Mobile Device Management (MDM) and Mobile Application Management (MAM). They kind of sound the same, but different. If you’ve been lumbered with the joyful responsibility of protecting your mobile fleet from sad basement weirdos, which one should you choose?
The answer, of course, is…it depends.
So, let’s take a look at MDM vs MAM—What are they? What are they for? What's the difference between them, and which one to choose?
What’s Mobile Device Management?
There’s a clue in the name. MDM manages mobile devices. MDM is a way of centrally controlling and protecting mobile devices, such as smartphones, tablets and laptops, and other endpoints that make up a fleet. It’s built on a mixture of software applications, infrastructure and policies that allow an IT person to secure, track, provision, shut down, start up and generally manage what the devices can do, and who can access them. MDM is everybody’s favorite data security toy, including ours, and rightly so because it takes care of a lot of stuff for you.
We’ve flogged the bejesus out of the benefits of MDM and we’re apoplectic with rage that not every business with a mobile fleet uses it. That’s because MDM is a multi-purpose business asset that does nearly All The Things, including:
- Keeping data safe by controlling access to data and networks, improving password management, forcing upgrades, blocking sketchy sites and apps, remote locking and remote data wiping.
- Improving people’s productivity by giving access to many work-related apps, through speedy role provisioning and fast onboarding.
- Getting you compliant by creating a near-perfect asset register, perfect for the demands of ISO 27001, SOC 2 and all the other acronyms.
What’s Mobile Application Management?
MAM is a way of controlling the lifecycle of individual applications installed on mobile devices. It allows a system administrator to have granular control over those apps and their associated data, for instance, by:
- Securing the app and its data by managing access and permissions, or enforcing corporate policy, such as using a VPN when accessing it.
- Approving or blocking store-bought apps.
- Automagically distributing and configuring applications.
- Testing for compatibility and stability, as well as crash-log reporting and version control
- Updating or uninstalling applications.
MAM creates a repository of authorized apps—these can be store-bought or enterprise owned and made—which are added to a self-service portal for users. App-level MAM has the management controls built in to each app (but requires MDM).
Device-level MAM creates a magical virtual container called Work Stuff (probably) on the device. This container imprisons the apps used for business, and applies management requirements to everything inside that container, keeping management consistent and separating work from personal apps. It can also block your people from copying apps and data from the business container to their personal space on the device.
What’s the Difference Between MDM and MAM?
It might have occurred to you that MAM is just MDM, and you’d be mostly right. MDM and MAM share common purposes, but there are differences:
Focus
The principle and the most apparent difference is that MDM is device-centric and MAM is application-centric. MDM manages the whole device, including the applications. MAM manages just the application(s) but at a granular level. You’re not having déjà vu. We did actually explain this twice.
Control
MAM can selectively lock or wipe approved corporate apps and data, but MDM has the power to wipe all the data, or lockdown the device completely. This has implications for Bring Your Own Device (BYOD) workplaces. With an MDM-flavored lockdown, your people can’t access their personal content, such as the only draft of their Game of Thronesesque trilogy or that carefully curated database entitled Houseplants I Like. On the other hand, MAM locks down just the business container within the device.
MDM vs MAM? It’s All About Context
MDM and MAM are not mutually exclusive. MAM is often a subset of MDM, included as a part of the MDM ecosystem. So why bother with MAM at all? Why not implement MDM feat. MAM and have done with it?
The answer lies in the context of your business, your organization's culture, and how angsty your people are about privacy and usability. Although MDM is our clear favorite—because we’re data security evangelists par excellence—there will be times when a MAM-only regime makes sense. And it all comes down to BYOD.
Some decisions are easy. If your mobile fleet consists of wholly corporate-owned devices, it makes sense to choose MDM. But BYOD might be your choice of operationality, and for good reason. BYOD’s advantages include:
- Reduced costs: you don’t need to procure new devices for your team.
- Usability: your people can be more productive because they’re familiar with their devices.
- Increased team satisfaction: they have control over the choice of device, and have set it up in a way that works for them.
But when personal devices are used for business, privacy and security issues raise their ugly twin heads. You want your people to use their private devices for business purposes. And you want to keep your company data secure. You can use MDM, yes, but your people might object, and you can’t blame them. They’re right to have concerns about invasions of privacy, and the potential of being locked out of their personal content. MDM gives you a whole lot more control of their private devices, and who wants that? Would you?
On the other hand, you’re right to be concerned that your fleet will lack visibility, your people might suck at device security, and your lovely corporate data on their devices is at risk of breach.
A staring contest won’t fix the issue, but MAM just might. Because MAM controls and restricts access just to company data on personal devices, your team will feel more confident that their privacy and personal data are secure. And you’ll feel confident that you’ll still have the power to protect company data if the device is lost, stolen, or dropped down the toilet.
If you’re a BYOD business and you’d like to mull over the MDM vs MAM question, we’ll help you choose the regime that’s right for you. Give us a call, because we’re here to help.