its weaknesses in smaller deployments where it might be seen not only as overkill, but as too expensive for a full roll-out. It’s popular in larger companies, especially those facing Windows 7’s upcoming EOL in 2020, but smaller companies might be better off with something a little simpler.

Endpoint Management

Which Endpoint Management Solution is Right for you?

Determining which endpoint management solution is right for your company will ultimately boil down to a large number of factors we can’t possibly hope to tackle in the scope of this article. But there are some basic parameters to take into consideration.

Retail POS (Point of Sale), company-specific telecom, office desktops/ workstations, and other onsite endpoints would likely benefit from MDM, since there’s no real BYOD element in those spaces. Smaller companies with only a few employees might look for MDM or MAM solutions if they can find options that suit their scale and needs, too.

MAM and EMM are probably best suited for mid-sized operations with dozens or hundreds of devices to manage, while UEM is ideal for larger deployments. But again, this all comes down to how you’re using your endpoint management solution and what all it needs to be applied to.

Most endpoint management solutions involve (or are centered around) the use of company email. So even larger companies might only require MAM or EMM functionality. And retail giants with hundreds of stores could probably get by with just MDM, since they don’t usually need apps to be lugged around inside personal handhelds.

We can’t universally declare any of these solutions as being “the best,” really. There are too many factors involved to really state otherwise definitively. But having this basic understanding of the differences between these solutions should equip you with a strong foundation for further research, internally and externally, to find the option that’s just right for your company’s needs.

CompeteTablet offers a range of services designed to help you configure and deploy your endpoint management tools. With a keen appreciation for security, compliancy, and efficiency, CTS will help evaluate and enforce your mobility security from top to bottom. Contact us today to learn more!